Secure syslog forwarding to LogicMonitor via TLS
Our team has verified that secure syslog forwarding (via TLS) is not supported currently and would like to submit a feature request to LogicMonitor DEV team to asseswhether securesyslogforwarding can be implemented. An example will be syslog-ng forwarding secure (i.e. encrypted) syslog messages to LogicMonitor collector. https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/concepts-tls.html This will enable centralized logging server to forward secure syslog messages to LogicMonitor collector then. Thanks & Best Regards, Horace30Views3likes0CommentsSyslog Timestamps and RFC's
Syslog issues: 1. Being bound to only the two RFC for syslog is near sighted: syslog / timestamp / formatting should be more flexible. 2. the biggest concern I have is that Syslog should reflect the time stamp of the COLLECTOR'S NIC at the time the syslog packet ARRIVES at the collector....not the syslog / timestamp of the system sending the message : this is especially important with systems where clock settings or NTP are currently failing......alerting is based on the time stamp : if the time stamp says Jan 1st 2001 12:01am becasue the CMOS battery on the unit failed......than we NEVER see those syslog messages due to alerting range.5Views0likes0CommentsSyslog "Cleared" = MEANINGLESS
Syslog Issues: #1. The person who asked to have SYSLOG present a "cleared" message.....CLEARLY does not understand that a SYSLOG is NOT A tracked condition like an OID value is....it is a SINGLE SPOT in time....and event that "happened" and does NOT "clear" as you can't change the past. #2. The programmers HONORING that (deeply flawed) request frustrates me to no end.....team, I get the mantra "the customer is always right" .....except when they're wrong it is in EVERYONE's best interest if you retrain the un-skilled users in what a baseline understanding should be. I have no tolerance for bad design making it into development when people should know better. #3. You should have provided those of us who know better, a way to OPT OUT of these bad design decisions.5Views0likes3CommentsNotice message - Syslog Alerting
LogicMonitor Ticketrequest (50445) Currently the platform only supports syslog alerting for messages equal to and above Warning Level. Syslog messages below Warning are ignored. (Notice, Informational, Debug) We would like to have Notice and potentially even Informational syslog message alerts available on the LogicMonitor platform. Whats the reason for the feature request ? Many network devices have important syslog messages classified as Notice by default. Here are just some examples I have found personally on our Juniper devices. VCCPD_PROTOCOL_ADJDOWN OSPF NEI DOWN SSHD_LOGIN_FAILED LOGIN_FAILED LACPD_TIMEOUT This is just one Platform. Juniper does allow you to reclassify syslog messages to any severity level you want but its not a scalable solution. Also some platforms don't allow you to change classification at all (Palo Alto)5Views0likes1CommentELK as a Service
One thing everybody is looking for is convergence, a single tool that does everything for observability. Monitoring, metrics, log analysis - LM does a good job on the first two, but I still need a separate tool to get useful metrics and trends out of my application logs. LM should look into adding ELK-as-a-Service to the LM feature stack (provide customers with an API endpoint they can feed logs to or something), and then customers could have service-level monitoring (URL response times, etc.), plus the traditional LM suite of monitors/metrics, plus LM Cloud, *plus* the most useful info of all: data mined from application logs. That's generally where the really good insights come from (and most of what's unique to each customer's business/offering). ELK is well-known, open source, and fairly mature. Relatively easy to scale as well; should be easy for LM engineering to put together for a proof of concept anyway. Meanwhile, I'm looking at things like Papertrail, Librato andLogz.iofor my application logs - but I'd really like to have One Tool to Rule Them All.4Views0likes1Comment
