Alerts Settings: Syslog
Use the Syslog tab in the Alerts Settings dialog box to configure DeviceLock Content Security Server for syslog.
To open this dialog box, do either of the following:
•Right-click Alerts in the console tree, and then click Manage.
•Select
Alerts in the console tree, and then click
Manage 
on the toolbar.
•Select Alerts in the console tree; then, in the details pane, right-click Syslog and click Manage.
•Select Alerts in the console tree, and then double-click Syslog in the details pane.
You can configure DeviceLock Content Security Server to automatically send alert notifications to the specified syslog server when alert conditions occur. These alerts are sent only when all of the following conditions are met:
•The syslog server is set up to receive messages.
•The remote computer running the syslog server is accessible from computers where the discovery task is being performed (by the Agent) or from the server (in case of agentless scanning).
•Sending alerts to the syslog server is configured.
To configure sending alerts to the syslog server, complete the Syslog tab as follows:
•Connection - Supply the syslog server-related information:
•Server - Specify the fully qualified domain name or IP address of the syslog server.
•Protocol - Select TCP or UDP as the method of communication with the syslog server. The default selection is UDP.
•Port - Specify the port number on which to send syslog messages. The default port is 514.
•Framing - Specify the framing method for syslog messages when transported over TCP. DeviceLock supports these methods: Zero byte, LF, CR+LF, Message length.
•Options - View or change the following connection options:
•Name - The unique name for the log channel. The default value is DeviceLockDiscoveryAlert.
•Facility code - A syslog standard value (between 0 and 23) to specify the type of program that is logging the message.
•Message size - The syslog message size, in bytes. The default value is 65535 bytes.
•Threshold - Specify the time interval (in hours, minutes and seconds) used for event consolidation when generating alerts. DeviceLock consolidates multiple similar events occurring within the threshold time and generates a summary in a single alert if all of the following conditions are true:
a) The events are of the same type, either Success for actions successfully performed on discovered content, or Failure for failed actions.
b) The Reason and Computer of the events being wrapped are the same.
The default value is 10 minutes.
•Test - Send a test syslog message to verify that DeviceLock is configured correctly. This test operation can have two different outcomes, each resulting in a different message being displayed:
•The test can complete successfully, meaning that a test message was successfully sent using the configured syslog parameters. The resulting message states: “Test Syslog alert was successfully sent.”
•The test can fail, meaning that a test message was not sent. The resulting message states: “Test Syslog alert was not sent due to error: <error description>.”
