# NetScreen Firewall

## NetScreen Firewall 

Enable Syslog Messages and Disable WebTrends Messages using the NetScreen Administration Tools Console  

1. Log in to the NetScreen GUI. 
2. Click Configuration> Report Settings> Syslog in the left pane of the NetScreen GUI. 
3. Select the Enable Syslog Messages check box. 
4. Select the Trust Interface as Source IP for VPN and Include Traffic Log check box. 
5. Type the IP address of the “Log Collector” and syslog port (514) in the Syslog Host Name / Port text box. 
6. All other fields will have default values. 
7. Click Apply to save the changes. 
8. Click Configuration> Report Settings> WebTrends in the left pane of the NetScreen GUI 
9. Clear the Enable WebTrends Messages check box. 
10. Click Apply to save the changes. 

To configure Syslog, perform the following steps: 

1. Open the WebUI. 
2. From the ScreenOS console menu, click Configuration, select Report Settings, and then click Syslog. 

!\[A picture containing graphical user interface, application

Description automatically generated]\(<https://firebasestorage.googleapis.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MMRHZBPHlLDUc8519fX%2Fuploads%2F9rnrL9EIlNI5PhIk7Pz3%2Ffile.jpeg?alt=media>)

1. From the Syslog page, click to select Enable Syslog Messages.&#x20;

| Note: | From the 'Source interface' drop-down menu, select the interface from which syslog packets are sent. |
| ----- | ---------------------------------------------------------------------------------------------------- |

!\[Graphical user interface, text, application

Description automatically generated]\(<https://firebasestorage.googleapis.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MMRHZBPHlLDUc8519fX%2Fuploads%2FRVRdI4cg1pYUfGjKyiVm%2Ffile.jpeg?alt=media>)

1. Enter the necessary information for each syslog server you are adding. Syslog messages can be sent to up to 4 designated syslog servers. &#x20;

* Enable: Select this option to enable the syslog server.&#x20;
* IP/ Hostname: The IP address of the “Log Collector”..&#x20;
* Port: In the Port field, enter the port the server uses for syslog messages. Please check Appendix A for default port list.&#x20;
* Security Facility: The security facility, which classifies and sends security specific messages to the syslog host.&#x20;
* Facility: The regular facility, which classifies and sends all other messages for events unrelated to security.&#x20;
* Event Log: Select this option to send event log entries to the syslog host.&#x20;
* Traffic Log: Select this option to send traffic log entries to the syslog host.&#x20;

For this example, 192.168.1.2 has been used as the Syslog Host Name. It is recommended to leave the Syslog port as the default value (514): \
&#x20;\
!\[Graphical user interface, table

Description automatically generated]\(<https://firebasestorage.googleapis.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MMRHZBPHlLDUc8519fX%2Fuploads%2Fr4ERZfjXmnVHA65jRsKt%2Ffile.jpeg?alt=media)&#x20>;

1. Click APPLY to save the syslog configuration. &#x20;

!\[Table

Description automatically generated]\(<https://firebasestorage.googleapis.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MMRHZBPHlLDUc8519fX%2Fuploads%2FUeXhudf1cXLW4LwZi9xb%2Ffile.jpeg?alt=media>)

| Caution: | Uncheck the TCP option. This will make the firewall to send syslogs in the configured UDP port. |
| -------- | ----------------------------------------------------------------------------------------------- |

### Configure/Enable Syslog Messages for Netscreen Firewall device using CLI Console:&#x20;

Execute the following commands to configure syslog via CLI: &#x20;

set syslog config 192.168.1.2 \
set syslog config 192.168.1.2 facilities local0 local0 \
set syslog config 192.168.1.2 log traffic \
set syslog src-interface <\<interface name>> \
set syslog enable&#x20;

NOTE: The difference between “security facility” and “facility” is that “security facility” is specific for logging of security related events. Facility logs all other events.&#x20;