Administration GuideIntegrations and ConnectorsHow to Create a Syslog Listener › Set Default Configurations

Previous Topic: Apply Suppression and Summarization Rules

Next Topic: Add a syslog Time Zone

Set Default Configurations

You can control syslog listener data access settings using default configurations. For example, you can set trusted hosts or default communication ports.

To set default configurations

  1. Open the listener wizard and advance to the Default Configurations step.
  2. Change or add the values you want, including:
    Event Ordering

    Helps ensure that events are sent to the event log store in the same order in which they are received. If event ordering is disabled, the order can be changed if some events are parsed and sent onward more quickly than others. Enabling event ordering can affect performance by slowing event processing and submission.

    Thread Count Per Queue

    Defines the number of processing threads for each protocol. Using many processing threads speeds processing if event ordering is disabled. If event ordering is enabled, the thread count has no effect. Using many threads can affect performance.

    Queue Size

    Sets the size of the queue, in number of events, for incoming event information. The queue is used to process and submit events. If the buffer is filled no further events can be received until processed events make room.

    Ports

    Sets the ports the listener uses to receive events through UDP or TCP. If you specify multiple ports, the service tries to bind to each in turn. The syslog default ports are already set. If you have routed syslog events to other ports, set your CA Enterprise Log Manager reception ports accordingly.

    Important! If the agent is running as a non-root user on a UNIX system, change the syslog listener ports to port numbers above 1024. In this case, UDP port 514, the default, is not opened and no syslog events are collected.

    Trusted Host

    Defines trusted IP addresses for IPv4 or IPv6 - only communications from a trusted host are accepted. If you specify no trusted host, events from all available syslog event sources are accepted. Enter the exact IP address, as recorded in the event_source_address field for trusted hosts. You cannot use wildcards or subnet addresses.

    Time Zones

    Lets you add time zones for syslog event source computers. syslog does not typically record time. Identify the source systems by full IP address and time zone to receive and adjust events from syslog sources that are in a different time zone than the CA Enterprise Log Manager server. Do not list syslog sources in the same time zone as the server.

  3. Click the appropriate arrow to advance to the wizard step you want to complete next, or click Save and Close.

    If you click Save and Close, the new listener appears in the user folder list, otherwise the step you select appears.