The Syslog module is a data source module. It listens to syslog datagrams (UDP packets) on specified port (default being 514 as per IETF standards.). It is defined in System.ApplicationLog Management Pack (MP) as System.ApplicationLog.SysLogReader.

The output from this module is Syslog data defined in the ApplicationLog MP as System.ApplicationLog.SysLogData and has the following elements in it:

  • Facility
  • Severity
  • Priority
  • PriorityName
  • TimeStamp
  • HostName
  • Message

Each syslog packet received by the module contains a max of 1024 bytes and they are to be interpreted as ASCII characters. A best effort is made to parse these characters into the above xml elements. The module needs only one piece of configuration: the port number at which the syslog module should be listening.

Attached is a demo MP demonstrating how syslog module can be used to generate alerts when it receives a high severity syslog message.

Read about Syslog in MOM2000/2005 here.