NetScreen Firewall
PreviousCisco VPN ConcentratorNextConfigure/Enable Syslog Messages for Netscreen Firewall device using CLI Console:
Last updated
Last updated
Enable Syslog Messages and Disable WebTrends Messages using the NetScreen Administration Tools Console
Log in to the NetScreen GUI.
Click Configuration> Report Settings> Syslog in the left pane of the NetScreen GUI.
Select the Enable Syslog Messages check box.
Select the Trust Interface as Source IP for VPN and Include Traffic Log check box.
Type the IP address of the “Log Collector” and syslog port (514) in the Syslog Host Name / Port text box.
All other fields will have default values.
Click Apply to save the changes.
Click Configuration> Report Settings> WebTrends in the left pane of the NetScreen GUI
Clear the Enable WebTrends Messages check box.
Click Apply to save the changes.
To configure Syslog, perform the following steps:
Open the WebUI.
From the ScreenOS console menu, click Configuration, select Report Settings, and then click Syslog.
From the Syslog page, click to select Enable Syslog Messages.
Enter the necessary information for each syslog server you are adding. Syslog messages can be sent to up to 4 designated syslog servers.
Enable: Select this option to enable the syslog server.
IP/ Hostname: The IP address of the “Log Collector”..
Port: In the Port field, enter the port the server uses for syslog messages. Please check Appendix A for default port list.
Security Facility: The security facility, which classifies and sends security specific messages to the syslog host.
Facility: The regular facility, which classifies and sends all other messages for events unrelated to security.
Event Log: Select this option to send event log entries to the syslog host.
Traffic Log: Select this option to send traffic log entries to the syslog host.
Click APPLY to save the syslog configuration.
Execute the following commands to configure syslog via CLI:
set syslog config 192.168.1.2 set syslog config 192.168.1.2 facilities local0 local0 set syslog config 192.168.1.2 log traffic set syslog src-interface <<interface name>> set syslog enable
NOTE: The difference between “security facility” and “facility” is that “security facility” is specific for logging of security related events. Facility logs all other events.
For this example, 192.168.1.2 has been used as the Syslog Host Name. It is recommended to leave the Syslog port as the default value (514):
Note:
From the 'Source interface' drop-down menu, select the interface from which syslog packets are sent.
Caution:
Uncheck the TCP option. This will make the firewall to send syslogs in the configured UDP port.
