Network Monitoring & Management

Google

Tuesday, June 27, 2006

How to centrally monitor events using syslog


1. Introduction
2. Configuring syslog on Linux and Cisco
3. How to convert windows events to Syslog
4. More information on syslog


1. Introduction

In a networking environment it is very common to see different platforms running together for example Unix, Linux, Windows servers /workstations and Cisco routers. So there is a great need of monitoring events centrally by using some mechanism, and Syslog provides this.
The syslog protocol is a very simplistic protocol: the syslog sender sends a small textual message (less than 1024 bytes) to the syslog receiver. The receiver is commonly called "syslogd", "syslog daemon" or "syslog server". Syslog messages can be sent via UDP and/or TCP. Often the data is sent in cleartext, however, an SSL wrapper such as Stunnel, sslio or sslwrap can be used to provide for a layer of encryption through SSL/TLS.
Syslog is a de facto standard for forwarding log messages in an IP network. The term "syslog" is often used for both the actual Syslog protocol, as well as the application or library sending syslog messages.
In general syslog uses UDP protocol and syslog server listens to port 514 for syslog messages.

2. Configuring syslog on Linux and Cisco

Almost all Unix platform and Cisco routers support syslog. Please read related documentation for how to configure syslog on particular platform here is link for configuring it for Linux, and Cisco routers.

On Linux platform

http://www.linuxhomenetworking.com/linux-hn/logging.htm
http://www.linuxjournal.com/article/5476


On Cisco router

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/

products_tech_note09186a00800a7275.shtml#topic1




3. How to convert windows events to Syslog

As I mentioned almost all Unix and Cisco routers support syslog and you can monitor them centrally, unfortunately Windows server/workstation does not provide syslog compatibility for monitoring events by default. But you can do this by using third party converters which monitors event log as source and generates syslog message whenever some event arrives.Using syslog server you can log these syslog messages to text files for further processing.
Some freeware and commercial tools on windows platform for converting, and receiving syslog messages are listed below.

Ntsyslog

Description - A great freeware for converting windows event log to syslog
Link - http://sourceforge.net/project/showfiles.php?group_id=36242
Cost - Freeware

Winlogd

Description - Winlogd is a syslog client for Windows that allows the Event Log to talk to syslog.
Link -
http://www.edoceo.com/dl/winlogd.exe
Cost - Freeware
Note - Please read configuration instruction on
http://www.edoceo.com/products/winlogd.php


VPN Console

Description – Good tool having all component like event log to syslog converter, syslog server and analyzer tool
Link -
http://www.dvsinfo.com/downloads/VPN_Console.zip
Cost: USD 100 - 30 day evaluation available.

Kiwi Syslog Daemon

Description – Freeware Tool for receiving syslog messages
Link:
http://www.kiwitools.com/downloads/syslog/Kiwi_Syslogd_8.0.2.setup.exe
Cost: Freeware

TFTPD32

Description – Freeware Tool for receiving syslog messages. Tftpd32 includes DHCP, TFTP, SNTP and Syslog servers as well as a TFTP client.
Link:
http://www.kiwitools.com/downloads/syslog/Kiwi_Syslogd_8.0.2.setup.exe
Cost: Freeware

You can find many more commercial and freeware tools for this purpose on google by using key word “event log to syslog”

4. More information on syslog

http://www.faqs.org/rfcs/rfc3164.html

http://www.monitorware.com/Common/en/Articles/syslog-described.php

http://www.informit.com/articles/article.asp?p=426638&rl=1

Deepesh Goud 4:41 AM | 2 comments | | Permalink
Blogger