This Article describes how to enable Syslogs so they appear as alarms or events. Note: This is not utilizing the Cruz log add-on feature to manage logs.
Syslogs can be very verbose and may potentially overwhelm your system if not sized accordingly. CPU, RAM, Disc space and DB read/write capacity should be considered
In CruzOC, Syslogs are converted to a trap format so they can be easily displayed and managed just like an alarm or event. There is a default trap object called syslogNotification that all syslogs utilize. For Cisco, the syslog event may use clogMessageGenerated.
The syslogNotification default behavior is set to suppress avoid an unintentional flood of Alarms logs. Here are the steps to set it up:
- First configure your device to send syslogs to the IP address of the Cruz Server
- Enable syslog to be displayed by changing the event behavior
- Go to Settings -> Alarm Definitions -> Event Definitions portlet
- Search for syslogNotification.
- Select the row, right click and set the event to "Alarm"
- Any syslog that is received will now be an Alarm in the alarm viewer portlet
If you need to be more selective of the syslogs that come in you can set syslog escalation criteria that will define specific syslogs or messages that get escalated as an alarm.
Go to Help and Support -> Online Help at the top of your Cruz application.
Search for "Syslog Escalation Criteria" for details