Vice Admiral Vice Admiral
Vice Admiral
695 views

Two syslog connectors on one ArcMC

Jump to solution

Anyone ever install two syslog connectors on one ArcMC appliance?  Did you just sent the second syslog to a different port? (515, 516...etc) How did you configure it?

Looking to seperate our syslog devices via function, device vendor, flex, etc.

Best,

Labels (3)
Tags (2)
0 Likes
1 Solution

Accepted Solutions
Commodore
Commodore

Yes John, Ofcourse you may setup multiple syslogs on single port as well.

if its an appliance you may configure all 4 network interfaces (for Software ArcMC install multiple LAN cards on your server) which will give you liberty to setup 4 Sylog servers on one ArcMC. During configuation just specify IP address of each interface and syslog port of your choice and you may configure syslog devices to push logs to IP address of your choice.

example.....

eth0 - 10.0.0.1 (10.0.0.1:514) CiscoASA

eth1 - 10.0.0.2 (10.0.0.2:514) CisoRouter

eth2 - 10.0.0.3 (10.0.0.3:514) Juniper

eth3 - 10.0.0.4 (10.0.0.4:514) NxOS

Hope this helps

Manoj S.

Manoj S.

View solution in original post

0 Likes
5 Replies
Fleet Admiral
Fleet Admiral

Hi John,

Yes you can select different port instead of 515. When you install syslog connector it asks port number then you can give your custom port for listen syslog from the source.

Cheers

Gayan

Mr
0 Likes
Commodore
Commodore

Yes John, Ofcourse you may setup multiple syslogs on single port as well.

if its an appliance you may configure all 4 network interfaces (for Software ArcMC install multiple LAN cards on your server) which will give you liberty to setup 4 Sylog servers on one ArcMC. During configuation just specify IP address of each interface and syslog port of your choice and you may configure syslog devices to push logs to IP address of your choice.

example.....

eth0 - 10.0.0.1 (10.0.0.1:514) CiscoASA

eth1 - 10.0.0.2 (10.0.0.2:514) CisoRouter

eth2 - 10.0.0.3 (10.0.0.3:514) Juniper

eth3 - 10.0.0.4 (10.0.0.4:514) NxOS

Hope this helps

Manoj S.

Manoj S.

View solution in original post

0 Likes
Captain
Captain

Hey John

I've deployed 4 different Syslog agents on my ArcMC appliances, all on custom ports.  However, one thing to note is that you should not install multiple syslog agents within the same container.  Same applies to WUC - it impacts performance of your appliance/container.

Regards

0 Likes
Commander Commander
Commander

You will need to ensure that the data source can use a specified port number when remotely logging via syslog

specify the port number in the connector and if you can use TCP for more reliable logging.

Here is an example of rsyslog (which is standard for Red Hat Linux) used UDP and TCP over port 514. You can specify the port number by changing the 514.

# Provides UDP forwarding. The IP is the server's IP address

*.* @192.168.1.1:514

# Provides TCP forwarding. But the current server runs on UDP

# *.* @@192.168.1.1:514

you can find more information on how remote logging is configured on Linux here: How to configure remote logging with rsyslog - Red Hat Customer Portal

This should give you an idea on how other syslog daemons on other platforms might be configured.

0 Likes
Vice Admiral Vice Admiral
Vice Admiral

Great! thanks for the additional info!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.