Configuring Secondary Syslog Servers
In addition to (or instead of) configuring a "primary" syslog server (see Configuring the Primary Syslog Server Address), you can use the Syslog Servers table to configure up to four "secondary" syslog servers to where you want the device to send syslog messages. The device sends the syslog messages to all configured servers ("primary" and "secondary").
You can also configure the device's embedded syslog (Rsyslog) client to send event logs (syslog messages) to Apache Kafka, an open-source platform for event streaming. As a Kafka producer, the device transmits syslog messages to the remote Kafka broker. The broker can be on a local server or hosted on the cloud.
The Kafka broker manages one or more topics, which act like categories for classifying syslog messages. Multiple applications or services (Kafka consumers) can subscribe to these topics and receive the syslog messages. When multiple Kafka topics exist, you would need to configure multiple Kafka-based syslog servers with the same address for the Kafka broker in the Syslog Servers table. However, each syslog server would be configured with a different Kafka topic name, and different information type and / or severity level.
| ● | To enable the device to send syslog messages, you MUST also configure the 'VoIP Debug Level' parameter to Basic or Detailed (see Configuring Syslog Debug Level). |
| ● | The syslog servers are also used as CDR servers, unless you configure a dedicated CDR server address as described in Enabling CDR Generation and Configuring the CDR Server Address. |
| ● | Configuring duplicated secondary syslog servers with the same address and port is invalid. |
| ● | Configuring duplicated secondary syslog servers with the same address and port as the primary syslog server is invalid. |
| ● | The syslog sequence number resets if the device restarts. |
The following procedure describes how to configure secondary syslog servers through the Web interface. You can also configure it through ini file [SyslogServers] or CLI (configure troubleshoot > syslog > syslog-servers).
| ➢ | To configure secondary syslog servers: |
| 1. | Open the Syslog Servers table (Troubleshoot menu > Logging folder > Syslog Servers). |
| 2. | Click New; the following dialog box appears: |
| 3. | Configure a secondary syslog server according to the parameters described in the table below. |
| 4. | Click Apply. |
Syslog Servers Parameter Descriptions
|
Parameter |
Description |
|||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
'Index' |
Defines an index number for the new table row. Note: Each row must be configured with a unique index. |
|||||||||||||||||||||||||||||||||
|
'Address ' ip-address [Address] |
Defines the address of the syslog server. The valid value depends on the type of syslog server:
The default is 0.0.0.0. |
|||||||||||||||||||||||||||||||||
|
'Kafka Topic' kafka-topic-name [Topic] |
Defines the Kafka topic name. When the Kafka broker is hosted on Microsoft Azure, the topic name is the Event Hub namespace. By default, no value is defined. Note: The parameter is applicable only when the syslog server is a Kafka broker. |
|||||||||||||||||||||||||||||||||
|
'Kafka Connection String' kafka-connection-string [ConnectionString] |
Defines the authentication string (password) for connecting to the Kafka broker (topic). When configured, the device encrypts the syslog messages. The figure below shows where you can copy the connection string from for the Kafka broker's topic in Azure Event Hubs:
By default, no value is defined, which means that Kafka communication is over TCP. Note:
|
|||||||||||||||||||||||||||||||||
|
'Port' port [Port] |
Defines the syslog server's port number. The default is 514. Note: When the Kafka broker is hosted on Microsoft Azure, configure the port to 9093. |
|||||||||||||||||||||||||||||||||
|
'Transport Protocol' protocol [Protocol] |
Defines the transport protocol for communicating with the syslog server.
Note: You also need to select a TLS Context (using the 'Syslog TLS Context' parameter, as described in Configuring the Primary Syslog Server Address) for the following settings:
|
|||||||||||||||||||||||||||||||||
|
'Interface' interface [Interface] |
Assigns an IP Interface from the IP Interfaces table (see Configuring IP Network Interfaces) for communication with the syslog server. By default, no value is defined, which means that the device uses the IPv4 OAMP network interface. Note: The address version (IPv4 or IPv6) of the IP Interface and the syslog server's address (see 'Address' parameter above) must be the same. |
|||||||||||||||||||||||||||||||||
|
'Information Type' info-type [InfoType] |
Defines the type of information that the device sends in syslog messages to the remote syslog server.
|
|||||||||||||||||||||||||||||||||
|
'Severity Level' severity-level [SeverityLevel] |
Defines the minimum severity level of messages included in the syslog message that the device sends to the syslog server. The severity levels in the list below are in descending order (from highest to lowest). Only the selected severity level and all higher severity levels are included in syslog messages. For example, if you configure the parameter to Alert, the syslog includes only alert ("alert") and emergency ("emerg") messages.
Note:
|
|||||||||||||||||||||||||||||||||
|
'Mode' mode [Mode] |
Activates or deactivates the syslog server.
|
