Central Syslog Server Monitoring

The central syslog server monitoring architecture leverages IT-Conductor gateways already deployed to on-premises/in-cloud environments and enables consolidated collection, monitoring, management, notification, and auditing of Syslog messages.

In IT-Conductor, "Site" constructs multiple syslog servers. The messages they capture can be dedicated to geographically or organizationally separated environments with separate monitoring and notification policies (e.g., QA/Development vs. Production, etc.).

Configure Central Syslog Server Monitoring in IT-Conductor

To configure the central syslog server monitoring in IT-Conductor, follow the instructions below.

Set Up Clients to Report to the Central Syslog Server

You can configure various computing and network nodes to report syslog messages to the central syslog server.

Instructions for Linux Servers

1. Login with a privileged account (or sudo) and edit the syslog configuration file /etc/rsyslog.d/remote.conf (SLES) or /etc/rsyslog.conf (RHEL).

2. Uncomment the relevant line (TCP or UDP) and replace remote-host with the address of the central syslog server.

UDP Example:

# Remote Logging using UDP
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @it-conductor-gateway-host

TCP Example:

# Remote Logging using TCP for reliable delivery
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@it-conductor-gateway-host

3. Save the file.

4. Restart the rsyslog service.

5. Verify the syslog forwarding is functioning:

The log message hello world should now appear in the central syslog server registered in IT-Conductor.

Add Central Syslog Server

1. Visit service.itconductor.com and enter your login credentials.

2. Navigate to Dashboards → Administrator to access the Administrator's Dashboard.

3. Locate the Central Syslog Servers actions panel and click the title to access the complete list.

1. Click the New Syslog Server button to start adding a syslog server for monitoring.

1. Fill out all the necessary information in the New Syslog Server wizard. Once completed, click to add the syslog server.

• Name - refers to the name given to the new syslog server.

• Description - refers to any relevant information about the syslog server being added.

• Role - refers to the environment where the syslog server will be used.

• Gateway - allows communication between the customer's site network and the IT-Conductor cloud platform. Select the previously configured gateway from the dropdown menu. See Gateway Setup for more details.

• Protocol - refers to the communication protocol (UDP by default) that will be used to access the syslog server.

• Port Number - refers to the port number (Port 514 by default) that will be used to access the syslog server being added.

1. Verify if the system was added to the Central Syslog Servers actions panel page and check its status.

1. Navigate to the main menu and verify if the system was added to the service grid under the Syslog Central node.

Monitor Central Syslog Server in IT-Conductor

To view the statuses and logs of all configured syslog servers, locate the Syslog Central node in the service grid.

Alerts

To show all recently generated syslog alerts in chronological order, click Alerts, and a pop-up list of syslog alerts will be displayed.

Syslog Search

To open the Syslog Messages Search page, click Syslog Search. Enter query and/or filter any conditions of your liking, and all syslog messages that match the conditions will be listed.

You can search by multiple columns, and all unrestricted values support Regex expressions so that relevant messages can be found quickly. While time-search is not supported, sorting by time and filtering by other fields lets you quickly and efficiently locate issues and understand the sequences of events.

Monitoring

IT-Conductor makes it easy to monitor specific messages and alerts when they occur. To open a list of defined monitors, click Monitoring.

1. You can create new monitors from scratch by clicking on the icon or from a template by clicking on the icon. For this example, we'll create using templates.

1. Click on one of the pre-made templates.

1. Fill out all the necessary information, including the following:

   • Name - refers to the name given for the monitor being added.

   • Description - refers to any relevant information about the monitor being added.

   • Graph Style - refers to the type of visual display of information (bars, lines).

   • Priority - refers to the state in which the monitor will send an alert. The template automatically fills this option.

   • Facility - Refers to the object that the override will monitor. The template automatically fills this option.

2. Click on the icon to save.

1. Navigate to the service grid and verify if the monitor was added under the Syslog Central node.

To access a historical view of the monitor's metrics, click , and a pop-up chart will be displayed.

In the chart, the data points are interactive, and clicking on them will pop up a list of syslog messages for the interval:

You can navigate intervals back and forth using the < and > controls.

In the chart, if a icon shows at the bottom, this indicates that alerts were generated for the interval. Click that icon to view the list of alerts.

The default monitoring overrides are preconfigured, generating an alert for each instance of a matching syslog message. However, more fine-tuned/complex scenarios can be configured as required. The override facility is the same as any other IT-Conductor monitor and can trigger customized alerts or recovery actions.

Notifications

The notification mechanism is the standard IT-Conductor subscription-based approach. Individuals or groups of individuals can subscribe to specific monitors, sites, etc., and based on the subscription, the relevant alert will be sent to the configured e-mail addresses or phone numbers.

Video