rsyslog

The rocket-fast system for log processing

NetApp

RSyslog Windows Agent 3.0 Released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , ,

Adiscon is proud to announce the 3.0 release of RSyslog Windows Agent.

This new major release adds full support for Windows 2012 R2 and also has been verified to work on Windows 10 preview versions.

The new major version is a milestone in many ways. Most important the performance of the core engine has been considerably increased. All existing configurations will benefit from this. Also a new Configuration Client has been added which has been rewritten using the .Net Framework (Like the InterActive Syslog Viewer). With the new Configuration Client, we also introduce support for a new file based configuration format (as an alternative to the registry-based method). RSyslog Windows Agent can now run from a configuration file and save it state values
into files.

We also extended the classic EventLog Monitor to support multiple dynamic *.evt files for NetApp customers.

Detailed information can be found in the version history below.

Build-IDs: Service 3.0.130, Client 3.0.201

Features

  • Faster core engine
  • New Configuration Client running on Microsoft .Net Framework. If wanted, the old client application can be installed manually as “RSyslog Windows Agent Legacy Client”.
  • The Agent can be switched from registry to file based configuration support. Requires usage of the new configuration client.
  • EventLog Monitor Classic(V1): Support for dynamic Eventlog files added.
    Kindly use an asterix (*) in the eventlog filename to activate it, for example: \\netappdevice\c$\etc\log\adtlog.*.evt
    When activated, EventLog Monitor will process all matching files automatically. The feature was primary added for NETAPP users who have dynamic filenames.
  • New System Property added to created UUID’s called “$NEWUUID”. Generates a random generated 128Bit UUID (Universally Unique Identifiers).

Bugfixes

  •  none

Version 3.0 is a free download. Customers with existing 2.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

How to setup RSyslog Windows Agent to monitor NetApp devices using backup *.evt files

By Adiscon SupportPosted on Posted in UncategorizedTagged ,

This article describes how to use RSyslog Windows Agent to monitor NetApp devices using the backup .evt files. In this guide we describe how to setup the service. For creating the actions, please refer to the our other guides.

There are basically two methods to monitor logs of NetApp devices. The first, described here, is to monitor the .evt files that the NetApp device generates. The second method is to monitor the device via the Eventlog API. Instructions can be found here.

The NetApp device basically offers to access the .evt files via a network share. Thus the files are easily accessible through our products.

Basically, we need to create the Event Log Monitor service in RSyslog Windows Agent. Simply right-click on services and from the popup list, choose “Add Service” and the “Event Log Monitor”.

Now disable all the currently available logs except for one. Double click on the one that is still checked. A new window opens.

In this new windows, enable the option “Read Eventlog from File”. The parameters belonging to this option are now available. Insert the file and path name into the field. Alternatively, you can use the browse button to navigate to the remote location of the NetApp and choose the file like that. You could now also change the “Type of Eventlog” if necessary.

Please note, that this method is also fit to monitor multiple files. You only need to change the file name accordingly and insert wildcards to replace name values like dates. This is good for cases, when a new log file is created every day and the filename reflects the date when the file was created, like below for file like adtlog.20130206110000.evt or adtlog.20130206121314.evt.

So thats it basically. You can now choose to forward the log messages via syslog to a central log host, write them into a database or use one of the many other options that are available in RSyslog Windows Agent.

How to setup RSyslog Windows Agent to monitor NetApp devices using Eventlog API

By Adiscon SupportPosted on Posted in Guides for Windows AgentTagged , ,

This article describes how to use RSyslog Windows Agent to monitor NetApp devices using the Eventlog API. In this guide we describe how to setup the service. For creating the actions, please refer to the our other guides.

There are basically two methods to monitor logs of NetApp devices. The first, described here, is to monitor the device via the Eventlog API. The second method is to monitor the device via the .evt files the device generates. Instructions can be found here.

The NetApp device basically offers to access the log storage via the Eventlog API. That makes it very easy to use our products to monitor NetApp devices.

Basically, we need to create the Event Log Monitor service in RSyslog Windows Agent. Simply right-click on services and from the popup list, choose “Add Service” and the “Event Log Monitor”.

In the next step, enable “remote EventLog monitoring”. Insert the hostname or IP of the NetApp device into the field. Verify the connection with the “Verify” button. You might need to run the MonitorWare Agent service with a account, that has both local administrative rights as well as rights to read the Eventlog of the NetApp device.

Now disable all the currently available logs except for Application, Security and System. Double click on the one that is still checked. A new window opens.

In this new windows, enable the option “Use Checksum to verify the last processed event”. The parameters belonging to this option are now available. Also enable “Always search for the last processed Event using the Checksum”. If these options are not enabled, polling the log messages will not work properly, because the NetApp logging system does not use a record number to identify single log messages. Repeat this step for the remaining two log types.

So thats it basically. You can now choose to forward the log messages via syslog to a central log host, write them into a database or use one of the many other options that are available in RSyslog Windows Agent.

Scroll to top