Collect and analyse Syslog messages from network devices, servers, and appliances in real time. Cloudmon receives forwarded Syslogs on port 514, applies configurable log rules to filter and act on messages, and surfaces insights through an AI-assisted analysis engine.
Syslog is a widely used standard for forwarding event messages from network devices, operating systems, and applications to a central collector. Cloudmon acts as the Syslog receiver, collecting messages forwarded from your devices on port 514 and making them available for analysis, filtering, and alerting under Logs → Syslogs.
Once Syslog monitoring is enabled, Cloudmon processes incoming messages in real time. Log rules can be applied to tag specific entries for easy filtering, discard irrelevant messages before they reach the database, create events for significant log entries, or raise alarms when specific conditions are matched. This gives your team full control over signal-to-noise ratio without losing visibility into critical events.
Syslog monitoring is enabled at the probe level, since it is the probe that listens for incoming Syslog messages from devices in its network segment. There are two ways to enable it:
After enabling Syslog monitoring, configure your network devices to forward Syslog messages to the Cloudmon probe on port 514. This is done on each device through its Syslog or logging configuration. Once forwarding is active, messages will appear under Logs → Syslogs.
Log rules let you control how Cloudmon processes incoming Syslog messages before they reach the database or trigger alerts. Navigate to Settings → Configurations → Log Rules and click Add to create a new rule. Fill in the fields as follows:
| Field | Description |
| Enabled | Determines whether the rule is active. Set to Off to disable the rule without deleting it. |
| Name | A descriptive name for the rule that identifies its purpose, such as "Flag Critical Firewall Events" or "Discard SNMP Noise". |
| Probe | The probe to which this rule applies. Rules are scoped per probe, so a rule created for one probe will not affect Syslogs received by another. |
| Log Type | Set to Syslog to apply this rule to incoming Syslog messages. |
| Conditions | Defines whether the rule applies to every Syslog entry or only to entries that match specific criteria such as severity level, message content, or source device. |
| Active Time Window | Restricts the rule to a specific time window. Useful for suppressing low-priority alerts during maintenance windows or off-hours. |
| Entry Count | Controls whether the rule fires for every matching log entry or only after a specific count is reached. |
| Flood | When enabled, removes any cooldown period between rule triggers, allowing the rule to fire continuously for every matching entry. |
Each rule also includes an Actions section where you define what Cloudmon does when the rule conditions are matched:
| Action | Description |
| Tag the Entry | Applies a custom tag to the log entry. Tags can be used in later rules, searches, and dashboard visualisations to organise and categorise Syslog data. For example, tagging all entries from a specific firewall with "security-critical" makes them easy to filter. |
| Flag for Discard | Marks the entry as discarded so it is not saved to the database, while allowing subsequent rules to continue processing. Use this to suppress high-volume informational messages from chatty devices like UPS systems or printers. |
| Stop Processing Rules | Stops any further rules from being applied to this log entry once the current rule matches. Useful when a discard rule should prevent downstream alert rules from firing on the same entry. |
| Create Event for the Log | Generates a Cloudmon event record based on the matching log entry, making it available for tracking and audit without requiring a full alarm. |
| Raise Alarms | Triggers a Cloudmon alarm whenever the rule conditions are met. Use this for Syslog severity levels 0 to 3 (Emergency, Alert, Critical, Error) from network devices to ensure critical events always surface as alarms. |
Click Save to apply the rule. Rules are evaluated in order for each incoming Syslog message.
Cloudmon integrates with Azure OpenAI to provide AI-assisted analysis of Syslog entries. When viewing a Syslog message under Logs → Syslogs, click the AI button next to the entry to trigger analysis. Cloudmon returns a structured breakdown covering an Overview of the event, its potential Impact, a plain-language Summary, and Troubleshoot and Analyse guidance, helping your team understand and respond to complex log messages without needing to look up device-specific documentation.
For example, a cryptic firewall Syslog message about an interface state change or a routing protocol adjacency loss can be decoded instantly into a clear explanation of what happened, what service may be affected, and what to investigate next.
To enable this feature, an Azure OpenAI integration must be configured under Settings → Configurations → Integrations. Enter your Target URI and API Key from your Azure OpenAI resource and click Save.
| Issue | What to check |
| No Syslogs appearing under Logs even after enabling | Confirm Syslog monitoring is enabled at the probe level under Settings → Monitoring → Probes. Then verify the network device is configured to forward Syslog messages to the probe IP address on UDP port 514. Check that no firewall is blocking UDP 514 between the device and the probe. |
| Syslogs are arriving but from wrong or unknown source | The source IP in the Syslog message may differ from the device's management IP if the device is sending Syslogs from a loopback or a different interface. Configure the Syslog source interface on the device to match the IP address used in Cloudmon for that device. |
| Log rule is not tagging or discarding entries as expected | Check that the rule is set to Enabled and that the Log Type is set to Syslog. Verify the Conditions section matches the actual content or severity of the incoming messages. If a Stop Processing Rules action is configured in a previous rule, the current rule may never be reached for matching entries. |
| Too many Syslog entries filling the database | Create a log rule with the Flag for Discard action to filter out high-volume, low-value messages such as routine informational messages from UPS systems, printers, or SNMP polling acknowledgements. Pair it with a Stop Processing Rules action to prevent the discarded entries from triggering any downstream rules. |
| AI analysis button not visible on log entries | The Assistive AI feature requires an Azure OpenAI integration to be configured. Navigate to Settings → Configurations → Integrations, locate the Azure OpenAI Service widget, and confirm a Target URI and API Key have been saved. If the integration is missing, the AI button will not appear next to log entries. |