Set up your network devices so they send syslog data to New Relic.
Prerequisites
New Relic prerequisites
- A New Relic account. Don't have one? Sign up for free! No credit card required.
- A New Relic account ID.
- A New Relic license key.
Linux host prerequisites
- Docker installed in a Linux host.
- SSH access to the Docker host, with the ability to launch new containers.
Network syslog devices prerequisites
- Configured network devices to send syslog to the host running the ktranslate docker container. Here's how to configure network syslog data collection in some devices:
- Checkpoint - Security Gateway. You must sign in to the User Center/PartnerMAP checkpoint.
- Cisco - ASA
- Cisco - IOS
- Cisco - Meraki
- Cisco - NX-OS
- F5 - BIG-IP
- Fortinet Fortigate
- Juniper - Junos
- Palo Alto - PAN-OS
Network security prerequisites
Direction | Source | Destination | Ports | Protocol |
---|---|---|---|---|
Outbound | Docker host |
| 443 | TCP |
Outbound | Docker host |
| 443 | TCP |
Inbound | Source devices for syslog data | Docker host | 5143 (default) | UDP |
Tip
The default listening port for ktranslate is 5143 (TCP/UDP)
. If you need to use the default syslog port of 514
(or any other port), you can do so by providing a new listening endpoint during Docker runtime. For example: -syslog="0.0.0.0:514"
.
Set up network syslog monitoring in New Relic
- Go to one.newrelic.com and click Add more data.
- Scroll down until you see Network monitoring and click Syslog.
- Follow the steps in New Relic.
Here's a short video (2:56 minutes) showing how to set up network syslog monitoring:
If you prefer to do the setup manually, see the instructions below.
Investigate your device syslog messages in the New Relic logs UI, using the following query:
"plugin.type":"ktranslate-syslog"
To get better visibility into your network device performance, set up SNMP data monitoring.
To get better visibility into how your network is being used, set up network flow data monitoring.