|
|
|
Frequently asked
questions
 |
What is Datagram
SyslogServer? |
 |
Datagram SyslogServer is a
solution to handle operating system logs for an entire
enterprise. Logs are sent to a central SyslogServer and stored
in a database. SyslogView can analyze and inspect the
enterprises logs with aid of several types of filters. Alarms
can also be defined. SyslogAgent sends Events from the local
host to the syslog server. |
Back to
top
|
How does it work?
|
|
Logs are sent to the
SyslogServer via the Syslog protocol, a standard described in
RFC 3164. Unix and network components all support Syslog. For
windows 2000/XP/2003 a small service is added to provide
Syslog compatibility. Windows 9x operating systems are not
logging OS:es in the first place - they cannot be supported.
The logs are inserted into a database. The
Enterprise Edition uses a Microsoft SQL database, or other,
whereas the Small Business Edition uses an Access mdb
file.
The SyslogView software is used to inspect,
analyze and filter the database contents.
|
Back to
top
|
Why do I need
Datagram SyslogServer? |
|
The main benefits are saved time for
both support personnel and users, and improved
stability/availability for the entire enterprise network
environment thanks to better surveillance. A central log
solution also provides good traceability.
Syslogserver is thereby a great tool to help
fullfill requirements set by the Sarbanes-Oxley Act
of 2002.
Datagram SyslogServer helps network
administrators to identify and analyze upcoming problems. This
allows for better planning and improved overall
stability. Defining alarms provides immediate feedback for
important events(application failures, hardware errors,
contact lost, reconfigurations et cetera).
|
Back to
top
|
How about
application log files? |
|
Adding application logs to the
Datagram SyslogServer is a great way to get the most out of
the product! For Windows, Datagrams
SyslogAgent supports not only Event logs, but also most
application logs, thanks to the configuration options in
SyslogAgent.
Applications on Unix generally
support Syslog. In some cases, although unusual, SyslogServer
might fail to identify the format in a optimum way. If this is
the case, please contact us. |
|
Prerequisites? |
|
The SyslogServer itself runs on Windows
2000/XP/2003. Functionality has been confirmed on a 266MHz,
128Mb server. Client response time on that server are adequate
on reasonably small databases(<1 million entries), but
would suffer on larger environments. For a larger enterprise
installation, a more powerful server is recommended. Over
a thousand entries can be parsed and inserted per second
on a modern workstation, and several thousands on a high-end
system.
The SyslogView installs on Windows
2000/XP/2003, and requires the following components:
The SyslogAgent installs on all Windows
2000/XP/2003. |
Back to
top
|
Database
compatibility? |
|
As Datagram SyslogServer Enterprise Edition
communicates with the database via ODBC, any ODBC compatible
database that fully support SQL syntax works. For fully
automated table initiation, however, only MS SQL and a few
other databases are supported.
Please note that Microsoft Access is only
supported in the Small Business Edition due to
performance issues and lack of full SQL syntax support.
|
Back to
top
|
Logging
capacity? |
|
Datagram SyslogServer can
receive logs at full network bandwidth, as entries are
initially just stored in files. Database insertion for the
266MHz, 128Mb sample server was 400+ entries per second,
continuously. This value slowly dropped as the database got
larger (several million entries). Several thousand entries per
second can be parsed and inserted on a modern computer.
With an average of a thousand entries per
second, the database grows rather fast. This is especially
true if the logs are retained for a long time. On high volume
installations query times increase due to the high database
workload.
Installations with tens of millions of log
entries is not a problem on a reasonable modern computer. With
hundreds of millions of entries, a change of configuration
and/or backup settings is
recommended. |
Back to
top
|
How do I install
Datagram SyslogServer? |
|
The Datagram SyslogServer suite
uses InstallShield packages for installing all components.
The trial version installs both
the Syslogserver and SyslogView applications. Separate
installation packages are available for Enterprise
installations.
SyslogAgent can be installed via
an InstallShield package or via batch, SMS, msi and
scripts. This facilitates automated installation on large
number of clients. The .NET framework and MDAC packages, which
are needed for the SyslogView, are deliberately not included
in the package for simplified upgrade compatibility.
|
Back to
top
|
How big disks do I
need? |
|
Modern disks are usually quite large enough
for almost every scenario. More interesting is how large
database the hardware can handle without loosing too much
performance. To give some approximation, some 5 million
entries usually use 1Gb of disk space.
Rather than getting large disks for the
Syslogserver, aim to get fast disks - SCSI disks and raid
solutions for better performance. It's also good for
performance to have the OS (and database logs) on separate
disks from the actual
database. |
Back to
top
|
How many hosts
can log to the SyslogServer? |
|
One
aspect is the number of IP addresses the license covers. The
license is based on number of hosts logging to the
SyslogServer. The Free Edition allows 3 external IP's,
Small Business Edition supports 10 external IP's, and the
Enterprise Edition according to the bought license.
The Syslogserver application itself has no
technical limits on the number of possible logging IP
addresses.
Most hosts generate small volumes of logs - a
few thousand entries or less per day. These cause no problems.
It's the few hosts with heavily logging, with hundreds or
even thousands of entries per second, that can cause
problems. One single client like that can change the hardware
requirements. |
Back to
top
Back to
top
| |
