Submit a ticketCall us

AnnouncementsCome see SolarWinds at VMUG Frankfurt

SolarWinds is delighted to attend the upcoming VMUG which will take place at Kap Europa in Frankfurt on June 19th, 2018.

See event details.

Home > Success Center > Log & Event Manager (LEM) > Understanding syslog in LEM

Understanding syslog in LEM

Table of contents
Created by Tim Rush, last modified by Abdul.Aziz on May 11, 2018

Views: 1,686 Votes: 0 Revisions: 8

Overview

General information about syslog in LEM.

Environment

All LEM deployments

Detail

Although LEM can receive SNMP traps on port 162, syslog is far more common.
LEM utilizes Syslog-ng as the syslog server, receiving data from network devices over UDP port 514.

UDP protocol is common for syslog because of the speed and efficiency.

 

As of release 6.4 LEM does not support encrypted Syslog data, We do have plans to add support for this in future version. Please register your voice by logging a support ticket with Solarwinds Support.


Maybe the easiest way to think of syslog in LEM, is to focus on the syslog area of the LEM as the destination.
Even though we use syslog terms like 'local facilities', there is a collection of files (flat files) to collect the syslog data.
So the sending device defines where to send the syslog: destination IP, UDP/TCP port number, and destination filename.
To receive log data sent by the network devices, the LEM GUI-console allows configuring a connector to read the defined syslog file.

Think of the connector as an interpreter to read the data, and a connector must be configured for every type of data received by the LEM.

Then  the interpreter separates the data into fields, without changing the data.
This process allows Rules to fire upon this data, and allows the data to be inserted into tables in the database.
The GUI-console nDepth search, or the Reports application, performs data retrieval.

If unsure where the data is being sent, Solarwinds support can assist in finding the data, but the vendor administrators guide or vendor support will be the definitive answer for some issues.

Syslog can write to the following files on the LEM (but other files may be possible):

Local0.log
Local1.log
Local2.log
Local3.log
Local4.log
Local5.log
Local6.log
Local7.log

auth.log
audit.log
cron.log
daemon.log
kern.log
mail.log
syslog.log
user.log

Here are a few web links that will also help.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

Last modified

Tags

Classifications

Public