Centralized Syslog Monitoring
IT-Conductor central Syslog Monitoring architecture leverages IT-Conductor gateways that are already deployed to on-premises/in-cloud environment and enable consolidated collection, monitoring, management, notification, and auditing of Syslog messages
In the context of IT-Conductor "Site" construct multiple Syslog servers and the messages they captured can be dedicated to geographically or organizationally separated environments with separate monitoring and notification policies (For example QA/Development vs. Production etc.)
Please make sure when you are configuring new Syslog servers - you assign it to a desired Site, correspondingly make sure the Linux hosts and devices that forward Syslog messages belong to the intended grouping.
When Syslog servers are configured they will show up in IT-Conductor service tree under the corresponding Site:
Syslog Site Grid
The grid incorporates all related Syslog servers where you can monitor their status and logs as well as provides management interfaces:
This is interactive search facility for Syslog messages, clicking on it will open the query interface:
Figure 1: Syslog Interactive Search
You can search by multiple columns, all unrestricted values support Regex expressions so relevant messages can be found quickly. While time-search is not supported, sorting by time and filtering by other fields let you quickly and efficiently locate the issues and understand the sequences of events.
IT-Conductor makes it very easy to watch for certain messages and alert on their occurrence. Clicking on Monitoring link will open a list of defined monitors:
Figure 2: Syslog Monitors
You can edit and create new monitors either from scratch by clicking 
:
Figure 3: New Syslog Monitor
... or from pre-configured templates by clicking 
:
Figure 4: Syslog Monitoring Templates
Click on the template name to create a new Syslog monitor - same as "from-scratch" form but some of the values are pre-set.
After the new Monitor is created it will show on the grid in a few minutes when the periodic discovery is complete.
Clicking on a monitor in the grid will open an interactive chart:
Figure 5: Syslog Monitor chart
In the chart, the data-points are interactive, clicking on them will popup a list of Syslog messages for the interval:
Figure 6: Syslog Monitor Interval
You can navigate intervals back and forth with < and > controls.
While in the chart if an icon 
shows at the bottom this indicates that alerts were generated for the interval, clicking on that icon will show the list of alerts
The default monitoring "overrides" are preconfigured causing an alert to be generated for each instance of matching Syslog message, however, if required more fine-tuned/complex scenarios can be configured as required. The Override facility is the same as any other IT-Conductor monitor and can trigger customized alerts or recovery actions. Please contact the IT-Conductor Support team for guidance.
Click on Alerts will show all recently generated alerts in chronological order:
Figure 7: Syslog Alerts
The notification mechanism is the standard IT-Conductor subscription-based approach, you can have individuals or groups of individuals subscribe to specific monitors or sites, etc., and based on the subscription the relevant alert will be sent to the e-mails addresses or SMS numbers as configured.
Last modified 5mo ago