TWTQ: Forwarding logs from Log360

TWTQ: Forwarding logs from Log360

Hey everyone!
Here's This Week's Top Question (TWTQ):

Q: Can I forward the logs from Log360 to another server? How do I set up log forwarding?

A: The log management component of Log360, EventLog Analyzer, collects logs from different devices in your network, and provides detailed reports and analysis on the log information. You may also use some other applications which process your network logs, which monitor network performance or provide visualizations for network activities. It would be tiresome to configure these applications to collect logs from all your devices. To avoid this, Log360 has a useful log forwarding feature which allows you to forward the logs of selected devices to a designated server on your network.


How are the logs forwarded?

All logs are forwarded as syslogs, using the UDP protocol. Logs which are already in the syslog format are forwarded as is, in their raw log format. Logs of other formats (such as Windows event logs) are converted to a syslog format of your choice - either RFC 3164 or RFC 5424.


To set up log forwarding:

  • In the EventLog Analyzer component of Log360, go to Settings > Configuration settings > Log forwarder.

  • Enable log forwarding using the Syslog Forwarder Status slider button.

  • Provide the server name and port number of the server you wish to forward the logs to.

  • For logs that need conversion, specify the syslog format you prefer.

  • Select the devices whose logs you wish to forward, by clicking on + next to the Source Devices field, and picking the list of devices from the popup window which opens.

  • Click Save.


Which log format should you choose?

If you are confused about which log format to use, here's a brief note on the difference between the two formats:

RFC 3164 or the "BSD syslog protocol" evolved with popular use and wasn't formally standardized. The specification for this protocol simply describes observed values of the log format over time. Due to this, minor variations may be observed in different implementations of this format.

RFC 5424 or the "syslog protocol" sought to solve this problem by specifying a formal standard. It obsoletes RFC 3164 and also brings about small changes in certain fields by making them more specific. For example, the TIMESTAMP field is more specific in RFC 5424, as it includes year and timezone information, while RFC 3164 doesn't include this information.

It is up to you to choose a log format as per your requirement. Several legacy applications and devices still use the RFC 3164 format. If you use these devices, you can choose to use this format to maintain consistency. If you are unsure which format to choose or don't have any specific requirement, we recommend you choose RFC 5424.

                  New to ADSelfService Plus?