1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Enable Logging To A Syslog Host - D-Link NetDefend DFL-210 User Manual

Network security firewall ver. 1.05
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

2.2.3. Event Message Distribution
2.2.3.1. Logging to Syslog Hosts
Syslog is a standardized protocol for sending log data to loghosts, although there is no standardized
format of these log messages. The format used by NetDefendOS is well suited for automated pro-
cessing, filtering and searching.
Although the exact format of each log entry depends on how your syslog recipient works, most are
very much alike. The way in which logs are read is also dependent on how your syslog recipient
works. Syslog daemons on UNIX servers usually log to text files, line by line.
Most syslog recipients preface each log entry with a timestamp and the IP address of the machine
that sent the log data:
Feb 5 2000 09:45:23 gateway.ourcompany.com
This is followed by the text the sender has chosen to send.
Feb 5 2000 09:45:23 gateway.ourcompany.com EFW: DROP:
Subsequent text is dependent on the event that has occurred.
In order to facilitate automated processing of all messages, NetDefendOS writes all log data to a
single line of text. All data following the initial text is presented in the format name=value. This en-
ables automatic filters to easily find the values they are looking for without assuming that a specific
piece of data is in a specific location in the log entry.
Example 2.11. Enable Logging to a Syslog Host
To enable logging of all events with a severity greater than or equal to Notice to a syslog server with IP address
195.11.22.55, follow the steps outlined below:
CLI
gw-world:/> add LogReceiverSyslog my_syslog IPAddress=195.11.22.55
Web Interface
1.
Go to System > Log and Event Receivers > Add > Syslog Receiver
2.
Specify a suitable name for the event receiver, for instance my_syslog.
3.
Enter 195.11.22.55 in the IP Address textbox.
4.
Select an appropriate facility in the Facility dropdown list. The facility name is commonly used as a filter
parameter in most syslog daemons.
5.
Click OK.
The system will now be logging all events with a severity greater than or equal to Notice to the syslog server at
195.11.22.55.
Note
The "Prio=" field in SysLog messages contains the same as the "Severity" field for D-
Link Logger messages, however the ordering of the numbering is reversed.
Note
The syslog server may have to be configured to receive log messages from NetDefen-
dOS. Please see the documentation for your specific Syslog server software in order to
correctly configure it.
Chapter 2. Operations and Maintenance
22

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Dfl-1600Netdefend dfl-2500Netdefend dfl-260Netdefend dfl-860Netdefend dfl-800 ... Show all

Table of Contents