D-Link DFL-260 Product Manual - Page 57
The Prio and Severity fields, Note: Syslog server configuration, Message Format - d link e
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 57 highlights
2.2.6. SNMP Traps Chapter 2. Management and Maintenance Syslog is a standardized protocol for sending log data although there is no standardized format for the log messages themselves. The format used by NetDefendOS is well suited to automated processing, filtering and searching. Although the exact format of each log entry depends on how a Syslog receiver works, most are very much alike. The way in which logs are read is also dependent on how the syslog receiver works. Syslog daemons on UNIX servers usually log to text files, line by line. Message Format Most Syslog recipients preface each log entry with a timestamp and the IP address of the machine that sent the log data: Feb 5 2000 09:45:23 firewall.ourcompany.com This is followed by the text the sender has chosen to send. Feb 5 2000 09:45:23 firewall.ourcompany.com EFW: DROP: Subsequent text is dependent on the event that has occurred. In order to facilitate automated processing of all messages, NetDefendOS writes all log data to a single line of text. All data following the initial text is presented in the format name=value. This enables automatic filters to easily find the values they are looking for without assuming that a specific piece of data is in a specific location in the log entry. The Prio and Severity fields The Prio= field in SysLog messages contains the same information as the Severity field for D-Link Logger messages. However, the ordering of the numbering is reversed. Example 2.11. Enable Logging to a Syslog Host To enable logging of all events with a severity greater than or equal to Notice to a Syslog server with IP address 195.11.22.55, follow the steps outlined below: Command-Line Interface gw-world:/> add LogReceiverSyslog my_syslog IPAddress=195.11.22.55 Web Interface 1. Go to System > Log and Event Receivers > Add > Syslog Receiver 2. Specify a suitable name for the event receiver, for example my_syslog 3. Enter 195.11.22.55 as the IP Address 4. Select an appropriate facility from the Facility list - the facility name is commonly used as a filter parameter in most syslog daemons. 5. Click OK The system will now be logging all events with a severity greater than or equal to Notice to the syslog server at 195.11.22.55. Note: Syslog server configuration The syslog server may have to be configured to receive log messages from NetDefendOS. Please see the documentation for your specific Syslog server software in order to correctly configure it. 57