In the case of RFC-3164 Compliant Syslog Devices, you have to add them as UNIX hosts in EventLog Analyzer. Before adding them as hosts, ensure that Syslog Daemon is configured in those devices.
Select the host type as UNIX. Optionally, use the + icon to create new host type for your host
Enter the host name(s). Enter multiple host names separated by comma. Tip: you can also copy the comma separated host names from a text file and paste in this field
Select the host group. For UNIX host type, UNIX Group will be the default selection. Optionally, use the + icon to create new host group to assign the configured host(s)
Enter the Syslog Listener Port through which the UNIX host(s) will be sending the syslog
Click Save button to add the host(s).
Use Save & Add More button to add more hosts
Note: |
UNIX/ Linux hosts configured to send Syslog data to the EventLog Analyzer on either of the default Syslog ports (513 & 514) need not be added as UNIX hosts in EventLog Analyzer and they will be automatically added to the list of hosts.
If the devices are not added in the Hosts list, follow the troubleshooting procedure given below.
Check the connectivity between the EventLog Analyzer server and the UNIX/ Linux host or device. Use the 'ping' command and check if UNIX/ Linux machine is reachable from Eventlog Analyzer server and vice-versa
Logon to EventLog Analyzer user interface, click on Show Listener Port(s) Details and check if the ports 513, 514 are up and getting listened
In case, the default port is down, meaning the port is occupied by some other application, then you can forward the syslog to any other port which is free and ensure that you add that port in EventLog Analyzer product or free the port by stopping the application which uses it
Check whether the packets are forwarded in the default UDP ports 513, 514 or the custom configured port from the UNIX/ Linux machines
If the machine is not getting added still, check if any firewall (like Windows Firewall or any other services) is blocking the port. If so, unblock the port
If the issue persists, use any packet capturing tool like Wireshark or Ethereal and ensure that syslogs are forwarded from the UNIX/ Linux machine