+6
Hi There.
I have a request from a customer to provide the format of the syslog event that are sent by CommServe to their Syslog Server (ArcSight Syslog Server)
Does anyone know what the format looks like and if possible provide a sample.
Thanks
Abdellatif
Best answer by MFasulo
View original
+12
Abdellatif please search on connect for the internal resources available for syslog.
Archsight syslog server and various other syslog servers are supported
For the rest of the community, we introduced syslog via UDP in 11.20. Events, alerts, and audit can be forwarded to a syslog server
In 11.23 we introduced syslog over TLS, so you can securely forward events, alerts, and audit.
Cunningham and I have configured this to FWD to Splunk using both methods. You can see the results below (might need to click the image to read it)
+6
Thanks MFasulo for the info.
At least I have an idea on how the syslog format is.
I also noticed that this is configurable only from the Command Center. Couldn’t find it on CommCell Java GUI.
I am not very familiar with Connect to find the internal resources but will try to.
Thanks and regards
Abdellatif
+12
Thanks MFasulo for the info.
At least I have an idea on how the syslog format is.
I also noticed that this is configurable only from the Command Center. Couldn’t find it on CommCell Java GUI.
I am not very familiar with Connect to find the internal resources but will try to.
Thanks and regards
Abdellatif
No problem, ill send you a message and help you out.
I’m not sure if this made it into Java UI, my primary focus is Command Center 
Guys, I have a question here, does Commvault send logs to syslog(splunk) immediately or are they sent in bulk at certain frequencies?
+18
Guys, I have a question here, does Commvault send logs to syslog(splunk) immediately or are they sent in bulk at certain frequencies?
In my lab, I’m seeing syslog messages arriving every 8 minutes.
Thanks,
Scott
Guys, I have a question here, does Commvault send logs to syslog(splunk) immediately or are they sent in bulk at certain frequencies?
In my lab, I’m seeing syslog messages arriving every 8 minutes.
Thanks,
Scott
+18
I confirmed the product is configured for 8 minute intervals.
At this time, to change it, you can open up a Support case.
Thanks,
Scott
Thanks
+11
Need some suggestion :
What is the recommended way to configure Commvault logs in Splunk . Which will provide you more control over the logs .
Does using the app provide something more which we can not get if we configure our monitoring based on the logs of syslog.
Can the app dashboards and reports be customized or create new reports/dashboards as per the requirements ?
+1
**Need Suggestion**
We want to implement Graylog as a syslog solution for commvault but as per commvault document its not tested and verified solution. Can anyone share their experience if they have used it.
Also, This is the first time we are configuring this solution. Can anyone suggest the retention for such logs. And how much space they acquire.
Thankyou in Advance !!
+23
Tagging in
We may need to split the questions for
+18
We want to implement Graylog as a syslog solution for commvault but as per commvault document its not tested and verified solution. Can anyone share their experience if they have used it.
I don’t know anyone using Graylog but any syslog server should work.
Thanks,
Scott
+1
Thanks
+18
Thanks
Are you asking about the retention and space for the syslog data? I imagine retention is a judgement call based on any SLAs you might have for the business, and I’m not sure about the space. I assume it can very based on the activity level of the CommServe.
Thanks,
Scott
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
