Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Syslog help! software selection

Status
Not open for further replies.

chang542

Technical User
Oct 25, 2005
20
US
I am evaulating a few different syslog server softwares, and could use some advice...

I tried "the one" syslog manager pro and Kiwi syslog daemon, but am having issues with both. if i could combine the 2, that would be great.

syslog manager pro has great email alert settings, but its not receivnig any traps from my Passports. The BPS/baystack switches report fine, but the passports do not. Using the Kiwi, I get all of the alerts/traps from all devices and that part is great, however, there's no robustness in its email settings to allow different severity levels and multiple recipients, etc.

anybody know of another product or anythign that gets the best of both worlds?
 
I am not sure if you have looked at Nortel's Enterprise Switch Manager (ESM 6.0.1.0). It has both syslog and trap support. With the traps, you can direct them to email or pagers. Plus ESM draws out a nice topology of your network. I personally haven't tried out using ESM with traps though.
Alan
 
I am currently using ESM 5.1 on my workstation, and found that to have limited trap management to say the least... haven't tried it on the server. Has there been much improvement on the 6.0 release you're saying?

Sylog manager Pro working is very close to working perfectly though. I have it set to listen on port 514, but for some reason, it will only show traps from switches on that port and not from my passports which are in fact set to send traps on port 514. I ran a trace on it and see the traffic coming in, but the software doesn't show it.

the only differences I see is the source on the switches is from port 1025, and the passport is 1371. and syslog source for the switches is the daemon, whereas the passport is from local7.
 
Here is what I settled on, its turning out to be a pretty nice setup.... a dual software solution.

I set up a server running both Nortel ESM and Kiwi syslog server. I assigned 2 IP addresses to the box and bound one to each software.

I'm using ESM 6.0 for collecting SNMP traps and for sending out alerts/emails/pages. Since it made by nortel, it knows what traps mean what for the most part and gives you real information opposed to 1.134.34.3.1.14.1.14.

and since ESM doesn't store any traps, I'm using Kiwi for my historical data. I have all my devices sending back syslogs as well as SNMP traps and Kiwi parses them into daily log files.

All in all, there is a way to get the best of both worlds.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top