Installation and Setup Guide for Resource Manager Essentials 4.0.3 on Solaris (With LMS 2.5.1)
Chapter 6: Installing Remote Syslog Analyzer Collector
Downloads: This chapterpdf (PDF - 199.0KB) The complete bookPDF (PDF - 1.83MB) | Feedback

Installing the Remote Syslog Collector

Table Of Contents

Installing the Remote Syslog Collector

Verifying RSC Server Requirement

Installing the Remote Syslog Collector

Subscribing to a Common Syslog Collector

Starting the Remote Syslog Collector

Stopping the Remote Syslog Collector

Uninstalling the Remote Syslog Collector

Understanding the Syslog Collector Properties File


Installing the Remote Syslog Collector


This chapter provides general information on how to install the Remote Syslog Collector (RSC) on a remote Solaris system to process syslog messages. If necessary, it can also filter the Syslog messages before forwarding them to the Analyzer process on the RME server. If you do not want to run it on the remote UNIX or Windows system, you can uninstall the Remote Syslog Collector later.


Warning Do not install Remote Syslog Collector on a system that has Resource Manager Essentials already installed.


The Remote Syslog Collector and Syslog Analyzer Service on the RME server uses SSL sockets to communicate with each other.

It functions as follows:

1. At startup, the Remote Syslog Collector looks for Syslog Analyzers already subscribed on the RME Server and requests for the latest filter definitions.

If the Syslog Analyzer is not reachable when queried, the Remote Syslog Collector logs all emblem compliant syslogs in the specified downtime file after filtering. This file can be configured at:

The Syslog Collector Properties file is available at this location:

On Solaris:

NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Collector.properties

On Windows:

NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties

If the Syslog Analyzer responds with the latest filters, the Remote Syslog Collector forwards only the filtered syslogs to the Syslog Analyzer.

2. At startup, the Syslog Analyzer tries to connect to all the subscribed Remote Syslog Collectors by passing the latest filters.

To subscribe or unsubscribe from a Remote Syslog Collector, select RME > Tools > Syslog > Syslog Collector Status > Subscribe using the RME user interface.

After the Remote Syslog Collector and Syslog Analyzer connect to the RME Server, the Remote Syslog Collector entry is added to the Collector Status window of the Syslog Analyzer.

To view the status of the Common Syslog Collector to which the Syslog Collector is subscribed to, select Resource Manager Essentials > Tools > Syslog > Syslog Collector Status.

The connection to the RME server is lost, when the connection between the Remote Syslog Collector and Syslog Analyzer is broken.

This may be because either the Remote Syslog Collector, or the Syslog Analyzer, or both of them were shutdown. The connection is automatically restored when both the services are functional.

This section describes how to set up Syslog. This involves:

Verifying RSC Server Requirement

Installing the Remote Syslog Collector

Starting the Remote Syslog Collector

Stopping the Remote Syslog Collector

Uninstalling the Remote Syslog Collector

Verifying RSC Server Requirement

Table 6-1 provides the server requirements for RSC:

Table 6-1 RSC Server Minimum Requirements

Requirement Type
Minimum Requirements

Hardware

Sun Sparc Ultra 10

Memory (RAM)

512 MB

Available disk drive space

2 GB on the partition on which you install RSC (the default is /opt).

Swap space equal to double the amount of memory (RAM). For example, if your system has 512 MB of RAM, you need 1024 MB of swap space.

Software

Solaris 2.8 and 2.9

Browser

(You need a browser only if you download the RSC installation files from the RME server.)

Netscape Navigator 7.0 (if you are using the desktop on the server system).

Mozilla 1.7 and 1.7.5



Note RSAC 3.x does not work with RME 4.0.3.
RME 3.x does not work with the new Remote Syslog Collector (RSC) 4.0.3.
You cannot upgrade RSAC 3.x to RSC 4.0.3.
You must uninstall the previous version of RSAC before installing the new RSC 4.0.3 which is provided with RME 4.0.3. To install RSC 4.0.3, see "Installing the Remote Syslog Collector".


Installing the Remote Syslog Collector

Prerequisites for installing a Remote Syslog Collector:

Common Services 3.0.3 should be installed.

If you install Common Services Service Pack on CiscoWorks server, you must install the same Service Pack on RSC server.

The Common Services Service Pack versions must be same in CiscoWorks Server and RSC Server.

RME should not be installed on the server where the Remote Syslog Collector is to be installed. (If RME is installed, the Syslog Collector is installed by default)

To install the Remote Syslog Collector:


Step 1 Mount the RME 4.0.3 CD-ROM. See "Mounting and Unmounting the CD-ROM," for detailed mounting instructions.

The RSC installables are available in the RSC directory on RME 4.0.3 CD-ROM.

Step 2 To start the installation, enter:

# cd RSC
# ./setup.sh

Step 3 Follow the wizard instructions to install the product.

Step 4 After the installation of Remote Syslog Collector, select CiscoWorks Homepage > Software Center > Software Update to verify the installation. Remote Syslog Collector should be listed.


After Installation, you need to configure the collector.properties file if required. If not, you can use the defaults. See "Understanding the Syslog Collector Properties File".

Subscribing to a Common Syslog Collector


Step 1 Download the Peer certificate from the system where Remote Syslog Collector is running.

Step 2 Upload the Peer certificate to the system where Remote Syslog Collector is running.

Step 3 Select Resource Manager Essentials > Tools > Syslog > Syslog Collector Status.

The Collector Status dialog box appears with this information:

Column
Description

Name

Hostname or the IP address of the host on which the Collector is installed.

Update Time

Date and time of the last update. By default, this dialog box is updated every 5 minutes.

Time and time zone are those of the CiscoWorks Server.

Uptime

Time duration for which the Syslog Collector has been up.

Forwarded

Number of forwarded Syslog messages.

Dropped

Number of unsent Syslog messages.

Invalid

Number of invalid Syslog messages.

Filtered

Number of filtered messages. Filters are defined with the Define Message Filter option (For details about defining filters, see the User Guide for Resource Manager Essentials).

Received

Number of Syslog messages received.


Step 4 Click Subscribe.

The Subscribe Collector dialog box appears.

Step 5 Enter the address of the Common Syslog Collector to which you want to subscribe to.

Step 6 Click OK.

The Syslog Analyzer is subscribed the Syslog Collector that you specified. This can be either the Syslog Collector on the RME server, or a remotely installed Syslog Collector.


Starting the Remote Syslog Collector

To start the Remote Syslog Collector, enter pdexec SyslogCollector at the command prompt on the system where Syslog Collector is installed.

Stopping the Remote Syslog Collector

To stop the Remote Syslog Collector, enter pdterm SyslogCollector at the command prompt on the system where Syslog Collector is installed.

Uninstalling the Remote Syslog Collector


Step 1 Enter these commands as root to start the uninstall program:

# cd /
# NMSROOT/bin/uninstall.sh

A message similar to the following appears at command prompt:

1) CiscoView 6.1.2
2) Integration Utility 1.6
3) CiscoWorks Common Services 3.0.2
4) Resource Manager Essentials 4.0.3
5) Remote Syslog Collector 4.0.1
6) All of the above

Select one or more of the items using its number separated by comma or 
enter q to quit [q]

Step 2 Enter 1, 2, 3, 4, 5 or 6 and press Return.

Step 3 Follow the prompts from the uninstallation wizard.


Understanding the Syslog Collector Properties File

After installing the Syslog Collector on a remote system, you need to check the Syslog Collector Properties file to ensure that the Collector is configured properly.

The Syslog Collector Properties file is available at this location:

On Solaris:

NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Collector.properties

On Windows:

NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties

The following table describes the Syslog Collector Properties file:

Timezone-Related Properties
Description

TIMEZONE

The timezone of the system where the Syslog Collector is running. Enter the correct abbreviation for the timezone. For example, the time zone for India is IST.

For the correct Timezone abbreviation, see the Timezone file in the following location:

NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/fcss/data/TimeZone.lst

COUNTRY_CODE

Country code for the Syslog Collector.

We recommend that you set the country code variable with the appropriate country code, to make sure that the Syslog timestamp conversion works correctly.

For example, if you are in Singapore, you must set the country code variable as COUNTRY=SGP.

TIMEZONE_FILE

The path of the Timezone file. This file contains the offsets for the time zones.

After installing the Syslog Collector, ensure that the offset specified in this file is as expected. If it is not present or is incorrect, you can add the Timezone offset as per the convention.

The default path is:

NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/fcss/data/TimeZone.lst

General Properties

SYSLOG_FILES

Filename and location of the file from which syslog messages are read.

The default location is:

On Solaris:

/var/log/syslog_info

On Windows:

NMSROOT/log/syslog.log

DEBUG_CATEGORY_NAME

Name Syslog Collector uses for printed ERROR or DEBUG messages.

The default category name is SyslogCollector.

We recommend that you do not change the default value.

DEBUG_FILE

Filename and location of the Syslog Collector log file containing debug information:

The default location is:

On Solaris,

/var/adm/CSCOpx/log/CollectorDebug.log

On Windows,

NMSROOT/log/CollectorDebug.log

DEBUG_LEVEL

Debug levels in which you run the Syslog Collector.

We recommend that you retain the default INFO, which reports informational messages. Setting it to any other value might result in a large number of debug messages being reported.

If you change the debug level, you must restart the Syslog Collector.

The values for the Debug levels are:

Warning

Debug

Error

Info

DEBUG_MAX_FILE_SIZE

The maximum size of the log file containing the debug information.

The default is set to 5 MB.

If the file size exceeds the limit that you have set, Syslog Collector writes to another file, based on the number of backup files that you have specified for the DEBUG_MAX_BACKUPS property.

For example, if you have specified the number of backups as 2, besides the current log file, there will be two backup files, each 5MB in size. When the current file exceeds the 5 MB limit, Syslog Collector overwrites the oldest of the two backup files.

DEBUG_MAX_BACKUPS

The number of backup files that you require. The size of these will be the value that you have specified for the DEBUG_MAX_FILE_SIZE property.

Miscellaneous Properties

READ_INTERVAL_IN_SECS

The interval at which the Collector polls the syslog file.

The default is set to 1 second.

QUEUE_CAPACITY

The size of the internal buffer, for queuing syslog messages.

The default is set to 100000

PARSER_FILE

The file that contains the list of parsers used while parsing syslog messages.

The default path of the parser file:

NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/fcss/data/FormatParsers.lst

SUBSCRIPTION_DATA_FILE

The Syslog Collector data file that contains the information about the Syslog Analyzers that are subscribed to the Collector.

The default path of the data file:

NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Subscribers.dat

FILTER_THREADS

The number of threads that operate at a time for filtering syslog messages. The default is set to 1.

COLLECTOR_PORT

The default port of the Syslog Collector. The default is set to 4444.

The port where the collector listens for registration requests from Syslog Analyzers.