Table Of Contents
Installing the Remote Syslog Analyzer Collector
Verifying RSAC Server Requirement
Upgrading a Syslog Analyzer Collector
Preparing to Install the Syslog Analyzer Collector
Installing the Syslog Analyzer Collector
Starting Up the Syslog Analyzer Collector
Stopping the Syslog Analyzer Collector
Uninstalling the Syslog Analyzer Collector
Properties Variables Table
Properties Arguments Table
Installing the Remote Syslog Analyzer Collector
This appendix provides general information on how to install the Remote Syslog Analyzer Collector on a remote Windows system to process syslog messages. If necessary, it can also filter the Syslog messages before forwarding them to the Syslog Analyzer process on the Essentials server. You can uninstall the Syslog Analyzer Collector later, if you do not want to run it on the remote UNIX or Windows server.
Note 
Do not install RSAC on a machine that has CiscoWorks and Resource Manager Essentials already installed, or stop the CMF Syslog Service before installing RSAC.
This is because CMF Syslog Service will hook to the UDP port and read all the syslog messages. When the SacNTService tries to connect to the same port, it gets a `address not found' exception, and would not read any Syslog messages arriving on the port.
The Syslog Analyzer Collector uses CORBA, an Essentials system service, to communicate with the Essentials server. It functions as follows:
1. At startup, the Syslog Analyzer Collector tries to connect to the Syslog Analyzer on the Essentials server through CORBA (RmeOrb process), which runs on the Essentials server.
2. After it is connected, the Syslog Analyzer Collector:
a. Obtains the filters it needs from the Essentials server to filter syslog messages.
b. Sends status to the Syslog Analyzer process about the collected syslog messages, including the number of messages read, number of messages filtered, and number of messages with bad syntax. It also forwards unfiltered messages to the Syslog Analyzer process.
Note If Essentials server is restarted, the Syslog Analyzer Collector loses the CORBA communication to the server. The Syslog Analyzer Collector will automatically restore the connection.
This section describes how to set up Syslog. This involves:
•Verifying RSAC Server Requirement
•Preparing to Install the Syslog Analyzer Collector
•Installing the Syslog Analyzer Collector
•Starting Up the Syslog Analyzer Collector
•Stopping the Syslog Analyzer Collector
•Uninstalling the Syslog Analyzer Collector
Verifying RSAC Server Requirement
Table A-1 provides the server requirements for RSAC:
Table A-1 RSAC Server Minimum Requirements
Requirement Type
|
Minimum Requirements
|
Hardware
|
IBM PC-compatible computer with 500 MHz Intel Pentium processor.
|
Memory (RAM)
|
128 MB
|
Available disk drive space
|
•500 MB.
•Paging file space equal to the amount of memory (RAM). For example, if your system has 128 MB of RAM, you need 128 MB of page file.
|
Software
|
Windows 2000 Professional or Server with Service Pack 3.
|
Browser
(You need a browser only if you download the RSAC installation files from the Essentials server.)
|
•Microsoft Internet Explorer 6.0
(version 6.0.2600.0000), or
6.0 with Service Pack 1 (version 6.0.2800.1106)
•Netscape 4.78, 4.79
|
Upgrading a Syslog Analyzer Collector
If you have previously installed a remote Syslog Analyzer Collector with Java Runtime Environment (JRE) 1.1.6, and you are upgrading to a new remote collector, you must:
Step 1 Uninstall JRE 1.1.6.
Step 2 Uninstall the Syslog Analyzer Collector. To do this see,Uninstalling the Syslog Analyzer Collector
Step 3 Install a version of JRE that is 1.2.1 or higher.
You can now reinstall Syslog Analyzer Collector.
Preparing to Install the Syslog Analyzer Collector
Step 1 Obtain the installation file from the Essentials server using either of the following methods:
•Through FTP from the /opt/CSCOpx/htdocs/rdist/sysloga directory of the Essentials server.
•Through a browser on the remote server at this location:
http://CiscoWorks_server:port/sysloga/SAC.html
Note To access this page, you must first log on to the CiscoWorks, and open a new a browser window from the CiscoWorks window.
Step 2 Obtain the installation file from the Essentials server using either of the following methods:
•Through FTP:
a. Navigate to the remote Essentials server:
–On Solaris: /opt/CSCOpx/htdocs/rdist/sysloga
–On Windows: (By default, FTP is not available on the Windows system.) %NMSROOT%/htdocs/rdist/sysloga
where %NMSROOT% is the CiscoWorks installed directory.
b. Copy the SacNTService.exe file.
or
•Through a browser on the remote server:
a. Log in to the CiscoWorks server.
b. Browse to Syslog Remote Collector file location page:
–If SSL is enabled on the CiscoWorks Server, the URL is:
https://CiscoWorks-server:1742/sysloga/SAC.html
–If SSL is not enabled, the URL is:
http://CiscoWorks-server:1741/sysloga/SAC.html
Step 3 Click on Windows Remote Collector and download the SacNTService.exe.
Step 4 Obtain the SAenvProperties.ini file from the same location in which you obtained the SacNTService.exe file.
Step 5 Place the file in any directory you want. You will need to specify its location when you start the Syslog Analyzer collector, so make sure to remember the location.
Installing the Syslog Analyzer Collector
Step 1 To install the SAC service, using a command line interface, enter:
Note Do not add the .exe extension to the SacNTService file.
If you want to view the SacNTService usage information, enter
SacNTService -h at the command line.
Step 2 Before you start the Syslog Analyzer collector, modify the SAenvProperties.ini file. Use the values in Table A-2 to modify the SAenvProperties.ini file.
Step 3 Store the Properties file location in the Windows registry to avoid specifying the Properties file in the start up parameters of the service window. During startup, if no parameters are specified, the Syslog Analyzer collector will look in the registry for the location of the Properties file.
To store the Properties file in the registry, from the command line, enter:
SacNTService /cmd:SacNTService -pr C:\\<directory>\\SAenvProperties.ini -set
Note You can store only the Properties file location in the registry; any other command line options are ignored.
Starting Up the Syslog Analyzer Collector
Step 1 To start the service, select Start > Settings > Control Panel > Administrative Tools > Services.
The Services window appears.
Step 2 Select Cisco Syslog Collector and double click on it. Cisco Syslog Collector Properties window appears.
You can use either of these two methods to start the Syslog Analyzer collector:
Automatically
a. Click Startup.
b. Select Automatic in the Startup type field.
Manually Starting Up Syslog Analyzer Collector
a. Click Startup.
b. Select Manual in the Startup type.
c. In the Startup Parameters field either, Pass the arguments using SAenvProperties.ini file, for example:
-pr c:\SAenvProperties.ini
or
Pass the arguments without using SAenvProperties.ini file, for example:
-pr C:\tmp\SAenvProperties.ini -bsn sbanks-ss20.cisco.com -bsp 420 -bnd sbanks-ss20::SaReceiver
Step 3 Click Start in the Cisco Syslog Collector Properties window.
Stopping the Syslog Analyzer Collector
To stop the Syslog Analyzer Collector:
Step 1 Select Start > Settings > Control Panel > Administrative Tools > Services.
The Services window appears
Step 2 Select Cisco Syslog Collector.
Step 3 Click Stop.
Uninstalling the Syslog Analyzer Collector
Step 1 Select Start > Settings > Control Panel > Administrative Tools > Services.
The Services window appears.
Step 2 Select Cisco Syslog Collector.
Step 3 Click Stop to stop the Syslog Collector service.
Step 4 Using a command line interface navigate to the directory where you installed the SacNTService.exe file, and enter:
SacNTService /uninstall
Properties Variables Table
See Table A-2 for detailed description of RSAC SAenvProperties.ini file variables.
Table A-2 Properties Variables Table
Variable
|
Description
|
BINDNAME
|
Name used by Syslog Analyzer collector to bind to OSAgent process. Value should be the same as value set for SAC_SERVER and followed by ::SaReceiver. For example, if SAC_SERVER is set to nm_bgdemo.cisco.com, then BINDNAME should be set to nm-bgdemo::SaReceiver.
Make sure the name you enter for this variable matches the Essentials server name exactly.
To find out the name under which the Essentials server is registered, refer to the value set for PX_HOST in the %NMSROOT%/lib/classpath/md.properties file located on the Essentials server. (Where %NMSROOT% is the Essentials installed directory.)
|
COUNTRY
|
Country code for the Syslog Remote Collector.
To ensure that the Syslog timestamp conversion works correctly, we recommend that you set the country code variable with the appropriate country code.
For example, if you are in Singapore, you must set the country code variable as COUNTRY=SGP.
For a list of country codes, see the file, CountryCode.txt, located in the directory:
%NMSROOT%/lib/classpath/com/cisco/ nm/sysloga/CountryCode.txt.
where %NMSROOT% is the Essentials installed directory.
The country code is the 3-letter abbreviation specified in the CountryCode.txt (in column A 3).
|
DEBUG_LEVEL
|
Debug level in which you run the Syslog Analyzer collector.
Note It is recommended that you leave the default 4, which reports ERRORS. Setting it to any other value might result in a large number of debug messages being reported.
|
FILE
|
File from which syslog messages are read. Set a value if a syslog daemon is running on the server. This variable is applicable only on UNIX systems.
On UNIX systems, specify file from which Syslog Analyzer collector will read syslog messages. By default, device syslog messages go to the file pointed to by the local7 facility in /etc/ syslog.conf.
Note The first occurrence of local7 in the syslog.conf file, must contain the path for the Syslog message source.
|
LOGFILE_LOCATION
|
Location and filename to save the Syslog Remote Collector log file.
By default this file is stored in the install directory.
On Solaris:
/opt/CSCOsac/lib/SyslogRemoteCollector.log
Where /opt/CSCOsac is the default RSAC installation directory.
If the install directory is changed, then the location of the log file is:
/changed_dir/lib/SyslogRemoteCollector.log
On Windows:
c:\\Program Files\\SyslogRemoteCollector.log
If the install directory is changed, then the location of the log file is:
drive_name:\\location_directory\\logfile_name
Note You must mention the path.
|
SA_APP_NAME
|
Name Syslog Analyzer collector uses for printed ERROR or DEBUG messages. We recommend that you leave the default, SyslogAnalyzer.
|
SAC_PORT
|
Number of the port on which syslog messages are coming in, typically, port 514. This variable is applicable only on Windows systems.
On Windows systems, specify number of port from which Syslog Analyzer collector reads syslog messages.
|
SAC_SERVER
|
Essentials server to which Syslog Analyzer collector forwards parsed and filtered messages.
|
SAC_SERVER_PORT
|
Number of port used by RmeOrb process on Essentials server.
To check port number:
1. Using a browser, log in to the Essentials server.
2. Select CiscoWorks Server > Administration > Process Management > Process Status.
The Process Status table is displayed.
3. Scroll down and click RmeOrb. The Process Details window is displayed.
4. In the Flags column, note the port number (after the -p option).
|
UNSENT_SLG_MSG_FILE_NAME
|
Name of the local log file where RSAC should write the received messages when the CiscoWorks Server is down.
If you have specified a valid location and a file name, the Syslog messages will be stored in the specified location with the specified file name. Otherwise the file will be stored in the default location with the default log file name.
If you have not specified a valid location but only a file name, the Syslog messages will be stored in the default location with the specified file name.
On Windows the default location and filename is:
C:\Program Files\unsentSyslogMessages.log
On Solaris the default location and filename is:
/opt/CSCOsac/lib/classpath/com/cisco/nm/sysloga/ unsentSyslogMessages.log
|
Properties Arguments Table
See Table A-3 for detailed description of RSAC SAenvProperties.ini file variables arguments.
Table A-3 Properties Arguments Table
Switch <Arguments>
|
Description
|
-bnd BINDNAME
|
orb bind name.
|
-bsn SAC_SERVER
|
Essentials server name.
|
-bsp SAC_SERVER_PORT
|
Essentials port number.
|
-cc COUNTRY
|
Country code for the Syslog Remote Collector.
|
-dbg DEBUG_LEVEL
|
Debug modes 1-6.
|
-lf LOGFILE_LOCATION
|
Syslog Remote Collector log file location.
|
-pr path to SAenvProperties.ini
|
Path of the Property file name.
|
-sp SAC_PORT
|
Syslog port number.
|
-uf UNSENT_SLG_MSG_FILE_NAME
|
Name of the local log file where RSAC should write the received messages when the Server is down.
|
