14.6.1 Configuring the Syslog Server

Start an instance of Ascolog Insight. This instance will be used as syslog server so you have to load the syslog layout (file “syslog.xml”) which is delivered with Ascolog Insight and which is located in the “LAYOUTS” folder. After loading the file the Files window displays the syslog configuration file (“syslog.ini”) including the complete path. The default location for the “syslog.ini” file is the “PLUGIN_CFG” folder that is part of the Ascolog Insight's data folder. The location of the data folder depends on the installation method that was used. How to locate the data folder is explained in How to Install.

The syslog server is now ready to be used because the syslog layout and the default “syslog.ini” already provide the appropriate settings for a localhost installation. Example "Syslog.ini" file which configures the receiver shows the default settings for the syslog server (section SYSLOG_RECEIVER). The server will listen on port 514 of the localhost and it will accept up to 100000 log records.

[SYSLOG_RECEIVER]
address = localhost:514
max_records = 100000

"Syslog.ini" file which configures the receiver

In the syslog layout the custom columns definition should already be correctly configured. More information about custom columns definition can be found in the chapter Custom Columns Definitions. In order to check or correct these settings open the Custom Columns Definition editor and modify the layout's custom columns definition (menu Tools, command Custom Columns Definition...). In the editor go to the Edit menu and select Defines... to open the Defines dialog. By default the layout's defines should be configured as shown in example Define settings.

USE_BASE_MACROS=1
USE_ALL_MACROS=0
USE_FULLROW_COLUMN=1
USE_UID_COLUMN=0
USE_NEWDATA_COLUMN=0

Define settings

You must also add the following custom columns definition files in the editor. The define settings above ensure that the required custom columns and commands are available in the included custom columns definition files shown in example Required custom columns definition files.

#include <basemacros.cdf>
#include <basecolumns.cdf>
#include <syslog_basecolumns.cdf>

Required custom columns definition files
Scheduled Tasks dialog
Scheduled Tasks dialog

Besides the configuration of the custom columns definition you also have to schedule the search and refresh task. In the syslog layout they should be already scheduled in the appropriate way as it is shown in the Scheduled Tasks dialog of figure Scheduled Tasks dialog. However, if they are not you must schedule them yourself. Open the Tools menu and configure the tasks as it is shown in the Scheduled Tasks dialog. The configuration of the refresh task is directly shown in figure Scheduled Tasks dialog. The configuration of the search task is a little bit more complex. Select the search task and press the Edit button. This will open the Schedule Find in Files dialog. In this dialog you must specify the path to the “syslog.ini” file in the Look In field. The “.” refers to the data folder of Ascolog Insight. How to schedule tasks is described in detail in Task Scheduling.

If the scheduled tasks are correctly configured you must enable them if they are not enabled yet. Open the Tools menu and select Enable Scheduled Tasks. Task scheduling is enabled if the Enable Scheduled Task command is displayed in a light gray.

If everything is correct the path to the syslog configuration file is displayed in the Files window and the status is Converted.