Imagine every event occurring in the network/devices is recorded in real time, including the abnormal events. What else would you want? Obviously, a convenient way to scan through this information or capture the relevant ones online. This leads to monitoring the logs and events generated by diverse devices.
Log Monitoring/Analysis is already well known in the security and network management space. It is now beginning to gain prominence in the network operations space [Ack.: EMA Research]. The fact that every granular event is logged in real time means that you will find granular information at the device level and even at the session level. One of the advantages is, root cause analysis for certain situations becomes easier with log monitoring.
But, the challenge lies in the identification of the relevant logs from a “log storm”. The trick lies in identifying the situation or the usecase and the log string. Then, put them into a monitoring tool and get alerted when it happens! And, maybe, generate an incident/ticket instantly!
Network devices send out syslog messages, which can be directed to a recipient server. The sylogs thus directed, can be monitored.
ManageEngine IT360 is capable of monitoring syslogs and it is a lightweight feature that suits a network operations environment. [Well, it does not store all the syslogs received!]. In IT360, the syslogs from the devices and systems are not actually stored inside IT360 at all. It goes like this: the network and system administrator of the customer is asked to configure UDP port 154 for syslogs. IT360 listens to this port for syslogs. The device is configured to forward the syslogs to IT360 via this UDP port 154.
Now, IT360 parses these logs received in 154 and looks out for any matching strings, as configured and raises alerts, etc. It is these syslog messages that are converted into event alerts and are stored. And, rest of the syslog messages are not stored in IT360 at all.
You can receive syslogs from scores of devices!
Syslog+SNMP Traps+custom polling can be a great combination in Network Operations management. Truly a Unified IT Monitoring combination!
Here’s a 6 minute video on how syslog monitoring is configured in ManageEngine IT360:
The original article/video can be found at Log Monitoring and Network Operations