Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
jagadeeshan.s1
New Member.
2246 views

How to find devices sending logs to Syslog Connector?

Jump to solution

How to find the list of devices that are sending their syslogs to Connector. The connector is listening on UDP-514. Is there any file to look for? I don't get the info in runagentsetup wizard.

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Respected Contributor.. george_m_c Respected Contributor..
Respected Contributor..

Re: How to find devices sending logs to Syslog Connector?

Jump to solution

Hi Jagadeeshan,

Check the syslog.properties files to find the devices which are sending logs to a particular syslog smart connector. Information of all the devices sending log are logged to this file by smart connectors automatically when it receive the first event from a syslog device.All devices information is in a single line separated by comma

Data source information will have either the host name or device address with the name of the parser  used for normalizing the raw events of that particular device

File Location is <Connector Home>/current/user/agent/syslog.properties

Example

#Automatically generated by syslog

#Tue Mar 24 21:52:32 EST 2015

syslog.subagentdef=1.1.1.1\:bsm_syslog|generic_syslog,abcserver\:linux_auditd_syslog|generic_syslog

Above line says that

1)IP address of source machine is 1.1.1.1

  parser used to normalize events from 1.1.1.1 is bsm_syslog|generic_syslog

2)Hostname of device :abcserver

     Parser used are linux_auditd_syslog|generic_syslog

Exporting the syslog file properties in to csv will give you complete list of device that has successfully connected atleast once to the syslog connector

Cheers,

George

0 Likes
8 Replies
Super Contributor.. lybinhlap Super Contributor..
Super Contributor..

Re: How to find devices sending logs to Syslog Connector?

Jump to solution

Hi

You can configure destinations send events to Logger or ESM and can list devices on Logger on ESM.

Never give up
0 Likes
Respected Contributor.. george_m_c Respected Contributor..
Respected Contributor..

Re: How to find devices sending logs to Syslog Connector?

Jump to solution

Hi Jagadeeshan,

Check the syslog.properties files to find the devices which are sending logs to a particular syslog smart connector. Information of all the devices sending log are logged to this file by smart connectors automatically when it receive the first event from a syslog device.All devices information is in a single line separated by comma

Data source information will have either the host name or device address with the name of the parser  used for normalizing the raw events of that particular device

File Location is <Connector Home>/current/user/agent/syslog.properties

Example

#Automatically generated by syslog

#Tue Mar 24 21:52:32 EST 2015

syslog.subagentdef=1.1.1.1\:bsm_syslog|generic_syslog,abcserver\:linux_auditd_syslog|generic_syslog

Above line says that

1)IP address of source machine is 1.1.1.1

  parser used to normalize events from 1.1.1.1 is bsm_syslog|generic_syslog

2)Hostname of device :abcserver

     Parser used are linux_auditd_syslog|generic_syslog

Exporting the syslog file properties in to csv will give you complete list of device that has successfully connected atleast once to the syslog connector

Cheers,

George

0 Likes
Kiran N
Member.

Re: How to find devices sending logs to Syslog Connector?

Jump to solution

How do we filter extra devices reporting.

0 Likes
Jagathesh7 Contributor.
Contributor.

Re: How to find devices sending logs to Syslog Connector?

Jump to solution

Hello All,

If the connector set up does not have syslog.conf file, how can we confirm the devices list. Also, Is that the indication for connector crash?

Regards,

Jagathesh S

0 Likes
alexandros_n Honored Contributor.
Honored Contributor.

Re: How to find devices sending logs to Syslog Connector?

Jump to solution

I don't see anyone mention something about syslog.conf

0 Likes
sanj Trusted Contributor.
Trusted Contributor.

Re: How to find devices sending logs to Syslog Connector?

Jump to solution

Hi Alexandros,

Can you please let me know where can we find syslog.conf file

Thanks & Regards,

Sandeep

0 Likes
jagadeeshan.s1
New Member.

Re: How to find devices sending logs to Syslog Connector?

Jump to solution

Thank you Bourne! I got the devices info as per your steps.

0 Likes
Highlighted
Acclaimed Contributor.. Shaun Acclaimed Contributor..
Acclaimed Contributor..

Re: How to find devices sending logs to Syslog Connector?

Jump to solution

You can also right-click on a connector in ESM and do "Send Command" => "Status" => "Get Status".  You will see a bunch of lines that start with "Device [hostname|address|vendor|product] eventcount..XXXXXXXXX".

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.