# Log Syslog Security
This package enables Syslog collection in order to specifically monitor network device events.
The Syslog Collector configures a ServicePilot Windows or Linux Agent to listen on a port for Syslogs. These are then sent on to the ServicePilot Manager. Syslog events are stored in a specific collection "Syslog" in order to provide advanced dashboard presenting events severity and facility over time, and some typical network events detection like Top 5 Failed Login Attempts, Deny Events (Cisco PIX) or Frag. Attack & Drop Events (NetGear).
Network Flows - It is is necessary to ensure network connectivity between ServicePilot and the monitored device. In case of a network infrastructure using a firewall, all the ports below must be opened:
- UDP/514 (Syslog): Between device sending Syslogs and ServicePilot Agent
- ServicePilot Manager minimum version: 8.5
- ServicePilot Agent minimum version: 8.5 installed and configured
Before adding a resource to monitor, make certain that all pre-requisites are in place and that ServicePilot Agent is communicating correctly with the ServicePilot Manager.
Add resource using Views Configuration web interface
- As an administrative user of ServicePilot, open the ServicePilot web interface.
- Navigate to Administration. The Configuration > Views web page will open.
- Click on the view in which to place the new resource in the Views hierarchy on the left of the interface. The View editor section will show the existing view contents.
- From the Packages list on the right of the interface, click and drag the log-syslog-security package into the View editor and let go.
- The Resource properties dialog box will open to allow resource configuration.
- Click OK to close the Resource properties dialog box. Note that the dialog box will not close if required parameters are not set.
- Click Save to apply the new resource to ServicePilot configuration.
- Check if the object has been created in your map and that indicators are populated after a few minutes.
|Object Type||License object Consumed||Condition|
This package will also consume space in the Syslog collection (Bytes/day part of the license).
Key field notes
In the Monitoring Policies tab, specify the policy or policies to apply to the resource
Parameters tab: Syslog Port: Specify the port to listen for Syslogs
Further configuration may be needed to add syslog decoding and filtering rules.