Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1468
Views
10
Helpful
7
Replies

Syslog Server -

getwithrob
Level 3
Level 3

‎04-26-2006 01:40 PM

I'm looking for input on what software others may be using to process syslog messages. I'm using RME to report on messages and perform automated email actions on several different messages. The problem I have though is the fact that an email is generated for every message received on the critical messages I've selected that need notification and this can sometimes become overwhelming.

Oh yea, We don't have DFM setup which, I think, would solve this problem but there are over 12,000 Cisco devices on this network and I don't think DFM can even come close to managing messages for that many devices.

I've seen a few other software products (kiwi tools is the only one I can think of off the top of my head) that have syslog capability so I'm trying to get a feel for what's out there and what works and works well.

Thanks for any input.

Labels:
0 Helpful
7 Replies 7

David Stanford
Cisco Employee
Cisco Employee

‎04-27-2006 05:22 AM

In addition to CiscoWorks and Kiwi there are a couple of other products that I know of that can process syslog messages. These are Monitorware and Logalot

ajaykumarkg
Level 1
Level 1

‎04-28-2006 03:42 AM

We have been using "EventLog Analyzer" for syslog/event log analysis.

mark.margolin
Level 1
Level 1

‎05-02-2006 08:22 PM

You said you have 12,000 devices how have you managed to Scale Ciscoworks to that level. I have 8000 am considering my options.

getwithrob
Level 3
Level 3
In response to mark.margolin

‎05-07-2006 06:10 AM

We're using RME 3.5 ONLY between 3-Solaris 280R boxes w/ 2 CPUs each and 4GB RAM each. There are approx 4,000 devices on each of these servers and it works fairly well for backing up the configs, Netconfig jobs, syslog reporting, hardware/software inventory and probably a few other critical features I can't think of off the top of my head.

We also have 6 campus servers w/ discovery filters setup to discover certain portions of the network. What do we get out of Campus that's usable? Not much....

We have it because the customer wants it!

I started using the automated email actions for critical syslog messages but the problem is an email is generated everytime a message is received which can sometimes be overwhelming. That's why I was trying to get a feel for other options for notification on critical syslog messages. From what I've heard, DFM wouldn't be able to come close to handling the load for that many devices.

0 Helpful

miheg
Level 5
Level 5
In response to getwithrob

‎05-15-2006 09:35 PM

With that number of devices you require something that can make the correlation between a lot of events and can then present you the root causes.

I know only a few products that do that reasonably being Spectrum (former cabletron), SMARTS, and Netcool.

I'm not commercial but if think these are all above the budget for which you get Ciscoworks.

Cheers,

Michel

0 Helpful

ajaykumarkg
Level 1
Level 1

‎05-15-2006 06:40 PM

Try www.eventloganalyzer.com for syslogs. And www.fwanalyzer.com for firewall log analysis.

0 Helpful

mfreeman451
Level 1
Level 1

‎05-30-2006 10:09 AM

Check out syslog-ng and the browser:

http://www.linkdown.org/static_syslogngbrowser_en.html

0 Helpful
Customers Also Viewed These Support Documents