1 Reply Latest reply on May 9, 2016 9:12 AM by cscoengineer

    linux server agent and syslog/connectors

    marcusmm8

      Why do linux servers need both an agent and syslog setup? It appears linux servers need to have samba, selinux, sudo etc setup

        • Re: linux server agent and syslog/connectors
          cscoengineer

          One main reason is that the Linux agent may not have a connector for the software being monitored - but the software is capable of syslog.  In this case the software would send the syslog to LEM.  LEM would then normalize the data and present it.

           

          Syslog, of course, is very chatty and we want to limit this as much as possible.  So for other software on the same box which has a connector - we could use the agent to normalize the data and send it over to the manager.

           

          You can also tell LEM to also save the raw syslog, if needed.  But this will increase the database size.  I have had to do this only once for a client because the normalized syslog data of a firewall was dropping the URL information.  And the client wanted the URL information for archiving.  In this case the default LEM disk size was increased to the max.

           

          Thanks

          Amit

          Loop1 System