Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > Set up a separate syslog server for use with LEM

Set up a separate syslog server for use with LEM

Table of contents
No headers

Updated: September 15, 2017

This topic describes how to add a separate syslog server to LEM. The LEM VM includes a syslog server, but you can add a separate syslog server.

This procedure uses the Node Health widget in the Ops Center to set up your syslog server. You can also click "Add Nodes to Monitor" in the Getting Started widget to set up your syslog server.

You can monitor your switches, routers, and firewalls using a syslog server. This server collects and sends syslog messages from non-Agent devices to the LEM Manager over TCP or UDP. Log & Event Manager uses this information to monitor syslog events and displays all events in the Monitor view.

Each device is paired with a connector, enabling Log & Event Manager to parse messages from the syslog server and normalize the log message content to a LEM event.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Ops Center and locate the Node Health widget.

  3. In the widget toolbar, click Add Node.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0400-Set_up_a_separate_syslog_server_for_use_with_LEM/lem_qsg_add_syslog_node5.png

  4. Select Syslog node in the Specify Nodes to Add screen.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0400-Set_up_a_separate_syslog_server_for_use_with_LEM/lem_qsg_add_syslog_node8.png

  5. Enter your syslog server IP address. This device will send syslog event logs to the LEM Manager.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0400-Set_up_a_separate_syslog_server_for_use_with_LEM/lem_qsg_add_syslog_node1.png

  6. Click the Node Vendor drop-down menu and select the node vendor.

  7. Follow the instructions in the window to configure your node and send syslog messages to the LEM appliance.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0400-Set_up_a_separate_syslog_server_for_use_with_LEM/lem_qsg_add_syslog_node2.png

    If you need help enabling syslog, click the vendor link.

    If the vendor is not in the list, click Other vendors to access the SolarWinds Knowledge Base.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0400-Set_up_a_separate_syslog_server_for_use_with_LEM/lem_qsg_add_syslog_node3.png

  8. After you configure the node, select the check box in the window and click Next.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0400-Set_up_a_separate_syslog_server_for_use_with_LEM/lem_qsg_add_syslog_node4.png

    The wizard locates the new node and recommends the appropriate connector.

    Connectors enable Log & Event Manager to parse messages from syslog devices and normalize the original log message content to a LEM event.

    If the LEM virtual appliance receives logs from the new device, it automatically detects and presents the device name or IP address.

  9. Click Finish to confirm the device is identified correctly.

    The syslog node displays in the Node Health widget.

  10. (Optional) Based on your LEM deployment architecture, repeat this procedure to add a second syslog server in a multiple location deployment with two or more syslog servers.
Last modified

Tags

Classifications

Public