Product manual
GFI EventsManager 5 Collecting Event Logs | 106
8. Select Process using these rule sets and select the rule sets you want to run against the collected
events.
9. Click Apply and OK.
Important
Deleting event logs without archiving may lead to legal compliance penalties.
5.3 Collecting Syslogs
Syslog is a data logging service that is most commonly used by Linux and UNIX based systems. The
concept behind Syslogs is that the logging of events and information is entirely handled by a dedicated
server called ‘Syslog Server’.
Unlike Windows
®
and Text log based systems, Syslog enabled devices send events in the form of data
messages (technically known as ‘Syslog Messages’) to a Syslog server that interprets and manages
message and saves the data in a log file.
In order to process Syslog messages, GFI EventsManager ships with a built-in Syslog Server. This Syslog
server will automatically collect, in real-time, all Syslog messages/events sent by Syslog sources and
pass them on to the event processing engine. Out-of-the-box, GFI EventsManager supports events
generated by various network devices manufactured by leading providers including Cisco and Juniper.
Note
For more information about supported devices visit the following KBASE article:
http://go.gfi.com/?pageid=esm_syslog_snmp_support
Note
A built-in buffer allows the Syslog server to collect, queue and forward up to 30 Syslog
messages at a time. Buffered logs are by default passed on to the event processing
engine as soon as the buffer fills up or at one minute intervals; whichever comes first.