Administration > General Settings > Setup > Logging
This tab summarizes the following configured logging parameters:
Log Configuration refers to local logging.
Log Facilities Configuration refers to remote logging.
The logs keep track of alarms, events, and any other issues involving your appliances.
In order of decreasing severity, the levels are as follows:
|EMERGENCY||System is unusable.|
|ALERT||Includes all alarms the appliance generates: CRITICAL, MAJOR, MINOR, and WARNING.|
|ERROR||An error. This is a non-urgent failure.|
|WARNING||A warning condition. Indicates an error will occur if action is not taken.|
|NOTICE||A normal, but significant, condition. No immediate action required.|
|INFORMATIONAL||Informational. Used by Support for debugging.|
|DEBUG||Used by Support for debugging.|
|NONE||If you select NONE, no events are logged.|
The bolded part of the name is what displays in the log files.
These are related to event logging levels, not alarm severities, even though some naming conventions overlap. Events and alarms have different sources. Alarms, when they clear, list as the ALERT level in the Event Log.
You can configure the appliance to forward all events, at and above a specified severity, to a remote syslog server.
A syslog server is independently configured for the minimum severity level that it will accept. Without reconfiguring, it might not accept as low a severity level as you are forwarding to it.
Each message/event type (System / Audit / Flow / Ids) is assigned to a syslog facility level (local0 to local7).
Use this dialog box to set the Log Settings, specify the Log Facilities, and add Remote Log Receivers.
|Minimum severity level||Minimum severity level that the system will log.|
|Start new file when log reaches||Enter the maximum amount you want Orchestrator to generate a new file at. The limit is 50 MB.|
|Keep at most log files||Amount of log files you want stored. 100 is the maximum amount.|
Select the log facilities you want the System, Audit, Flow, and Ids logs to use. You can choose between Local0 and Local7 for each.
Click Add and enter the IP address of the remote log receiver you want to add.