Article ID: 555450
This article has been archived. It is offered "as is" and will no longer be updated.
Author: Ka Lung Lai MVP
COMMUNITY SOLUTIONS CONTENT DISCLAIMER
MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.
This is the step-by-step instruction of how to configure the Microsoft Operation Manager 2000 or 2005 to monitor Unix device by using Syslog.
If you are using Microsoft Operation Manager 2000 or 2005 and want to monitor the Unix devices by MOM Operator Console, You must need to configure the Unix devices to forward the Syslog messages to the MOM Agent Computer, and the MOM Management Server to receive and handle the Syslog messages.
On the MOM Management Server
To create a Syslog port provider
1. In the left pane of the MOM Administrator console, right-click Providers.
2. On the context menu, click New Provider, specify Application Log as the data provider type, and then click Next.
3. For the provider name, enter Syslog port provider.
4. For the provider log type, select Syslog port, and then click Finish.
To create an event rule that uses the Syslog port provider
1. First create a rule group named Syslog and associate this rule group with a computer group named Syslog messages receiver that included the Syslog message receiver computer (MOM Agent Computer).
2. In the left pane of the MOM Administrator console, expand the rule group, right click Event Rules, and then click New Event Rule.
3. Select Collect Specific Events (Collection), and then click Next.
4. In the list, select the Syslog port provider and then click Next.
5. Enter Collect Syslogs for the name of the rule, ensure that the Enabled check box is selected, and then click Finish.
6. In the left pane of the MOM Administrator console, expand the rule group, right click Event Rules, and then click New Event Rule.
7. Select Alert on or Respond to Event (Event),click Next.
8. In the list, select the Syslog port provider and then click Next.
9. In the Criteria Page, click Advanced button, and choose Parameter 1 in field, choose contains substring and enter the Syslog message level (example: crit, err, warning..) in value. Click Add to List.
10. Click Close and then click next. Check the Generate Alert in the Alert Page and configure the Alert properties.
11. Enter the name Received Syslog message level from Syslog for the rule name (example: Received Warning from Syslog). Click Finish.
12. Create additional rules for other syslog message level to generate alerts.
On the Unix device
1. Configure the entry in system logger configuration file (Syslog.conf) that maps syslog messages to the IP address of a Syslog message receiver (MOM Agent Computer). In the Syslog.conf file, tabs separate the message type and the IP address. The message type is of the form facility.level, such as kern.error, which signifies a kernel error.
The following facility values are recognized by MOM: auth, cron, daemon, ftp, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, mark, news, syslog, user, and uucp.
The following priority levels, from highest to lowest, are recognized by MOM: emerg, alert, crit, error, warning, notice, info, and debug.
Example *.* @192.168.0.150
2. Restart the system logger daemon (syslogd) on the UNIX computer.
For example, execute the following commands to find the syslog process ID, and then restart the system logger using the new Syslog.conf file.
ps -A | grep syslog kill -HUP <pid>
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.