Log Settings

Security devices maintain three types of system logs: Event, Self, and Asset Recovery logs. For system events, each event is assigned a level of severity. You can configure your NetScreen device to send messages to specific destinations to communicate events of a certain level of severity. On the Log Settings page, select the severity levels of the  messages you want to log and where you want those messages sent.

ScreenOS provides a self log to monitor and record all packets terminated at the security device. When you enable the self log, and the traffic is targeted to the device and the action is to deny it, the traffic is logged as self log. Similar to the traffic log, the self log displays the date, time, source address/port, destination address/port, duration, and service for each dropped packet terminating at the security device. Self log entries typically have a source zone of Null and a destination zone of “self.”

To activate the self log, enable the Log Packets Terminated to Self option.

The Severity Levels

Emergency: Identifies critical attacks such as SYN attacks, Tear Drop attacks, and Ping of Death attacks. For more information on these types of attacks, see Screen Options.

Alert: Identifies problems such as multiple user authentication failures and other attacks not included in the emergency category. For more information on various types of attacks, see Screen Options.

Critical: Identifies events such as URL blocks, traffic alarms, high availability (HA) status changes, and global communications.

Error: Identifies events such as admin name and password changes.

Warning: Identifies events such as administrators logging on and off, failures to log on and log off, and user authentication failures, successes, and timeouts.

Notification: Identifies events such as link status changes, load balancing server status changes, and traffic logs.

Information: Identifies all other events not specified in other categories.

Debugging: Identifies events that relate to debugging a device.

The Destinations

Console: Sends messages to any application you are using when managing the NetScreen device through the console port.

Internal: Get the messages through the Command Line Interface (using the "get log" commands), or through the WebUI (by going to "Reports > System").

Email: Sends the messages via email.  For more information, see Email Reports Settings.

SNMP: Sends the messages to the Simple Network Management Protocol (SNMP) agent for your NetScreen device. For more information, see SNMP Report Settings.

Syslog: Sends the messages to the Syslog facility. For more information, see Syslog Report Settings.

WebTrends: Sends the messages to a WebTrends server. For more information, see WebTrends Report Settings.

NSM: Sends the messages to the NetScreen Security Manager. For more information, see NetScreen Security Manager.

CompactFlash (PCMCIA): Sends the messages to the compact flash media.

To Select Settings

  1. Select the check box common to the severity level and the destination that you want. One by one, select all the check boxes you require.

or

You can select All Above in a given column to instantly select all the check boxes in that column.

or

You can click Check All to instantly select all the check boxes on the page. Clicking Clear All instantly clears all the check boxes on the page.

  1. Click Apply to save your settings.