Syslog Server Configuration
IT Asset Tool offers the possibility to receive and monitor any network device that supports the forwarding of events via the Syslog protocol on the UDP 514 port.
IT Asset Tool integrates a Syslog Server that allows centralization, analysis and archiving in a structured way.
The logs are archived and encrypted in the "Archive" folder present in the Server folder of our IT Asset Tool installation. This archive is useful for being able to re-import and validate the logs previously received.
You will have a personalized dashboard that filters and displays logs of your interest, you can from your created rules, have full control of your network.
You will also have the possibility to download pre-built templates from our servers through the Enterprise Subscription, containing basic default Signatures within them.
The "SyslogConfig" section accessible from the "Syslog" item is divided into two Tabs, "Groups Host" and "Syslog Rules Messages".
The first "Groups Hosts", allows you to create groups of hosts to which a set of RegEx rules (Regular Expressions) can be applied to their Logs (from the "Syslog Rules Messages" Tab). If then these logs perform the match, they will be displayed in the "Report" section of Syslog.
You can add a new group of devices or hosts using the Add button, then clicking on the IPs in the "Hosts" section, you can assign it to one or more IP addresses.
Remember that for the "Hosts" list to be populated it is necessary that the device or host has previously sent at least one Syslog message to the IT Asset Tool Server.
From the Tab "Syslog Rules Messages" you can view a list of hosts and their related Syslog Messages sent in the last 10 minutes.
If these logs perform the match, they will be displayed in the "Report" section of Syslog.
- Select the host IP that generates the Syslog Message
- Select the Syslog message that will have to match the rule I am creating
- Assign a Rule Name
- Assign the Host group to the rule
- Create the regular expression that the Match must perform and extract the fields of our interest
- Click the "Verify" button to test the newly created rule, if correct IT Asset Tool will show the extracted results on the left side. If correct they are correct you can go to the next point otherwise we will modify the rule and repeat step 6 until the result is correct.
- From the "Syslog Rule Creation" section you can assign headers to the data just extracted. You can select them from a predefined set or customize them to your liking by removing the Flag from the “Wizard Audit” Checkbox.
- Click on "Save Config" to create our rule that will be automatically assigned and applied to all messages from the assigned Host Group.
Now, we will display all the extracted values with their headings in the "Report" Tab previously described.
Two other important functions are available in the "Syslog Rule Messages" section, the first called "Re-Import" and the second "Download".
The first allows you to take the Syslog Messages previously archived by IT Asset Tool and reanalyze them with the currently selected rule.
You will be able to select a limit date from which all the log matches subsequently collected will be deleted and recreated. This functionality is important in case of adding or modifying some existing rule.
The second called "Download" allows you to download or update the default templates containing the Syslog rules created and maintained by the IT Asset Tool Team. So you can take advantage of the Syslog data collection without even knowing the regular expressions.