...
Essentially you receive logs from Vutlan monitoring device onto a separate centralized log collection server. This separate centralized log collection server is created and managed by your system administrator on a server inside/outside your facility.
How does syslog work?
When a Vutlan monitoring system is running the syslog daemon, system messages are generated and sent to a centralized log collection server.
The relaying of Syslog messages is commonly sent over UDP port 514 or TCP 6514 ???. The TCP method also offers the benefit of the Transport Layer Security (TLS) protocol to keep messages private. Once collected, an administrator can use a syslog viewer to view, sort, and even alert on the various log messages coming in.
Syslog message components
Each log event contains a timestamp along with the event message itself and the origin IP/domain name for identification purposes.
The event is then categorized into one of eight severity levels.
VALUE | SEVERITY | KEYWORD | DESCRIPTION | EXAMPLES |
|---|---|---|---|---|
0 | Emergency | emerg | System is unusable | This level should not be used by applications. |
1 | Alert | alert | Should be corrected immediately | Loss of the primary ISP connection. |
2 | Critical | crit | Critical conditions | A failure in the system's primary application. |
3 | Error | err | Error conditions | An application has exceeded its file storage limit and attempts to write are failing. |
4 | Warning | warning | May indicate that an error will occur if action is not taken. | A non-root file system has only 2GB remaining. |
5 | Notice | notice | Events that are unusual, but not error conditions. |
|
6 | Informational | info | Normal operational messages that require no action. | An application has started, paused or ended successfully. |
7 | Debug | debug | Information useful to developers for debugging the application. |
|
When creating the log event, the originating device further segments the message into a logging facility code.
Facility code | Keyword | Description |
|---|---|---|
0 | kern | Kernel messages |
1 | user | User-level messages |
2 | Mail system | |
3 | daemon | System daemons |
4 | auth | Security/authentication messages |
5 | syslog | Messages generated internally by syslogd |
6 | lpr | Line printer subsystem |
7 | news | Network news subsystem |
8 | uucp | UUCP subsystem |
9 | cron | Cron subsystem |
10 | authpriv | Security/authentication messages |
11 | ftp | FTP daemon |
12 | ntp | NTP subsystem |
13 | security | Log audit |
14 | console | Log alert |
15 | solaris-cron | Scheduling daemon |
16–23 | local0 – local7 | Locally used facilities |
Configure Syslog
To configure the export of logs do the following:
...