How to Monitor eG Syslog Server using eG Enterprise?

eG Enterprise monitors the eG Syslog Server in an agent-based manner. The eG agent installed on the target host periodically monitors the Syslog file for specific patterns of errors/warning messages. To enable the eG agent to monitor the eG Syslog server, the following pre-requisites should be fulfilled.

Pre-requisites for monitoring the eG Syslog server

The following requirements should be kept in place before starting to monitor the eG Syslog server:

  • Starting the eG syslog server service
  • Configuring the eG Syslog server

Starting the eG syslog server service

Once the eG agent is installed on the Windows host, first you need to create the syslog server service in it. To create the syslog server service, do the following:

  1. Go to the eGurkha/syslog/bin folder.
  2. Then, run the CreateSyslogService.bat file for starting the service.

When the syslog server service is created, the eG Syslog server will run as a Windows service on the system and, will be ready to collect error/warning messages through a port.

Configuring the eG Syslog server

To configure the eG Syslog server to collect the syslog messages, you need to do the following:

  1. Go to the eGurkha/syslog/config file folder and open the file to edit.
  2. When Figure 1 appears, provide the configuration details as shown in Figure 1.

    Figure 1 : Specifying the configuration details in the file

  3. The details to be configured in the file include the following:

    • A - Specify the IP address of the eG Syslog server
    • B - Provide the UDP port number at which the eG syslog server listens. By default, this is 514.
    • C - By default, User Datagram Protocol (UDP) is used for communication. If you wish to use any other protocol for communication, you can mention it here.
    • D - Specify the location and name of the syslog file.
    • E- Size limit (in MB) of the syslog file. When the syslog file reaches this limit, a new syslog file named syslog.1 will be created in the same folder. The content of the syslog file will be copied to the syslog.1 file each time syslog file reaches its size limit. At any point in time, the destination folder will contain only two files – syslog and syslog.1 for storing syslog messages.
    • F - Indicate whether the eG syslog server should run in debug mode or not. If you wish to run the eG syslog server in the debug mode, this flag should be set to true. Otherwise set this flag to false.
  4. Likewise, the host systems should also be configured with the IP address and port of the eG Syslog server to stream the error/warning messages.

Once the above-said requirements are set in place, manage the eG Syslog component using eG administrative interface to start monitoring eG Syslog server. The steps for achieving this are explained in the following section.

Managing the eG Syslog Server

The eG Enterprise cannot automatically discover the eG Syslog Server. This implies that you need to manually add the component for monitoring. Remember that the eG Enterprise automatically manages the components that are added manually. To manage a eG Syslog Server component, do the following:

  1. Log into the eG administrative interface.
  2. Follow the Components -> Add/Modify menu sequence in the Infrastructure tile of the Admin menu.
  3. In the COMPONENT page that appears next, select eG Syslog as the Component type. Then, click the Add New Component button. This will invoke Figure 2.


    Figure 2 : Adding a eG Syslog component

  4. Specify the Host IP/Name and the Nick name of the eG Syslog server in Figure 2. Then, click the Add button to register the changes.
  5. When you attempt to sign out, a list of unconfigured tests appears.


    Figure 3 : List of Unconfigured tests for the eG Syslog component

  6. Configure the tests in the list of unconfigured tests one after another. To know the details on configuring these tests, refer to Monitoring the eG Syslog server.
  7. Finally, signout of the administrative interface.