Link Search Menu Expand Document

Logging Tab

Administration > General Settings > Setup > Logging

The Logging tab summarizes the following configured logging parameters:

  • Log Settings refers to local logging.

  • Log Facilities Configuration refers to remote logging.

The logs keep track of alarms, events, and any other issues involving your appliances.

The following table provides more details.

Field Description
Appliance Name of the appliance associated with the recorded logs.
Minimum Severity Minimum severity level the issue is recorded as. For descriptions of levels, see Severity Levels.
Log File Size Threshold Set threshold configured for the log size limit.
Number of Logs to Keep Maximum number of logs to keep for the appliance.
System Assigned log facility for System.
Audit Assigned log facility for Audit.
Firewall Assigned log facility for Firewall.
Ids Assigned log facility for IDS.
Log Stateful WAN Drops Enable log information for discarded inbound packets, even at high traffic rates, for WAN-side interfaces running in stateful, stateful+SNAT, or hardened modes.

Drops are logged to the firewall log, with the description of
Inbound drop on stateful wan interface.
Anonymize IPs True or false. Indicates if IP addresses are anonymized in log messages or not.
Bit Masking If Anonymize IPs is enabled, this indicates how bit masking is applied to IP addresses in log messages (options: Mask All, /8, /16, or /24).
Jsonify True or false. Indicates that log messages are converted to JSON format when exported.
Remote Receiver IP address of the remote receiver applicable to the log file.
Remote Receiver Minimum Severity Lowest level of severity logged for the remote log receiver. For details about severity levels, see the “Severity Levels” section below this table.
Facility Log facility used for the remote log receiver.

To edit the logging configuration for one of the listed appliances, click the edit icon in the left column of the table. The Logging dialog box opens. For details, see Logging Dialog Box

Severity Levels

In order of decreasing severity, the levels are as follows:

Severity Level Description
Emergency System is unusable.
Alert Includes all alarms the appliance generates: CRITICAL, MAJOR, MINOR, and WARNING.
Critical Critical event.
Error An error. This is a non-urgent failure.
Warning A warning condition. Indicates an error will occur if action is not taken.
Notice A normal, but significant, condition. No immediate action required.
Info Informational. Used by Support for debugging.
Debug Used by Support for debugging.
None This indicates that no events are logged.

These are related to event logging levels, not alarm severities, even though some naming conventions overlap. Events and alarms have different sources. Alarms, when they clear, list as the ALERT level in the Event Log.

Remote Logging

  • You can configure the appliance to forward all events, at and above a specified severity, to a remote syslog server.

  • A syslog server is independently configured for the minimum severity level that it will accept. Without reconfiguring, it might not accept as low a severity level as you are forwarding to it.

  • Each message/event type (System / Audit / Firewall / Ids) is assigned to a syslog facility level (local0 to local7).

Logging Dialog Box

Use this dialog box to configure log settings and log facilities. You can also add remote log receivers.

WARNING: Appliance logging levels should only be set to “Notice” unless TAC asks you to set it differently. This applies to both the Minimum severity level field in the Log Settings area of this dialog box and the Minimum Severity field in the Remote Log Receivers area. Be aware that setting this level to “Debug” will generate logs for all modules that are turned on, which causes the packet processing engine to spend excessive time logging instead of forwarding packets.

Log Settings

Setting Description
Minimum severity level Minimum severity level that the system will log. (See the WARNING note above.) For details about severity levels, see Severity Levels.
Start new file when log reaches Enter the maximum size (in MB) for a log file. Orchestrator generates a new file when this maximum size is reached. Specify a size from 1 to 50.
Keep at most log files Maximum number of log files to allow to be stored. Specify a value from 1 to 100.
Log stateful wan-interface drops Select to log information for discarded inbound packets, even at high-traffic rates.

NOTE: Enabling this option may impact system performance.
Anonymize IPs Click the check box to anonymize IP addresses in log messages.
Bit Masking If Anonymize IPs is enabled, select how bit masking is applied to IP addresses in log messages (options: Mask All, /8, /16, or /24).
Jsonify Click the check box to convert log messages to JSON format when exported.

NOTE: When you click the Anonymize IPs check box, the Jsonify check box is automatically selected.

Log Facilities Configuration

Select the log facilities you want the System, Audit, Firewall, and IDS/IPS Events logs to use. You can choose between Local0 and Local7 for each.

NOTE: The log facilities you select for System, Audit, Firewall, and IDS/IPS Events must be uniquely assigned; they cannot overlap. For example, System can be assigned to local2 and Audit to local3, but both cannot be assigned to local2.

Remote Log Receivers

Follow these instructions to add a remote receiver for an appliance syslog server that uses an end entity certificate.

NOTE: To use an end entity certificate, you must first create an end entity certificate for use. To do this, see End Entity Certificates Tab.

  1. Navigate to Administration > General Settings > Setup > Logging.

  2. Click the edit icon next to the appliance for which you want to configure a receiver.

    The Logging dialog box opens.

  3. Under Remote Log Receivers, click Add and then configure the following information.

    Field Description
    IP Address Enter the IP address for the remote receiver.
    Port Enter the port number of the remote syslog server. The default for TCP SSL is 6514.
    Protocol Select TCP SSL.
    Minimum Severity Select the minimum severity level of messages you want to log. (See the WARNING note above.) For details about severity levels, see Severity Levels. For Common Criteria mode, Debug should be used to ensure all logs are sent to the syslog receiver.
    Facility Select all, local1, local2, local3, local4, local5, local6, or local7.
  4. In the Client Certificate column, click Add.

    The Add Remote Receiver SSL Certificate dialog box opens.

  5. Click Use End Entity Certificate and then select the end entity certificate from the End Entity Certificate drop-down menu.

  6. Click the cell in the Verify column to display a check box, and then click the check box to verify the server certificate.

  7. Click Add.

  8. Click Save.

For information about remote log receivers, including how to add and configure a receiver, see Remote Log Receivers.


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

For third-party trademark acknowledgements, go to Trademark Acknowledgements. All third-party marks are property of their respective owners.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America