Set up a separate syslog server for use with SEM
This topic describes how to add a separate syslog server to SEM. The SEM VM includes a syslog server, but you can add a separate syslog server.
This procedure uses the Node Health widget in the Ops Center to set up your syslog server. You can also click Add Nodes to Monitor in the Getting Started widget to set up your syslog server.
You can monitor your switches, routers, and firewalls using a syslog server. This server collects and sends syslog messages from non-Agent devices to the SEM Manager over TCP or UDP. SEM uses this information to monitor syslog events and displays all events in the Monitor view.
Each device is paired with a connector, enabling SEM to parse messages from the syslog server and normalize the log message content to a SEM event.
Open the SEM console. See Log in to the SEM web console for steps.
On the SEM menu bar, click Ops Center, and then locate the Node Health widget.
In the widget toolbar, click Add Node.
- On the Specify Nodes to Add tab, select Syslog node.
Enter your syslog server IP address. This device will send syslog event logs to the SEM Manager.
From the drop-down list, select the node vendor.
Follow the instructions in the window to configure your node and send syslog messages to the SEM appliance.
If you need help enabling syslog, click the vendor link.
If the vendor is not in the list, click Other vendors to access the SolarWinds Knowledge Base.
After you configure the node, select the check box in the window, and then click Next.
The wizard locates the new node and recommends the appropriate connector.
Connectors enable Security Event Manager to parse messages from syslog devices and normalize the original log message content to a SEM event.
If the SEM virtual appliance receives logs from the new device, it automatically detects and presents the device name or IP address.
To confirm the device is identified correctly, click Finish.
The syslog node displays in the Node Health widget.
- (Optional) Based on your SEM deployment architecture, repeat this procedure to add a second syslog server in a multiple location deployment with two or more syslog servers.