Syslog Server tool

The Syslog Server tool in ETS for the Desktop listens for incoming syslog messages on User Datagram Protocol (UDP) port 514, decodes the messages for logging purposes, and stores the messages in a local database. If you have an active maintenance agreement and want to report to a local SQL Server database instead of Access, log in to the SolarWinds website and go to Additional Components.

Many network devices can generate syslog messages. For details on enabling syslog messages on a particular device, refer to the vendor documentation.

When a syslog message is received, the Syslog Server adds the message to the syslog database and displays the message.

Open the Syslog Server tool

• To launch the tool from the Toolset Launch Pad, locate the Syslog Server tool and click Launch.

• You can add the tool to a tab in the Workspace Studio, and access it from there.

• To launch the tool from the Windows Start menu:

  1. Click Start > All > SolarWinds Engineer's Toolset.

  2. Right-click Syslog Server, click More, and click Run as administrator.

Select message properties

With Syslog Server you can modify several general properties, including the following:

• Display messages as they arrive.
• Play a sound when a message is received.
• Word wrap messages.
• Select the properties to display of the message itself.

To modify properties:

1. Click File > Settings.

2. Click the General tab, and then select the options you want to enable or disable.

3. To change the database location, click Browse and select a new location.

4. Click the Display Columns tab, and select the properties you want to display about syslog messages.

   Modifying the properties viewed does not change what is stored in the database. The entire message is stored.

5. Click OK.

Limit the number of messages to display

You can specify how many rows to display in the user interface. This does not limit the number of messages you can save in your database.

1. Click File > Settings.

2. Click the Display Rows tab, and select the number of rows to display in the user interface.

3. Click OK.

Clear messages from the display

• To delete single messages, click the X to the left of the message.

• To delete selected messages, select the messages to be deleted, and then click Delete Selected Messages.

• To delete all displayed messages, click Select All, and then click Delete Selected Messages.

Filter accepted messages

To accept only certain messages from devices sending syslog messages, you can filter the messages accepted.

1. Click File > Settings.

2. Click the Priority Filter tab, and then select the priorities you want to accept.

   For example, select Emergency.

3. Click the Facility Filter tab, and then select the facilities described within the message you want to accept.

   For example, select user-level message.

4. Click OK.

Send syslog messages

You can use the tool to send syslog messages to another syslog server. This feature is commonly used to add messages manually to a remote syslog database for testing, during system upgrades, and while troubleshooting a network problem.

1. Click Edit > Send Syslog Message.

2. In the Target Host name or IP address field, enter the host name or IP address of the message target.

3. Select a priority from the list.

4. Select a facility code from the list.

5. Enter your message, and then click Send Message.

   Your message is sent on UDP port 514.

Search the syslog server database

To find older messages, messages cleared from the display, or messages outside the row limit of the display, search the database. You can also use this functionality to display all the messages from a specific source, or a specific priority or facility.

1. Click Edit > Search Syslog Database.

2. Specify the information to search for, and then click Search.

You can use the asterisk (*) wildcard within search strings. For example, enter *bob* in Containing the following text field finds all messages that contain bob.

Delete old syslog messages from the database

In the Syslog Server tool you can also set an archival time after which messages are deleted from the database.

1. Click File > Settings.

2. Click the General tab.

3. In the Database Settings grouping, specify a time after which to delete data from your database.

Clear the syslog server database

It is possible to completely empty the syslog server database. If you are running out of file space, or you have received a large influx of messages that have no value, you should consider emptying the database.

1. Click File > Purge Syslog Database.

2. Confirm that you want to delete all the data.

Export, print, and copy messages

You can transfer messages to other tools through exporting and copy and paste capabilities. You can also print discovered information.

To export messages:

1. Click File > Export, and then select the type of export.
2. Select the information to export.
3. Name the path for the exported information.

To copy messages, click Edit > Copy Selected Messages or Edit > Copy All Messages.

To print messages, click File > Print, and then select the information to print.