How can we help you today?
Syslog Integration configuration
Starting with MyWorkDrive Server version 6.3, MyWorkDrive Server publishes activity logs which can be integrated with your environment’s Syslog server (PRTG, Elk, LogRythm, Kiwi, etc)
Configuration
Log into your MyWorkDrive Server, double-click the “MyWorkDrive Control Panel” icon on the Desktop, and click the link to open the Admin Panel. Once open, browse to “Logs” and click on “Syslog Server Configuration.”
You will be met with the “Syslog Server Configuration” page. Click the switch next to “Enable Syslog Server integration” to enable the feature. Then enter your Server Host, Port, and the protocol used, then click “Save.”
After hitting save, your syslog aggregator should populate with any new user events.
The log detail will vary depending on the Log Level set on Settings.
- Errors will show login events and major file operations (create, save, and delete)
- Debug will show all user file system events including MyworkDrive Web, Desktop, and Mobile client refreshes.
Note: It is not advised to use Debug logging except when troubleshooting. Debug logging generates large log files quickly and may noticably negatively impact performance on your MyWorkDrive server.
The default logging text files stored on the file system of the MyWorkDrive server are not affected by enabling Syslog integration. No changes will need to be made if you have an existing syslog monitoring workflow or are backing the text files up for archival/compliance reasons.
Example
In the following example, we’ll use Kiwi Syslog Server as our syslog aggregator. Additional information can be found on the Solarwinds site, here.
1. After installing Kiwi Syslog Server, we configure it by going to File > Setup. If you are testing with the free version, scroll down to “Inputs” and select it. Enter in the list of IPs that you want to be able to aggregate from:
Note that this requirement is not well documented. Failing to set the allowed senders will result in no log data being sent.
2. Select UDP under Inputs. Enter in the UDP port you’d like to be used for Kiwi Syslog Server to listen on. By default, it is 514.
Make sure the appropriate firewall ports are open on the host computer.
3. Optionally, you can set a TCP listening port as well. By default, it is 1468.
4. Log into your MyWorkDrive server and configure Syslogs as described above.
Browse to Logs and click “Syslog Server Configuration.” Enter in your “Server Host,” “Server Port,” and select the “Protocol.” Select “Save.”
5. Test your configuration by causing a logging event, such as logging into or out of a MyWorkDrive Client.
6. Browse to Kiwi Syslog Manager and verify that your event logged appropriately:
Once your server is reliably reporting, you’ll see a host of log entries as users login, interact with shares and files, and log out. In this case, several MyWorkDrive servers are all reporting to our Syslog server.
If you encounter issues delivering syslog messages to your Syslog aggregator, tools like
May assist you in generating test messages from your MyWorkDrive server to determine the issue.