If you rely on a Huawei router or firewall configuration, you can use Kiwi Syslog Server to monitor and archive network activity.  Read on to learn how. 

Huawei_Kiwi_HappyAdmin.gif

What is Syslog Again?


Syslog is a standard used to log and route messages like router connection messages and firewall warnings in an IP network. The syslog standard promotes efficient management of enterprise systems by integrating log data of events occurring on computer systems like UNIX and Linux collected from a wide array of sources, including network devices, routers, and firewalls.  Each computer involved will send small text-based messages known as syslog messages to a dedicated syslog server every time an event is generated. The syslog server then saves the received messages in a log file. Because syslog is supported by a wide variety of routers, firewalls, applications and operating systems, syslog servers are often used to collect, monitor and archive logs from many different machines - often the entire network! 


What Makes Kiwi Syslog Special? 


Kiwi Syslog Server provides an easy-to-install, easy-to-maintain solution for collecting, monitoring and archiving syslog messages, SNMP Traps and Windows event log messages.  It installs on a Windows machine and runs as a service for unattended 24/7 operation.  It can listen to almost all types of syslog traffic from basic UDP messages to secure TCP streams.  Upon receiving messages, it can display them to a local GUI or (in the commercial version) to a Web console.  It can also read incoming messages and react to them.  Finally, it can write incoming messages to disk and will then automatically manage (i.e., "age" or "grandfather") the resulting log files. 

More to the point, Kiwi is often installed by sysadmins who need to "just store the logs" for auditors or corporate requirements, and who then want to get notified of certain events or when certain routers make noise.

How Do I Configure My Huawei Router to Send Logs Via Syslog?

Huawei offers two different router series: AR and NE routers. The AR router series is designed to meet the demands of a wide variety of industries, with high flexibility, agility, security and reliability. These are lower network cost routers that are easy to maintain. The NE series routers are high-end solutions meant for telecom data communication networks, and can be deployed as a P/PE router in IP core and metro networks.

After authenticating to a typical Huawei NE router, just two commands are generally needed to start logging to a remote syslog server.  The first turns logging on.  The second tells the router where to send the logs, which "facility" to use, and which language to use.

info-center enable

info-center loghost 10.16.1.100 facility local4 language english


You should plan to change the IP address - set that to the machine running Kiwi Syslog.  You may also want to change your "facility" value, shown as "local4" above.  (It's common for firewalls to use "local4" and routers to use "local7," but you may set these values as you wish.) 


How Do I Configure My Kiwi Syslog Server to Receive Huawei Syslog Messages? 

After you download and install Kiwi Syslog, its default settings will begin looking for syslog messages that are sent to UDP port 514.  As long as you entered the IP or hostname of your Kiwi Syslog server in your Huawei router, you should be able to receive Syslog messages immediately.  (If you cannot see any messages, make sure there are no firewalls, routers or OS-level firewalls blocking Syslog access between your Huawei router and your Kiwi Syslog server.)

The Kiwi Syslog server features advanced collection options and specific security options such as TCP. The server also provides advanced options for monitoring and archiving, including the ability to write each router's logs to their own files and implement automatic clean-up after a period of X days. 

Get even more specific Kiwi Syslog tips in the Kiwi Syslog Space on thwack, SolarWinds' community and forum.