Video Screencast Help

Generic Syslog Collector

Created: 07 Jun 2010 | 2 comments

Hi!

Have I understood the following correct?

If I configure a device (that the SIM have no collector for) to send information in syslog format (rfc 3164) I can gather this information using the Generic Syslog Collector onboard the appliance?

When this is setup I can then trigger actions to specific messages from that device or correlate two different messages from this device and then trigger an action.

We are running SIM 4.6 today mostly for windows server event logs, IIS event logs and cisco logs.

Thanks,
Jesper Boll
Sysadmin
Entraction

Comments 2 CommentsJump to latest comment

BadBoo's picture

Yes. those messages will be captured with Generic Syslog Collector, but those events will be pretty much useless. The only field events will have after translation is Event Description. That's not enough for correlation.
Generic Syslog is mostly for POC to prove SSIM is able to get events from the device or application. So a collector is needed anyways.

In 4.7 there are Universal Collector where you can easily sketch a collector to map some fields to later use them in correlation.

Thanks,

Alexey.

jeboll's picture

Ok, thanks for the clear answer. Will schedule an upgrade to 4.7 then as a first step.
Regards,
Jesper