Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

To get Syslog data over TCP, configure XpoLog to listen on a network port for incoming Syslog:

  1. Go to Manager > Administration > Listeners. The Listeners management console opens.
  2. Add Syslog TCP account, for each account the following should be configured:
    1. Name: the name of the Listener account
    2. Description: the description of the Listener account
    3. Listening Node: the node in the cluster which will listen to the Syslog messages (appears only if a XpoLog cluster is deployed)
    4. Port: the port which will be used on the XpoLog machine to receive Syslog messages of this Listener account (usually 1468)
       
    5. Advanced Settings:

      General Information:
      Enabled: determine whether this account is enabled or not
      Listening Interface: the network interface (IP address) on which the XpoLog listener instance is listening

      Dynamic Log Creation Configuration:
      Parent Folder: the parent folder which all logs from this listener will be place under in XpoLog Folders and Logs tree
      Collection Policy: the collection policy which will be associated to all logs from this listener (used mainly for storage location and data retention)
      Log Name Prefix: a prefix which will be added to any of the the logs from this listener (used to easily distinguish between multiple listener accounts logs)
      Split by Source Device: check to create a log for each unique source device value in the received Syslog messages (a log will be create per device with it's associated events)
      Split by Facilities: check to create a log for each unique facility value in the received Syslog messages 

      Listener Data:
      Listener Data Location: the location which data will be stored to, by default XpoLog stores it in its data directory
      Indexing Nodethe node in the cluster which will index the received Syslog messages (appears only if a XpoLog cluster is deployed)
      Indexing Interval: the frequency in which received Syslog  messages are indexed
  3. Save the account.
  4. Data received from the Syslog listener account will be created under the configured parent folder and will be available for searching, reporting and alerting 
Note: multiple listeners accounts may be configured. However, listeners which run on the same machine must listen on a different network port.
  • No labels