Syslog collector send and receive notification messages in a particular format from various network devices. These messages includes timestamps, event messages, severity levels, host IP addresses, diagnostics, and so on.

Procedure

  1. To configure Syslog Collector, navigate to Administration > Configuration > Collectors and Connectors.
  2. From the Collectors section, click Add.
  3. From the Collector selection page, select syslog-collector.
  4. In the Add Collectors page, provide the following details:
    Input Parameter Description Default Value
    Name Provide the name of the collector. NA
    Data Centre Select the location of the collector data. Core
    Mode
    Mode Select the Mode from the drop-down, which the Syslog collector operates on. For Syslog message collection, the collector can either actively pull messages from agents through SSH (Query mode) or passively listen for messages pushed from the agents directly through the exposed Node port (Listen mode). Listen
    Connection Parameters: If Mode is set to Query, then provide the Connection Parameters details.
    Hostname or IP address Provide the Hostname or IP address of the network device or Syslog server. NA
    User name Provide the username of the network device or Syslog server. NA
    Password Provide the password of the network device or Syslog server. NA
    Syslog Path Provide the file directory path of the syslog file. NA
    Port Bindings: If Mode is set to Listen, then it treats it as the Listen mode, where it listens and collects the syslogs directly from the device, pushed through the UDP server and through exposed Node port. In this case, you need to provide port bindings details.
    Port Provide the port number on which the collector application is running. 2064
    Node Port Provide the node port at which you publish the syslog messages. Range is 30000-32767. Reserved Ports: 30002, 32092.
    Note: Specify the VMware Telco Cloud Service Assurance user interface IP and the Node Port configured during the creation of the Syslog collector like below while configuring the Syslog Server IP Address on the Network Device:
    Router(config)# logging host 10.214.161.68 transport udp port 30009
    
    Port Protocol Provide the port details for the transport layer protocol on which the collector is accepting requests. UDP for Syslog collector by default. udp
    Port Bind Type Provide the type of port binding used. This can be either Gateway or NodePort NodePort
    Notification Attributes
    Category Provide a categorization of the event. Valid values are: AVAILABILITY, CAPACITY, COMPLIANCE, CONFIGURATION and PERFORMANCE.. $set_on_match(".*","AVAILABILITY")

    The Category is an optional attribute that is set to AVAILABILITY by default using the above regex via $set_on_match. It can be modified to any valid type, as specified in the description, by using a similar regex with different conditions.

    Class Name Provide the class name of the managed element where the event occurred. NA
    Event Name Provide the name of the event that occurred. NA
    Event State Provide the state of the event. Values can be ACTIVE (notified), SUSPENDED, WAS_ACTIVE, or INACTIVE (cleared). $set_on_match(".*","ACTIVE")

    The EventState is an optional attribute that is set to ACTIVE by default using the above regex via $set_on_match. It can be modified to any valid type, as specified in the description, by using a similar regex with different conditions.

    Event Text Provide the description of the event.
    Event Type Provide the nature of the event. Value can be either MOMENTARY or DURABLE. A momentary event has no duration. A durable event has a period during which the event is active and after which the event is no longer active. MOMENTARY
    Instance Name Provide the name of the instance where the problem was diagnosed.
    Severity Provide the severity of the event occurred.
    Source Provide the source of the event. SYSLOG
    Timestamp Provide the Timestamp when the syslog message occurred. $transform_date()

    The $transform_date() function supports timestamps in the default format "YYYY-MM-DDTHH:mm.FZ".

    User-Defined Fields
    Enable User-Defined Fields Select True or False fromt the drop-down, to enable or disable the user-defined fields.
    Note: If the Enable User-Defined Fields field is set to True, then the user can provide user-defined values from User-Defined 1 - User-Defined 20.
    False
    Syslog Collector
    Note: If the Mode is set to Listen then Connection Parameters section does not appear, instead Port Bindings section appears.
    Port Bindings
    Syslog Collector Syslog Collector Syslog Collector
  5. Click Create Collector.