Security & Management

If you are using Microsoft Operation Manager 2005 and want to monitor the Unix devices by MOM Operator Console, You must need to configure the Unix devices to forward the Syslog messages to the MOM Agent Computer, and the MOM Management Server to receive and handle the Syslog messages.
 
On the MOM Management Server
 
To create a Syslog port provider
1. In the left pane of the MOM Administrator console, right-click Providers.
2. On the context menu, click New Provider, specify Application Log as the data provider type, and then click Next.
3. For the provider name, enter Syslog port provider.
4. For the provider log type, select Syslog port, and then click Finish.
 
To create an event rule that uses the Syslog port provider
1. First create a rule group named Syslog and associate this rule group with a computer group named Syslog messages receiver that included the Syslog message receiver computer (MOM Agent Computer).
2. In the left pane of the MOM Administrator console, expand the rule group, right click Event Rules, and then click New Event Rule.
3. Select Collect Specific Events (Collection), and then click Next.
4. In the list, select the Syslog port provider and then click Next.
5. Enter Collect Syslogs for the name of the rule, ensure that the Enabled check box is selected, and then click Finish.
6. In the left pane of the MOM Administrator console, expand the rule group, right click Event Rules, and then click New Event Rule.
7. Select Alert on or Respond to Event (Event),click Next.
8. In the list, select the Syslog port provider and then click Next.
9. In the Criteria Page, click Advanced button, and choose Parameter 1 in field, choose contains substring and enter the Syslog message level (example: crit, err, warning..) in value. Click Add to List.
10. Click Close and then click next. Check the Generate Alert in the Alert Page and configure the Alert properties.
11. Enter the name Received Syslog message level from Syslog for the rule name (example: Received Warning from Syslog). Click Finish.
12. Create additional rules for other syslog message level to generate alerts.
 
On the Unix device
 
1. Configure the entry in system logger configuration file (Syslog.conf) that maps syslog messages to the IP address of a Syslog message receiver (MOM Agent Computer). In the Syslog.conf file, tabs separate the message type and the IP address. The message type is of the form facility.level, such as kern.error, which signifies a kernel error.
The following facility values are recognized by MOM: auth, cron, daemon, ftp, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, mark, news, syslog, user, and uucp.
The following priority levels, from highest to lowest, are recognized by MOM: emerg, alert, crit, error, warning, notice, info, and debug.
Example:      *.err        @192.168.0.150
2. Restart the system logger daemon (syslogd) on the UNIX device.

 

Source: My 6th Microsoft KB Article