This help page is for version 8.4. The latest available help is for version 8.5.
Syslog Monitoring and Reporting
The Syslog Monitor receives logs from syslog agents on devices on your network. You configure those devices to forward their logs to PA Server Monitor. When a log
line is received, the Syslog Monitor can store it in a database and optionally alert on it (send an email or write it to a log file for example).
Configuration - Port
By default, the Syslog Monitor listens on the standard 514 syslog port. This can be changed in the registry at:
Note that this is a global value that affects all Syslog Monitors. The PA Server Monitor service needs to be restarted if this value is changed.
Configuration - Monitor Settings
The monitor shows a grid of the standard syslog severities across the top, and standard facilities going down the left side. If you want the monitor to react to a syslog
of a particular severity and facility, check that box. Syslogs that correspond to an unchecked box are ignored. All syslogs that match a checked box get written to a database
for use in reports.
In addition to the severity/facility grid, you can also specify filters to further narrow which syslogs will cause alerts to fire and which you would like to ignore. Select the
Filter Box in the column next to the Syslog.
Select the Add button to add a filter or Edit to edit a filter using text or a Regular Expression.
Syslogs that match the filter (which requires that they also match the severity/facility grid) will cause actions to fire. These actions can
send email, write to log file, write to the Windows Event Log, etc.
If you want different actions to run for different syslogs (perhaps some events going to one group and some events going to another group), you can create multiple Syslog Monitors
with different filters, grid settings and attached actions.
Standard Configuration Options
Like all monitors, this monitor has standard buttons on the right for Adding Actions and
setting Advanced Options. This monitor does not have a Schedule button since a schedule is not needed to receive syslogs.
Besides live alerting on particular syslogs, you can also run reports to review syslogs that have been received and processed. You can filter on sending computer, severity, facility, and date
If you want to do your own processing or reporting on received syslog entries, they are stored in the SyslogEntries table (in the C:\Program Files\PA Server Monitor\Databases\SyslogMonitor.db file if using the embedded SQLite database).