User’s Guide – version 1.6

NetWatch

Chapter 6: Syslogs

The Syslog protocol is an event notification protocol that allows a machine be it a Server, Hub, Switch or Router to send event notification messages to ‘event message collectors’ -also known as ‘Syslog servers’.

Syslogs and NetWatch

NetWatch has its own built in fully featured Syslog server. Any Syslog messages sent to the NetWatch Server will be stored in a Syslog message event database.

Enabling Syslog Reception

To allow NetWatch to receive syslog messages, turn on the “Use Syslog Receiver” option on the Admin System Settings page. The NetWatch service requires a restart after changing this setting.

Syslog Severity/Priorities and Reporting

Each syslog sent from a device has an encoded severity. These are described in the following table.

Emergency:

System is unusable.

Alert:

Action must be taken immediately.

Critical:

Critical Conditions.

Error:

Error Conditions.

Warning:

Warning Conditions.

Notice:

Normal but significant condition.

Informational:

Informational messages.

Debug:

Debug-level messages.

Each one of these severity levels is assigned to a NetWatch priority level as decided by the administrator in the ‘Syslog Configuration Section’.

Only messages of a certain priority will be viewed and processed by the reporting system. The ‘Syslog Configuration Section’ can also configure this.

For details of viewing and processing syslog messages refer to Chapter 5 ‘The Reporting System’.

Configuring Devices to Send Syslogs to NetWatch

For Syslogs to be viewed and processed by NetWatch devices must be configured to send its Syslog messages to the NetWatch Server. Using the CISCO IOS for example syslogs are sent to the NetWatch Server with the following command:

Logging Hostname or A.B.C.D (IP address of the NetWatch Server)

32

Page 32
Image 32
Fluke Network Router manual Syslogs and NetWatch, Enabling Syslog Reception, Syslog Severity/Priorities and Reporting