Filter
Top Products
14-4
User Guide for Resource Manager Essentials 4.1
OL-11714-01
Chapter 14 Enabling and Tracking Syslogs Using Syslog Analyzer and Collector
Overview: Common Syslog Collector
Overview: Common Syslog Collector
Common Syslog Collector is a service to receive, filter and forward syslogs to one or more Syslog
Servers, thus reducing traffic on the network as well as processing load on the server.
The Common Syslog Collector can be installed on the CiscoWorks Server, or on a remote UNIX or
Windows machine, to process Syslog messages. You can uninstall the Syslog Collector later if you no
longer want to run it on a remote UNIX or Windows server.
Common Syslog Collector (CSC) is a service that runs independently, listens for syslogs and forwards
them to the registered applications after necessary filtering. This way, the parsing/filtering is taken away
from the applications and each device sends only one copy of the processed, valid syslogs to the
Common Syslog Collector. Even though CSC runs independently, it can run either remotely or locally
on the machine where an application is running.
The RME server and the Syslog Collector exchange updates such as status, and filters.
You can configure the service to read syslogs from a specified file. This can be provided in a properties
file located at:
On Solaris:
NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/
Collector.properties
On Windows:
NMSROOT%\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\
Collector.properties
See the Installation and Setup Guide for Resource Manager Essentials, for the complete details.
In a scenario where the devices and the CSC may run in two different time zones, the syslogs will be
marked with timestamp of the CSC if they do not have a timestamp when they are received, or if the
format is not correct.
The device considers day-light-saving settings appropriately while putting the timestamps. CSC
supports all the time zones that Common Services 3.0 supports, and alternatively you can provide the
time zone information. See the Installation and Setup Guide for Resource Manager Essentials, for the
complete details.
After the Syslog Analyzer has been registered with the Collector, it:
• Receives the filters it needs from the RME server to filter Syslog messages.
• Sends status to the Syslog Analyzer process about the collected Syslog messages upon request from
the Analyzer, including the number of messages read, number of messages filtered, and number of
messages with bad syntax. It also forwards unfiltered messages to the Syslog Analyzer process.
If the Syslog Analyzer does not send any filters, then the Collector sends all the syslogs to the
Analyzer without filtering.
If the RME server is restarted, Syslog Collector will lose communication to the RME server. Based on
the current filters, it continues to filter the syslogs and stores them in a local file:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\server
name_port\DowntimeSyslogs.log
The Syslog Analyzer will automatically restore the connection after RME server restart.
For the complete instructions on installing the Common Syslog Collector, see the Installation and Setup
Guide for Resource Manager Essentials.