The Syslog Passive Monitor listens for Syslog messages on the devices to which it is assigned.
Syslog is a standard for computer data logging that separates the software that generates messages from the system that stores them and the software that reports and analyzes them.
Syslog messages refer to a facility (the type of program that logged the message) and are assigned a severity by the sender of the message. For more information about Syslog facilities and levels of severity, see RFC5424 (page 9 for facilities and page 10 for levels of severity).
To add or edit a Syslog monitor:
Note: If you have multiple payload "match on" expressions, they are linked by "OR" logic - not "AND" logic. Example: If you have two expressions, one set to "AB" and the other to "BA", it will match against a trap containing any of the following: "AB" or "BA" or "ABBA".
After configuring a passive monitor in the Passive Monitor Library, add the monitor to devices.
For an example of why you might create a Syslog Event, see Sample of a Syslog Monitor Event.