Logging to the clavister logger, Enabling syslog rfc 5424 compliance with hostname – Amer Networks E5Web GUI User Manual
Page 77
RFC 5424 Compliance
By default, cOS Core sends Syslog messages in a format that is suitable for most Syslog servers.
However, some servers may require stricter adherence to the latest Syslog standard as defined
by RFC 5424. For this reason, cOS Core provides the option to enable strict RFC 5424 compliance.
Setting the Hostname
In the header of every Syslog message there is a string field which is the Syslog hostname. By
default, cOS Core always sets this to be the IP address of the sending interface.
If RFC 5424 compliance is enabled, it is also possible to set the hostname to a specific value. The
example below shows how this is done.
Example 2.18. Enabling Syslog RFC 5424 Compliance with Hostname
The requirement is to enable logging of all events with a severity greater than or equal to Notice
to a Syslog server with IPv4 address 195.11.22.55 and to enable RFC 5224 compliance with a
hostname of my_host1 in the Syslog header:
Command-Line Interface
Device:/> add LogReceiverSyslog my_syslog
IPAddress=195.11.22.55
RFC5224=Yes
Hostname=my_host1
InControl
Follow the same steps used for the Web Interface below.
Web Interface
1.
Go to: System > Device > Log and Event Receivers > Add > Syslog Receiver
2.
Specify a suitable name for the event receiver, for example my_syslog_host
3.
Enter 195.11.22.55 as the IP Address
4.
Select an appropriate facility from the Facility list.
5.
Enable the option RFC 5424 Compliance.
6.
Enter my_host1 for the Hostname
7.
Click OK
The system will now be logging all events with a severity greater than or equal to Notice to the
syslog server at 195.11.22.55.
2.2.6. Logging to the Clavister Logger
The Clavister Logger is a proprietary Clavister logging product that uses the proprietary Clavister
FWLog message format for sending and storing log data. This logger is also referred to as the
FWLog Receiver.
Chapter 2: Management and Maintenance
77