Configure Syslog

Syslog is a standard for computer message logging. It permits separation of the software that generates messages from the system that stores them and the software that reports and analyzes them.

Syslog can be used for computer system management and security auditing as well as generalized informational, analysis, and debugging messages. It is supported by a wide variety of devices (like printers and routers) and receivers across multiple platforms. Because of this, syslog can be used to integrate log data from many different types of systems into a central repository.

Messages are labeled with a facility code (one of: auth, authpriv, daemon, cron, ftp, lpr, kern, mail, news, syslog, user, uucp, local0 ... local7) indicating the type of software that generated the messages, and are assigned a severity (one of: Emergency, Alert, Critical, Error, Warning, Notice, Info, Debug).

View or Configure Syslog

Refer to the following table for descriptions of the options in the Syslog Properties dialog.

Attribute

Description

Admin State

Specifies whether syslog is to be enabled or disabled for this NE.

  • Enabled
  • Disabled (default)

Destinations

IP/Hostname

Specify the IP address (static or dynamic) or the hostname of the syslog server. Multiple syslog servers can be specified.

Note: If an IPv4 address is used, it MUST be in the format of the dotted decimal notation. If an IPv6 address is used, a valid textual representation MUST be used.

Destination Configuration

Admin State

Specify whether the syslog Destination Configuration is to be enabled or disabled.

  • Enabled (default)
  • Disabled

Protocol

Specify the transport protocol to be used for syslog.

  • UDP (default) sends out messages randomly to the syslog server.
  • TCP sends out and receives messages bi-directionally to the syslog server
  • TLS uses a trusted Certificate of Authority for security key, which is encrypted and is the most reliable transport for messages sent to the syslog server.

Note: TLS protocol is recommended because the Certificate of Authority acts as a trusted host.

Port

Specifies the default port number to send syslog messages to the syslog server for the selected transport protocol. Any port number can be used; but the following are recommended.

  • 514 – UDP (default) port sends out messages
  • 6514 – TCP port sends and receives messages
  • 6514 – TLS port sends messages that can be encrypted and uses a Certificate of Authority as a trusted host.
Facility Mapping
Class

Specifies the class of facility mapping that is to be captured. Each Class must have a specified facility value. Multiple Facility Mappings can be specified.

•    ALARM (default)

•   AUTH

•   CLI

•   DEBUG

•   DNLD

•   EVENT

•   EXCEPT

•   INFO

•   PLATFM

•   OTHERS
Facility

Specifies the facility mapping criteria for each Class that is to be captured. Each Facility must have a specified Class value. Multiple Facility Mappings can be specified.

•   kernel(0) (default) – Kernel messages

•   user(1) – User-level messages

•   mail(2) – Mail system

•   daemon(3) – System daemons

•   authorization(4) – Security/authorization messages

•   syslog(5) – Messages generated internally by the syslog daemon (syslogd)

•   line-printer(6) – Line printer subsystem

•   news(7) – Network news subsystem

•   uucp(8) – UUCP subsystem

•   clock(9) – Clock daemon

•   authorization-privilege(10) – Security/authorization messages

•   ftp(11) – FTP daemon

•   ntp(12) – NTP daemon

•   audit(13) – Log audit

•   alert(14) – Log alert

•   cron(15) – Clock daemon (note 2)

•   local0(16) – Local use 0

•   local1(17) – Local use 1

•   local2(18) – Local use 2

•   local3(19) – Local use 3

•   local4(20) – Local use 4

•   local5(21) – Local use 5

•   local6(22) – Local use 6

•   local7(23) – Local use 7
Filter
Level

Specifies the Filter Level characteristic to be applied. Each Level must have a corresponding Class applied. Multiple Filters can be specified.

•    emergency(0) (default) – System is unusable

•   alert(1) – Action must be taken immediately

•   critical(2) – Critical conditions

•   error(3) – Error conditions

•   warning(4) – Warning conditions

•   notification(5) – Normal but significant condition

•   information(6) – Informational messages

•   debug(7) – Debug-level messages
Class

Specifies the Filter Class characteristic to be applied. Each Class must have a corresponding Level applied. Multiple filters can be specified.

•   None (default)

•   ALARM

•   AUTH

•   CLI

•   DEBUG

•   DNLD

•   EVENT

•   EXCEPT

•   INFO

•   PLKTFM
Message IDs Identifies the type of message. For example, a firewall might use the MSGID "TCPIN" for incoming TCP traffic and the MSGID "TCPOUT" for outgoing TCP traffic. Messages with the same MSGID should reflect events of the same semantics. The MSGID itself is a string without further semantics. It is intended for filtering messages from a relay or collector. 

 

Use the following procedure to view or configure syslog.

  1. Logon to EMS and in the Network common tree, right-click on the target OLT and select Properties from the dropdown list.

    Alarm-env-Assign
  2. Select the Syslog tab.

  3. In the Admin State, select the state:
  4. Open Destinations by clicking on the arrow-up icon.

  5. Enter the IP/Hostname of the Syslog server.
  6. Click the Add button to include the IP addresses in the IP/Host List shown on the right. The IP/Hostname identifies the source syslog server.
  7. Click the Remove button to delete the IP addresses in the IP/Host List, shown on the right.
  8. Open Destination Configuration by clicking on the arrow-up icon.
  9. In the Destination Configuration section, select the state:
  10. In the Transport Layer Mapping area, select the Protocol used as the transport layer mechanism. Each protocol provides different levels of transport reliability and is categorized as:

    1. UDP (Default) - protocol transport that sends out basic messages.

    2. TCP - protocol transport that sends messages bidirectionally.

    3. TLS - protocol transport that sends messages utilizing the Certificate of Authority for trusted hosts and encryption. This is the most recommended of transport mechanisms for this purpose.

  11. Enter the Port number that defines the default port that sends syslog messages to the syslog server:
    1. 514 – UDP (Default)

    2. 6514 – TCP

    3. 6514 – TLS (recommended)
  12. In the Facility Mapping area, select the Class from the drop-down list to match the Facility. 
    Information Note: The Class must match the mapped Facility so that there is a one-to-one relationship between them.
  13. In the Facility Mapping area, select the Facility from the drop-down list match the Class. 
  14. Click Add to move Classes and matching Facilities to the Mapping List shown on the right.
  15. Use the Add, Modify, or Remove buttons to add, change, or remove a class and mapped facility shown inside the list.
  16. In the Filters section, select the Level from the drop-down list. Multiple levels can be selected that are mapped to a Class.

  17. Select the Class characteristic from the drop-down list to map to the selected level.
  18. Use the Add, Modify or Remove buttons to add, change or remove the Level and Class in the Filter List.
  19. Select the message (MSGID) identification. To view all messages, leave the message identification field blank. Refer to “Syslog Message Format” for the description and format of each message identification.
  20. After setting up the Syslog configuration, click the Apply button.
  21. Click the Refresh button to update changes to the syslog server.
  22. The confirmation message is displayed.
  23. Click the OK button to close the message.
  24. Click the Close button to exit the Syslog dialog.

 

 

 

 

.