Documentation forLog Analyzer

Configure devices to send messages to Log Analyzer

To receive messages from a syslog-capable device, configure the device to send syslog messages to the appropriate port on the computer where the dedicated server is installed.

Log Analyzer listens for UDP messages on port 514. This is the default port for devices sending syslog messages as defined by RFC standard 5426. You can also configure your devices to send SNMP traps to port 162. Learn about configuring secure syslog settings here.

When the device is added as a monitored node to the Orion Platform, messages from this device stream into the Log Viewer and are processed according to the rules that you define.

For information about configuring a specific device, refer to documentation from the device manufacturer. Below is an example for configuring a Cisco switch.

Configure a Cisco Catalyst 2960 switch to send syslog messages to Log Analyzer

The following example shows how to configure a Cisco Catalyst 2960 switch. To configure other types of devices, see the device manufacturer's instructions.

Message logging must be enabled on the device. On many devices that generate syslog messages, logging is enabled by default.

  1. On the Cisco Catalyst 2960 switch, open the Cisco command-line interface and begin a session.
  2. Verify that you are in privileged EXEC mode on the switch. To enter Privileged EXEC mode, type the command:

    enable

  3. Switch to global configuration mode. Type the command:

    configure terminal

  4. Verify that logging is enabled. If logging has been disabled, type the command:

    logging enable

  5. Configure the switch to send log messages to the Log Analyzer database. Type the command:

    logging host

    where host is the name or IP address of the device where the dedicated server is installed.

  6. Limit the messages sent based on priority level. Type the command:

    logging trap level

    where level is one of the following, listed in descending order of priority:

    • emergencies
    • alerts
    • critical
    • errors
    • warnings
    • notifications
    • informational (default level)
    • debugging

    The device sends messages with the specified priority level and above. For example, the level critical sends messages with priority levels of critical, alerts, and emergencies.

  7. Return to privileged EXEC mode. Type the command:

    end