Directing Logs To A Syslog Server - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Directing Logs to a Syslog Server

752
Listen Port—The number of the port assigned to monitor SNMP traffic (listen and
transmit SNMP traps).
Trap Port—The number of the port assigned to transmit traps that have been generated
by an SNMP alarm, threshold violation, or error.
Enable Authentication Fail Trap—Specifies whether you want to generate a trap if a
packet fails to be authenticated when attempting to enter the device. Select this option
if the device sends SNMP messages through a VPN tunnel.
Next, configure SNMP communities. To send traps, the SNMP agent on the device requires
that you define communities, their associated hosts, and assign permissions (read/write
or read-only). You can create up to three (3) SNMP communities, with up to eight (8)
hosts in each community.
To create an SNMP community, click the Add icon under Community Settings and
configure the following settings:
Community name—The device uses the community name to authorize users attempting
to enter the device.
Access Mode—Defines read-write or read-only privileges for the community.
Trap Mode—When enabled (On), enables the device to send an SNMP trap for illegal
SNMP connections attempts to the device.
Traffic—When enabled, the device can accept traffic from the source interface.
Version—Defines the versions supported by the community (SNMPv1, SNMPv2c, or
both SNMP versions, as required by the SNMP management stations). For backward
compatibility with earlier ScreenOS releases that only support SNMPv1, security devices
support SNMPv1 by default.
Hosts—Define one or more hosts that are associated with the community. Click the
Add icon, then specify the host IP address and netmask, the trap version for the host
(if an SNMP community supports both SNMPv1 and SNMPv2c, you must specify a trap
version for each community member), and the source interface.
A managed device can generate syslog messages for system events at predefined severity
levels and optionally for traffic that policies permit across a firewall. It sends these
messages via UDP (port 514) to up to four designated syslog hosts running on UNIX/Linux
systems. When you enable syslog reporting, you also specify which interface the devices
use to send syslog packets.
You can configure the syslog server settings at the device level, or skip this section and
configure the GUI server to handle syslog messages; see "Exporting to the System Log"
on page 797.
To send log entries to a Syslog server, click the Syslog option. NSM displays the Syslog
dialog box. Enter appropriate data into the following fields. See Table 96 on page 753.
Copyright © 2010, Juniper Networks, Inc.