1. Using Oracle Log Analytics
  2. Get Started with Oracle Log Analytics
  3. Configure Oracle Log Analytics
  4. Perform Oracle Log Analytics Specific Configuration Tasks
  5. Set Up Syslog Monitoring

Set Up Syslog Monitoring

Syslog is a commonly used standard for logging system event messages. The destination of these messages can include the system console, files, remote syslog servers, or relays.

Oracle Log Analytics allows you to collect and analyze syslog data from various sources. You just need to configure the syslog output ports in the syslog servers. Oracle Log Analytics monitors the output ports, accesses the remote syslog contents, and performs the analysis.

Syslog monitoring in Oracle Log Analytics lets you listen to multiple hosts and ports. The protocols supported are TCP and UDP.

  1. From Oracle Log Analytics, click the OMC Navigation open menu icon icon on the top left corner of the interface. In the OMC Navigation bar, click Administration Home.
  2. In the Log Sources section, click Create source.
    Alternatively, in the Log Sources section, you can click the available number of log sources link and then in the Log Sources page, click Create.
    This displays the Create Log Source dialog box.
  3. In the Source field, enter the name for the log source.
  4. From the Source Type list, select Syslog Listener.
  5. Click Entity Type and select the required entity type such as Host.
  6. Click File Parser and select Syslog Standard Format.
  7. In the Listener Pattern tab, click Add to specify the details of the listener to which Oracle Log Analytics will listen to collect syslogs.
    Enter the listener port that you specified as the output port in the syslog configuration file in the syslog server, select either UDP or TCP (recommended for heavy traffic) as the required protocol, and select Enabled.

    Repeat this step for adding multiple listener ports.

  8. Click Save.
  9. In the Log Sources page, select the newly created syslog source (testSyslog in this case) and click Associated Targets.
  10. In the Associated Targets: <log source name> page, click Add.
  11. Select the host name or host names with which you want to associate the source and click Select.
  12. In the Associated Targets: <log source name> page, click Save.

View Syslog Data

You can use the Log Source field in the Fields panel of Oracle Log Analytics to view syslog data.

  1. From Oracle Log Analytics, click Log Source in the Fields panel.
  2. In the Filter by Log Source dialog box, select name of the syslog source that you created, and click Submit.
Oracle Log Analytics displays the syslog data from all the configured listener ports. You can analyze syslog data from different hosts or devices.