beautypg.com

Logging to memorylogreceiver, Logging to syslog hosts – Amer Networks E5Web GUI User Manual

Page 75

background image

An SNMP2c Event Receiver can be defined to collect SNMP Trap log messages. These receivers
are typically used to collect and respond to critical alerts from network devices.

This receiver type is discussed further below in Section 2.2.8, “SNMP Traps”.

2.2.4. Logging to MemoryLogReceiver

The MemoryLogReceiver (also known as Memlog) is an optional cOS Core feature that allows
logging direct to memory in the Clavister Security Gateway instead of sending messages to an
external server. These messages can be examined through the standard user interfaces.

Memory for Logging is Limited

Memlog memory available for new messages is limited to a fixed predetermined size. When the
allocated memory is filled up with log messages, the oldest messages are discarded to make
room for newer incoming messages. This means that MemLog holds a limited number of
messages since the last system initialization and once the buffer fills they will only be the most
recent. This means that when cOS Core is creating large numbers of messages in systems with,
for example, large numbers of VPN tunnels, the Memlog information becomes less meaningful
since it reflects a limited recent time period.

Memlog Timestamps

The timestamp shown is Memlog console output is always the local system time of the security
gateway. This is different from the timestamp on log messages sent to defined Log Receiver
objects which are always timestamped with GMT time.

Disabling Memory Logging

The MemoryLogReceiver object exists by default in cOS Core. If this receiver is not required then it
can be deleted and this type of logging will be switched off.

2.2.5. Logging to Syslog Hosts

Overview

Syslog is a standardized protocol for sending log data although there is no standardized format
for the log messages themselves. The format used by cOS Core is well suited to automated
processing, filtering and searching.

Although the exact format of each log entry depends on how a Syslog receiver works, most are
similar. The way in which logs are read is also dependent on how the syslog receiver works.
Syslog daemons on UNIX servers usually log to text files, line by line.

Message Format

Most Syslog recipients preface each log entry with a timestamp and the IP address of the
machine that sent the log data:

Feb 5 2000 09:45:23 gateway.ourcompany.com

This is followed by the text the sender has chosen to send.

Chapter 2: Management and Maintenance

75

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: