Editing a Syslog Log Source
You can modify the following fields of the Syslog log source:
Option |
Description |
General |
|
Log Source Enabled |
Click toggle button Yes or No to define whether the current Log Source is enabled or disabled. |
Name |
Name of the Log Source. |
Description |
Description of the Log Source. |
Forwarders |
|
Select Forwarder |
Select the Forwarding connection from dropdown list to which you want to forward collected Syslog logs. |
Universal Collector Collection date |
Define whether the log message sent to the LogLogic LMI server remains in a local system time zone or is converted into UTC time zone. |
Collection |
|
Protocol |
Define whether the Log Source uses the UDP/TCP SYSLOG protocol. To listen on both UDP and TCP protocols, you must create two Syslog Log Sources. |
Port |
Enter the port to listen to the Syslog flow. Default value: 514 |
Binding interface |
If there are multiple network interfaces, enter the IP address to listen to the Syslog flow. Only one IP address is possible. To listen to all network interfaces for IPv4, use 0.0.0.0. To listen to a specific interface for IPv4, use an address like 192.168.11.10 Default value: 0.0.0.0 When there are multiple syslog collectors, if one of the collectors has been bound to a specific interface, all remaining collectors cannot be bound to 0.0.0.0. The remaining collectors must be bound to other specific interfaces. |
Message Filtering |
|
Filtering |
Click Yes or No to activate or deactivate the option. If Message Filtering is set on OFF, messages with a 'debug' severity are not collected (max severity set to 6). If a message has neither severity nor facility, Universal Collector microagent automatically allocates the local use 7 facility and the debug severity to the message. It will then be automatically filtered. |
Maximum Severity |
Select the maximum accepted severity (numerical code, see RFC 3164) 0 - Emergency: system is unusable 1 - Alert: action must be taken immediately 2 - Critical: critical conditions 3 - Error: error conditions 4 - Warning: warning conditions 5 - Notice: normal but significant condition 6 - Informational: informational messages 7 - Debug: debug-level messages Default value: 6 - Informational: informational messages |
Authorized facilities |
Select one accepted facility (see RFC 3164). The logs with these facilities are kept. 0 - kernel messages 1 - user-level messages 2 - mail system 3 - system daemons 4 - security/authorization messages (note 1) 5 - messages generated internally by syslogd 6 - line printer subsystem 7 - network news subsystem 8 - UUCP subsystem 9 - clock daemon (note 2) 10 - security/authorization messages (note 1) 11 - FTP daemon 12 - NTP subsystem 13 - log audit (note 1) 14 - log alert (note 1) 15 - clock daemon (note 2) 16 - local use 0 (local0) 17 - local use 1 (local1) 18 - local use 2 (local2) 19 - local use 3 (local3) 20 - local use 4 (local4) 21 - local use 5 (local5) 22 - local use 6 (local6) 23 - local use 7 (local7) Default value: 0-23 |
Authorized IP addresses |
Enter the regular expression to filter the accepted IP addresses and to filter the accepted host. All the logs from all IP addresses are collected if the field is blank (default). |