Editing a Syslog Log Source

You can modify the following fields of the Syslog log source:

Option

Description

General

Log Source Enabled

Click toggle button Yes or No to define whether the current Log Source is enabled or disabled.

Name

Name of the Log Source.

Description

Description of the Log Source.

Forwarders

Select Forwarder

Select the Forwarding connection from dropdown list to which you want to forward collected Syslog logs.

Universal Collector Collection date

Define whether the log message sent to the LogLogic LMI server remains in a local system time zone or is converted into UTC time zone.

Collection

Protocol

Define whether the Log Source uses the UDP/TCP SYSLOG protocol. To listen on both UDP and TCP protocols, you must create two Syslog Log Sources.

Port

Enter the port to listen to the Syslog flow.

Default value: 514

Binding interface

If there are multiple network interfaces, enter the IP address to listen to the Syslog flow. Only one IP address is possible.

To listen to all network interfaces for IPv4, use 0.0.0.0.

To listen to a specific interface for IPv4, use an address like 192.168.11.10

Default value: 0.0.0.0

When there are multiple syslog collectors, if one of the collectors has been bound to a specific interface, all remaining collectors cannot be bound to 0.0.0.0. The remaining collectors must be bound to other specific interfaces.

Message Filtering

Filtering

Click Yes or No to activate or deactivate the option.

If Message Filtering is set on OFF, messages with a 'debug' severity are not collected (max severity set to 6).

If a message has neither severity nor facility, Universal Collector microagent automatically allocates the local use 7 facility and the debug severity to the message. It will then be automatically filtered.

Maximum Severity

Select the maximum accepted severity (numerical code, see RFC 3164)

0 - Emergency: system is unusable

1 - Alert: action must be taken immediately

2 - Critical: critical conditions

3 - Error: error conditions

4 - Warning: warning conditions

5 - Notice: normal but significant condition

6 - Informational: informational messages

7 - Debug: debug-level messages

Default value: 6 - Informational: informational messages

Authorized facilities

Select one accepted facility (see RFC 3164). The logs with these facilities are kept.

0 - kernel messages

1 - user-level messages

2 - mail system

3 - system daemons

4 - security/authorization messages (note 1)

5 - messages generated internally by syslogd

6 - line printer subsystem

7 - network news subsystem

8 - UUCP subsystem

9 - clock daemon (note 2)

10 - security/authorization messages (note 1)

11 - FTP daemon

12 - NTP subsystem

13 - log audit (note 1)

14 - log alert (note 1)

15 - clock daemon (note 2)

16 - local use 0 (local0)

17 - local use 1 (local1)

18 - local use 2 (local2)

19 - local use 3 (local3)

20 - local use 4 (local4)

21 - local use 5 (local5)

22 - local use 6 (local6)

23 - local use 7 (local7)

Default value: 0-23

Authorized IP addresses

Enter the regular expression to filter the accepted IP addresses and to filter the accepted host. All the logs from all IP addresses are collected if the field is blank (default).