Forward Syslog Messages

85 viewsevent forwarding syslog
2
0 Comments

Hi Dojo,

I have the following use case and questions related to Syslog.
A customer is interested in using Dataminer as central collection point for syslog messages coming from various network switches.  This use case should be possible using the generic syslog receiver.

An additional request is to forward all syslog messages to another receiver/application.  The final  destination is not accessible to the network switches while Dataminer is so that is why the idea is to use Dataminer as collection point and then forward the messages to the final destination.

What would be the best way to achieve this?
One way would be to use the SNMP Manager.  But I believe this would require all syslog events to be translated into Dataminer Alarms and then forwarded as SNMP Traps or Inform messages.  This might not be ideal given the huge amount of alarms this would generate on Dataminer.

Any other way this could be done? Would this be achievable by adding an Syslog forwarding functionality to the generic syslog receiver?

Any ideas or thoughts welcome!

Miguel Obregon [SLC] [DevOps Catalyst] Answered question

2 Answers

0
21.82K 1 Comment

Hi Koen,

I have a question regarding the intended behavior of DataMiner in this integration.
Should DataMiner act purely as a syslog relay (simply forwarding the received messages) or do you plan for DataMiner to enrich the syslog messages from the switches before sending them to the receiver?

If enrichment is required, one possible approach is to implement a dedicated driver (e.g., Syslog Sender) that forward the syslog messages to the target receiver.

This driver could subscribe to selected parameters on elements. In that way you could avoid generating alarms.

To distribute the load across the cluster, you could initially deploy one Syslog Sender element per DMA. Additional elements can be added later if needed.

Hope it helps.

Koen Bouckhout [SLC] [DevOps Advocate] Posted new comment
Koen Bouckhout [SLC] [DevOps Advocate] commented

Hi Miguel,
Thanks for the feedback! In this case Dataminer should act just as a "relay" without any intervention on the messages themselves. I realize that the added value of Dataminer in this case is limited. It would be a way to work around network restrictions and help the customer to find a solution.
So you think having a dedicated Syslog Sender would be a better approach than adding "Sender" functionality to the Syslog Receiver?
You are viewing 1 out of 2 answers, click here to view all answers.