Share This:


Most IT administrators have already heard about Syslog. Some of them may even have considered using it for monitoring their hardware. But have these admins measured the risks associated to such a choice? Are they aware of all the aspects and implications of going down that bumpy road? This article gives an overview of using Syslog as a hardware monitoring solution and draws a comparison with Sentry’s Hardware Monitoring solution.



Syslog is a key reference in the world of logging that is used to collect log data from different platforms and forward it to Syslog Server. This log data can include almost any device or application activity, such as changes to system settings or user logins. The original Syslog protocol was developed in the early 1980s to record application events for debugging purposes. It quickly became a popular tool for other development projects to transport event messages between computer systems and software applications.


Broadly speaking, Syslog can refer to three different concepts: the application that collects events, the protocol that forwards events, and the log messages which include information such as when, where and why the event was sent.



Syslog is not a vendor-agnostic solution. Although it may be suitable for a few UNIX systems, it is definitely not adapted to large heterogeneous datacenters operating multi-vendor platforms. In large environments, each different platform, model, and even driver creates different sets of syslog entries. Configuring the monitoring of a new component requires serious effort, precious time, and a great deal of money as each new added component requires an internal study to determine how hardware failures are reported.


The Syslog solution is what we call a passive monitoring solution, meaning that it does not perform real-time monitoring and does not proactively analyze data but merely reads the data from the log messages sent by the monitored systems. It is therefore not possible to predict potential hardware issues. When the log messages are sent, it is always too late: the problem has already occurred. Besides, Syslog uses a UDP connection for log transport lacking congestion control mechanisms which could possibly result in message transmission delay or packet loss.


There is no standard format defined for log messages. The content of log messages may indeed vary greatly and may not be readable by humans. As a consequence, IT admins may need to execute complex scripts or even purchase automated log-analyzers to parse syslog entries. To add to the complexity, administrators can only parse the events which already occurred in the past: any new event occurring for the first time will be skipped. Thus, many important events can be missed.


Choosing Syslog is agreeing to spend long hours in configuration and fine-tuning as by default, Syslog is missing some critical features needed to be a comprehensive monitoring solution. For example, thresholds need to be set manually and do not necessarily follow the recommendations provided by the vendors, and graphs are not available without third-party commercial tools.



Sentry’s Hardware Monitoring solution offers out-of-the box monitoring capabilities for almost all types of hardware devices: physical, virtual and blade servers, SAN switches, tape libraries, and so on. Indeed, the agent-based solution provides real-time active monitoring and constantly verifies the state of all hardware devices in datacenters. Sentry’s solution provides full coverage for a large variety of components: disks (controllers, hard disks, RAIDs, etc.), environment (power supplies, temperature sensors, fans, etc.), critical devices (processors, memory modules, network cards, etc.), or network links (network adapters, data traffic, bandwidth utilization, etc.).


IT administrators can effortlessly monitor their heterogeneous infrastructure into one single console since all events triggered by the Hardware Monitoring solution when a hardware problem occurs, are easy to read and seamlessly integrate into a single-point monitoring solution: TrueSight Operations Management and its powerful BMC TrueSight Event and Impact Manager. IT Admins can thus quickly check the overall health of their hardware environment at one glance.


Thresholds are set according to the manufacturers' recommendations but IT administrators can also freely customize them. As soon as these thresholds are breached, alarms are triggered. Admins can thus easily detect hardware failures in their servers and take action before it is too late. They are also provided with valuable graphs and detailed information about faulty components to facilitate replacement as well as relevant recommendations for faster technical problem resolution.


Finally, the vendor-agnostic solution enables IT admins to create and schedule several reports on the data collected from monitored devices. The solution can for example perform a hardware inventory with detailed information about each device’s characteristics, provide detailed reports about the capacity of the monitored systems, estimate the power consumption of a server, or generate an Ethernet and fiber port traffic report.


REACH THE FINISH LINE (in one piece)!

Although using Syslog for basic hardware monitoring may be convenient within small and homogeneous environments, the solution seems inappropriate to larger heterogeneous datacenters and quickly reveals its limitations and shortcomings. Many administrators who are responsible for managing datacenters and solving associated problems for their customers have in the past faced the ‘road closed’ or “dead-end” signs related to the immense complexity of syslog-based monitoring solutions. They have now turned the corner by opting for BMC TrueSight Operations Management in conjunction with Sentry’s Hardware Monitoring solution: a reliable single-point monitoring solution that transforms the way you manage the hardware health of your infrastructure and helps you take incremental steps towards the objectives of your Business Service Management strategy.


And you, would you risk the accident or would you choose to follow the road that has been mapped out for you by Sentry and BMC?



SyslogHardware Sentry + BMC
  • Passive monitoring solution
  • Considerable effort to configure
  • Hidden costs and expensive to maintain
  • Difficult to implement accross multi-platform infrastructures
  • No graphs, reports, or thresholds available
  • Requires third-party commercial tools to be fully useable
  • Real-time active monitoring solution
  • Easy to configure
  • Transparency of prices and economic benefits
  • Vendor-agnostic solution for heterogeneous datacenters
  • Consolidated graphs and powerful thresholds
  • self-sufficient solution