Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Log & Event Manager (LEM) > Understanding syslog in LEM

Understanding syslog in LEM

Table of contents
Created by Tim Rush, last modified by Cory Farr on Aug 14, 2017

Views: 619 Votes: 0 Revisions: 5

Overview

General information about syslog in LEM.

Environment

All LEM deployments

Detail

Although LEM can receive SNMP traps on port 162, syslog is far more common.
LEM utilizes Syslog-ng as the syslog server, receiving data from network devices over UDP port 514.

UDP protocol is common for syslog because of the speed and efficiency.

Maybe the easiest way to think of syslog in LEM, is to focus on the syslog area of the LEM as the destination.
Even though we use syslog terms like 'local facilities', there is a collection of files (flat files) to collect the syslog data.
So the sending device defines where to send the syslog: destination IP, UDP/TCP port number, and destination filename.
To receive log data sent by the network devices, the LEM GUI-console allows configuring a connector to read the defined syslog file.

Think of the connector as an interpreter to read the data, and a connector must be configured for every type of data received by the LEM.

Then  the interpreter separates the data into fields, without changing the data.
This process allows Rules to fire upon this data, and allows the data to be inserted into tables in the database.
The GUI-console nDepth search, or the Reports application, performs data retrieval.

If unsure where the data is being sent, Solarwinds support can assist in finding the data, but the vendor administrators guide or vendor support will be the definitive answer for some issues.

Syslog can write to the following files on the LEM (but other files may be possible):

Local0.log
Local1.log
Local2.log
Local3.log
Local4.log
Local5.log
Local6.log
Local7.log

auth.log
audit.log
cron.log
daemon.log
kern.log
mail.log
syslog.log
user.log

Here are a few web links that will also help.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

Last modified

Tags

Classifications

Public