In Part-01 you saw how to do initial setup for syslog server and now in second part we need to understand some basic stuff.
First is getting used to interface. Most important among the set up is the configuration console
So once you click on the configuration console you have numerous option, I have used only two-three and I would be talking about them.
First is to create rule and filter. Most basic of this is, you need to create rule first and then filter, action. Then is to associate the action with the filter.
In above screen, you can see default option and associated filter and action for it. I have created a additional rule and called it as “Test Rule”
Then created a filter for PZESXi-07.pzwaredu.com host and associated a action against it.
Action is very simple here, which says filter pzesxi-07(above) and show it on Display 01(as action)
And here is the ultimate results, you can see below I have selected Display 01 and it is only filtering pzesxi-07 logs only.
Next item is to confirm your DNS settings. Make sure you select “Resolve internal address using DNS server” (underline), this will make sure your hostname are correctly in the logs.
And final option is to schedule a task to archive the logs over a period of time. It is just again as simple as click, click
- Open the configuration console again, right on the schedule and select add new schedule as shown below
- Rename the task as per your convenience, as “Logs Archiving task”
- Select the location where the live logs are dumped as source location
- Select the destination location where you wish to archive them
- Then there are numerous option to schedule the task, how to archive, protect the archive. They are very easy to understand.
Other option(less important) is of highlighting the results for better readability. Go to view menu and select highlighting option.
Select color of your choice and apply.
Some tests now
To check if we can compare the results, I purposely pushed PZESXi-09.pzwaredu.com into maintenance mode as shown below
Check the task pane for timing details
Now check syslog console for detail message. You can task completed at 11:59:33 and at nearly same time syslog gave us information that host is moved to maintenance mode (Click on the image for more clarity)