In LANconfig, you configure the settings for the SYSLOG server under and clicking SYSLOG servers.
Click on SYSLOG servers to see the entries available for SYSLOG.
With the factory settings, the table of SYSLOG entries is set up to display important events which are relevant to diagnostics, and to save these to the internal SYSLOG memory. These settings correspond to the specifications in the UNIX world, where SYSLOG originates from. The following screenshot shows these pre-defined SYSLOG entries under LANconfig:
Click on Add, or select an entry and click Edit.
- Server address
- Used to set the IP address of the SYSLOG server. This can be specified as an IPv4 or IPv6 address, or as a host name.
- Source address (optional)
- You can optionally specify a source address that the SYSLOG client uses as the target address, instead of the one that would normally be selected automatically. If you have configured loopback addresses, you can specify them here as sender address.
- Port
- Specifies the port number (e.g. 514 for TCP/UDP).
- Protocol
- Defines the protocol used. Possible values:
- UDP
- User Datagram Protocol
- TCP
- Transmission Control Protocol
- Source
-
The table below provides an overview of the meaning of all message sources that you can set in the device. The final column in the table also provides the correlation between the internal sources of the device and the SYSLOG facilities.
Source Meaning Facility System System messages (boot events, timer system, etc.) KERNEL Login Messages concerning the user's login or logout during the PPP negotiation, and any errors that occur during this. AUTH System time Messages about changes to the system time CRON Console login Messages about console logins (Telnet, Outband, etc.), logouts and any errors that occurred during this. AUTHPRIV Connections Messages about establishment and termination of connections and any errors that occurred (display trace) LOCAL0 Accounting Accounting information stored after termination of a connection (user, online time, transfer volumes) LOCAL1 Administration Messages on changes to the configuration, remotely executed commands, etc. LOCAL2 Router Regular statistics about the most frequently used services (breakdown per port number) and messages about filtered packets, routing errors, etc. LOCAL3 - Priority
-
The eight priority levels originally defined in SYSLOG have been reduced to five levels in the device. The table below shows the correlation between the alert level, the meaning and the SYSLOG priorities.
Priority Meaning SYSLOG priority Alert This category includes all messages requiring the system administrator's close attention. PANIC, ALERT, CRIT Error All error messages which can occur under normal conditions are communicated at this level; no special attention is required by the administrator (e.g. connection errors). ERROR Warning This level communicates messages which do not compromise normal operating conditions. WARNING Information At this level, all messages are sent that have a purely informational character (e.g. accounting information). NOTICE, INFORM Debug Communication of all debug messages. Debug messages generate large data volumes and can compromise the device's operation. For this reason they should be disabled for normal operations and only used for troubleshooting. DEBUG - Filter policy
- If the syslog messages are transmitted to one or more servers by configuring settings for receiving certain messages, all configured messages are transmitted to the servers with the configured source and priority. However, it is sometimes desirable to filter out certain messages for the servers, to send only certain messages at all, or to change their source and priority if they should be weighted differently in the server log. The syslog filter allows the filtering of messages depending on the source, priority and/or message text. Here you determine whether messages, which are identified by the filter set in the following field, are allowed or denied.
- Filter name
- Select one of the configured filters.
Once you have set all of the parameters, confirm your entries with OK. The SYSLOG table shows the SYSLOG client with its parameters.
