Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Kiwi Syslog Server > Setting up Kiwi Syslog Daemon to log to different virtual displays

Setting up Kiwi Syslog Daemon to log to different virtual displays

Logging to separate virtual displays depends on the content or type of a given syslog message and this can be achieved in several ways.

The first method relies on ensuring that devices such as firewalls, routers, and switches have all been configured to log to different facilities. Each facility relates directly to a corresponding virtual display. This is the recommended method of logging to different Virtual Displays for the Freeware version of Kiwi Syslog Daemon.


The second method requires filtering by individual hostname or host IP address, with each different IP address or hostname group logged to a different virtual display. This avoids any reliance on the first methog by having each device group configured to log to different facilities. Also, this method requires using the licensed version.
 

 

Solution (1): Freeware version using different Facilities (Recommended)


1. Divide your sending devices into groups such as firewalls, switches, routers, internal, external, sales, etc. 

2. For each group, decide which Syslog facility to use. Recommended values are from Local0 to Local7. You can use other facilities if you have more than eight groups.

3. For each device, configure the logging facility depending on its grouping. For a Cisco device, use the "Logging Facility Local0" command to set the facility level to Local0. Other network devices        should allow you to specify the facility to send messages on.

4. 
Create a new Rule in Kiwi Syslog Daemon Setup.Name the rule "Log Local0 to Display01"

5. Add a new Priority filter (Filter Type="Priority"), named "Facility: Local0".   Select all priorities for the Local0 facility.

6. Add a new Action. Set the Action-type to "Display" and select the Virtual display number to log Local0 events to. In this example, use Display01.

7. Repeat steps 4 to 6 for each Facility that needs to be logged to a display other that the default. For example, create new rules for logging "Local1 to Display02", "Local2 to Display03", etc., etc.

8. The setup can be tested by using Kiwi SyslogGen available from the downloads page.

 

 

Solution (2): Licensed version using host IP address or hostname filters

1. Divide your sending devices into groups such has firewalls, switches, routers, internal, external, sales etc.

2. 
Make a list of the IP addresses of each of the devices you expect to receive messages from.

3. Create a new Rule in Kiwi Syslog Daemon Setup. Name the rule "Log Host-X to Display02"

4. Add a new IP address filter (Filter Type="Simple"), named "IP address - Simple".Include the host IP address needed to identify this particular host, or a range of IP addresses. For a single    host, add the IP address surrounded by quotes.For multiple hosts, add each IP address quoted and separated by the OR keyword.

5. Add a new Action.Set the Action type to "Display" and select the Virtual display number to log events from this host. In this example, use Display02.

6. Repeat steps 3 to 5 for each host that needs to be logged to a display other that the default. For example, create new rules for logging "Host-Y to Display02", "Host-Z to Display03", etc., etc.

7. The setup can be tested by using Kiwi SyslogGen available from the downloads page.

 

There are 10 virtual displays you can send syslog messages to. You can rename the displays to something more meaningful than Display(nn), by using the File | Setup | Display menu option, choose the display from the "Modify display names" dropdown, enter a new name into the field provided, then click Update
 
 

 

This will enable you to define Virtual displays such as "Firewalls", "Routers", "Switches", etc., instead of the default names "Display01", "Display02", etc. We recommend that you leave the Display 00 (Default) virtual display as it is, and also leave the Default rule (which logs all events to Display00) in place.


Download the latest version of Kiwi Syslog Daemon. 

If you still have questions after following the instructions provided, then please use the technical support form to receive further assistance.

Last modified
15:19, 13 Nov 2015

Tags

Classifications

Public