Lexmark MS517 Embedded Web Server--Security: Administrator s Guide - Page 31

Managing devices remotely 31 4 Under Trap Destination, enter the IP address of the network management server or monitoring station, and then select the conditions for which you want to generate an alert. 5 Click Submit to save the changes, or click Reset Form to clear all fields. Configuring security audit log settings Note: This setting is available only in advanced‑security devices and in simple‑security devices with color LCD control panels. The security audit log lets administrators monitor security‑related events on a device, including failed user authorization, successful administrator authentication, and Kerberos file uploads to a device. By default, security logs are stored on the device, but may also be transmitted to a network syslog server for further processing or storage. We recommend enabling audit in secure environments. 1 From the Embedded Web Server, click Settings > Security > Security Audit Log. 2 Select Enable Audit to activate security audit logging. 3 To use both remote syslog server and internal logging, type the IP address or host name of the Remote Syslog Server. Then select Enable Remote Syslog to transmit log events to a network syslog server. Note: Enable Remote Syslog is available only after an IP address or host name is entered. 4 Enter the Remote Syslog Port number used on the destination server. The default value is 514. 5 From the Remote Syslog Method menu, select one of the following: • Normal UDP-Send log messages and events using a lower‑priority transmission protocol. • Stunnel-If implemented on the destination server. 6 From the Remote Syslog Facility menu, select a facility code for events to be logged to on the destination server. All events sent from the device are tagged with the same facility code to aid in sorting and filtering by network monitoring or intrusion detection software. Note: step 3 on page 31 through step 6 and step 8 are valid only if Remote Syslog is enabled. 7 From the "Severity of events to log" menu, select the priority level cutoff (0-7) for logging messages and events. Note: The highest severity is 0, and the lowest is 7. The selected severity level and anything higher is logged. For example, if you select 4 ‑ Warning, then severity levels 0-4 are logged. 8 Select Remote Syslog non‑logged events to send all events regardless of severity to the remote server. 9 In the "Admin's e‑mail address" field, type one or more e-mail addresses (separated by commas) to automatically notify administrators of certain log events. Then select from the following options: • E‑mail log cleared alert-Indicates when the Delete Log button is clicked. • E‑mail log wrapped alert-Indicates when the log becomes full and begins to overwrite the oldest entries. • Log full behavior-Provides a drop‑down list with two options: - Wrap over oldest entries - E‑mail log then delete all entries • E‑mail % full alert-Indicates when log storage space reaches a certain percentage of capacity.