Syslog

You can send Sentry syslog data to a remote log server you have set up on your network. Logs are then written to both the syslog location and the local log location.

Adding a syslog entry

You add the syslog server in the Standalone Sentry System Manager in Settings > Syslog.

Procedure 

1. In Sentry System Manager, go to Settings > Syslog.
2. Click Add.
3. Enter the requested information.
4. Click Apply.

See the field descriptions for a Syslog entry in Field descriptions for a syslog entry.

Editing a syslog server entry

Settings > Syslog lists the syslog server you have configured on Sentry. You can edit the syslog server setting you have configured.

Procedure 

1. In Sentry System Manager, go to Settings > Syslog.
2. Click on the IP address or hostname of the syslog server you want to edit.
3. Update the settings as needed.

You cannot update the server address or hostname.

4. Click Apply to save and apply the changes.

See the field descriptions for a Syslog entry in Field descriptions for a syslog entry.

Field descriptions for a syslog entry

The following table describes the settings for syslog.

Table 1. Syslog fields description

Field

Description

Server

Enter the IP address or host name for the remote log server.

Port

The default is port 514.

MobileIron Monitor listens on port 514. If you are using MobileIron Monitor, use the default port 514 for both TCP and UDP.

Protocol

Select UDP or TCP. Select UDP or TCP, depending on whether your syslog server is set up to receive UDP or TCP data.

Facility Type

Select the appropriate facility type to select the logs to report to syslog server.

General: Select to send mi.log and miservicewatch.log data. The mi.log file contains sentry.log and mics.log data. The miservicewatch.log contains data from Troubleshoot > Service Diagnosis in the Sentry System Manager.

Audit: Select to send audit logs.

Health Monitor: Select to send health monitoring logs.

Log Level

Select a log level from the drop down list. The log level is listed based on the priority and severity of the log message.

Emergency

Alert

Critical

Error

Warning

Notice

Info

Debug

Emergency has the highest priority and Debug the lowest priority. All log messages at that log level and higher priority are included in the log file.

For Facility type Audit and Health Monitor, Info is the only log level available.

NOTE: If the log level configured for the syslog server is higher than the log level configured on Sentry, Sentry only sends Alert/Error/Warning messages to the syslog server.

Admin State

Select Enable from the dropdown list to apply these settings to your current configuration.

Select Disable to suspend use of the configured log server.

Adding MobileIron Monitor as a syslog server

MobileIron Monitor allows IT and system administrators to monitor the health of all their mission-critical MobileIron EMM components and services. MobileIron Monitor organizes and displays monitoring data pushed from MobileIron Sentry, providing you a comprehensive view of system status and alerts.

Before you begin

You must have set up MobileIron Monitor. For information on how to set up MobileIron Monitor, see the MobileIron Monitor Configuration Guide.

Procedure:

1. In MobileIron Sentry System Manager, go to Settings > Syslog.
2. Click Add.
3. Provide values for the Add Syslog dialog fields:
a. Server: Enter the IP address of MobileIron Monitor.
b. Port: Use the default port 514.
c. Protocol: Select the desired protocol.
d. Facility Type: Select General.

Only General is supported.

e. Log Level: Select the desired log level.
f. Admin State: Select Enable.
4. Click Apply.