Configure a Device or Host for Syslog Collection
- On the main toolbar, click Deployment Manager.
- Click the System Monitors tab.
If needed, add Host Records for the Syslog receiving system and the Syslog sending system. These may be the same device.
You can select an Origin or Impacted Host as the Known Host from a log returned in search results. For more information see Monitor, Search, and Analysis.- Do one of the following:
- For a *NIX device, install and configure a System Monitor Agent. For more information, see Install a System Monitor on UNIX/Linux.
- For all other devices, install and configure a System Monitor Agent on the Syslog receiving server. For more information, see Install a System Monitor on Windows.
Direct the syslog generating device to send its syslog information to the Syslog receiving System Monitor Agent.
See the device's documentation.- Accept the new Agent in the System Monitors tab. For more information, see Agent Identification and Acceptance.
From the System Monitors tab, the agent can be viewed in the upper grid.- Right-click the selection, click Actions, and then click Accept.
- Click OK.
- Enable the Syslog Server on the System Monitor Agent.
- From the System Monitors tab, double-click the agent.
- Click the Syslog and Flow Settings tab.
- Select the Enable Syslog Server check box.
(Optional) Add the Syslog Relay hosts and Syslog Relay regular expressions.
The regex is case sensitive.
- (Optional) Click Advanced and edit the Syslog Server Advanced Agent Properties.
- Click OK.
- Configure the Log Source with the appropriate Log Source Type and Log Processing Policy. Then, accept the new Syslog Log Source. For more information, see Log Sources.
- Verify that the Syslog traffic is being received using Investigator or Tail.
