Kiwi Syslog Server can help you manage the large volume of messages you are getting from your devices.  Simply create filters and actions that will weed out insignificant events and then act upon important ones.

A good example is to send a text message when a site to site tunnel is dropped. Keep in mind that you can use any event that you would like to isolate a problem, and then trigger any necessary actions. The action can be is as simple as sending an email, to running a script that can do any number of complex responsive actions..

What if you want to isolate an event that tells you that one of your firewalls has issued a message that the IPSec tunnel was terminated because the connection was invalid? To be alerted about this type of message you would need to setup a Priority filter to catch this type of message. Each incoming message contains a Priority value. This value is made up of a Facility and Level. You specify which priorities will cause the filter result to be true. All Facility codes are defined in RFC 3164 if you need a refresher. Next, you would then set the priority field as Facility and define the importance level.

When you setup a network device or groups of devices to send syslogs to kiwi, you define what "facility" to use. For this example we'll use Facility = "Local5" as the firewall. The Importance level ranges from "debug" to "Emerg" (Emergency). You should select as appropriate, probably something at the warning level or greater to avoid getting Notice logs.

Next you would define an action. In this case a simple email works. Enter a message as needed or select from any number of variables to populate a customized one.

After you have entered in the dialog fields, verify that your e-mail servers are setup in kiwi so the email does not bounce.

Above is just an example of one simple filter you can use to isolate events of interest using Kiwi Syslog.

