|
|
|
Frequently asked questions
 |
What is Datagram
SyslogServer?
|
 |
Datagram SyslogServer is a solution to handle
operating system logs for an entire enterprise. Logs are sent to a central
SyslogServer and stored in a database. SyslogView can analyze and inspect the
enterprises logs with aid of several types of filters. Alarms can also be
defined. SyslogAgent sends Events from the local host to the syslog server.
|
Back
to top
|
|
How does it work?
|
|
|
Logs are sent
to the SyslogServer via the Syslog protocol, a standard described in RFC 3164.
Unix and network components all support Syslog. For windows NT/2000/XP/2003 a
small service is added to provide Syslog compatibility. Windows 9x operating
systems are not logging OS:es in the first place - they cannot be supported.
The logs are inserted into a database. The Enterprise Edition uses a
Microsoft SQL database, or other, whereas the Small Business Edition uses an
Access mdb file.
The SyslogView software is used to inspect, analyze and filter the
database contents.
|
Back to top
|
|
Why do I need
Datagram SyslogServer?
|
|
|
The main benefits are saved time for both support personnel
and users, and improved stability/availability for the entire enterprise
network environment thanks to better surveillance. A central log solution also
provides good traceability.
Syslogserver is thereby a great tool to help fullfill requirements
set by the Sarbanes-Oxley Act of
2002.
Datagram SyslogServer helps network administrators to identify and
analyze upcoming problems. This allows for better planning and improved
overall stability. Defining alarms provides immediate feedback for important
events(application failures, hardware errors, contact lost, reconfigurations et
cetera).
|
Back to top
|
How about
application log files?
|
|
|
Adding
application logs to the Datagram SyslogServer is a great way to get the most
out of the product! For Windows, Datagrams
SyslogAgent supports not only Event logs, but also most application logs,
thanks to the configuration options in SyslogAgent.
Applications on Unix generally support Syslog. In some
cases, although unusual, SyslogServer might fail to identify the format in a
optimum way. If this is the case, please contact us.
|
|
Prerequisites?
|
|
|
The SyslogServer itself runs on Windows 2000/XP/2003. Functionality
has been confirmed on a 266MHz, 128Mb server. Client response time on that
server are adequate on reasonably small databases(<1 million entries), but
would suffer on larger environments. For a larger enterprise installation, a
more powerful server is recommended. Over a thousand entries can be parsed
and inserted per second on a modern workstation, and several thousands on a
high-end system.
The SyslogView installs on Windows 2000/XP/2003, and requires the
following components:
The SyslogAgent installs on all Windows NT/2000/XP/2003.
|
Back to top
|
|
Database compatibility?
|
|
|
As Datagram SyslogServer Enterprise Edition communicates with the
database via ODBC, any ODBC compatible database that fully support SQL syntax
works. For fully automated table initiation, however, only MS SQL and a
few other databases are supported.
Please note that Microsoft Access is only supported in the Small
Business Edition due to performance issues and lack of full SQL
syntax support.
|
Back to top
|
|
Logging capacity?
|
|
|
Datagram
SyslogServer can receive logs at full network bandwidth, as entries are
initially just stored in files. Database insertion for the 266MHz, 128Mb sample
server was 400+ entries per second, continuously. This value slowly dropped as
the database got larger (several million entries). Several thousand entries per
second can be parsed and inserted on a modern computer.
With an average of a thousand entries per second, the database grows
rather fast. This is especially true if the logs are retained for a long time.
On high volume installations query times increase due to the high database
workload.
Installations with tens of millions of log entries is not a problem
on a reasonable modern computer. With hundreds of millions of entries, a change
of configuration and/or backup settings is recommended.
|
Back to top
|
|
How do I
install Datagram SyslogServer?
|
|
|
The Datagram
SyslogServer suite uses InstallShield packages for installing all components.
The trial version installs both the Syslogserver and
SyslogView applications. Separate installation packages are available for
Enterprise installations.
SyslogAgent can be installed via an InstallShield
package or via batch, SMS, msi and scripts. This facilitates automated
installation on large number of clients. The .NET framework and MDAC packages,
which are needed for the SyslogView, are deliberately not included in the
package for simplified upgrade compatibility.
|
Back to top
|
|
How big disks do I need?
|
|
|
Modern disks are usually quite large enough for almost every
scenario. More interesting is how large database the hardware can handle
without loosing too much performance. To give some approximation, some 5
million entries usually use 1Gb of disk space.
Rather than getting large disks for the Syslogserver, aim to get fast
disks - SCSI disks and raid solutions for better performance. It's also good
for performance to have the OS (and database logs) on separate disks from the
actual database.
|
Back to top
|
|
How many
hosts can log to the SyslogServer?
|
|
|
One aspect is the number of IP addresses the license covers. The
license is based on number of hosts logging to the SyslogServer. The Free
Edition allows 3 external IP's, Small Business Edition supports 10
external IP's, and the Enterprise Edition according to the bought license.
The Syslogserver application itself has no technical limits on the
number of possible logging IP addresses.
Most hosts generate small volumes of logs - a few thousand entries or
less per day. These cause no problems. It's the few hosts with heavily
logging, with hundreds or even thousands of entries per second, that can
cause problems. One single client like that can change the hardware
requirements.
|
Back to top
Back to top
|
|
