Syslog Configuration
Syslog support is implemented by Syslog plugin. It is configured via Syslog node of Drivers/Plugin item in the System Tree.
The Syslog configuration includes Syslog Server Configuration and Syslog Message Sources Automatic Discovery settings described below. Note that Iotellect Server should be restarted to apply changes.
Syslog Monitoring Configuration
This table includes Syslog messages monitoring and consolidation parameters.
Property | Description |
Enabled | Enables/disables Syslog messages monitoring. |
UDP | Enables/disables using UDP for receiving Syslog messages. |
TCP | Enables/disables using TCP for receiving Syslog messages. |
Syslog Port | Specifies port to listen Syslog messages at. |
UDP Socket Receive Buffer Size | Determines the size of the buffer allocated for receiving UDP packets. In systems handling bursts of incoming syslog messages, this should be set large enough to store all messages in a typical burst. |
Buffer Size for Each UDP Datagram | Specifies the size of the buffer allocated for each individual UDP datagram received on the socket. Buffer should be configured to be larger than the largest expected datagram in order to ensure each message is received and processed without being truncated or lost. |
Severity Conversion Table | Syslog severity level to Iotellect severity level mapping. See below. |
 | Be sure to sufficiently increase the Buffer Size for Each UDP Datagram when Syslog messages are expected to carry large payloads, for example, JSON documents. |
Severity Level Conversion
The Severity Conversion Table is used to calculate level of the generated %ag%> event based on original Syslog message severity level. See Syslog Events Monitoring and Consolidation for details about Syslog event generation.
The table maps each of the Syslog severity level values (as specified in RFC 5424) to an Iotellect severity level (see Event Levels section). If a Syslog severity value is absent in the table, the resulting Iotellect event level is None (code 0).
By default the table is specified as follows:
Syslog Severity Level | Iotellect Event Severity | |||
Code | Name | Description | Code | Level |
7 | Debug | Debug-level message | 1 | Notice |
6 | Informational | Informational message | 2 | Info |
5 | Notice | Normal but significant condition | 2 | Info |
4 | Warning | Warning conditions | 3 | Warning |
3 | Error | Error conditions | 4 | Error |
2 | Critical | Critical conditions | 4 | Error |
1 | Alert | Action must be taken immediately | 4 | Error |
0 | Emergency | System is unusable | 5 | Fatal |
This table can be modified to provide a desired conversion procedure.
Syslog Message Sources Automatic Discovery
This flag enables or disables automatic discovery of hosts sending Syslog messages to the Iotellect server.
Was this page helpful?