Set the syslog servers

You can configure more than one syslog server. Based on your selected event categories in the syslog server configuration, all selected system health status, operational, and activity events are sent to all servers.

Create a syslog server configuration

Start the Configuration application.
Click the Server tile.
Click the SysLog drop-down menu.
Click New.

To delete a syslog server, click Delete.
In the Address field, enter the syslog server name or IP address.
In the UDP Port field, enter the syslog server port number.
Select the categories of events that will be forwarded to the syslog server.
Click the Facility drop-down menu and select the syslog facility.
Click the Encoding drop-down menu and set the encoding—for example, to display messages with umlauts correctly.

Delete a syslog server configuration

Click the SysLog drop-down menu.
Click Delete.

The currently selected, light blue highlighted selection is removed.

System health status events

Source	Event	Parameter
armServer	Started	hostname
armServer	Shut down	hostname
armServer	RabbitMQ started	hostname, port
armServer	RabbitMQ lost	hostname, port
armServer	Collector connected	hostname, collector
armServer	Collector lost	hostname, collector, reason
armServer	Database connected	hostname
armServer	Database disk space low (DataBaseDiskSpace)	hostname
armServer	Alert message queue warnings	hostname, message
armServer	Disk space warning (ArchiveDiskSpace)	hostname, message
armServer	Logga state changed	hostname, logga name, new state
armServer	Sensor state changed	hostname, sensor name, new state

Operational events

Source	Event	Parameter
armServer	Scan executed	hostname, scan name
armServer	Scan failed	hostname, scan name, reason
armServer	License changed	hostname, license information
armServer	License scope changed	hostname, changed scopes
armServer	Mail server error	SMTP server, reason
armServer	Failed activities (see table below)	same as on successful activities (see table below)

Activity events