Syslog setting

What is Syslog?

Syslog is an IETF RFC 3164 standard protocol for computer logging and collection that is popular in Unix-like systems including servers, networking equipment, and IoT devices. The log messages generated by a device create a record of events that occur on the operating system or application. The purpose of the message is to provide administrators with information regarding important events, health information, and other normal or abnormal happenings that could prove useful when troubleshooting or working through a security-related issue.

Essentially you receive logs from Vutlan monitoring device onto a separate centralized log collection server. This separate centralized log collection server is created and managed by your system administrator on a server inside/outside your facility.

How does syslog work?

When a Vutlan monitoring system is running the syslog daemon, system messages are generated and sent to a centralized log collection server.

The relaying of Syslog messages is sent over UDP port 514. Once collected, an administrator can use a syslog viewer to view, sort, and even alert on the various log messages coming in.

Syslog message components

Each log event contains a timestamp along with the event message itself and the origin IP/domain name for identification purposes.

 

The event is then categorized into one of eight severity levels.

VALUE

SEVERITY

KEYWORD

DESCRIPTION

EXAMPLES

VALUE

SEVERITY

KEYWORD

DESCRIPTION

EXAMPLES

0

Emergency

emerg

System is unusable

This level should not be used by applications.

1

Alert

alert

Should be corrected immediately

Loss of the primary ISP connection.

2

Critical

crit

Critical conditions

A failure in the system's primary application.

3

Error

err

Error conditions

An application has exceeded its file storage limit and attempts to write are failing.

4

Warning

warning

May indicate that an error will occur if action is not taken.

A non-root file system has only 2GB remaining.

5

Notice

notice

Events that are unusual, but not error conditions.

 

6

Informational

info

Normal operational messages that require no action.

An application has started, paused or ended successfully.

7

Debug

debug

Information useful to developers for debugging the application.

 

Configure Syslog

To configure the export of logs do the following:

"Main menu" "",  -> "Preferences" -> "Logging" -> "Syslog"  in the Interface.

Set the IP address of your centralized log collection server to export the logs to and press "Save".

#

Option

Description

#

Option

Description

1

Syslog Server Address

Indicate IP address and port number of the Syslog server

(For example, 192.168.0.15:514)

 

Attention

Check your Syslog server configuration. Syslog reception over UDP must be enabled.