IPSentry - Alert - Syslog Message
If you are familiar with Syslog, you may find this
notification option quite handy. If you do not use Syslog, or you don't
run a Syslog Daemon, or don't know what Syslog is, you can find an abundance of
information by searching the web for "Syslog" or "syslogd".
Simply put, a Syslog daemon accepts and logs incoming messages from a remote (or
local) machine/device. You can trap and filter these messages and perform
specific tasks, or just let them pile up in a log file.
Please see the How-To section for additional information on various configurations.
Enabled
This frame provides a tri-state selection regarding the status of the alert
which allows you to enable, disable, or use the global state (default)
Alert Success
All alerts with the exception of paging alerts make use of this setting.
When checked, the alert will be generated both when the system fails an when the
the failure is corrected.
For example, if you are monitoring a web server and it fails, the alert would be
triggered noting that there is a failure. Additional failure notification
will be sent according to the alert schedule outlined below. Once the
system is recovered and the failure corrected, another alert will be generated
as an "UP" notification.
In using alerts such as Pager or Email, the IPSentry Keyword %IPS_M_STAT% will
be converted to the current state of the device making it possible to recognize
immediately whether the alert was triggered due to the system going
"DOWN" or coming back "UP".
Syslogd IP
Enter the IP Address of the machine on which the Syslog daemon is running.
IPSentry will send a syslog formatted message to this IP Address based on the
alert settings and schedule.
Port
The default port for Syslog is 514. If you have modified Syslog to listen
on an alternate port, enter that here instead.
Facility
Syslog makes use of a Facility:Priority combinations when receiving
messages. These settings are used for log division, and
trigger options on the syslog server. Configure these settings to taste
based on your Syslog daemon configuration.
Based on its configuration, syslogd can perform a given action for messages with a specified priority (or higher) and facility. By using the facility, messages generated by different system components can be logged with different priorities.
The following facilities are supported:
Facility |
Description |
auth |
Used by authorization systems (login) |
cron |
Used for the cron and at systems |
daemon |
System/network daemons |
kern |
Produced by kernel messages |
lpr |
Printing system |
|
Mail system |
mark |
Internally used for time stamps |
news |
Reserved for the news system |
user |
Default facility, used for any program |
uucp |
Reserved for the uucp system |
Priority
Syslog makes use of a Facility:Priority combinations when receiving
messages. These settings are used for log division, and
trigger options on the syslog server. Configure these settings to taste
based on your Syslog daemon configuration.
Based on its configuration, syslogd can perform a given action for messages with a specified priority (or higher) and
facility. By using the facility, messages generated by different system components can be logged with
different priorities.
Priority |
Description |
debug |
Normally used for debugging |
info |
Informational messages |
notice |
Conditions that may require attention |
warning |
Any warnings |
err |
Any errors |
crit |
Critical conditions like hardware problems |
alert |
Any condition that demand immediate attention |
emerg |
Any emergency condition |
Message
Enter the text of the message that should be sent to the Syslog daemon. All
IPSentry Key Words used in this field will be
translated and proper use of these key words in association with the facility
and priority settings can provide you with a means for the syslogd server to
react to the given message.
For more information on syslog, see the documentation and man pages regarding your implementation of syslogd and it's capabilities.
Alert Schedule
The alert schedule allows you "fine tune" the alerting functions to
avoid unnecessary alerting during an extended failure. You may not want to
be paged every single time a failure is detected after the first alert.
You can use this schedule to set how many failures must be detected before the
first alert. Set how many failures must be detected for each subsequent
alert, and the maximum number of alerts you feel are adequate to obtain a
response from specified personnel.
Note: Setting the first-after or every values to any value less than 1 can have unexpected results.
Load Defaults
(button)
This button will load the default configuration information into the appropriate
fields. This is a quick way to use a standard configuration with minor
variations between entries.
Note: You need NOT use this option when the enabled option is set to
"Default" since the replacement of the alert configuration with
default configuration values will be done automatically when the alert is
triggered. You need only use this button when the enabled option is set to
YES and you wish to slightly modify the default configuration and make the entry
specific to the monitored device to which this alert is related.
Test Alert (button)
This option will attempt to process the alert as configured. A message will be
displayed regarding failure or success of the alert generation.
|
||
Contact: support@ipsentry.com | https://ipsentry.com | © 2006 by RGE, Inc. - All Rights Reserved |