Enable Logging To A Syslog Host - D-Link NetDefendOS User Manual

Feb 5 2000 09:45:23 firewall.example.com
This is followed by the text the sender has chosen to send.
Feb 5 2000 09:45:23 firewall.example.com EFW: DROP:
Subsequent text is dependent on the event that has occurred.
In order to facilitate automated processing of all messages, NetDefendOS writes all log data to a
single line of text. All data following the initial text is presented in the format name=value. This
enables automatic filters to easily find the values they are looking for without assuming that a
specific piece of data is in a specific location in the log entry.
Note: The Prio and Severity fields
The Prio= field in SysLog messages contains the same information as the Severity field
for D-Link Logger messages. However, the ordering of the numbering is reversed.
Setting the Facility
The Facility property indicates to the server the type of program generating the Syslog message.
If not specified, this is set to local0 (meaning a kernel message) by NetDefendOS. The facility
name is commonly used as a filtering parameter by most syslog daemons.
Example 2.28. Enable Logging to a Syslog Host
This example enables logging of all events with a severity equal to Emergency or Alert to a Syslog
server with the IPv4 address 192.168.6.1.
The facility name will also be set to local1 for this Syslog server.
Command-Line Interface
gw-world:/> add LogReceiver LogReceiverSyslog my_syslog
Web Interface
1. Go to: System > Device > Log and Event Receivers > Add > Syslog Receiver
2. Specify a name for the event receiver, in this example my_syslog
3. Enter 192.168.6.1 as the IP Address
4. Select local1 from the Facility list
5. Select SeverityFilter and choose Emergency and Alert as the severities.
6. Click OK
Chapter 2: Management and Maintenance
IPAddress=192.168.6.1
LogSeverity=Emergency,Alert
Facility=local1
90