beautypg.com

Events and logging, Overview, Log messages – Amer Networks E5Web GUI User Manual

Page 73

background image

2.2. Events and Logging

2.2.1. Overview

The ability to log and analyze system activities is an essential feature of cOS Core. Logging
enables not only monitoring of system status and health, but also allows auditing of network
usage and assists in trouble-shooting.

Log Message Generation

cOS Core defines a large number of different log event messages, which are generated as a result
of corresponding system events. Examples of such events are the establishment and teardown of
connections, receipt of malformed packets as well as the dropping of traffic according to filtering
policies.

Log events are always generated for various aspects of cOS Core processing such as buffer usage,
DHCP clients, High Availability and IPsec. The generation of events for other cOS Core
subsystems such as DHCP Relay, DHCP Servers and IP Rules can be enabled as needed.

Whenever an event message is generated, it can be filtered and distributed to a variety of Event
Receivers, including Syslog and SNMP Trap receivers. Up to eight event receivers can be defined
per Clavister Security Gateway, with each receiver having its own customizable event filter.

2.2.2. Log Messages

Event Types

cOS Core defines several hundred events for which log messages can be generated. The events
range from high-level, customizable, user events down to low-level and mandatory system
events.

The conn_open event, for example, is a typical high-level event that generates an event message
whenever a new connection is established, given that the matching security policy rule has
defined that event messages should be generated for that connection.

An example of a low-level event would be the startup_normal event, which generates a
mandatory event message as soon as the system starts up.

Message Format

All event messages have a common format, with attributes that include category, severity and
recommended actions. These attributes enable easy filtering of messages, either within cOS Core
prior to sending to an event receiver, or as part of the analysis after logging and storing
messages on an external log server.

A list of all event messages can be found in the cOS Core Log Reference Guide. That guide also
describes the design of event messages, the meaning of severity levels and the various attributes
available.

Event Severity

The default severity of each log event is predefined and it can be, in order of highest to lowest
severity, one of:

Chapter 2: Management and Maintenance

73

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: