Events And Logging; Overview; Event Messages; Event Message Distribution - D-Link NetDefend DFL-210 User Manual

2.2. Events and Logging

2.2. Events and Logging

2.2.1. Overview

The ability to log and analyze system activities is an essential feature of NetDefendOS. Logging
enables not only monitoring of system status and health, but also allows auditing of network usage
and assists in trouble-shooting.
NetDefendOS defines a number of event messages, which are generated as a result of corresponding
system events. Examples of such events are the establishment and teardown of connections, receipt
of malformed packets as well as the dropping of traffic according to filtering policies.
Whenever an event message is generated, it can be filtered and distributed to all configured Event
Receivers. Multiple event receivers can be configured by the administrator, with each event receiver
having its own customizable event filter.
The sophisticated design of the event and logging mechanisms of NetDefendOS ensures that
enabling logging is simple and straightforward, while it still allows granular control of all the
activities in the system for the more advanced deployments.

2.2.2. Event Messages

NetDefendOS defines several hundred events for which event messages can be generated. The
events range from high-level, customizable, user events down to low-level and mandatory system
events.
The conn_open event, for instance, is a typical high-level event that generates an event message
whenever a new connection is established, given that the matching security policy rule has defined
that event messages should be generated for that connection.
An example of a low-level event would be the startup_normal event, which generates a mandatory
event message as soon as the system starts up.
All event messages have a common format, with attributes that include category, severity,
recommended actions. These attributes enable easy filtering of messages, either within
NetDefendOS prior to sending to an event receiver, or as part of the analysis after logging and
storing messages on an external log server.
A list of all event messages can be found in the Log Reference Guide. That guide also describes the
design of event messages, and explains the various attributes available. The severity of each event is
predefined and, in order of severity, can be one of:
Emergency
Alert
Critical
Error
Warning
Notice
Info
Debug
By default all messages of level Info and above are sent. The Debug category of designed for
troubleshooting only and should only be turned on if required to try and solve a problem. Messages
of all severity levels are found listed in the NetDefendOS Log Reference Guide.

2.2.3. Event Message Distribution

To distribute and log the event messages generated, it is necessary to define one or more event
receivers that specify what events to capture, and where to send them.
NetDefendOS can distribute event messages in the following ways:
Chapter 2. Management and Maintenance
35