Table of Contents
Advertisement
Chapter 10: General BSC Operational Settings
Event Logging and Connection Tracking
The BSC provides two types of logging facilities:
•
Event logging - The BSC records BSC-related events such as configuration changes,
activity in secure tunnels, and number of logged in users.
You can direct log output to the event log page (described in "Viewing the BSC Event
Log" on page 15-10) or up to two syslog servers. Some events are logged only when
a certain threshold value is reached. See "Threshold Values" on page 10-17 for more
information.
•
Connection tracking - In addition to event logging, the BSC records information from
all user TCP/UDP connections, such as source IP, destination IP, and timestamps.You
can direct this log output only to a syslog server. This can be the same as your normal
syslog server (on the same or different facility), or a separate syslog server. Warning:
Connection tracking sends a record of all network connections to syslog which can
result in a large number of log messages and impact BSC performance. Only use if
all network connection information needs to be logged for auditing purposes.
Format of Log
Log entries sent to a syslog server will have the general format:
Entries
time connection first seen, current time, protocol, state, source addr, source port, dest
addr, dest port, type, code, id, user, TTL
where:
•
timestamp is an ASCII string in format of mmddyyyyhhmmss
•
protocols are TCP, UDP and ICMP
•
time connection first seen, state, user and TTL have meaning only to TCP
•
type, code, and id only have meaning to ICMP
•
if the user cannot be determined (as with UDP), "none" is the user name
Displaying the
Click the General tab in the BSC administrator console, and then click the Logging
1.
Logging Settings
tab.
page
The Logging Settings page appears as shown in Figure 10-9.
Log Records
Configure the BSC logging settings as appropriate:
•
Maximum number of log entries to keep - Specify the maximum number of entries
(lines) permitted in the BSC event log. Default value: 5000.
•
Number of log entries to delete when reaching maximum - Number of event log
entries to automatically delete when the number specified in Maximum number of log
entries to keep is reached. Default value: 1000.
•
•
To delete all of the log entries, click Logs in the Status page and then click the Purge
all logs button at the bottom of the page.
•
IP or FQDN of remote syslog server - Enter the IP address(es) or fully qualified domain
name(s) of up to two syslog server(s) here to log BSC events data. Multiple syslog
server IP addresses or FQDNs must be separated by commas.
•
Facility of remote syslog server - Enables you to specify the facility level to send to the
syslog server on all BSC event syslog messages. Default value: local0.
•
Maximum log level to send remote syslog server - Determines the detail level of BSC
event logging. For example, Debug records all events, whereas Emergency only
records the most severe events. Default value: Error events.
Configure the BSC's connection tracking settings.
10-14
Advertisement
Table of Contents
