Syslog Management

As an administrator, systems analyst, or DevOps team member, capturing log data should be one of your top priorities. The information contained in log data can not only help you ensure your systems are functioning properly but can also enable you to better serve your users and troubleshoot issues more efficiently.

The standard for exchanging log information, syslog simplifies the process of transporting and collecting log data in a centralized location, enabling you to analyze and understand your data better. Used by computers, other network devices, and applications to transport messages and logs central location for logging and storage, syslog protocol has been a popular and straightforward logging method since its introduction in the 1980s.

Syslog consists of three layers, each with a different function. The transport layer is responsible for sending the message over a network, while the application layer creates, routes, interprets, and stores the message. As the name implies, the content layer contains the content (or the data) of the message, including standard information like severity levels or facility codes.

Log servers use listeners to collect syslog data over a UDP port and then store the data in a database for future reference.

While syslog messages weren’t standardized for decades, the Internet Engineering Task Force (IETF) standardized syslog in 2009. Today, syslog messages follow the standard format, which includes:

• A header: The header contains the timestamp, process ID, message ID, hostname, application, priority, and version.
• Structured data: Data blocks can be found in the key-value pairs, allowing for quick parsing and interpretation.
• A message: Log messages should be UTF-8 encoded, but the message content is flexible.

Automatically executing commands with scripts can simplify syslog management and save you valuable time. With Kiwi Syslog Server’s scripting capabilities, you can manage dictionaries and files, operate with custom variables, forward syslog messages to other hosts, and more. You can configure Kiwi Syslog Server NG to run your scripts at regular intervals by creating a scheduled task.

Items (or data) are stored in an array in dictionaries, and items and unique keys are paired. Writing scripts enables you to create, view, alter, and delete dictionaries and their key and item pairs. Kiwi Syslog Server’s scripting functionality simplifies the process of:

• Storing a key and item pair to a dictionary
• Removing a key and item pair from a named dictionary
• Removing key and item pairs from a dictionary
• Deleting specific dictionaries or your dictionaries
• Viewing the number of items or an item for a specified key in a dictionary
• Determining if a specified key exists in a dictionary
• Viewing an array that contains the keys or items in a specific dictionary

In addition to managing dictionaries, you can use scripting to:

• Verify if strings have a valid IP address format
• Convert IP addresses to 8-byte hex values
• View the daily statistics page as a CRLF delimited string that can be emailed or written to a file
• Convert message priority values to text representations of facility levels
• Send emails
• Send syslog messages to other syslog hosts using UDP or TCP protocol
• Delete files

While other script fields are known for erasing static values with every new message, Kiwi Syslog Server’s system does not. It also has unlimited amount of custom / global variables to be used. To use script, open the Kiwi Syslog Server NG Setup dialog box, then click Scripts.

When it comes to syslog management, SolarWinds Kiwi Syslog Server NG can collect syslog data from an unlimited number of devices, including IPv4 and IPv6 devices and manage up to two million messages each hour. Kiwi Syslog Server NG is a centralized log message management solution with built-in responses, intuitive viewing, and advanced alerting and filtering capabilities while remaining user-friendly.

With Kiwi Syslog Server NG, you can monitor and manage your syslog data in real time no matter where you are with native web-based application. The web console offers 21 customizable views, enabling you to see business-critical data and act quickly. Kiwi Syslog Server NG even has time-range-specific graphs of syslog statistics, so you can better understand your devices’ and network’s performance during a specific period.

Kiwi Syslog Server NG features several built-in actions. In response to syslog messages, this syslog management tool can run scripts or external programs, or log messages to files, Windows event logs, or databases. You could also use it to send an email notification or forward syslog messages to other hosts. The tool can also split written logs according to IP address, hostname, device, date, and other variables, saving you the hassle of manually performing these actions. Kiwi Syslog Server NG can automatically alert you via email, text, pager message, or instant message when predefined syslog criteria are met.

In addition to providing advanced syslog alerting functionality and message buffering, this syslog manager offers message filtering capabilities. You can filter messages according to priority, host IP address, time of day, or hostname, so you can find the message you need. You can also retain and archive syslog messages on files, disks, and ODBC-compliant databases, helping you demonstrate compliance with regulations like FISMA, PCI-DSS, and SOX.

Kiwi Syslog Server NG is compatible with other SolarWinds IT management tools, so you can filter out unwanted syslog messages before they’re sent to SolarWinds Network Performance Monitor and forward collected log messages to SolarWinds Loggly^® and Security Event Manager for high-quality log storage, monitoring, and analysis as well as real-time event correlation and threat detection.