Syslog Report Settings

Syslog is a facility that enables the logging of system events to a single file for later review. A security device can generate syslog messages for system events at predefined severity levels and optionally for traffic that policies permit across a firewall. It sends these messages via UDP (port 514) to up to four designated syslog hosts running on UNIX/Linux systems. The severity level of an event determines whether the event is communicated in a syslog message (see Log Settings).

Warning:  Note that this feature is CPU intensive and under certain high traffic volume conditions can cause high CPU utilization.

To Enable Syslog

  1. Select Enable syslog messages.

  2. On the Source interface drop-down list, select the interface from which syslog packets are sent.

  3. Enter the necessary information for each syslog serveryou are adding:

Enable: Select this option to enable the syslog server.

IP/ Hostname: The IP address of the syslog host.

Port: The port to which the security device sends syslog messages.

Security Facility: The security facility, which classifies and sends emergency and alert level messages to the syslog host.

Facility: The regular facility, which classifies and sends all other messages for events unrelated to security.

Event Log: Select this option to send event log entries to the syslog host.

Traffic Log: Select this option to send traffic log entries to the syslog host.

TCP: Select this option to use TCP as the transport protocol.

  1. Click Apply or Apply and Reset Connections.

Note: When you enable Syslog on a security device running in Transparent mode, you must set up a static route on the Route Table.