Syslog Overview¶
The syslog protocol is a standard for logging program messages to a database. It is commonly used to monitor devices that do not have a large amount of storage capacity, such as networking devices, ESX servers, PCoIP Zero Clients, and PCoIP Remote Workstation Cards. Using syslog for logging enables you to centralize the storage of log messages and to capture and maintain a longer history of log data. It also provides a set of tools to filter and report on syslog data.
Syslog messages include a facility level (from decimal 0 to 23) that indicates the application or operating system component that is generating the log message. For example, a facility level of 0 indicates a kernel message, a facility level of 1 indicates a user-level message, and a facility level of 2 indicates a message from a mail system. Processes and daemons that have not been explicitly assigned a facility may use any of the eight local use facilities (16 – local use 0 to 23 – local use 7) or they may use the 1 – user-level facility. Facilities enable for easy filtering of messages generated by a device.
Syslog messages are also assigned a severity level from 0 to 7, where a severity level of 0 indicates an emergency panic condition and a severity level of 7 indicates a debug-level message useful to developers but not for operations.
Syslog default values
Ports 514 or 6514 are commonly used for connecting to a Syslog server depending on the Syslog connection type. See IANA reference. If port 514 is used with Syslog connection types TCP or TCP with TLS—then there may be a conflict with the shell service name which uses TCP port 514.
PCoIP Tera2 endpoints have a default Syslog port of 514 and UDP Syslog connection type to send syslog messages to a centralized UDP Syslog server. However, you may use a different port as long as the syslog server receives the syslog messages on the same port that the device sends the messages.
We also use 19 – local use 3 as the default facility because this facility isn't commonly used.
Ensure that the syslog server can manage the volume of messages
Ensure that your syslog server can handle the volume of messages that the Tera2 PCoIP endpoint sends. With certain free syslog servers, messages are lost if the volume is too great.
Syslog Facility default use
Cisco IOS devices, CatOS switches, and VPN 3000 concentrators use the 23 – local use 7 facility. Cisco PIX firewalls use the 20 – local use 4 facility. We also use 19 – local use 3 as the default facility under the assumption that this facility is not commonly used. If it is being used, you can select a different facility.
Enabling Syslog¶
To configure syslog, you'll need to ensure the event log is enabled which will then display the syslog settings. Enable syslog, enter the IP address or Fully Qualified Domain Name (FQDN) for the syslog server, and specify the port number, facility to use, and connection type to send messages to the syslog server.
To configure syslog settings:
-
From the AWI, browse to Diagnostics > Event Log and ensure the Enable Event Log check box is selected.
-
Select the Enable Syslog check box.
-
For Identify Syslog Host By, select whether you want to identify the syslog server by its IP address or FQDN.
- In the Syslog Host IP Address / Syslog Host DNS Name box(es), enter the IP address or FQDN of the syslog server.
-
If the syslog server is configured to receive data on a port other than 514, enter another port number in the Syslog Host Port box.
-
If you want the device to use a facility other than the default facility, select it from the Syslog Facility list.
-
Enable the Syslog Enable Metadata setting to tag every syslog entry with the PCoIP Device Name and Generic Tag.
-
Select the Syslog Connection Type according to your security policies.
- Add the client certificate for TCP with TLS syslog connections that require Mutual Authentication (Server and Client). See Syslog TCP/TLS Authentication in the Uploading Certificates topic.
-
Click Apply.
-
From the Success page, click Continue.