In an Enterprise network, VeloCloud Orchestrator (VCO) supports collection of VCO bound events originating from enterprise VeloCloud Edges (VCEs) to one or more centralized remote Syslog collectors (Servers), in the native Syslog format. For the Syslog collector to receive VCO bound events from the configured edges in an Enterprise, at the profile level, configure Syslog collector details per segment in the VCO by performing the steps on this procedure.

Prerequisites

  • Ensure that Cloud VPN (branch-to-branch VPN settings) is configured for the VCE (from where the VCO bound events are originating) to establish a path between the VCE and the Syslog collectors. For more information, see Configure Cloud VPN.

Procedure

  1. From the VeloCloud Orchestrator, go to Configure > Profiles.
    The Configuration Profiles page appears.
  2. Select a profile you want to configure Syslog settings and click the icon under the Device column.
    The Device Setting page for the selected profile appears.
  3. From the Configure Segment drop-down menu, select a profile segment to configure syslog settings. By default, Global Segment [Regular] is selected.
  4. Go to the Syslog Settings area and configure the following details.
    1. From the Facility Code drop-down menu, select a Syslog standard value that maps to how your Syslog server uses the facility field to manage messages for all the events from VCEs. The allowed values are from local0 through local7.
      Note: The Facility Code field is configurable only for the Global Segment, even if the Syslog settings is enabled or not for the profile. The other segments will inherit the facility code value from the Global segment.
    2. Select the Syslog Enabled checkbox.
    3. In the IP text box, enter the destination IP address of the Syslog collector.
    4. From the Protocol drop-down menu, select either TCP or UDP as the Syslog protocol.
    5. In the Port text box, enter the port number of the Syslog collector. The default value is 514.
    6. As Edge interfaces are not available at the Profile level, the Source Interface field is set to Auto. The Edge automatically selects an interface with 'Advertise' field set as the source interface.
    7. From the Roles drop-down menu, select EDGE EVENT.
    8. From the Syslog Level drop-down menu, select the Syslog severity level that need to be configured. For example, If CRITICALis configured, the VCE will send all the events which are set as either critical or alert or emergency.

    The allowed Syslog severity levels are:

    • EMERGENCY
    • ALERT
    • CRITICAL
    • ERROR
    • WARNING
    • NOTICE
    • INFO
    • DEBUG
  5. Click the + button to add another Syslog collector.
    Note: You can configure a maximum of two Syslog collectors per segment and 10 Syslog collectors per Edge. When the number of configured collectors reaches the maximum allowable limit, the + button will be disabled.
    Note: By configuring the Syslog setting for the Edges, only remote syslog for VCO bound events from Edges will be received at the Syslog collector. If you want the VCO auto-generated local events to be received at the Syslog collector, you must configure Syslog at the VCO level by using the log.syslog.backend and log.syslog.upload system properties.

Example: IETF Syslog Format

The following is a sample syslog message in IETF format.

<%PRI%>1 %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n

The following is a sample syslog message.

<163>1 2019-06-16T09:17:15.003Z b1-edge1 Edged 1312 ID47 ‘Interface GE3 is up’
The message has the following parts:
  • Priority - Facility * 8 + Severity (local4 & critical) - 163
  • Version - Syslog version - 1
  • Date - Date in YYYY-MM-DD format - 2019-06-16
  • Time - Time in UTC - 09:17:15.003Z (3 ms into next second)
  • Host Name - b1-edge1
  • Application Name - Edged [Mgd for mgd generated events]
  • Process ID - 1312
  • Message ID - type of message (String)
  • Message - Event message in UTF-8