jaigill Wed, 10/31/2007 - 17:42

Syslog push is a method that sends log messages to a remote syslog server. This method conforms to RFC 3164. You must submit a hostname for the syslog server and choose to use either UDP or TCP for log transmission. The port used is 514. A facility can be selected for the log; however, a default for the log type is pre-selected in the dropdown menu. Only text-based logs can be transferred using syslog push.

roland.sonder Wed, 07/21/2010 - 00:05

How can this be achieved. The GUI just let me select FTP and a timeinterval. So far I did not find how to configure the basic syslog push.

Any help is appreciated.

Roland

Andreas Mueller Wed, 07/21/2010 - 01:52

Roland,

there should be four options:


FTP

FTP on Remote Server

SCP on Remote Server

Syslog Push


Those are part of all Log subscriptions, athough I recall we recently indeed had a defect with Syslog Push not available on a specific log subscription. Could you check if Syslog Push is available for other logs on your appliance?


Cheers,

Andreas

roland.sonder Wed, 07/21/2010 - 05:08

Hi Andreas,


Many thank's for the fast response, I'm pretty impressed that someone is taking my beginner question serious.

I just checked what Log-Types support the "syslog push" (see list below).

Unfortunately the "Access Logs" I usually check with "tail" or "grep" is not included in the list.

In order to troubleshoot certain connection issues it would be very helpful to have the syslog messages analyzed by an external syslog server offering better filtering mechanisms.

What single Log-Type or Log-Type-Group is best to push to an external Syslog-Server in order to get the most valuable information troubleshooting connectivity issues ?


Best Regards

Roland



"Syslog-Push" supported Log-Types:

roland.sonder Wed, 07/21/2010 - 06:12

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Normale Tabelle"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi Andreas,


Many thank's for the fast response, I'm pretty impressed that someone is taking my beginner question serious.

I just checked what Log-Types support the "syslog push" (see list below).

Unfortunately the "Access Logs" I usually check with "tail" or "grep" is not included in the list.

In order to troubleshoot certain connection issues it would be very helpful to have the syslog messages analyzed by an external syslog server offering better filtering mechanisms.

What single Log-Type or Log-Type-Group is best to push to an external Syslog-Server in order to get the most valuable information troubleshooting connectivity issues ?


Roland



"Syslog-Push" supported Log-Types:

----------------------------------

- CLI Audit Logs

- Data Security Logs

- Default Proxy Logs

- Feedback Logs

- GUI Logs

- Logging Logs

- NTP Logs

- PAC File Hosting Daemon Logs

- Reporting Logs

- Reporting Query Logs

- SHD Logs

- Status Logs

- System Logs

- Traffic Monitor Error Logs

- Updater Logs

- Welcome Page Acknowledgement Logs

Andreas Mueller Wed, 07/21/2010 - 07:42

Hello Roland,

glad my answer is helpful for you!  Basically all connection data is recorded in the mail_logs (Logging Logs in your list I suppose), i.e. IPs, hostnames, sender and recipient addresses, etc... Note that  pushing a log to a syslog server does not keep a local copy,  so if  you still want to use  findevent or grep for it locally, you can simply add add another log subscription of the same type (Ironport Mail Logs) for local storage.


BTW, you are correct on the access logs not to be configurable for Syslog push, probably coming up in a future version.


Andreas

roland.sonder Wed, 07/21/2010 - 08:21

Hello Andreas,


Many thank's for the fast and competent reply.

I'll check the log-type "mail_logs" content. It would be great if I'd be able to import the logs into a dedicated syslog application.

Looking for log-info using the grep and tail utility is a bit cumbersome.


Best Regards

Roland

Actions

This Discussion