Procedures for manually copying syslogs to Envision
Hi, I have a supported event source that is generating syslog but there is a problem getting the logs pushed to Envision. I would appreciate if anyone could advise on the procedure to manually copy the syslogs from the supported event source to the Local Collector. Thanks in advance.
Syslog generally just works like magical goodness over UDP port 514. If your logs are not getting to enVision, then you could check one of several things:
1) Network topology: this is the problem 99% of the time. Bad routing, a firewall between the event source and the collector that is blocking syslog, etc.
2) Already an event source with that IP address in enVision: if that's the case make sure you set the existing event source to be a "multi-device"
3) Misconfigured event source: double check the destination IP and port - make sure they are set to the enVision collector.
If all that fails and you want to do this manually, you will need to use the injector.exe (found in the bin folder) to inject the syslog output file. Simply copying the syslog file will not get the logs into the IPDB.
If you type injector -? it will show you all the command line options.
A typical usage to inject a syslog file once would look like this:
injector -file syslog.unx -host x.x.x.x -eps 100 -once -redirect
x.x.x.x is the IP address of your enVision collector