When something goes wrong in your network, you often donโ€™t find out about it until your users are affected, and youโ€™re left scrambling to identify the issue and understand its root cause. The faster you find out about a network issue and why itโ€™s happening, the quicker you can implement the right fix and spare your network users from unnecessary downtime. SNMP monitoringโ€”like whatโ€™s available in Auvikโ€”can alert you when something bad happens, but it canโ€™t answer why itโ€™s happening. Thatโ€™s where Syslog comes in.

What is syslog and why is it important?

Log messages are generated by a device and create a record of events that occur on the device. The logs give you information about important events, device health, and normal and abnormal happenings on a deviceโ€”information that can be absolutely critical when troubleshooting a network issue.

Logs are stored locally on the device memory and, historically, youโ€™d have to go directly to the device to access them. This led to two key problems:

  1. If a device reboots, all of its logs are gone.
  1. You have to log into each device on a network separately in order to access its logs.

Syslog is a standard network-based logging protocol which was created to solve these two problems and is widely adopted. Syslog works on essentially every device on your networkโ€”whether itโ€™s a router, switch, or firewallโ€”and allows the devices to send free text-formatted log messages to a remote server.

Why should I use Syslog in Auvik?

Although Syslog servers have solved the problem of centralized access to logs and plenty of standalone log management systems exist, separate servers and systems create huge administrative headaches for IT teams.

Auvik centralizes Syslog data for all your network devices across all your sites, allowing you to search and filter to get to the root cause of network issues and troubleshoot them faster. This has several benefits.

1) It removes administrative overhead

With one lightweight Auvik collector for all of your data sourcesโ€”including device metrics, flows, and logsโ€”you donโ€™t have to install or maintain any additional collectors just for Syslog.

You donโ€™t have to maintain inventory details in yet another system and you donโ€™t have to rotate log files and maintain an additional database. With Auvik, you simply have to forward Syslog to the same collector youโ€™re already using.

2) It speeds up resolution times by having all the context you need in one place

With standalone Syslog systems, your team not only has to learn how to use a new, separate tool, but they also have to switch between tools when troubleshooting.

Jumping between multiple tools takes up valuable time, and also makes it incredibly difficult to understand why a network issue is happening. Itโ€™s tough to correlate performance metrics to logs when the whole picture is splintered across multiple tools.

With Auvik, you can easily see network topology, performance metrics, configurations, traffic, and logs without having to leave your browser. By having all the context you need to troubleshoot a network issue in one place, you save tons of time and can resolve issues faster.

syslog with and without auvik

3) It gives you visibility across all of your sites

Due to the administrative overhead and the additional costs of a separate tool, IT teams have historically centralized Syslog only for their largest or most important sites, leaving the rest in the dark.

With Auvik, you donโ€™t have to pick and choose which sites benefit from Syslog. Since Auvik is super simple to roll out across sites, lives in the cloud, and has a scalable pricing model, you can standardize the visibility you have in each of your networks. As long as itโ€™s a Performance site in Auvik, you can set up Syslog and troubleshoot issues quickly, regardless of whether itโ€™s HQ, a remote branch office, or a client site.

Try Auvik free for 14 days

Quick facts about Syslog in Auvik

Syslog is available on all of your Performance sites. Before digging into your device logs, here are some important facts you should know:

  • Setup is simpleโ€”you only have to configure a device to forward Syslog to the Auvik collector. There are no additional collectors to install and maintain in the network, and thereโ€™s no need to set up and maintain a local database to store logs. In fact, if you have an Auvik collector installed on the network and youโ€™ve configured your device to forward Syslog, youโ€™ll start seeing logs in minutes. See How do I get started with Syslog? for more information.
syslog in auvik
  • You can search and filter logs on any device without leaving the device dashboard. You can also export logs as a CSV file to send them to a device manufacturerโ€™s technical support team or attach the file to a ticket in your PSA or ITSM.
  • By default, Auvik only processes messages with severity levels 0 to 4โ€”emergency to warningโ€”so you only store logs that matter. (But even this is customizableโ€”if you want to reduce the noise even further, you can easily turn off warning messages with a single click. If youโ€™re debugging an issue, you can turn on severity levels 5 to 7 temporarily.) See How do I discard or process Syslog based on severity? for more information.
logging settings
  • While youโ€™ll only need to access logs from the past three or four days for a majority of troubleshooting scenarios, Auvik retains logs for 14 days to help you shed even more light on intermittent issues. See How long are Syslog messages retained in Auvik? for more information.
  • Thereโ€™s a transfer volume limit that defines how many messages can be sent in total for each site. Itโ€™s defined by the number of billable devices, so the larger your site, the higher the limit. Currently, the limit in a 14-day window is 700,000 messages per billable device. See How many Syslog messages can a site send to Auvik? for more information.
  • We understand that spikes happen and you may occasionally exceed the transfer volume limit. Auvik has a fair usage policy and continues to process and retain messages even if your site exceeds its limit. However, if the site exceeds twice its volume limit and is sustained for more than 14 days, you might see a notification inside Auvik asking you to modify the severity filters or investigate further.

How can I get started with Auvik syslog?

It’s easy to get going with syslog in Auvik Network Management. Our โ€œHow do I get started with syslog?โ€ Knowledge Base article highlights how you can get going in fewer than six clicks. We also provide valuable guidance on how to set up additional devices, as well as how to take devices offline or permanently delete them from the syslog summary.

Whatโ€™s next?

Auvik will continue to be a champion for making syslog easy to use as part of a comprehensive network monitoring and management system. If youโ€™re already an Auvik customer, keep your eyes peeled for future syslog improvements. If youโ€™re not an Auvik customer, learn more by trying Auvik free for 14 days.

Get templates for network assessment reports, presentations, pricing & moreโ€”designed just for MSPs.

Ebook cover - The Ultimate Guide to Selling Managed Network Services
  1. Ryan Avatar
    Ryan

    What is the time frame on the long term log retention? That is something that is important to clients.

    1. Steve Petryschuk Avatar
      Steve Petryschuk

      Great question Ryan. Logs are currently stored for 14 days, and the team is hard at work on some improvements that will enable extended log retention beyond 14 days. You can check out the roadmap webinar for info.

  2. Nick Whittome Avatar
    Nick Whittome

    When are real time alerts coming?

    1. Ryan LaFlamme Avatar

      Hi Nick. Checked in with the team, and it’s actually being planned. If you’d like more details, your Partner Success Manager can reach out and explain more!

Leave a Reply

Your email address will not be published. Required fields are marked *