Centralize Log Viewers/Analyzers

  • 1
  • Question
  • Updated 3 years ago
What centralized log viewers/analyzers is ZoneDirector compatible with? Is anyone using a centralize log server/analyzer (e.g. logrythms)?
Photo of Robert Sobelman

Robert Sobelman

  • 1 Post
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 332 Posts
  • 81 Reply Likes
Syslog Watcher Personal Edition 2.8 (cheap ie free like me).
http://www.snmpsoft.com/

Not so much a recommendation more that it works, is simple, didn't need some monstous SQL backend or some obtuse version of dotnet to install. That's fitted my scenario.

Gives me very basic syslog info/reporting. Enough for me but you might prefer something cleaner and with more bells/whistles/pan pies.

Doesn't interpret the cryptic ruckus message codes but I wasn't expecting an easy life!

Photo of edepe

edepe

  • 3 Posts
  • 0 Reply Likes
i already installed syslog watcher and configure-system: Log Settings, checked enable reporting to remote syslog server at (my ip windows : 192.168.10.99)

what is the next step?
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 332 Posts
  • 81 Reply Likes
In ZD go to
system
log settings
TICK enable reporting to remote syslog server ADD IP of syslog server.

In syslog
settings
network
TICK accept messages over UDP on port number 514 (should be default).

Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 332 Posts
  • 81 Reply Likes
Don't get confused...

syslog watcher runs on machine with specific IP and listens for incoming traffic on 514

you tell ZD to send syslog traffic to that specific IP.

The rest is histoire.

.
Photo of edepe

edepe

  • 3 Posts
  • 0 Reply Likes
thank you, done
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 332 Posts
  • 81 Reply Likes
Point ZD at syslog machines IP.

The IP you first mentioned (my ip windows : 192.168.10.99) is not what you have put in your screenshot.

Back to "do not get confused".

IP of machine running syslog watcher must be the one you enter into the ZD config page.

Basic stuff: on syslog watcher pc
start run cmd... ipconfig to find your ip

while in cmd prompt check you can ping ZD from syslog watcher pc.

Are they in same subnet (if not they will not see each other...unless you put some routing rules in or play with masks...shouldn't be necessary).

Have fun.
Photo of Greg Ashe

Greg Ashe

  • 12 Posts
  • 0 Reply Likes
My curiousity got the better of me and I set up the syslog server. There are many ERRORs being logged - the majority of them to do with acsrvc_receive() message.

Any ideas what this means, the cause and the cure?
Photo of Greg Ashe

Greg Ashe

  • 12 Posts
  • 0 Reply Likes
Well in fact - despite being flagged as an ERROR it seems it is benign enough!

When a client roams from AP1 to AP2 then AP1 will send a log message as shown below.

acsrvc_receive():88:32:9b:aa:a1:88 station of VAP c0:8a:de:3c:e0:e8, last stats reported from unmatched VAP c0:8a:de:38:86:08

This log can simply be ignored as this is not harmful.

Perhaps Ruckus should re-classify this as an INFO alert instead of ERROR