Table Of Contents
Installing the Remote Syslog Collector
Verifying Remote Syslog Collector Server Requirement
Installing the Remote Syslog Collector
Subscribing to a Remote Syslog Collector
Starting the Remote Syslog Collector
Stopping the Remote Syslog Collector
Uninstalling the Remote Syslog Collector
Understanding the Syslog Collector Properties File
Installing the Remote Syslog Collector
This appendix provides general information on how to install the Remote Syslog Collector on a remote Windows or UNIX system to process syslog messages. The Remote Syslog Collector filters the Syslog messages before forwarding them to the Analyzer process on the RME server.
Warning 
Do not install Remote Syslog Collector on a system that has Resource Manager Essentials already installed.
The Remote Syslog Collector and Syslog Analyzer Service on the RME server uses SSL sockets to communicate with each other.
It functions as follows:
1. At startup, the Remote Syslog Collector looks for Syslog Analyzers already subscribed on the RME Server and requests for the latest filter definitions.
•If the Syslog Analyzer is not reachable when queried, the Remote Syslog Collector logs all emblem compliant syslogs in the specified downtime file after filtering.
This file can be configured at:
The Syslog Collector Properties file is available at these locations:
–On Solaris:
NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Colle
ctor.properties
–On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Colle
ctor.properties
•If the Syslog Analyzer responds with the latest filters, the Remote Syslog Collector applies filters and forwards syslogs to the Syslog Analyzer.
2. At startup, the Syslog Analyzer tries to connect to all the subscribed Remote Syslog Collectors by passing the latest filters.
To subscribe or unsubscribe from a Remote Syslog Collector, select RME > Tools > Syslog > Syslog Collector Status > Subscribe using the RME user interface.
After the Remote Syslog Collector connects to the RME Server, the Remote Syslog Collector entry is added to the Collector Status window of the RME Server.
To view the status of the subscribed Syslog Collector, select Resource Manager Essentials > Tools > Syslog > Syslog Collector Status.
This section describes how to set up Syslog between RSAC and RME. This involves:
•Verifying Remote Syslog Collector Server Requirement
•Installing the Remote Syslog Collector
•Stopping the Remote Syslog Collector
•Uninstalling the Remote Syslog Collector
Verifying Remote Syslog Collector Server Requirement
Table 6-1 provides the server requirements for Remote Syslog Collector:
Table 6-1 Remote Syslog Collector Server Minimum Requirements
Requirement Type
|
Minimum Requirements
|
Hardware
|
IBM PC-compatible system with 1 GHz or faster Pentium processor, and 1 GB memory.
|
Memory (RAM)
|
512 MB
|
Available disk drive space
|
•2 GB.
•Paging file space equal to double the amount of memory (RAM). For example, if your system has 256 MB of RAM, you need 512 MB of page file.
•NTFS file system required for secure operation.
•At least 16 MB in Windows temporary directory (%TEMP%).
|
Software
|
•Windows 2000 Professional, Server, and Advanced Server with SP4.
•Windows 2003 Server and Enterprise edition.
|
Browser
(You need a browser only if you download the Remote Syslog Collector installation files from the Essentials server.)
|
•Microsoft Internet Explorer 6.0
(version 6.0.2600.0000), or
6.0 with Service Pack 1 (version 6.0.2800.1106)
•Netscape Navigator 7.1 and 7.2.
•Mozilla 1.7 and 1.7.5
|
RSAC 3.x does not work with RME 4.0.5. RME 3.x does not work with the new Remote Syslog Collector (RSC) 4.0.5.
You cannot upgrade RSC 3.x to RSC 4.0.5 You must uninstall the previous version of RSAC before installing the new RSC which is provided with LMS 2.6 Update CD-ROM. To install RSC 4.0.5, see "Installing the Remote Syslog Collector".
Installing the Remote Syslog Collector
Prerequisites for installing a Remote Syslog Collector:
•Common Services 3.0.3 and RSAC 4.0.3 should be installed.
If you install Common Services Service Pack on CiscoWorks server, you must install the same Service Pack on RSC server.
The Common Services Service Pack versions must be same in CiscoWorks Server and RSC Server.
•RME should not be installed on the server where the Remote Syslog Collector is to be installed. (If RME is installed, the Syslog Collector is installed by default)
To install the Remote Syslog Collector:
Step 1 Navigate to the RSC folder on the LMS 2.6 update CD-ROM.
Step 2 Double-click the Setup.exe file to start the installation.
Step 3 Follow the wizard instructions to install the product.
After the installation of Remote Syslog Collector, select CiscoWorks Homepage > Software Center > Software Update to verify the installation. Remote Syslog Collector should be listed.
After Installation, you need to configure the collector.properties file if required. If not, you can use the defaults. See "Understanding the Syslog Collector Properties File".
Subscribing to a Remote Syslog Collector
Step 1 Download the Peer certificate from the system where Remote Syslog Collector is running.
Step 2 Upload the Peer certificate to the system where Remote Syslog Collector is running.
Step 3 Select Resource Manager Essentials > Tools > Syslog > Syslog Collector Status.
Step 4 The Collector Status dialog box appears with this information:
Column
|
Description
|
Name
|
Hostname or the IP address of the host on which the Collector is installed.
|
Update Time
|
Date and time of the last update. By default, this dialog box is updated every 5 minutes.
Time and time zone are those of the CiscoWorks Server.
|
Uptime
|
Time duration for which the Syslog Collector has been up.
|
Forwarded
|
Number of forwarded Syslog messages.
|
Dropped
|
Number of unprocessed Syslog messages.
|
Invalid
|
Number of non emblem compliant Syslog messages.
|
Filtered
|
Number of filtered messages. Filters are defined with the Define Message Filter option (For details about defining filters, see the User Guide for Resource Manager Essentials).
|
Received
|
Number of Syslog messages received.
|
Step 5 Click Subscribe.
The Subscribe Collector dialog box appears.
Step 6 Enter the address of the Common Syslog Collector to which you want to subscribe to.
Step 7 Click OK.
The Syslog Analyzer is subscribed the Syslog Collector that you specified. This can be either the Syslog Collector on the RME server, or a remotely installed Syslog Collector.
Starting the Remote Syslog Collector
To start the Remote Syslog Collector, enter pdexec SyslogCollector at the command prompt on the machine where Syslog Collector is installed.
Stopping the Remote Syslog Collector
To stop the Remote Syslog Collector, enter pdterm SyslogCollector at the command prompt on the machine where Syslog Collector is installed.
Uninstalling the Remote Syslog Collector
Step 1 Select Start > Programs > CiscoWorks > Uninstall CiscoWorks.
The Uninstallation dialog box appears, displaying all of the installed components.
Step 2 Select Remote Syslog Collector.
Step 3 Click Next to begin uninstalling the selected component.
Understanding the Syslog Collector Properties File
After installing the Syslog Collector on a remote machine, you need to check the Syslog Collector Properties file to ensure that the Collector is configured properly.
The Syslog Collector Properties file is available at these locations:
•On Solaris:
NMSROOT/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rmeng/csc/data/Collecto
r.properties
•On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\csc\data\Collecto
r.properties
The following table describes the Syslog Collector Properties file:
Timezone-Related Properties
|
Description
|
TIMEZONE
|
The timezone of the machine where the Syslog Collector is running. Enter the correct abbreviation for the timezone. For example, the time zone for India is IST.
For the correct Timezone abbreviation, see the Timezone file in the following locations:
•On Solaris:
/opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/cisco/nm/rme
ng/fcss/data/TimeZone.lst
•On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\f
css\data\TimeZone.lst
|
COUNTRY_CODE
|
Country code for the Syslog Collector.
We recommend that you set the country code variable with the appropriate country code, to make sure that the Syslog timestamp conversion works correctly.
For example, if you are in Singapore, you must set the country code variable as COUNTRY=SGP.
|
TIMEZONE_FILE
|
The path of the Timezone file. This file contains the offsets for the time zones.
After installing the Syslog Collector, ensure that the offset specified in this file is as expected. If it is not present or is incorrect, you can add the Timezone offset as per the convention.
The default paths are:
•On Solaris:
opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/
cisco/nm/rmeng/fcss/data/TimeZone.lst
•On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng\f
css\data\TimeZone.lst
|
General Properties
|
SYSLOG_FILES
|
Filename and location of the file from which syslog messages are read.
•On Solaris:
•On Windows:
|
DEBUG_CATEGORY_NAME
|
Name Syslog Collector uses for printed ERROR or DEBUG messages.
The default category name is SyslogCollector.
We recommend that you do not change the default value.
|
DEBUG_FILE
|
Filename and location of the Syslog Collector log file containing debug information:
•On Solaris:
/var/adm/CSCOpx/log/CollectorDebug.log
•On Windows:
NMSROOT\log\CollectorDebug.log
|
DEBUG_LEVEL
|
Debug levels in which you run the Syslog Collector.
We recommend that you retain the default INFO, which reports informational messages. Setting it to any other value might result in a large number of debug messages being reported.
If you change the debug level, you must restart the Syslog Collector.
The values for the Debug levels are:
•Warning
•Debug
•Error
•Information
|
DEBUG_MAX_FILE_SIZE
|
The maximum size of the log file containing the debug information.
The default is set to 5 MB.
If the file size exceeds the limit that you have set, Syslog Collector writes to another file, based on the number of backup files that you have specified for the DEBUG_MAX_BACKUPS property.
For example, if you have specified the number of backups as 2, besides the current log file, there will be two backup files, each 5MB in size. When the current file exceeds the 5 MB limit, Syslog Collector overwrites the oldest of the two backup files.
|
DEBUG_MAX_BACKUPS
|
The number of backup files that you require. The size of these will be the value that you have specified for the DEBUG_MAX_FILE_SIZE property.
|
Miscellaneous Properties
|
READ_INTERVAL_IN_SECS
|
The interval at which the Collector polls the syslog file.
The default is set to 1 second.
|
QUEUE_CAPACITY
|
The size of the internal buffer, for queuing syslog messages.
The default is set to 100000
|
PARSER_FILE
|
The file that contains the list of parsers used while parsing syslog messages.
•On Solaris:
opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/
cisco/nm/rmeng/fcss/data/FormatParsers.lst
•On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng
\fcss\data\FormatParsers.lst
|
SUBSCRIPTION_DATA_FILE
|
The Syslog Collector data file that contains the information about the Syslog Analyzers that are subscribed to the Collector.
•On Solaris:
opt/CSCOpx/MDC/tomcat/webapps/rme/WEB-INF/classes/com/
cisco/nm/rmeng/csc/data/Subscribers.dat
•On Windows:
NMSROOT\MDC\tomcat\webapps\rme\WEB-INF\classes\com\cisco\nm\rmeng
\csc\data\Subscribers.dat
|
FILTER_THREADS
|
The number of threads that operate at a time for filtering syslog messages. The default is set to 1.
|
COLLECTOR_PORT
|
The default port of the Syslog Collector. The default is set to 4444.
The port where the collector listens for registration requests from Syslog Analyzers.
|
