Adding and Editing a Syslog Monitor

The Syslog Passive Monitor listens for Syslog messages on the devices to which it is assigned.

Syslog is a standard for computer data logging that separates the software that generates messages from the system that stores them and the software that reports and analyzes them.

Syslog messages refer to a facility (the type of program that logged the message) and are assigned a severity by the sender of the message. For more information about Syslog facilities and levels of severity, see RFC5424 (page 9 for facilities and page 10 for levels of severity).

To add or edit a Syslog monitor:

1. From the WhatsUp Gold web interface, go to Admin > Monitors. The Monitor Library dialog appears.
2. Click the Passive tab. The Passive Monitor list appears.
3. Click New and select Syslog from the list to create a new Syslog monitor. Click OK.
   - or -
   Select the Syslog monitor you want to change from the list of current monitors, and then click Edit.
4. Enter or select the appropriate information in the following boxes.
   • Name. Enter a name for the monitor. This name displays in the Passive Monitor Library.
   • Description. Enter a short description for the monitor. This description displays next to the monitor in the Passive Monitor Library.
   • Match On. You can click the Add button to access the expression editor, where you can create your expression, test it, and compare it against potential payloads you can receive. After creating the expression, click OK to insert that string into the Match on box.

   Note: If you have multiple payload "match on" expressions, they are linked by "OR" logic - not "AND" logic. Example: If you have two expressions, one set to "AB" and the other to "BA", it will match against a trap containing any of the following: "AB" or "BA" or "ABBA".

5. Click OK to list this event in the Passive Monitor Library as a Syslog Passive Monitor.

After configuring a passive monitor in the Passive Monitor Library, add the monitor to devices.

For an example of why you might create a Syslog Event, see Sample of a Syslog Monitor Event.

See Also Using the Passive Monitor Library Adding and editing an SNMP Trap Passive monitor Adding and Editing a Windows Event Log Monitor Using the Any Passive Monitor