Knowledge Base Articles



Similar documents
Integrating Trend Micro OfficeScan 10 EventTracker v7.x

Topology Diagrams with Jalasoft Xian and Savision Live Maps

System Administration and Log Management

Syslog Monitoring Feature Pack

BioWin Network Installation

Attix5 Pro Server Edition

Network Load Balancing

Configuring Network Load Balancing with Cerberus FTP Server

EventTracker: Integrating Imperva SecureSphere

Working with SQL Server Integration Services

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Managed Security Web Portal USER GUIDE

WhatsUp Event Alarm v10.x Listener Console User Guide

Integrate Astaro Security Gateway

Tracking Network Changes Using Change Audit

GETTING STARTED GUIDE 4.5. FileAudit VERSION.

Eventia Log Parsing Editor 1.0 Administration Guide

Monitoring Inventory. Inventory Management. This chapter includes the following sections:

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

GETTING STARTED GUIDE. FileAudit VERSION.

Parallels Plesk Panel

XStream Remote Control: Configuring DCOM Connectivity

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Novell ZENworks Asset Management 7.5

Rx Medical. SMD Utility. Task Scheduler Configuration

NETWRIX EVENT LOG MANAGER

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

SecuraLive ULTIMATE SECURITY

Having Fun with QNAP and your Home Automation

RSA Authentication Manager

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

How to integrate Verax NMS & APM with Verax Service Desk

Getting Started with Tableau Server 6.1

Security Correlation Server Quick Installation Guide

System Log Setup (RTA1025W Rev2)

NETWRIX EVENT LOG MANAGER

Attix5 Pro Server Edition

Managing Software Updates with System Center 2012 R2 Configuration Manager

Viewing and Troubleshooting Perfmon Logs

Immotec Systems, Inc. SQL Server 2005 Installation Document

AVG 8.5 Anti-Virus Network Edition

User Management Guide

Microsoft Visual Studio Integration Guide

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on Oracle WebLogic Server

Autodesk Inventory Advisor Quick Start Guide

Providing Patch Management With N-central. Version 7.2

Lab 14A: Using Task Manager and Event Viewer

NetIQ. How to guides: AppManager v7.04 Initial Setup for a trial. Haf Saba Attachmate NetIQ. Prepared by. Haf Saba. Senior Technical Consultant

LepideAuditor Suite for File Server. Installation and Configuration Guide

ActiveImage Protector 3.5 for Hyper-V Enterprise. User Guide - Backup Hyper-V Server 2012 R2 host and

Chapter 8 Monitoring and Logging

ProperSync 1.3 User Manual. Rev 1.2

1 Installation. Note: In Windows operating systems, you must be logged in with administrator rights to install the printer driver.

Instructions for Configuring a SAS Metadata Server for Use with JMP Clinical

WebSphere Business Monitor V6.2 KPI history and prediction lab

Filtering Spam Using Outlook s Rule

Providing Patch Management with N-central. Version 9.1

How to Logon with Domain Credentials to a Server in a Workgroup

138 Configuration Wizards

Application Note 8: TrendView Recorders DCOM Settings and Firewall Plus DCOM Settings for Trendview Historian Server

Setting up Hyper-V for 2X VirtualDesktopServer Manual

User's Guide - Beta 1 Draft

Monitoring ESX/ESXi servers with Verax NMS & APM

1. Installation Overview

Altaro Hyper-V Backup - Getting Started

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Shavlik Patch for Microsoft System Center

Apple Mail Outlook Web Access (OWA) Logging In Changing Passwords Mobile Devices Blackberry...

McAfee SIEM Alarms. Setting up and Managing Alarms. Introduction. What does it do? What doesn t it do?

System Area Management Software Tool Tip: Integrating into NetIQ AppManager

Integrate Websense Web Security Gateway (WSG)

DCA Local Print Agent Push Install

Multi-factor Authentication using Radius

Hyperoo 2.0 A (Very) Quick Start

vcloud Director User's Guide

Installation Troubleshooting Guide

PRINT CONFIGURATION. 1. Printer Configuration

Course 2277: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Tenrox and Microsoft Dynamics CRM Integration Guide

Configuration Guide. Remote Backups How-To Guide. Overview

ActiveImage Protector 3.5 for Hyper-V with SHR. User Guide - Back up Hyper-V Server 2012 R2 host and

Cloud Portal User Guide

Ecora Enterprise Auditor Instructional Whitepaper. Who Made Change

Adaptive Log Exporter Users Guide

ACTIVE DIRECTORY DEPLOYMENT

Avaya Network Configuration Manager User Guide

Installing GFI Network Server Monitor

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013

Installation Overview

CNW Re-Tooling Exercises

Advanced Event Viewer Manual

MICROSOFT OUTLOOK 2011 READ, SEARCH AND PRINT S

ProjectWise Explorer V8i User Manual for Subconsultants & Team Members

ANDROID RECOVERY STICK QUICK START GUIDE

SecureIT Plus Firewall Features and Functionality

NSi Mobile Installation Guide. Version 6.2

Setting up DCOM for Windows XP. Research

Install MS SQL Server 2012 Express Edition

Transcription:

Knowledge Base Articles 2005 Jalasoft Corp. All rights reserved. TITLE: How to configure and use the Jalasoft Xian Syslog Server. REVISION: Revision : B001-SLR01 Date : 11/30/05 DESCRIPTION: Jalasoft has released Service Pack 2 for Xian Network Manager, which includes the Jalasoft Xian Syslog Server that receives and filters all the syslog messages generated by managed network devices and UNIX Servers. This new feature increases the functionality and monitoring power of Xian Network Manager by allowing it to asynchronously monitor devices and servers. A syslog message is a log message sent from certain device or machine to a syslog server. This message includes the facility or logical location of the log message, the severity level and the message itself. Please refer to the RFC 3164 documentation for more information. The Jalasoft Xian Syslog Server will receive all these syslog messages and after filtering them, it will immediately send the appropriate event messages to MOM. CONFIGURATION: There are 2 steps to follow in order to setup the Xian Syslog server: - Enable the Xian Syslog Server to receive the syslog messages. - Configure the managed network devices and UNIX servers to send their syslog messages to the Jalasoft Syslog Server. Enabling the Xian Syslog Server: The Syslog Server is part of the NSS service and it is disabled by default, so it is necessary to enable it and then configure its settings. Please follow these steps: 1. Open the Xian console. 2. Click on the Xian Servers tab located on the upper left tree window: 1

3. Access the Network Scan Server properties by double clicking on the server or by right clicking on it and then clicking on the Properties contextual menu option: You should view this properties window: 2

4. Click on the Syslog Server tab. You should see a properties window similar to the following one: 3

Please notice that the Server state is disabled. 5. Configure the UDP port that the server will use and then click on the Apply button 6. Click on the Syslog severities to Xian severities mapping button. 4

Configure the level of severity of the Xian events associated to the syslog message severities. In other words, you should configure the severity level that the Xian event should display in MOM when a syslog message with a certain severity level is processed. Click on the OK button after configuring these settings. 7. Once the port and the severities mapping is configured, click on the Enable button. You will see that the Syslog server goes to the Running status after a few seconds: If for some reason (i.e., ports already used, services not running properly or not enough permissions) the service can not be enabled, then the view last error button will be enabled. If you click on it, a window will be displayed indicating the error and the status of the server will remain in a disabled state. Configuring the Network Devices and UNIX Servers to send syslog messages to the Xian Syslog Server: Any network device or UNIX server that can send syslog messages can be configured to send this information to a syslog server. You should enable this service, configure the IP address of the server and configure also the message severities. For example if you would like to configure a Linux Syslog client, you should follow these steps: 5

- Add a new entry in the /etc/hosts file with the Syslog server information: <IP address> <fully qualified domain name> <host name> <nickname> For example: 10.2.3.68 XianUser.DevLab.com XianUser loghost - Add this entry to your etc/syslog.conf file with the nickname given on the previous step: *.debug @<nickname> For example: *.debug @loghost - Restart the syslog Please review your device and server documentation for the necessary steps in order to send the syslog messages to the Xian Syslog Server. WORKING WITH THE SYSLOG MESSAGE FILTERS: Once you have the Xian Syslog Server, all the devices and UNIX servers enabled and have configured them to send their syslog messages to the Syslog Server, the next step is to add the filters that the Xian Syslog Server will apply to the arriving syslog messages in order to filter the desired messages and discard the undesired ones. Please note that there are 2 types of filters: - User defined filters. - Predefined syslog filters for Linux and Solaris servers. Adding and Configuring a User Defined Filter: For adding a new user defined filter, please follow these steps (in the example we will use a Linux Server): 1. Open the Xian console and click on the Syslog message filters tab. 2. Right click on the Syslog messages filters working area and click on the Add contextual menu option: 6

The following window will be displayed: 3. Enter a name for the filter or use the default one suggested. 4. Select the action that the filter will perform when a syslog message that matches this filter arrives: o The Accept action will receive and process a syslog message that matches the filter and raises an event in MOM. 7

o The Reject action will discard any syslog message that matches this filter. 5. Enter an Event number: this number will be used by MOM to identify this event with predefined rules in the Xian plug-in SMP, or use custom rules to create alerts based on the event and then associate them to the appropriate KB Article. 6. Enter the Event source: in a similar way to the Event number, this field will be used by MOM to associate the event to some predefined or user rule that will associate the event to a KB Article. Please note that there are some reserved words used by Xian predefined filters and an error message like the following will be displayed if you try to use some of them: 7. Enter the Description for the filter. This field is not mandatory but will give you an idea of the filter and its purpose. 8. The next step is to configure the filtering of the severity levels of the messages and which severity levels will be considered and which ones will be discarded. To configure this feature, select the Severity check box and then select the severity levels for the filter. Please notice that if you click the Select All button, all the severity options will be selected as shown on the next figure: 8

9. The following step consists of selecting the syslog messages which will be filtered by contents. To do this, you will have to check the Contents check box and enter a valid regular expression that will be applied to the contents of the syslog message so that the filter will process all the messages that match this criteria only. If no regular expression was provided for this field, the following error message will be displayed when pressing the OK button: 10. The last step consists of configuring the devices or device groups that the filter will be applied to. You can select all the devices that belong to certain categories (e.g. Cisco switches) or select a specific discovered device or server only. To configure this setting, click on the Devices tab and click on the device category or expand certain categories for a list of discovered devices from a particular category and select the desired device or server. In the following figure, we are selecting the Linux Server category so that the syslog messages from the current device and the ones from the Linux servers, which will be added later, will be processed by this filter. 9

Please note that you can select several categories or devices to which this filter will be applied. You can select a specific device or server without having to select its category, if the filter will only monitor this particular machine. Finally, if you do not select any device or category, the following error message will be displayed when pressing the OK button: 11. Click on the OK button after finishing the configuration of this filter and the filter will be added to the list of filters that is displayed on the Syslog message filters tab on the Xian console main window. Now when a new syslog message that meets the filter criteria arrives, Xian will send an event to MOM containing the number, source and message description. Adding and Configuring a Predefined Syslog Filter for a Linux and/or Solaris Server: 10

The other types of filters that Xian Network Manager 2005 includes are the Linux and Solaris servers predefined filters that were created and configured to filter the most important syslog messages from these servers. These raise proper alert messages to MOM associated to the corresponding KB articles. To add this type of syslog filters, follow the next procedure (in the example we will add a syslog filter to a Linux server but the procedure is the same for a Solaris server): 1. Open the Xian console. 2. Click on the Syslog message filters tab located on the upper right pane. You should see the following window: 3. Expand the Linux Server tree and drag and drop the desired filter to the desired Linux Server: Please note that you can perform the same action by clicking on the Apply syslog filter device menu option, located on the left panel. When you click on the desired server the following window will be displayed: 11

You should select the filter that you want to apply to the server and then click on the OK button. 4. When the selected filter has been applied to the server, the next window will be displayed: 12

Please note that you will not be able to edit the Event number and the Event source fields since this kind of filters were configured with default values in order to match rules present in the Jalasoft SMPs. 5. Select the server or servers where this filter will be applied. You can also select the hole category. 6. Click on the Filter tab and configure the severity levels to filter: 13

Note that you can select all of the severity levels or just configure the filter to not consider this aspect by unselecting the Severity check box. Additionally, please note that unlike the user configured filters, the Content filter will not be available since the content of the filter is also predefined. 7. Click on the OK button in order to finish this filter configuration. Working with the Filter Order: When the Xian Syslog Server receives a new syslog message, it will try to match it to the first syslog filter that captures and processes the message. The Syslog server will compare this message with the first filter, and if it does not match then it will go to the second, and so on until it finds the filter that captures this message or just discards it if no filter for the message was found. Basically, you should consider that the most specific filters should be the first one to be compared and the most general one should go at the end. It is in this sense that the order of the filters is very important and you need to consider this aspect when adding a new filter, which should be located in the right position. To change the filter order, please follow these steps: 1. Open the Xian console 2. Go to the Syslog messages filters tab located at the bottom center pane on the console main window. 3. Verify that all the syslog filters are sorted by the Order column 14

4. Right click on the syslog filter that you want to move. The following options will be displayed: The filter can be moved up or down one position or it can be placed at the first or last position. 5. Click on the move option that you choose for the filter. 6. Repeat this procedure for each of the filters until they are placed on the appropriate position. Editing and Removing the Syslog Filters: The last operation that you can perform over a certain syslog filter consists of editing its settings and/or removing it. To edit a syslog filter, please follow this procedure: - Open the Xian console. - Go to the Syslog message filters tab where the syslog filters are located. - Double click over the desired syslog filter or right click over it and click on the Edit contextual menu option. The Syslog message filter properties window will be opened for the filter and you will be able to edit it an click on the OK button for applying these modifications or click on the Cancel button for canceling the operation. To delete or remove certain filter, you should follow these steps: - Open the Xian console. - Go to the Syslog message filters tab where the syslog filters are located. - Right click over the filter that you want to remove and then click on the Remove contextual menu option. - The following dialog will be displayed asking you to confirm the operation: 15

You have to click on the Yes button for removing the filter or click on the No button if you don t want to delete it Working with the Syslog Messages using the Device Properties Window: Most of the operations described on this document can be also performed using the Device Properties window that will allow you to add, edit and remove the syslog filters for a particular device. To configure the syslog filters for a certain device, please follow these steps: 1. Open the Xian console 2. Double click on the device or server, or right click on it and click on the Properties contextual menu option. 3. Once the Properties window for the device has been opened, click on the Syslog message filters tab. The following window will be displayed: 16

This window displays all the filters that were applied to the device or server, the Add, Edit and Remove buttons that will let you configure the filters which will be applied to the device or server. In the case of the Linux server and the Solaris server plug-ins, the Predefined Syslog Filters List for the plugin will be displayed. 4. Now you should be able to perform any of the previously described operations. APPLIES TO: Xian Network Manager 2005 SP2 STATUS: Procedure provided. ADDITIONAL COMMENTS: At the time that this document was written, the Xian Syslog server was in a beta version and the following issues were present: - The Syslog Server can not detect if the port that this service uses is being used by another application, if so the service will not work properly. Please make sure that the default UDP 514 port or the one assigned when enabling this service is not being used by any other service or application. - After enabling the Syslog Server, some Xian events are recorded twice or appear duplicated in the System Event Viewer. To solve this problem, an additional step should be performed after enabling the Xian Syslog server: open the Services window and restart the Jalasoft Xian Network Scan Server service on the machine where this component was installed. 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information