Installation and Setup Guide for Resource Manager Essentials 4.0.3 on Windows (With LMS 2.5.1)
Chapter 6: Installing the Remote Syslog Collector
Downloads: This chapterpdf (PDF - 193.0KB) The complete bookPDF (PDF - 3.96MB) | Feedback

Installing the Remote Syslog Collector

Table Of Contents

Installing the Remote Syslog Collector

Verifying Remote Syslog Collector Server Requirement

Installing the Remote Syslog Collector

Subscribing to a Common Syslog Collector

Starting the Remote Syslog Collector

Stopping the Remote Syslog Collector

Uninstalling the Remote Syslog Collector

Understanding the Syslog Collector Properties File


Installing the Remote Syslog Collector


This appendix provides general information on how to install the Remote Syslog Collector on a remote Windows or UNIX system to process syslog messages. If necessary, it can also filter the Syslog messages before forwarding them to the Analyzer process on the RME server. If you do not want to run it on the remote Windows or UNIX system, you can uninstall the Syslog Analyzer Collector later.


Warning Do not install Remote Syslog Collector on a machine that has CiscoWorks and Resource Manager Essentials already installed.


The Remote Syslog Collector and Syslog Analyzer Service on the RME server uses SSL sockets to communicate with each other.

It functions as follows:

1. At startup, the Remote Syslog Collector looks for Syslog Analyzers already subscribed on the RME Server and requests for the latest filter definitions.

If the Syslog Analyzer is not reachable when queried, the Remote Syslog Collector logs all emblem compliant syslogs in the specified downtime file after filtering.

This file can be configured at:

The Syslog Collector Properties file is available at this location:

On Solaris:

NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Collector.properties

On Windows:

NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties

If the Syslog Analyzer responds with the latest filters, the Remote Syslog Collector forwards only the filtered syslogs to the Syslog Analyzer.

2. At startup, the Syslog Analyzer tries to connect to all the subscribed Remote Syslog Collectors by passing the latest filters.

To subscribe or unsubscribe from a Remote Syslog Collector, select RME > Tools > Syslog > Syslog Collector Status > Subscribe using the RME user interface.

After the Remote Syslog Collector and Syslog Collector connect to the RME Server, the Remote Syslog Collector entry is added to the Collector Status window of the Syslog Collector.

To view the status of the Common Syslog Collector to which the Syslog Collector is subscribed to, select Resource Manager Essentials > Tools > Syslog > Syslog Collector Status.

The connection to the RME server is lost, when the connection between the Remote Syslog Collector and Syslog Analyzer is broken.

This may be because either the Remote Syslog Collector or the Syslog Analyzer or both of them were shutdown. The connection is automatically restored when both the services are functional.

This section describes how to set up Syslog. This involves:

Verifying Remote Syslog Collector Server Requirement

Installing the Remote Syslog Collector

Stopping the Remote Syslog Collector

Stopping the Remote Syslog Collector

Uninstalling the Remote Syslog Collector

Verifying Remote Syslog Collector Server Requirement

Table 6-1 provides the server requirements for Remote Syslog Collector:

Table 6-1 Remote Syslog Collector Server Minimum Requirements

Requirement Type
Minimum Requirements

Hardware

IBM PC-compatible system with 1 GHz or faster Pentium processor, and 1 GB memory.

Memory (RAM)

512 MB

Available disk drive space

2 GB.

Paging file space equal to double the amount of memory (RAM). For example, if your system has 256 MB of RAM, you need 512 MB of page file.

NTFS file system required for secure operation.

At least 16 MB in Windows temporary directory (%TEMP%).

Software

Windows 2000 Professional, Server, and Advanced Server with SP4.

Windows 2003 Server and Enterprise edition.

Browser

(You need a browser only if you download the Remote Syslog Collector installation files from the Essentials server.)

Microsoft Internet Explorer 6.0
(version 6.0.2600.0000), or
6.0 with Service Pack 1 (version 6.0.2800.1106)

Netscape Navigator 7.1 and 7.2.

Mozilla 1.7 and 1.7.5



Note RSAC 3.x does not work with RME 4.0.3.
RME 3.x does not work with the new Remote Syslog Collector (RSC) 4.0.3.
You cannot upgrade RSAC 3.x to RSC 4.0.3.
You must uninstall the previous version of RSAC before installing the new RSC 4.0.3 which is provided with RME 4.0. To install RSC 4.0.3, see "Installing the Remote Syslog Collector".


Installing the Remote Syslog Collector

Prerequisites for installing a Remote Syslog Collector:

Common Services 3.0.3 should be installed.

If you install Common Services Service Pack on CiscoWorks server, you must install the same Service Pack on RSC server.

The Common Services Service Pack versions must be same in CiscoWorks Server and RSC Server.

RME should not be installed on the server where the Remote Syslog Collector is to be installed. (If RME is installed, the Syslog Collector is installed by default)

To install the Remote Syslog Collector:


Step 1 Navigate to the RSC folder on the RME 4.0.3 CD-ROM.

Step 2 To start the installation, double-click the Setup.exe file.

Step 3 Follow the wizard instructions to install the product.

Step 4 After the installation of Remote Syslog Collector, select CiscoWorks Homepage > Software Center > Software Update to verify the installation. Remote Syslog Collector should be listed.


After Installation, you need to configure the collector.properties file if required. If not, you can use the defaults. See "Understanding the Syslog Collector Properties File".

Subscribing to a Common Syslog Collector


Step 1 Download the Peer Certificate from the machine where Remote Syslog Collector is running.

Step 2 Upload the Peer Certificate to the machine where Remote Syslog Collector is running.

Step 3 Select Resource Manager Essentials > Tools > Syslog > Syslog Collector Status.

The Collector Status dialog box appears with this information:

Column
Description

Name

Hostname or the IP address of the host on which the Collector is installed.

Update Time

Date and time of the last update. By default, this dialog box is updated every 5 minutes.

Time and time zone are those of the CiscoWorks Server.

Uptime

Time duration for which the Syslog Collector has been up.

Forwarded

Number of forwarded Syslog messages.

Dropped

Number of unsent Syslog messages.

Invalid

Number of invalid Syslog messages.

Filtered

Number of filtered messages. Filters are defined with the Define Message Filter option (For details about defining filters, see the User Guide for Resource Manager Essentials).

Received

Number of Syslog messages received.


Step 4 Click Subscribe.

The Subscribe Collector dialog box appears.

Step 5 Enter the address of the Common Syslog Collector to which you want to subscribe to.

Step 6 Click OK.

The Syslog Analyzer is subscribed the Syslog Collector that you specified. This can be either the Syslog Collector on the RME server, or a remotely installed Syslog Collector.


Starting the Remote Syslog Collector

To start the Remote Syslog Collector, enter pdexec SyslogCollector at the command prompt on the machine where Syslog Collector is installed.

Stopping the Remote Syslog Collector

To stop the Remote Syslog Collector, enter pdterm SyslogCollector at the command prompt on the machine where Syslog Collector is installed.

Uninstalling the Remote Syslog Collector


Step 1 Select Start > Programs > CiscoWorks > Uninstall CiscoWorks.

The Uninstallation dialog box appears, displaying all of the installed components.

Step 2 Select Remote Syslog Collector.

Step 3 Click Next to begin uninstalling the selected component.


Understanding the Syslog Collector Properties File

After installing the Syslog Collector on a remote machine, you need to check the Syslog Collector Properties file to ensure that the Collector is configured properly.

The Syslog Collector Properties file is available at this location:

On Solaris:

NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Collector.properties

On Windows:

NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties

The following table describes the Syslog Collector Properties file:

Timezone-Related Properties
Description

TIMEZONE

The timezone of the machine where the Syslog Collector is running. Enter the correct abbreviation for the timezone. For example, the time zone for India is IST.

For the correct Timezone abbreviation, see the Timezone file in the following location:

On Solaris,

/opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/fcss/data/TimeZone.lst

On Windows,

NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\fcss\data\TimeZone.lst

COUNTRY_CODE

Country code for the Syslog Collector.

We recommend that you set the country code variable with the appropriate country code, to make sure that the Syslog timestamp conversion works correctly.

For example, if you are in Singapore, you must set the country code variable as COUNTRY=SGP.

TIMEZONE_FILE

The path of the Timezone file. This file contains the offsets for the time zones.

After installing the Syslog Collector, ensure that the offset specified in this file is as expected. If it is not present or is incorrect, you can add the Timezone offset as per the convention.

The default path is:

On Solaris,

opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/
cisco/nm/rmeng/fcss/data/TimeZone.lst

On Windows,

NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\fcss\data\TimeZone.lst

General Properties

SYSLOG_FILES

Filename and location of the file from which syslog messages are read.

On Solaris:

/var/log/syslog_info

On Windows:

NMSROOT\log\syslog.log

DEBUG_CATEGORY_NAME

Name Syslog Collector uses for printed ERROR or DEBUG messages.

The default category name is SyslogCollector.

We recommend that you do not change the default value.

DEBUG_FILE

Filename and location of the Syslog Collector log file containing debug information:

On Solaris,

/var/adm/CSCOpx/log/CollectorDebug.log

On Windows,

NMSROOT\log\CollectorDebug.log

DEBUG_LEVEL

Debug levels in which you run the Syslog Collector.

We recommend that you retain the default INFO, which reports informational messages. Setting it to any other value might result in a large number of debug messages being reported.

If you change the debug level, you must restart the Syslog Collector.

The values for the Debug levels are:

Warning

Debug

Error

Info

DEBUG_MAX_FILE_SIZE

The maximum size of the log file containing the debug information.

The default is set to 5 MB.

If the file size exceeds the limit that you have set, Syslog Collector writes to another file, based on the number of backup files that you have specified for the DEBUG_MAX_BACKUPS property.

For example, if you have specified the number of backups as 2, besides the current log file, there will be two backup files, each 5MB in size. When the current file exceeds the 5 MB limit, Syslog Collector overwrites the oldest of the two backup files.

DEBUG_MAX_BACKUPS

The number of backup files that you require. The size of these will be the value that you have specified for the DEBUG_MAX_FILE_SIZE property.

Miscellaneous Properties

READ_INTERVAL_IN_SECS

The interval at which the Collector polls the syslog file.

The default is set to 1 second.

QUEUE_CAPACITY

The size of the internal buffer, for queuing syslog messages.

The default is set to 100000

PARSER_FILE

The file that contains the list of parsers used while parsing syslog messages.

On Solaris,

opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/
cisco/nm/rmeng/fcss/data/FormatParsers.lst

On Windows,

NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\fcss\data\FormatParsers.lst

SUBSCRIPTION_DATA_FILE

The Syslog Collector data file that contains the information about the Syslog Analyzers that are subscribed to the Collector.

On Solaris,

opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/
cisco/nm/rmeng/csc/data/Subscribers.dat

On Windows,

NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Subscribers.dat

FILTER_THREADS

The number of threads that operate at a time for filtering syslog messages. The default is set to 1.

COLLECTOR_PORT

The default port of the Syslog Collector. The default is set to 4444.

The port where the collector listens for registration requests from Syslog Analyzers.