Importing Syslog Data

Syslog is a log standard that is supported by several network devices, applications and flavours of Unix/Linux operating systems. Syslog collectors are also available for Windows operating systems. Logscape runs it's own Syslog Server providing a unified approach to collecting log events.

Syslog Network Settings

You can find the current system syslog settings by going to the System Runtime Workspace

By default the ports are set above 1024 but this can be modified in the boot.properties by updating the following properties

Note: That using ports < 1024 on Unix based systems requires root privileges. Using authbind and iptables can be used to overcome this.

Searching Syslog Data Source

The syslog data source can be used to search your syslog data.

And can be found in the Data source tab of your installation, this data source contains all syslog data that has been transferred to the Logscape installation. It is advised to create additional datasources for individual sources of syslog messages, or specify rules in your mapping.csv in order to auto-tag your data as it is ingested.