Remote Syslog
Configure > Services > Syslog
Configure > Services > Syslog > Create Syslog Server
Configure > Services > Syslog > Edit Syslog Server
Configure > Services > Syslog > Global Serial Port Settings
Configure > Serial Ports > Edit Serial Port
The Remote Syslog facility provides the flexibility to specify a Remote Syslog server so that you can redirect console serial port logs to the Remote Syslog server so as to provide a central (and regional) repository where you can view the port-related activity. When remote logs are being received, local logs continue to be recorded.
Devices in a network can produce thousands of log entries; due to the number of logs occurring each hour, users demand the ability to configure the facility and severity for console port logs. The Remote Syslog collector can be configured so as to categorize and prioritize the logs appropriately thus allowing you to easily identify issues as they arise.
The Remote Syslog server provides the flexibility to:
- Analyze logs centrally.
- Monitor for suspicious activities.
- Collect and view analytics (for example, Splunk).
Requirements
IP address of syslog server
Syslog server port number
Set Logging Levels For Remote Syslog Server
Local Log Level limits the Syslog information being logged. Any log entry with a value equal or greater than the level specified in the config is sent to the remote server.
Ensure Port Logging is Set to the Required Level
- Navigate to the Serial Ports page and enable port logs through the serial port (Configure > Serial Ports)
- For the serial port number you have selected, click the Edit Serial Ports button in the Actions column.
- Navigate to Logging Settings and select the required logging level.
- Click the Apply button. The change will be applied within a few seconds.
Set Global Serial Port Settings
Navigate to: Configure > Services > Syslog > Global Serial Port Settings
- In the Global Serial Ports tab
- Select the required Facility.
- Select the required Severity.
Note: See the tables below for definitions of Facility and Severity .
- Click the Update button and wait for the update confirmation banner:
The Syslog will log only those entries of the nominated event type.
Edit or Delete an Existing Syslog Server
Configure > Services > Syslog > Edit Syslog Server
- In the Configure > Services > Syslog tab click on the IP address of the target server. The Edit Syslog Server tab is opened for editing.
- You can delete a server by clicking the Delete button at the top right of the Edit tab page.
Syslog Terminology
Syslog logging terminology used in setting Facility and Severity of the Syslog.
Create Syslog Server Tab - Field Definitions
Page location: Configure > Services > Syslog > Create Syslog Server
| Field | Definition |
|---|---|
| Description | Unique, familiar text description or name given to this syslog server that users will recognize. |
| Server Address | The IP address of the remote syslog server you are using for logging. |
| Protocol | Click to select the required protocol for data transmission to the syslog server. |
| Port | The Remote Syslog Server IP address. |
| Minimum Log Severity Level | Log entries with a value equal or greater than the level specified are sent to the remote server. |
| Send Serial Port Logs | Click to enable serial port logging. |
| Create Button | Click to initiate the remote syslog, wait for confirmation banner. |
Syslog Facility Definitions
| Facility | Definition |
|---|---|
| Kern | Kernel messages |
| User | User-level messages |
| Mail system | |
| Daemon | System daemons |
| Auth | Security/authentication messages |
| Syslog | Messages generated internally by syslogd |
| lpr | Line printer subsystem |
| News | Network news subsystem |
| uucp | UUCP subsystem |
| Cron | Clock daemon |
| Authpriv | Security/authentication messages |
| ftp | FTP daemon |
| Local | Locally used facilities |
Syslog Severity Definitions
| Severity | Definition |
|---|---|
| 0- Emergency | System is unusable. |
| 1 - Alert | Action must be taken immediately. |
| 2 - Critical | Critical conditions. |
| 3 - Error | Error conditions. |
| 4 - Warning | Warning conditions. |
| 5 - Notice | Normal but significant conditions. |
| 6 - Info | Informational messages |
| 7- Debug | Debug-level messages |