Syslog data not showing in Logs > Syslog

We have set up EventSentry to collect syslog data from a Linux server. The data is making it to the database, there are records in the table ESSyslogMain. However when I go to web reports Logs > Syslog there is no data. Is there a setting in web reporting that I need to change?
Thanks
Phil

Comments

  • This may be an issue with the UTC settings, there may be a mismatch between what's configured in the management console (Global Options) and the settings of the web reports.

    If UTC is enabled in the management console, can you make sure it's enabled in your web reports profile (Settings -> Profiles) as well? Or, if it's not, make sure it's disabled in the web reports as well?
  • UTC was enabled in both locations.
    Thanks
  • As an update, I have confirmed that the syslog records are being stored in the database using the correct UTC time.
    Phil
  • Hi Phil,

    It could be the result of the Allowed/Blocked Computers functionality in the Account Manager. For the records to be displayed under your account the sender and receiver cannot be blocked.

    http://localhost:8080/account/manager

    If you are not seeing information on the other pages, there may be a problem with your database connection under your profile. There is a Test Connection button you may use to check the settings. Any submitted changes made to the profile will refresh the database connections.

    http://localhost:8080/profile/editor

    I hope this helps.
  • It is a linux server, how would I get it to show up under allowed/blocked computer? All other data from event logs is available and current.
    Phil
  • edited June 6
    Hi Phil,

    Are there any entries listed under the Computers section on the Account Manager page in the Web Reports? If nothing is listed then no filtering is in place.

    The Account Manager can be found under the gears icon > Accounts or by navigating to the follow URL:

    http://<your-web-reports>:8080/account/manager
  • I am in the Administrators group. For that group all server groups are in the allowed computer groups. In order to view syslog data from a linux server should it be added to the Network Devices folder in the management console? I initially tried this but it did not resolve the issue.
    Phil
  • Hi Phil,

    You don't have to add a host to the "Network Devices" group in the management console in order to receive or display data from a remote Syslog sender although you may have to if you want to take advantage of authorization feature. Normally, adding a host to a group just allows you to monitor that host via SNMP.

    So did you setup custom authentication and add hosts to the "Allowed Computer Groups"? Can you try and remove all entries from that section to see if that resolves the issue? Since the remote host is not in any group, I would suspect that this is the reason it's not working.

    In order to still keep advantage of the authorization feature then EventSentry needs to map the host name to a group. If SNMP is enabled on that host, then you could add it to the management console (don't forget to assign credentials and assign at least the SW/HW Inventory system health package to it). It should then show up in the web reports (e.g. Heartbeat Status) and be a member of a group.

    I hope this helps, please let us know.
  • Removing all entries from Allowed Computer Groups resolved the issue. I am very impressed with your remote trouble shooting skills.
    Thanks
    Phil
  • Hi Phil,

    I'm glad to hear that this resolved the issue. Thank you for your compliment, it was a team effort :-).
Sign In or Register to comment.