User’s Guide – version 1.6 NetWatch
32
Chapter 6: Syslogs
The Syslog protocol is an event notification protocol that allows a machine be it a
Server, Hub, Switch or Router to send event notification messages to ‘event message
collectors’ -also known as ‘Syslog servers’.
Syslogs and NetWatch
NetWatch has its own built in fully featured Syslog server. Any Syslog messages sent
to the NetWatch Server will be stored in a Syslog message event database.
Enabling Syslog Reception
To allow NetWatch to receive syslog messages, turn on the “Use Syslog Receiver”
option on the Admin | System Settings page. The NetWatch service requires a restart
after changing this setting.
Syslog Severity/Priorities and Reporting
Each syslog sent from a device has an encoded severity. These are described in the
following table.
Emergency: System is unusable.
Alert: Action must be taken immediately.
Critical: Critical Conditions.
Error: Error Conditions.
Warning: Warning Conditions.
Notice: Normal but significant condition.
Informational: Informational messages.
Debug: Debug-level messages.
Each one of these severity levels is assigned to a NetWatch priority level as decided
by the administrator in the ‘Syslog Configuration Section’.
Only messages of a certain priority will be viewed and processed by the reporting
system. The ‘Syslog Configuration Section’ can also configure this.
For details of viewing and processing syslog messages refer to Chapter 5 ‘The Reporting System’.
Configuring Devices to Send Syslogs to NetWatch
For Syslogs to be viewed and processed by NetWatch devices must be configured to
send its Syslog messages to the NetWatch Server. Using the CISCO IOS for example
syslogs are sent to the NetWatch Server with the following command:
Logging Hostname or A.B.C.D (IP address of the NetWatch Server)