Table Of Contents
Installing the Remote Syslog Collector
Verifying Remote Syslog Collector Server Requirement
Installing the Remote Syslog Collector
Installing on Solaris
Installing on Windows
Subscribing to a Remote Syslog Collector
Starting the Remote Syslog Collector
Stopping the Remote Syslog Collector
Uninstalling the Remote Syslog Collector
Uninstallation on Windows
Uninstallation on Solaris
Understanding the Syslog Collector Properties File
Installing the Remote Syslog Collector
This appendix provides general information on how to install the Remote Syslog Collector on a remote Windows or UNIX system to process syslog messages.
The Remote Syslog Collector filters the Syslog messages before forwarding them to the Analyzer process on the RME server.
Warning 
Do not install Remote Syslog Collector on a system that has Resource Manager Essentials already installed.
The Remote Syslog Collector and Syslog Analyzer Service on the RME server uses SSL sockets to communicate with each other.
It functions as follows:
1. At startup, the Remote Syslog Collector looks for Syslog Analyzers already subscribed on the RME Server and requests for the latest filter definitions.
•If the Syslog Analyzer is not reachable when queried, the Remote Syslog Collector logs all emblem compliant syslogs in the specified downtime file after filtering.
The Syslog Collector Properties file is available at these locations:
–On Solaris:
NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Collector.properties
–On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.properties
•If the Syslog Analyzer responds with the latest filters, the Remote Syslog Collector applies filters and forwards syslogs to the Syslog Analyzer.
2. At startup, the Syslog Analyzer tries to connect to all the subscribed Remote Syslog Collectors by passing the latest filters.
To subscribe or unsubscribe from a Remote Syslog Collector, select RME > Tools > Syslog > Syslog Collector Status > Subscribe using the RME user interface.
After the Remote Syslog Collector connects to the RME Server, the Remote Syslog Collector entry is added to the Collector Status window of the RME Server.
To view the status of the subscribed Syslog Collector, select Resource Manager Essentials > Tools > Syslog > Syslog Collector Status.
This section describes how to set up Syslog between RSAC and RME. This involves:
•Verifying Remote Syslog Collector Server Requirement
•Installing the Remote Syslog Collector
•Stopping the Remote Syslog Collector
•Uninstalling the Remote Syslog Collector
Verifying Remote Syslog Collector Server Requirement
The following section lists the necessary server requirements for Remote Syslog Collector:
•Table C-1 provides the server requirements for Remote Syslog Collector on Solaris.
•Table C-2 provides the server requirements for Remote Syslog Collector on Windows.
Table C-1 Remote Syslog Collector Server Minimum Requirements on Solaris
Requirement Type
|
Minimum Requirements
|
Hardware
|
UltraSPARC CPU
|
Memory (RAM)
|
•2 GB RAM and 4 GB swap space on Solaris 9.
•4 GB RAM and 8 GB swap space on Solaris 10.
|
Operating System
|
•Solaris 9
•Solaris 10
|
Browser
(You need a browser only if you download the RSAC
installation files from the RME server.)
|
•Firefox 2.0.
|
Table C-2 Remote Syslog Collector Server Minimum Requirements on Windows
Requirement Type
|
Minimum Requirements
|
Hardware
|
IBM PC-compatible system with 1 GHz or faster Pentium processor, and 1 GB memory.
|
Memory (RAM)
|
2 GB RAM memory requirement with a swap space of 4 GB.
|
Operating System
|
•Windows Server 2003 Standard and Enterprise Editions with Service Pack 1 and 2
•Windows Server 2003 R2 Standard and Enterprise Editions with Service Pack 1 and 2
|
Browser
(You need a browser only if you download the Remote Syslog Collector installation files from the Essentials server.)
|
•Internet Explorer 6.0 Service Pack 1
•Internet Explorer 7.0
•Firefox 2.0
|
RSAC 4.2 works only with RME 4.2.
You must uninstall the previous version of RSAC before installing the new RSAC which is provided with LMS 3.1 DVD. To install RSAC 4.1, see Installing the Remote Syslog Collector.
Installing the Remote Syslog Collector
Perform the following to install the Remote Syslog Collector on both platforms.
•Installing on Solaris
•Installing on Windows
Prerequisites for installing a Remote Syslog Collector:
•Common Services 3.2 and RSAC 4.2 should be installed.
•If you install Common Services Service Pack on the CiscoWorks server, you must install the same Service Pack on the RSAC server.
The Common Services Service Pack versions must be same in the CiscoWorks Server and RSAC Server.
•RME should not be installed on the server as where you need to install the Remote Syslog Collector. (If RME is installed, the Syslog Collector is installed by default).
Installing on Solaris
To install the Remote Syslog Collector on a Solaris system:
Step 1 Mount the LMS 3.1 DVD.
The RSAC installables are available in the RSAC directory on LMS 3.1 DVD.
Step 2 Enter the following to start the installation:
# cd RSAC
# ./setup.sh
Step 3 Follow the wizard instructions to install the product.
After the installation of Remote Syslog Collector, select CiscoWorks Homepage > Software Center > Software Update to verify the installation. Remote Syslog Collector should be listed.
After Installation, you need to configure the collector.properties file if required. If not, you can use the defaults. See Understanding the Syslog Collector Properties File.
Installing on Windows
To install the Remote Syslog Collector on a Windows system:
Step 1 Navigate to the RSAC folder on the LMS 3.1 DVD.
Step 2 Double-click the Setup.exe file to start the installation.
Step 3 Follow the wizard instructions to install the product.
After the installation of Remote Syslog Collector, select CiscoWorks Homepage > Software Center > Software Update to verify the installation. Remote Syslog Collector should be listed.
After Installation, you need to configure the collector.properties file if required. If not, you can use the defaults. See Understanding the Syslog Collector Properties File.
Subscribing to a Remote Syslog Collector
Step 1 Download the Peer certificate from the system where Remote Syslog Collector is running.
Step 2 Upload the Peer certificate to the system where Remote Syslog Collector is running.
Step 3 Select Resource Manager Essentials > Tools > Syslog > Syslog Collector Status.
The Collector Status dialog box appears with this information:
Column
|
Description
|
Name
|
Hostname or the IP address of the host on which the Collector is installed.
|
Update Time
|
Date and time of the last update. By default, this dialog box is updated every 5 minutes.
Time and time zone are those of the CiscoWorks Server.
|
Uptime
|
Time duration for which the Syslog Collector has been up.
|
Forwarded
|
Number of forwarded Syslog messages.
|
Dropped
|
Number of unprocessed Syslog messages.
|
Invalid
|
Number of non emblem compliant Syslog messages.
|
Filtered
|
Number of filtered messages. Filters are defined with the Define Message Filter option. For details about defining filters, see the User Guide for Resource Manager Essentials 4.2.
|
Received
|
Number of Syslog messages received.
|
Step 4 Click Subscribe.
The Subscribe Collector dialog box appears.
Step 5 Enter the address of the Common Syslog Collector to which you want to subscribe to.
Step 6 Click OK.
The Syslog Analyzer is subscribed the Syslog Collector that you specified. This can be either the Syslog Collector on the RME server, or a remotely installed Syslog Collector.
Starting the Remote Syslog Collector
To start the Remote Syslog Collector, enter pdexec SyslogCollector at the command prompt on the machine where Syslog Collector is installed. It starts by default.
Stopping the Remote Syslog Collector
To stop the Remote Syslog Collector, enter pdterm SyslogCollector at the command prompt on the machine where Syslog Collector is installed.
Uninstalling the Remote Syslog Collector
Perform the following to uninstall RSAC:
•Uninstallation on Windows
•Uninstallation on Solaris
Uninstallation on Windows
To uninstall on a Windows system:
Step 1 Select Start > Programs > CiscoWorks > Uninstall CiscoWorks.
The Uninstallation dialog box appears, displaying all of the installed components.
Step 2 Select Remote Syslog Collector.
Step 3 Click Next to begin uninstalling the selected component.
Uninstallation on Solaris
To uninstall on a Solaris system:
Step 1 Enter these commands as root to start the uninstall program:
# cd /
# NMSROOT/bin/uninstall.sh
A message similar to the following appears at command prompt:
1) CiscoView 6.1.8
2) Integration Utility 1.8
3) CiscoWorks Common Services 3.2
4) Remote Syslog Collector 4.2
5) All of the above
Select one or more of the items using its number separated by comma or enter q to quit [q]
Step 2 Enter 4 and press Return.
Step 3 Follow the prompts from the uninstallation wizard.
Understanding the Syslog Collector Properties File
After installing the Syslog Collector on a remote machine, you need to check the Syslog Collector Properties file to ensure that the Collector is configured properly.
The Syslog Collector Properties file is available at these locations:
•On Solaris:
NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Collector.pro
perties
•On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collector.pro
perties
The following table describes the Syslog Collector Properties file:
Timezone-Related Properties
|
Description
|
TIMEZONE
|
The timezone of the machine where the Syslog Collector is running. Enter the correct abbreviation for the timezone. For example, the time zone for India is IST.
For the correct Timezone abbreviation, see the Timezone file in the following locations:
•On Solaris:
/opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/
rmeng/fcss/data/TimeZone.lst
•On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\
rmeng\fcss\data\TimeZone.lst
|
COUNTRY_CODE
|
Country code for the Syslog Collector.
We recommend that you set the country code variable with the appropriate country code, to make sure that the Syslog timestamp conversion works correctly.
For example, if you are in Singapore, you must set the country code variable as COUNTRY=SGP.
|
TIMEZONE_FILE
|
The path of the Timezone file. This file contains the offsets for the time zones.
After installing the Syslog Collector, ensure that the offset specified in this file is as expected. If it is not present or is incorrect, you can add the Timezone offset according to the convention.
The default paths are:
•On Solaris:
opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/
cisco/nm/rmeng/fcss/data/TimeZone.lst
•On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\
cisco\nm\rmeng\fcss\data\TimeZone.lst
|
General Properties
|
SYSLOG_FILES
|
Filename and location of the file from which syslog messages are read.
•On Solaris:
/var/log/syslog_info
•On Windows:
NMSROOT\log\syslog.log
|
DEBUG_CATEGORY_NAME
|
Name Syslog Collector uses for printed ERROR or DEBUG messages.
The default category name is SyslogCollector.
We recommend that you do not change the default value.
|
DEBUG_FILE
|
Filename and location of the Syslog Collector log file containing debug information:
•On Solaris:
/var/adm/CSCOpx/log/CollectorDebug.log
•On Windows:
NMSROOT\log\CollectorDebug.log
|
DEBUG_LEVEL
|
Debug levels in which you run the Syslog Collector.
We recommend that you retain the default INFO, which reports informational messages. Setting it to any other value might result in a large number of debug messages being reported.
If you change the debug level, you must restart the Syslog Collector.
The values for the Debug levels are:
•Warning
•Debug
•Error
•Information
|
DEBUG_MAX_FILE_SIZE
|
The maximum size of the log file containing the debug information.
The default is set to 5 MB.
If the file size exceeds the limit that you have set, Syslog Collector writes to another file, based on the number of backup files that you have specified for the DEBUG_MAX_BACKUPS property.
For example, if you have specified the number of backups as 2, besides the current log file, there will be two backup files, each 5MB in size. When the current file exceeds the 5 MB limit, Syslog Collector overwrites the oldest of the two backup files.
|
DEBUG_MAX_
BACKUPS
|
The number of backup files that you require. The size of these will be the value that you have specified for the DEBUG_MAX_FILE_SIZE property.
|
Miscellaneous Properties
|
READ_INTERVAL_
IN_SECS
|
The interval at which the Collector polls the syslog file.
The default is set to 1 second.
|
QUEUE_CAPACITY
|
The size of the internal buffer, for queuing syslog messages.
The default is set to 100000.
|
PARSER_FILE
|
The file that contains the list of parsers used while parsing syslog messages.
•On Solaris:
opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/
cisco/nm/rmeng/fcss/data/FormatParsers.lst
•On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\fcss\data\FormatParsers.lst
|
SUBSCRIPTION_
DATA_FILE
|
The Syslog Collector data file that contains the information about the Syslog Analyzers that are subscribed to the Collector.
•On Solaris:
opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/
cisco/nm/rmeng/csc/data/Subscribers.dat
•On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Subscribers.dat
|
FILTER_THREADS
|
The number of threads that operate at a time for filtering syslog messages. The default is set to 1.
|
COLLECTOR_PORT
|
The default port of the Syslog Collector. The default is set to 4444.
The port where the collector listens for registration requests from Syslog Analyzers.
|
