# Central Syslog Server Monitoring The central syslog server monitoring architecture leverages IT-Conductor gateways already deployed to on-premises/in-cloud environments and enables consolidated collection, monitoring, management, notification, and auditing of Syslog messages. In IT-Conductor, "Site" constructs multiple syslog servers. The messages they capture can be dedicated to geographically or organizationally separated environments with separate monitoring and notification policies (e.g., QA/Development vs. Production, etc.). ### **Configure Central Syslog Server Monitoring in IT-Conductor** To configure the central syslog server monitoring in IT-Conductor, follow the instructions below. #### Set Up Clients to Report to the Central Syslog Server You can configure various computing and network nodes to report syslog messages to the central syslog server. **Instructions for Linux Servers** 1\. Login with a privileged account (or sudo) and edit the syslog configuration file `/etc/rsyslog.d/remote.conf` (SLES) or `/etc/rsyslog.conf` (RHEL). 2\. Uncomment the relevant line (TCP or UDP) and replace `remote-host` with the address of the central syslog server. UDP Example: ``` # Remote Logging using UDP # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional *.* @it-conductor-gateway-host ``` TCP Example: ``` # Remote Logging using TCP for reliable delivery # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional *.* @@it-conductor-gateway-host ``` 3\. Save the file. 4\. Restart the `rsyslog` service. ``` > sudo systemctl restart rsyslog.service ``` 5\. Verify the syslog forwarding is functioning: ``` > logger "hello world" ``` The log message `hello world` should now appear in the central syslog server registered in IT-Conductor. #### Add Central Syslog Server 1. Visit [service.itconductor.com](https://service.itconductor.com/) and enter your login credentials. 2. Navigate to **Dashboards → Administrator** to access the **Administrator's Dashboard**. 3. Locate the **Central Syslog Servers** actions panel and click the title to access the complete list.

Figure 1: Central Syslog Servers Actions Panel in Administrator's Dashboard

4. Click the **New Syslog Server** button to start adding a syslog server for monitoring.

Figure 2: Central Syslog Servers Actions Panel Page

5. Fill out all the necessary information in the **New Syslog Server** wizard. Once completed, click

to add the syslog server.

* **Name** - refers to the name given to the new syslog server. * **Description** - refers to any relevant information about the syslog server being added. * **Role** - refers to the environment where the syslog server will be used. * **Gateway** - allows communication between the customer's site network and the IT-Conductor cloud platform. Select the previously configured gateway from the dropdown menu. See [Gateway Setup](https://docs.itconductor.com/user-guide/setup/gateway-setup) for more details. * **Protocol** - refers to the communication protocol (UDP by default) that will be used to access the syslog server. * **Port Number** - refers to the port number (Port 514 by default) that will be used to access the syslog server being added. {% hint style="warning" %} **Important:** Do not attempt to create a syslog server on the same gateway with the same port number. You will encounter a duplicate error. {% endhint %} 6. Verify if the system was added to the Central Syslog Servers actions panel page and check its status. {% hint style="info" %} **Note:** The status will remain on **Ready** for a few minutes. Refresh the panel if needed. If there are configuration issues, such as incorrect connection parameters or an invalid account, the status will remain **Ready**. Click ![](https://docs.itconductor.com/~gitbook/image?url=https:%2F%2F377464071-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FXhp08OmU8050PePmMgDt%252Fuploads%252FGx0Q4OSu3wOOo5O8ZbQC%252Flog.gif%3Falt=media%26token=55a3b985-c68a-4120-a285-2afac310a988\&width=42\&dpr=4\&quality=100\&sign=c722a48497f25a2090f362f749f70677b04e8ad6a14fbfe2efcbe21458940d70) to display the logs and troubleshoot. If everything is configured correctly, the status will change to **In Progress.** {% endhint %} 7. Navigate to the main menu and verify if the system was added to the service grid under the **Syslog Central** node**.** ### Monitor Central Syslog Server in IT-Conductor To view the statuses and logs of all configured syslog servers, locate the **Syslog Central** node in the service grid.

Figure 4: Syslog Central View in Service Grid

#### Alerts To show all recently generated syslog alerts in chronological order, click **Alerts,** and a pop-up list of syslog alerts will be displayed.

#### Syslog Search To open the **Syslog Messages Search** page, click **Syslog Search**. Enter query and/or filter any conditions of your liking, and all syslog messages that match the conditions will be listed.

You can search by multiple columns, and all unrestricted values support Regex expressions so that relevant messages can be found quickly. While time-search is not supported, sorting by time and filtering by other fields lets you quickly and efficiently locate issues and understand the sequences of events. #### Monitoring IT-Conductor makes it easy to monitor specific messages and alerts when they occur. To open a list of defined monitors, click **Monitoring**. 1. You can create new monitors from scratch by clicking on the

icon or from a template by clicking on the ![](https://377464071-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXhp08OmU8050PePmMgDt%2Fuploads%2FEogE4K8lD5BF0hR60k3h%2Fimage.png?alt=media\&token=13fa5263-53d6-4008-99e0-8972aad5b298) icon. For this example, we'll create using templates.

2. Click on one of the pre-made templates.

3. Fill out all the necessary information, including the following: * **Name -** refers to the name given for the monitor being added. * **Description** - refers to any relevant information about the monitor being added. * **Graph Style** - refers to the type of visual display of information (bars, lines). * **Priority** - refers to the state in which the monitor will send an alert. The template automatically fills this option. * **Facility** - Refers to the object that the override will monitor. The template automatically fills this option. 4. Click on the ![](https://377464071-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXhp08OmU8050PePmMgDt%2Fuploads%2FnGIt95S4HY0VXJbKQLlE%2Fimage.png?alt=media\&token=65321df7-4077-407f-8f0b-3e51708b9a4d) icon to save.

Figure 9: Creating a New Syslog Monitor from a Template

5. Navigate to the service grid and verify if the monitor was added under the **Syslog Central** node.

Figure 10: Newly Added Monitor under Syslog Central Node

To access a historical view of the monitor's metrics, click

, and a pop-up chart will be displayed.

In the chart, the data points are interactive, and clicking on them will pop up a list of syslog messages for the interval:

You can navigate intervals back and forth using the **<** and **>** controls. In the chart, if a

icon shows at the bottom, this indicates that alerts were generated for the interval. Click that icon to view the list of alerts. The default monitoring overrides are preconfigured, generating an alert for each instance of a matching syslog message. However, more fine-tuned/complex scenarios can be configured as required. The override facility is the same as any other IT-Conductor monitor and can trigger customized alerts or recovery actions. {% hint style="info" %} **Note:** See [Creating Threshold Overrides](https://docs.itconductor.com/user-guide/notifications/threshold-overrides) for more information. {% endhint %} #### Notifications The notification mechanism is the standard [IT-Conductor subscription-based approach](https://docs.itconductor.com/user-guide/notifications/subscriptions). Individuals or groups of individuals can subscribe to specific monitors, sites, etc., and based on the subscription, the relevant alert will be sent to the configured e-mail addresses or phone numbers. ### Video {% embed url="" %}