Syslog-NG Opensource Next Generation Syslog server
Syslog is a valuable mechanism to proactively capture chronic issues affecting the network. It can identify many more exceptions and network degradation warnings than other forms of telemetry such as SNMP traps and therefore must by utilized by support organizations. There have been several cases where certain syslogs have identified a critical network issue for which there existed no SNMP traps. For example, an organization was able to identify a critical soft-error issue with their switch fabric module by the help of the %SYS-3-FAB_SYNCERR syslog message. This saved the customer valuable downtime since they were able to rectify the problem before the end customers started feeling the symptoms. Without such instrumentation, the only way the organization would have known about a problem would have been when users had called in complaining about it. However, owing to its verbose nature, syslog must be harnessed and implemented carefully and due diligence must be invested in defining adequate thresholds to generate actionable alerts. The process also requires that the problem management team is able to identify critical syslog messages easily and with equal ease, create problem tickets in the internal ticketing system. The syslog messages must also be prioritized according to the nature of the site emanating them; i.e. messages from critical sites must take precedence over those from non-critical deployments. These requirements are very customer-specific by nature due to the uniqueness of each individual network deployment. Harnessing the full potential of syslogs requires a streamlined process and underlying tool structure which provides for the collection, analysis, and action on all received syslog messages from the network.
NMS Wiki Read more about Enterprise Class Syslog Management here.