|
|
|
Frequently asked
questions
 |
What is Datagram
SyslogServer? |
 |
Datagram SyslogServer is a
solution to handle operating system logs for an entire
enterprise. Logs are sent to a central SyslogServer and stored
in a database. SyslogView can analyze and inspect the
enterprises logs with aid of several types of filters. Alarms
can also be defined. SyslogAgent sends Events from the local
host to the syslog server. |
Back to
top
|
How does it work?
|
|
Logs are sent to the
SyslogServer via the Syslog protocol, a standard described in
RFC 3164. Unix and network components all support Syslog. For
windows 2000/XP/2003 a small service is added to provide
Syslog compatibility. Windows 9x operating systems are not
logging OS:es in the first place - they cannot be supported.
The logs are inserted into a database. The
Enterprise Edition uses a Microsoft SQL database, or other,
whereas the Small Business Edition uses an Access mdb
file.
The SyslogView software is used to inspect,
analyze and filter the database contents.
|
Back to
top
|
Why do I need
Datagram SyslogServer? |
|
The main benefits are saved time for
both support personnel and users, and improved
stability/availability for the entire enterprise network
environment thanks to better surveillance. A central log
solution also provides good traceability.
Syslogserver is thereby a great tool to help
fullfill requirements set by the Sarbanes-Oxley Act, and other auditing requirements.
Datagram SyslogServer helps network
administrators to identify and analyze upcoming problems. This
allows for better planning and improved overall
stability. Defining alarms provides immediate feedback for
important events(application failures, hardware errors,
contact lost, reconfigurations et cetera).
|
Back to
top
|
How about
application log files? |
|
Adding application logs to the
Datagram SyslogServer is a great way to get the most out of
the product! For Windows, Datagrams
SyslogAgent supports not only Event logs, but also most
application logs, thanks to the configuration options in
SyslogAgent.
Applications on Unix generally
support Syslog. In some cases, although unusual, SyslogServer
might fail to identify the format in a optimum way. If this is
the case, please contact us. |
|
Prerequisites? |
|
The SyslogServer
itself runs on Windows 2000 onwards. It does not use many system resrouces itself – the database however does.
Over a thousand entries can easily be
parsed and inserted per second on a modern workstation, and several thousands on a high-end system.
The SyslogView
installs on Windows 2000 onwards, and requires the following components:
The SyslogAgent installs on all Windows
2000 onwards. |
Back to
top
|
Database
compatibility? |
|
Datagram SyslogServer
Enterprise Edition communicates with the database via standard ODBC, and expect full compliance with MS SQL. Automated table
initiation, and customer support, is for MS SQL only.
Please note that Microsoft Access is only supported in the Trial version..
|
Back to
top
|
Logging
capacity? |
|
Datagram SyslogServer
can generally receive logs at full network bandwidth, as entries are
initially just stored in files. Several thousand entries per second can
be parsed and inserted on a modern computer.
With an average of a thousand entries per
second, the database grows rather fast. This is especially true if the
logs are retained for a long time. On high volume installations query
times increase due to the high database workload.
Installations with tens
of millions of log entries is not a problem on a reasonable modern computer. With hundreds of
millions of entries, a change of configuration and/or backup settings is
recommended. |
Back to
top
|
How do I install
Datagram SyslogServer? |
|
The Datagram SyslogServer
suite needs no installation as such. Place the files in the desired local
catalog and start the configuration program. From there the service can
be defined and started.
The reason for not using installation packages
is a history of upgrade problems using packages. Any domain installation
can (more) easily push out relevant files for execution. A registry
template file is also available for such activity.
For SyslogView, the
.NET framework and the ODBC Data Provider package, both from Microsoft,
are needed. Please note that a 32bit ODBC driver is used even in the 64
bit environment. Configuration of this ODBC is made from the
%windows%\sysWOW64\odbcad32.exe program. |
Back to
top
|
How big disks do I
need? |
|
Modern disks are usually quite large enough for
almost every scenario. More interesting is how large database the
hardware can handle without loosing too much
performance. To give some approximation, some 5 million entries usually
use 1Gb of disk space.
Rather than getting large disks for the Syslogserver, aim to get fast disks - raid solutions or
a SAN for better performance. It's also good for performance to have the
OS (and database logs) on separate physical disks from the actual
database. |
Back to
top
|
How many hosts
can log to the SyslogServer? |
|
One aspect is the number of IP addresses the
license covers. The license is based on number of hosts logging to the SyslogServer. The Trial version allows 8
external IP's, and the Enterprise Edition according to the bought license
size.
The Syslogserver
application itself has no technical limits on the number of possible
logging IP addresses.
Most hosts generate small volumes of logs - a
few thousand entries or less per day. These cause no problems. It's the
few hosts with heavily logging, with hundreds or even
thousands of entries per second, that can
cause problems. Typically, this would be a busy firewall with debug
logging, or a domain controller with heavy logging. One single client
like that can change the hardware requirements. |
Back to
top
Back to
top
| |
