INDEX   TOC
Introduction
Product Overview
Settings and Administration
ADSL
SIP Support
  SIP Overview
  SIP and
  The SIP Server
  SIP Configuration
Security
Firewall Administration
Troubleshooting

Advanced Syslog Settings

Advanced:

As you can see, the “Firewall Log" and “Forward to syslog server" settings have several values selectable. The following combinations can be selected:

  •  
  • “Firewall Log"="off" (“Forward to syslog server" value ignored) : Do not log firewall events. (As nothing is logged in the firewall log, nothing will be sent to syslog server either.)

  •  
  • “Firewall Log"=" Show rejected packets", “Forward to syslog server"="off" : Rejected packets are logged into the built-in Firewall Log page of your product, but are not logged to the syslog server.

  •  
  • “Firewall Log"=" Show rejected packets", “Forward to syslog server"="Firewall log content" : Rejected packets are logged into the Firewall Log page of your product, and also logged to the syslog server.

  •  
  • “Firewall Log"=" Show all packets", “Forward to syslog server"=" Firewall log content, rejected packets only" : All packets are logged into the Firewall Log page of your product, but only rejected packets are logged to the syslog server. This setting is useful for debug.

  •  
  • “Firewall Log"=" Show all packets", “Forward to syslog server"=" Firewall log content" : All packets are logged into the Firewall Log page of your product, and all packets are also logged to the syslog server. NOTE: this setting, though useful for debug, puts heavy load on your network and is therefore not recommended.

    The syslog information is sent to standard syslog port UDP 514. There is currently no way of changing it.

    The “hostname" reported to the syslog server is the one entered into the “Hostname" field of the Advanced Network Settings page. By default it is “ix66".

    Very advanced:

    By default, the syslog client in the product uses facility values 0, 4, 5, 10 and 11. If you have more than one syslog client in your system, you might want to change the facility values reported, to be able to tell syslog clients apart. There is no way of doing it in the web GUI of the product, but you can edit it manually:

    1. Go to page http://192.168.0.1/edit.asp?file=/usr/profils.cfg
    2. Add line: sys.syslog.facility.map=16,1,2,3,17,18,6,7,8,9,19,20,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31
    3. Click Save .

    Now the syslog client will use facility values 16-20 (local0-4) instead. (You must always enter 32 comma-separated values that shall be used instead of facility values 0-31.)

    Related topics:

    Export Syslog to external Syslog Server
    Export Security Log to external Syslog Server
    System Log
    Security Log
    Advanced Syslog Settings
    Troubleshooting - Syslog