Administration > General Settings > Setup > Logging
This tab summarizes the following configured logging parameters:
Log Settings refers to local logging.
Log Facilities Configuration refers to remote logging.
The logs keep track of alarms, events, and any other issues involving your appliances.
The following table provides more details.
|Appliance||Name of the appliance associated with the recorded logs.|
|Minimum Severity||Minimum severity the issue is recorded as. For details about severity levels, see the “Severity Levels” section below this table.|
|Log File Size Threshold||Set threshold configured for the log size limit.|
|Log Stateful WAN Drops||Enable to log information for discarded inbound packets, even at high-traffic rates.|
|Number of Logs to Keep||Maximum number of logs to keep for the appliance.|
|System||Assigned log facility for System.|
|Audit||Assigned log facility for Audit.|
|Firewall||Assigned log facility for Firewall.|
|Ids||Assigned log facility for IDS.|
|Remote Receiver||IP address of the remote receiver applicable to the log file.|
|Remote Receiver Minimum Severity||Lowest level of severity logged for the remote log receiver. For details about severity levels, see the “Severity Levels” section below this table.|
|Facility||Log facility used for the remote log receiver.|
To edit the logging configuration for one of the listed appliances, click the edit icon in the left column of the table.
In order of decreasing severity, the levels are as follows:
|Emergency||System is unusable.|
|Alert||Includes all alarms the appliance generates: CRITICAL, MAJOR, MINOR, and WARNING.|
|Error||An error. This is a non-urgent failure.|
|Warning||A warning condition. Indicates an error will occur if action is not taken.|
|Notice||A normal, but significant, condition. No immediate action required.|
|Info||Informational. Used by Support for debugging.|
|Debug||Used by Support for debugging.|
|None||If you select None, no events are logged.|
These are related to event logging levels, not alarm severities, even though some naming conventions overlap. Events and alarms have different sources. Alarms, when they clear, list as the ALERT level in the Event Log.
You can configure the appliance to forward all events, at and above a specified severity, to a remote syslog server.
A syslog server is independently configured for the minimum severity level that it will accept. Without reconfiguring, it might not accept as low a severity level as you are forwarding to it.
Each message/event type (System / Audit / Firewall / Ids) is assigned to a syslog facility level (local0 to local7).
Use this dialog box to set log settings, configure log facilities, and add remote log receivers.
|Minimum severity level||Minimum severity level that the system will log.|
|Start new file when log reaches||Enter the maximum size (in MB) for a log file. Orchestrator generates a new file when this maximum size is reached. Specify a size from 1 to 50.|
|Keep at most log files||Maximum number of log files to allow to be stored. Specify a value from 1 to 100.|
|Log stateful wan-interface drops||Select to log information for discarded inbound packets, even at high-traffic rates.
NOTE: Enabling this option may impact system performance.
Select the log facilities you want the System, Audit, Firewall, and IDS/IPS Events logs to use. You can choose between Local0 and Local7 for each.
For information about remote log receivers, including how to add and configure a receiver, see Remote Log Receivers.