The Memory Log Receiver (Memlog); The Syslog Log Receiver - D-Link NetDefendOS User Manual

This receiver type is discussed further below in Section 2.3.6, "Mail Alerting".

2.3.4. The Memory Log Receiver (Memlog)

Overview
The Memory Log Receiver (also known as Memlog) is a NetDefendOS feature that allows logging
direct to memory in the NetDefend Firewall instead of sending messages to an external server.
These messages can be examined through the standard user interfaces.
Memlog has Limited Capacity
Memlog memory available for new messages is limited to a fixed predetermined size. When the
allocated memory is filled up with log messages, the oldest messages are discarded to make
room for newer incoming messages. This means that MemLog holds a limited number of
messages since the last system initialization and once the buffer fills they will only be the most
recent. This means that when NetDefendOS is creating large numbers of messages in systems
with, for example, large numbers of VPN tunnels, the Memlog information becomes less
meaningful since it reflects a limited recent time period.
Memlog Timestamps
The timestamp shown is Memlog console output is always the local system time of the firewall.
This is different from the timestamp on log messages sent to external log Receivers which are
always timestamped with GMT time.
Disabling and Enabling Memlog
A single Memory Log Receiver object exists by default in NetDefendOS and memlog is therefore
enabled by default. If logging to memlog is not required then the Memory Log Receiver object can
be deleted and this type of logging will not occur. To re-enable memlog, add back the Memory
Log Receiver object to the configuration. Only one instance of the Memory Log Receiver can exist
at any one time.

2.3.5. The Syslog Log Receiver

Overview
Syslog is a standardized protocol for sending log data although there is no standardized format
for the log messages themselves. The format used by NetDefendOS is well suited to automated
processing, filtering and searching.
Although the exact format of each log entry depends on how a Syslog receiver works, most are
similar. The way in which logs are read is also dependent on how the syslog receiver works.
Syslog daemons on UNIX servers usually log to text files, line by line.
Message Format
Most Syslog recipients preface each log entry with a timestamp and the IP address of the
machine that sent the log data:
Chapter 2: Management and Maintenance
89