Editing a Syslog Log Source
Procedure
-
On the
Collection tab, double-click the selected Log Source or just select it and click the
Edit button.
The Syslog Log Source Edition tab is displayed.
- In the General part of the screen, you can modify the following information:
-
In the
Forwarding Connection part of the screen, you can modify the following information:
Option Description Name Select the Forwarding connection to which you want to forward collected Syslog logs. See Editing the Forwarding Collection List to edit the forwarding collection list. LogLogic® Universal Collector Collection date Define whether the log message sent to the LogLogic LMI server remains in a local system time zone or is converted into UTC time zone. -
In the
Collection part of the screen, you can modify the following information:
Option Description Protocol Define whether the Log Source uses the udp/tcp SYSLOG protocol.
To listen on both UDP and TCP protocols, you must create two Syslog Log Sources.
Port Enter the port to listen to the Syslog flow.
Default value: 514
Binding interface If there are multiple network interfaces, enter the IP address to listen to the Syslog flow. Only one IP address is possible.
To listen to all network interfaces for IPv4, use 0.0.0.0.
To listen to a specific interface for IPv4, use an address like 192.168.11.10
To listen to all network interfaces for IPv6, use ::0.
To listen to a specific interface for IPv6, use an address like fe80::84c8:f82e:74a1:a187
Default value: 0.0.0.0
-
In the
Message Filtering part of the screen, you can modify the following information:
Option Description [Filtering] Click ON or OFF to activate or deactivate the option.
If Message Filtering is set on OFF, messages with a ‘debug’ severity are not collected (max severity set to 6).
If a message has neither severity nor facility, LogLogic® Universal Collector automatically allocates the local use 7 facility and the debug severity to the message. It will then be automatically filtered.
Maximum Severity Select the maximum accepted severity (numerical code, see RFC 3164)
0 - Emergency: system is unusable
1 - Alert: action must be taken immediately
2 - Critical: critical conditions
3 - Error: error conditions
4 - Warning: warning conditions
5 - Notice: normal but significant condition
6 - Informational: informational messages
7 - Debug: debug-level messages
Default value: 6 - Informational: informational messages
Authorized facilities Select one or several accepted facilities (see RFC 3164). The logs with these facilities are kept.
0 - kernel messages
1 - user-level messages
2 - mail system
3 - system daemons
4 - security/authorization messages (note 1)
5 - messages generated internally by syslogd
6 - line printer subsystem
7 - network news subsystem
8 - UUCP subsystem
9 - clock daemon (note 2)
10 - security/authorization messages (note 1)
11 - FTP daemon
12 - NTP subsystem
13 - log audit (note 1)
14 - log alert (note 1)
15 - clock daemon (note 2)
16 - local use 0 (local0)
17 - local use 1 (local1)
18 - local use 2 (local2)
19 - local use 3 (local3)
20 - local use 4 (local4)
21 - local use 5 (local5)
22 - local use 6 (local6)
23 - local use 7 (local7)
Default value: 0-23
Authorized IP addresses Enter the regular expression to filter the accepted IP addresses and to filter the accepted host.
All the logs from all IP addresses are collected if the field is blank (default).
- Click Apply to validate the changes.