Logging Template
Use this template to configure local and remote logging parameters.
Each requires that you specify the minimum severity level of event to log.
-
Set up local logging in the Log Configuration and Log Facilities Configuration sections.
-
Set up remote logging by using the Remote Log Receivers section.
Minimum Severity Levels
In decreasing order of severity, the levels are as follows.
| Severity Level | Description |
|---|---|
| EMERGENCY | System is unusable. |
| ALERT | Includes all alarms the appliance generates: CRITICAL, MAJOR, MINOR, and WARNING. |
| CRITICAL | Critical event. |
| ERROR | An error. This is a non-urgent failure. |
| WARNING | A warning condition. Indicates an error will occur if action is not taken. |
| NOTICE | A normal, but significant, condition. No immediate action required. |
| INFORMATIONAL | Informational. Used by Silver Peak for debugging. |
| DEBUG | Used by Support for debugging. |
| NONE | If you select NONE, no events are logged. |
-
The bolded part of the name is what displays in the log files.
-
If you select NOTICE (the default), the log records any event with a severity of NOTICE, WARNING, ERROR, CRITICAL, ALERT, and EMERGENCY.
-
These are purely related to event logging levels, not alarm severities, even though some naming conventions overlap. Events and alarms have different sources. Alarms, after they clear, list as the ALERT level in the Event Log.
-
In the Log Facilities Configuration section, assign each message/event type (System / Audit / Firewall / IDS/IPS) to a syslog facility level (local0 to local7).
Configure Remote Logging
You can configure the appliance to forward all events, at and above a specified severity, to a remote syslog server.
A syslog server is independently configured for the minimum severity level that it will accept. Without reconfiguring, it might not accept as low a severity level as you are forwarding to it.
To configure remote logging:
-
Under Remote Log Receivers, click Add.
-
For each remote syslog server that you add to receive the events, complete the following fields with the appropriate information.
Field Description Remote Receiver The remote receiver’s IP address. Port The port number of the remote syslog server. Valid values range from 2 through 65535. Protocol Select the protocol you want to apply: UDP, TCP, or TCP SSL. Minimum Severity Select the minimum severity level of messages you want to log: None, Emergency, Alert, Critical, Error, Warning, Notice, Info, or Debug. Facility Select all, local1, local2, local3, local4, local5, local6, or local7. Client Certificate If you selected TCP SSL protocol, do one of the following: Click Add to upload the certificate and key files. Then, complete the fields as explained below. Click View to view the client certificate. Click Don’t Apply if you do not want to apply the client certificate. Verify Click this cell to display a checkbox, and then select the checkbox to verify the server certificate.
Add a Client Certificate
To add a client certificate:
-
In the Client Certificate column, click Add.
The Add Remote Receiver SSL Certificate dialog box opens.
-
Complete the following fields.
Field Description PFX Certificate File To use a PFX certificate file, select this check box. Certificate File Click Choose File. Locate and select the certificate file, and then click Open. Private Key File Click Choose File. Locate and select the private key file, and then click Open. If you selected PFX Certificate File, this field is disabled. Import Password Enter the import password for the certificate. Passphrase Enter the passphrase for the certificate. -
Click Add.