Product Documentation

Configuring Syslog Notifications

Jun 13, 2017

SYSLOG is a standard logging protocol. It has two components: the SYSLOG auditing module, which runs on the SDX appliance, and the SYSLOG server, which can run on a remote system. SYSLOG uses user data protocol (UDP) for data transfer.

When you run a SYSLOG server, it connects to the SDX appliance. The appliance then starts sending all the log information to the SYSLOG server, and the server can filter the log entries before storing them in a log file. A SYSLOG server can receive log information from more than one SDX appliance, and an SDX appliance can send log information to more than one SYSLOG server.

The log information that a SYSLOG server collects from an SDX appliance is stored in a log file in the form of messages. These messages typically contain the following information:
  • The IP address of the SDX appliance that generated the log message
  • A time stamp
  • The message type
  • The log level (Critical, Error, Notice, Warning, Informational, Debug, Alert, or Emergency)
  • The message information

You can use this information to analyze the source of the alert and take corrective action if required. First configure a syslog server that the appliance sends log information to, and then specify the data and time format for recording the log messages.

To configure a Syslog Server

  1. Navigate to System > Notifications > Syslog Servers.
  2. In the details pane, click Add.
  3. In the Create Syslog Serverpage, specify values for the syslog server parameters. For a description of a parameter, hover the mouse over the corresponding field.
  4. Click Add, and then click Close.

To configure the syslog parameters

  1. Navigate to System > Notifications > Syslog Servers.
  2. In the details pane, click Syslog Parameters.
  3. In the Configure Syslog Parameterspage, specify the date and time format.
  4. Click OK, and then click Close.