Frequently Asked Questions

1. What is the purpose of central syslog monitoring in IT-Conductor?

Central syslog monitoring provides an additional layer of visibility by collecting operating system and application log messages from multiple systems into one place. It is typically used to monitor error, warning, and security-related events that may not be covered by standard application or infrastructure monitoring tools.

2. Do we need a dedicated system for central syslog monitoring, or is it enabled on each server?

The IT-Conductor Gateway acts as the central syslog server (listener). Individual systems (clients) are configured to forward their syslog messages to the gateway. As long as the gateway is reachable, a single gateway can collect logs from multiple systems.

3. Do we need to install any additional software?

No. No additional software is required. The gateway already includes the syslog listener capability. Client systems only need a configuration change in their syslog daemon to forward messages to the gateway.

4. Do we need to provide OS usernames or passwords for syslog monitoring?

No. Syslog does not use authentication. Logs are sent by the publishing application (e.g. operating system, database, app server, etc.) directly to the syslog listener using standard syslog protocols. IT-Conductor receives and processes these messages without requiring OS credentials.

5. Which protocol and ports are used for syslog communication?

Syslog typically uses UDP port 514 by default, though TCP can also be configured if required. UDP is often preferred for performance and lower overhead.

6. Do we need to open port 514 to the internet?

No. Port 514 only needs to be open inbound on the gateway within the internal network. The gateway listens for syslog messages from internal systems only. Internet exposure is not required and is not recommended.

7. What types of systems and logs can be monitored?

Any system that supports syslog can send messages, including Linux servers, SAP systems, HANA, and Pacemaker clusters. This includes kernel logs, security events, and cluster-related messages such as failovers or fencing events.

8. Can we filter logs by system, severity, or message type?

Yes. IT-Conductor allows you to filter syslog messages by source host, severity, message content, and frequency. You can create monitors that trigger alerts only for specific conditions, such as critical cluster or security events.

9. How are syslog alerts handled in IT-Conductor?

Syslog alerts are treated the same as other IT-Conductor alerts. Once a monitor condition is met, an alert is generated and can follow the same notification and escalation rules as SAP or database alerts.

10. Is syslog monitoring included in our existing IT-Conductor license?

No. Syslog monitoring is licensed as a separate app because it can generate a large volume of data. Licensing includes a central syslog server subscription and a per-node charge for each sending system.

11. Is there any disk usage on the gateway or client systems?

No. The syslog server does not store data locally on the gateway. Messages are received and immediately forwarded to the IT-Conductor cloud. Client systems continue using their standard OS logging behavior.

12. Can we test syslog monitoring in QA before using it in Production?

Yes. You can configure separate central syslog servers for QA and Production, allowing you to validate the setup and filtering rules before enabling it in production.

13. Is there a trial period available?

Yes. Syslog monitoring is available as a three-month free trial from the date of configuration. Charges apply only if you choose to continue using the service after the trial period.

PreviousCentral Syslog Server Monitoring NextURL Monitoring

Last updated 7 days ago