The first method relies on ensuring that device types like, firewalls, routers, switches, etc, have all been set-up to log to different facilities. Each different facility relating directly to a corresponding virtual display. This is the recommended method of logging to different Virtual Displays, for the Freeware version of Kiwi Syslog Daemon.

The second method requires filtering by individual hostname or host IP address, with each different IP address or hostname group logged to a different virtual display. This avoids any reliance on first having to setup each device-group to log to different facilities. This method requires use of the licensed version.

Solution (1): Freeware version using different Facilities (Recommended)

1. Divide your sending devices into groups such has Firewalls, switches, routers, internal, external, sales etc.

2. For each group decide on a Syslog facility to use. Recommended values are: Local0 to Local7. You can use the other facilities if you have more than eight groups.

3. On each device configure the logging facility depending on its grouping. For a Cisco device it is just a matter of using the "Logging Facility Local0" command to set the facility level to Local0. Other network devices should allow you to specify the facility to send messages on.

4. Create a new Rule in Kiwi Syslog Daemon | Setup. Name the rule "Log Local0 to Display01"

5. Add a new Priority filter (Filter Type="Priority"), named "Facility: Local0". Select all priorities for the Local0 facility.

 

6. Add a new Action. Set the Action-type to "Display" and select the Virtual display number to log Local0 events to. In this example, use Display01.

7. Repeat steps 4-6 for each Facility, that needs to be logged to a display other that the default i.e. create new rules for logging "Local1 to Display02", "Local2 to Display03", etc., etc.

8. The setup can be tested by using Kiwi SyslogGen available from the downloads page.

Solution (2): Licensed version using host IP address or hostname filters

1. Divide your sending devices into groups such has Firewalls, switches, routers, internal, external, sales etc.
2. Make a list of the IP addresses of each of the devices you expect to receive messages from.

3. Create a new Rule in Kiwi Syslog Daemon | Setup. Name the rule "Log Host-X to Display02"

4. Add a new IP address filter (Filter Type="Simple"), named "IP address - Simple". Include the host IP address needed to identify this particular host, or a range of IP addresses. For a single host, add the IP address surrounded by quotes. For multiple hosts, Add each IP address quoted and separated by the OR keyword.

5. Add a new Action. Set the Action-type to "Display" and select the Virtual display number to log events from this host. In this example, use Display02.

6. Repeat steps 3-5 for each host that needs to be logged to a display other that the default i.e. create new rules for logging "Host-Y to Display02", "Host-Z to Display03", etc., etc.

7. The setup can be tested by using Kiwi SyslogGen available from the downloads page.

There are 10 virtual displays you can send syslog messages to. You can rename the displays to something more meaningful than Display(nn), by using the File | Setup | Display menu option, then choosing the display from the "Modify display names" dropdown, entering a new name into the field provided, then pressing the "Update" button.

This will enable you to define Virtual displays such as "Firewalls", "Routers", "Switches", etc., instead of the default names "Display01", "Display02", etc. We recommend that you leave the Display 00 (Default) virtual display as it is, and also leave the Default Rule (which logs all events to Display00) in place.

Download the latest version of Kiwi Syslog Daemon.

If you still have questions after following the instructions provided, then please use the technical support form to receive further assistance.