Table of Contents
- Getting Started
- Agent-Based Management
- Data Providers
- Directory Services
- Event Log Archiving for JSIG and CMMC Compliance
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Registry Value Monitor Template
- System Security Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Windows Audit Policy Monitor Template
- Windows Logon As Monitor Template
- Windows Update Template
- Windows Management Instrumentation (WMI) Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- Wake On LAN Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- File and Permission Reports
- Summary Reports
- Auto-Configurators
- Filters
- Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- Merging Logs
- SNMP
- SSH Shell
- Syslog
- Exporting and Importing Configuration Objects
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Corner Bowl Server Manager
SIEM, IPS, Server Monitoring, Uptime Monitoring and Compliance Software
Syslog Server Settings
Server Manager contains both UDP and TCP Syslog Servers. These syslog servers can be used to save, backup, relay, and monitor syslog messages from hardware devices such as switches, routers, firewalls or any computer that supports syslog such as Linux servers. By default, when a message is sent from a device, the receiving Syslog server automatically adds the device's IP or hostname to the Explorer View then automatically saves all messages to Server Manager's centralized syslog database.
In this Topic
How to configure the Syslog Servers
- From the Explorer View, navigate to Options, then select Syslog Server Settings. The Syslog Server Settings View displays. The Agent Server Properties View contains 3 tabs.
- Options
- Assignments
- Columns
UDP Syslog Server
- Check the Enabled check box to enable the UDP Syslog Server.
- Use the Port text box to specify the port.
- Use the Bind address text box to specify the IP address to bind the server. 0.0.0.0 binds to all local IP addresses.
- Use the Queue size text box to specify the queue size.
Note
Note: Anytime the queue is full and therefore unable to keep up with the incoming Syslog messages, new messages are dropped until the system is able to recover.
- Use the Batch size text box to specify the number of syslog messages to batch process.
Note
Note: The batch size must be less than the queue size.
Note
When saving syslog messages to Microsoft SQL Server, Server Manager utilizes SQL Server's batch insert capabilities. If you find your server is frequently dropping messages, consider switching to SQL Server. SQL Server provides far superior throughput over MySQL and Sqlite.
- Clicking Clear DNS Cache empties any prior DNS cached values.
TCP Syslog Server
- Check the Enabled check box to enable the TCP Syslog Server.
- Use the Port text box to specify the port.
- Use the Bind address text box to specify the IP address to bind the server. 0.0.0.0 binds to all local IP addresses.
- Use the Idle timeout text box to specify the timeout in seconds.
- Use the Encrypt check box to enable TLS 1.2.
- Use the Certificate drop-down to select a certificate from your Windows Local Computer Certificate Store.
- Check the Close duplicate connections check box to clean up duplicate connections.
Message Delimiters
Use the message delimeter option to configure how multiple TCP syslog messages are delimited when multiple messages are sent within the same packet.
- Check the CRLF check box to enable CRLF (ASCII 13, ASCII 10) delimiters.
- Check the CR check box to enable CR (ASCII 13) delimiter.
- Check the LF check box to enable LF (ASCII 10) delimiter.
- Check the NULL check box to enable NULL (ASCII 0) delimiter.
Options
- Use the Add all new hosts check box to automatically add any syslog device to the software when a syslog message is received from the device for the first time.
Note
Devices sending syslog messages to Server Manager are automatically be added to the Explorer View under the Hosts/Syslog Devices node then the templates, such as Syslog Consolidation automatically assigned. If you prefer to explicitly specify which Syslog devices can save messages to the Log Database, clear this option then manually add each Syslog device you want to support. Finally, assign the Syslog Consolidation template to each new Syslog device or the Host Group where you added the Syslog devices.
- Use the Host identification method drop-down to select how you would like connecting hosts to be identified.
| Option | Description |
|---|---|
| DNS Lookup | The server uses DNS to resolve the hostname. |
| DNS and FQDN Lookup | The server uses DNS and Active Directory to resolve the Fully Qualified Domain Name (FQDN). |
| Remote IP Address | The server uses the IP address. |
- Check the Enable RFC 5424 parsing check box to enable RFC 5424 parsing. For more information see: The Syslog Protocol
- Check the Enable RFC 3164 parsing check box to enable RFC 3164 parsing. For more information see: The BSD syslog Protocol
Important
RFC 5424 obsoletes RFC 3164.
- Check the Enable verbose logging check box to enable detailed logging.
Syslog Server Properties View
How to relay syslog messages
Corner Bowl Server Manager can be used to relay syslog messages to other syslog collectors.
To relay syslog messages
- From the Explorer View, expand the root Templates node, expand Sample Templates | Log Consolidation then right click on Syslog Relay and select Template Properties. The Template Properties View displays.
- From the Template Properties View, select the Rules Tab.
- From the Rules controls, find the Actions column. Notice the Syslog Relay action that is assigned. This action needs to be modified to configure the Syslog Collector Host to relay syslog messages too. Click the Edit
button. The Action Properties View displays. - From the Action Properties View, use the Syslog server drop-down to select the target Syslog Collector Host.
Important
If the host or IP has not been added, click the Add 
button, then add the host or IP.
button, then add the host or IP.- Click Close, then when prompted to save your changes, click Yes.
- From the Template Properties View, use the Assignments controls to assign the localhost to the Syslog Relay Template.
- Click Close, then when prompted to save your changes, click Yes.