Syslog Settings Splunk for MCU & ISDN GW

Marco · ‎12-01-2015

Hello community,

we start to collect all Data from our VCS, MCU & ISDNGW to Splunk.

For VCS we can change Port and Log Settings but not for MCU and ISDNGW over the web interface.

Is it possible to change Port and Protocol over CLI? We don´t have access over ssh to MCU & ISDNGW.

Thanks for support

Shea Sivell · ‎12-10-2015

The only allowed port changes can be done via the Services tab from the web GUI. From there you would be allowed to change ports, such as the SNMP port.

Also, the MUC and ISDN GW only allow CLI access via the Console/Serial connection.

For reference, here are the syslog settings for the MCU. This information is also found on the help_syslog.html page of the MCU and ISDN GW.

Syslog settings:

Host address 1 to 4

Enter the IP addresses of up to four Syslog receiver hosts.

The number of packets sent to each configured host will be displayed next to its IP address.

Facility value

A configurable value for the purposes of identifying events from the MCU on the Syslog host. Choose from the following options:

0 - kernel messages
1 - user-level messages
2 - mail system
3 - system daemons
4 - security/authorization messages (see Note)
5 - messages generated internally by syslogd
6 - line printer subsystem
7 - network news subsystem
8 - UUCP subsystem
9 - clock daemon (see Note)
10 - security/authorization messages (see Note)
11 - FTP daemon
12 - NTP subsystem
13 - log audit (see Note)
14 - log alert (see Note)
15 - clock daemon (see Note)
16 - local use 0 (local0)
17 - local use 1 (local1)
18 - local use 2 (local2)
19 - local use 3 (local3)
20 - local use 4 (local4)
21 - local use 5 (local5)
22 - local use 6 (local6)
23 - local use 7 (local7)

Choose a value that you will remember as being the MCU.

Note: Various operating system daemons and processes have been found to utilize Facilities 4, 10, 13 and 14 for security/authorization, audit, and alert messages which seem to be similar.

Various operating systems have been found to utilize both Facilities 9 and 15 for clock (cron/at) messages.

Processes and daemons that have not been explicitly assigned a Facility value may use any of the "local use" facilities (16 to 21) or they may use the "user-level" facility (1) - and these are the values that we recommend you select.

Using syslog:

The events that are forwarded to the syslog receiver hosts are controlled by the event log capture filter.

To define a syslog server, simply enter its IP address and then click Update syslog settings.

The number of packets sent to each configured host is displayed next to its IP address.

Note: Each event will have a severity indicator as follows:

0 - Emergency: system is unusable (unused by the MCU)
1 - Alert: action must be taken immediately (unused by the MCU)
2 - Critical: critical conditions (unused by the MCU)
3 - Error: error conditions (used by MCU error events)
4 - Warning: warning conditions (used by MCU warning events)
5 - Notice: normal but significant condition (used by MCU info events)
6 - Informational: informational messages (used by MCU trace events)
7 - Debug: debug-level messages (used by MCU detailed trace events)

Marco · ‎12-23-2015

Hi Shea,

so it isn´t possible to change the syslog port. Thanks for clarify.

I´m not sure if my questions was correctly, I asked for Syslog Port settings on MCU and ISDN GW.

No problem we collect the messages over standard ports 514 now.

Regards,

Marco