Fluke Network Router manual Syslogs and NetWatch, Enabling Syslog Reception

Page 32

User’s Guide – version 1.6

NetWatch

Chapter 6: Syslogs

The Syslog protocol is an event notification protocol that allows a machine be it a Server, Hub, Switch or Router to send event notification messages to ‘event message collectors’ -also known as ‘Syslog servers’.

Syslogs and NetWatch

NetWatch has its own built in fully featured Syslog server. Any Syslog messages sent to the NetWatch Server will be stored in a Syslog message event database.

Enabling Syslog Reception

To allow NetWatch to receive syslog messages, turn on the “Use Syslog Receiver” option on the Admin System Settings page. The NetWatch service requires a restart after changing this setting.

Syslog Severity/Priorities and Reporting

Each syslog sent from a device has an encoded severity. These are described in the following table.

Emergency:	System is unusable.
Alert:	Action must be taken immediately.
Critical:	Critical Conditions.
Error:	Error Conditions.
Warning:	Warning Conditions.
Notice:	Normal but significant condition.
Informational:	Informational messages.
Debug:	Debug-level messages.

Each one of these severity levels is assigned to a NetWatch priority level as decided by the administrator in the ‘Syslog Configuration Section’.

Only messages of a certain priority will be viewed and processed by the reporting system. The ‘Syslog Configuration Section’ can also configure this.

For details of viewing and processing syslog messages refer to Chapter 5 ‘The Reporting System’.

Configuring Devices to Send Syslogs to NetWatch

For Syslogs to be viewed and processed by NetWatch devices must be configured to send its Syslog messages to the NetWatch Server. Using the CISCO IOS for example syslogs are sent to the NetWatch Server with the following command:

Logging Hostname or A.B.C.D (IP address of the NetWatch Server)

32

Image 32

Contents NetWatch Software License Agreement Other Restrictions Termination User’s Guide version NetWatch Support Charges Support ServicesDefinitions Undertakings by You Supplier’s UndertakingsLimitation of Liability and indemnity Intellectual Property RightsConfidential Information and Security MiscellaneousResponse Times Exceptions to Support ServicesSupport Hours Contents Reporting System Security Key Product Features Installing NetWatchIntroduction OverviewAccessing the User Interface Architecture OverviewNetWatch Monitoring System Web Front-end NetWatch DatabaseAlerting System NetWatch Configuration Global System SettingsSetting up a Device Specifying DevicesSelect Service Types PingTCP Port Test Snmp Interface TestAlarms DiscoveryEditing Services Editing DevicesDisabling Data Archiving Data ArchivingEnabling Data Archiving Visual Backgrounds Supplied with NetWatch NetWatch VisualisationManaging Visual Backgrounds To add an action to a Node\Link Drawing the VisualClick Add Node Using a NetWatch Visual Select Description AlignmentLink Colour Code System View Traffic between 2 NodesNode Colour Code System What Can Trigger an Alert? Alerting SystemHow NetWatch Alerting Works Syslog Receiving AlertsWeb Based Reports Syslog Recipient Setting up Alert ControllersEmail Recipient Reporting System Syslog Messages Configuring Devices to Send Syslogs to NetWatch SyslogsSyslogs and NetWatch Enabling Syslog ReceptionUtilities Manual Status Setting up a licenceLoad Services, Discovery and Polling How NetWatch services workSnmp Interface Test service DiscoveryPage TCP Port Status service Ping Response Test service Receive Snmp Notifications serviceConfiguring services Response Time GraphingEnabling Security SecurityLevels of Security Appendix a Snmp MIBsOIDs CommunitiesWindows snmptrap.exe service NotificationsWindows Windows NTConfiguring Snmp on a Cisco Router Further InformationUser’s Guide version NetWatch Appendix B NetWatch And IIS Page Appendix C Integrating Netwatch and Netflow Tracker Appendix D Auto Discovery Discovery MethodsIP Address Range Filters Appendix E Third Party Software JspSmartUpload MySQL Jakarta Tomcat