Enable logging to a syslog host – Amer Networks E5Web GUI User Manual

Feb 5 2000 09:45:23 gateway.ourcompany.com EFW: DROP:

Subsequent text is dependent on the event that has occurred.

In order to facilitate automated processing of all messages, cOS Core writes all log data to a
single line of text. All data following the initial text is presented in the format name=value. This
enables automatic filters to easily find the values they are looking for without assuming that a
specific piece of data is in a specific location in the log entry.

Note: The Prio and Severity fields

The Prio= field in SysLog messages contains the same information as the Severity field
for Clavister Logger messages. However, the ordering of the numbering is reversed.

Example 2.17. Enable Logging to a Syslog Host

To enable logging of all events with a severity greater than or equal to Notice to a Syslog server
with IP address 195.11.22.55, follow the steps outlined below:

Command-Line Interface

Device:/> add LogReceiverSyslog my_syslog IPAddress=195.11.22.55

InControl

Follow the same steps used for the Web Interface below.

Web Interface

1.

Go to: System > Device > Log and Event Receivers > Add > Syslog Receiver

2.

Specify a suitable name for the event receiver, for example my_syslog

3.

Enter 195.11.22.55 as the IP Address

4.

Select an appropriate facility from the Facility list - the facility name is commonly used as a
filter parameter in most syslog daemons.

5.

Click OK

The system will now be logging all events with a severity greater than or equal to Notice to the
syslog server at 195.11.22.55.

Note: The Syslog server must be configured

The syslog server may have to be configured to receive log messages from cOS Core.
Please see the documentation for the specific Syslog servers in order to correctly
configure it.

Chapter 2: Management and Maintenance

76