Siemens RUGGEDCOM ROX II User Manual page 115

RUGGEDCOM ROX II
CLI User Guide
Parameter
Section 4.10
Managing Logs
RUGGEDCOM ROX II maintains various logs to record information about important events. Each log falls into one
of the following log types:
Security Event Logs
Syslogs
Diagnostic Logs
CONTENTS
• Section 4.10.1, "Viewing Logs"
• Section 4.10.2, "Deleting Logs"
• Section 4.10.3, "Configuring Secure Remote Syslog"
Managing Logs
For all other protocols, the format is "protocol://user:password@host:port/path-to-file".
If using a path only, close it with '/'. If "port" is not specified, the default port for the
protocol is used.
This parameter is mandatory.
Information related to the following security events are logged by RUGGEDCOM ROX II:
NOTE
Passwords can be retried up to 3 times before the login attempt is considered a security event.
• Successful and unsuccessful login attempts
• Local and remote (RADIUS) authentication
• Security-sensitive commands (whether successful or unsuccessful)
• An optionally configurable SNMP Authentication Failure Trap (disabled by default) in accordance with
SNMPv2-MIB
All security event logs are recorded in var/log/auth.log and can be viewed in the Authlog Viewer. For more
information about viewing logs, refer to
Syslog allows users to configure local and remote syslog connections to record important, non-security event
information. The remote Syslog protocol, defined in
based transport that enables a device to send event notification messages across IP networks to event message
collectors, also known as Syslog servers. The protocol is designed to simply transport these event messages
from the generating device to the collector.
All log files are organized in the log directory (/var/log) according to the facility and priority at which they
have been logged. Remote Syslog sends the requested logs to the remote server(s) at whichever facility and
priority they were initially logged, after filtering the logs based on the selectors configured for the server.
The following log files are setup with the following default selectors:
• syslog catches all logs except daemon.debug, auth or authpriv logs
• daemon.log catches all err level (and above) logs written to the daemon facility
• messages catches all info, notice and warn level logs for all facilities except auth, authpriv, cron, daemon,
mail and news
A selector setup using the following facilities at level info and up is recommended:
• daemon
• user
• kern
• syslog
Diagnostic logs record system information for the purposes of troubleshooting.
Description
Section 4.10.1, "Viewing Logs".
RFC 3164 [http://tools.ietf.org/html/rfc3164], is a UDP/IP-
Chapter 4
Device Management
69