Events And Logging; Overview; Event Messages; Event Message Distribution - D-Link NetDefend DFL-210 User Manual

2.2. Events and Logging

2.2. Events and Logging

2.2.1. Overview

The ability to log and analyze system activities is one of the most vital and fundamental features of
a NetDefendOS system. Logging enables you not only to monitor system status and health, but also
to audit the usage of your network as well as to assist you with debugging functionality.
NetDefendOS defines a number of event messages, which are generated as a result of corresponding
system events. Examples of such events are establishment and teardown of connections, receiving
malformed packets, dropping traffic according to filtering policies and so forth.
Whenever an event message is generated, it can be filtered and distributed to Event Receivers such
as a Syslog receiver. . Multiple event receivers can be defined, with each event receiver having its
own customizable event filter.
The sophisticated design of the event and logging mechanisms of NetDefendOS ensures that en-
abling logging is simple and straightforward, while it still allows a granular control of all the activit-
ies in the system for the more advanced deployments.

2.2.2. Event Messages

NetDefendOS defines several hundred events for which event messages can be generated. The
events range from high-level, customizable, user events down to low-level and mandatory system
events.
The conn_open event, for instance, is a typical high-level event that generates an event message
whenever a new connection is established, given that the matching security policy rule has defined
that event messages should be generated for that connection.
An example of a low-level event would be the startup_normal event, which generates a mandatory
event message as soon as the system starts up.
All event messages have a common design, with attributes like category, severity, recommended ac-
tions and so forth. These attributes enable you to easily filter the event messages, either within Net-
DefendOS prior to sending them to an event receiver, or as part of the analysis taking place after
logging and storing the messages on an external log server.

2.2.3. Event Message Distribution

To distribute and log the event messages generated, it is necessary to define one or more event re-
ceivers that specify what events to capture, and where to send them.
NetDefendOS can distribute event messages using the following standards and protocols:
Memlog A D-Link Firewall has a built in logging mechanism known as the Memory Log. This re-
tains all event log messages in memory and allows direct viewing of log messages
through the web interface.
Syslog The de-facto standard for logging events from network devices. If you have other net-
work devices logging to syslog hosts, you should consider using syslog from NetDefen-
dOS as well to simplify your overall log administration.
Note
A list of all event messages can be found in the Log Reference Guide. That guide also
describes the design of event messages, and explains the various attributes available.
Chapter 2. Operations and Maintenance
21