Syslog setting
- Vladimir Tayzhev
- Technical Service Specialist
- Vasily T.
What is Syslog?
Syslog is an IETF RFC 3164 standard protocol for computer logging and collection that is popular in Unix-like systems including servers, networking equipment, and IoT devices. The log messages generated by a device create a record of events that occur on the operating system or application. The purpose of the message is to provide administrators with information regarding important events, health information, and other normal or abnormal happenings that could prove useful when troubleshooting or working through a security-related issue.
Essentially you receive logs from Vutlan monitoring device onto a separate centralized log collection server. This separate centralized log collection server is created and managed by your system administrator on a server inside/outside your facility.
How does syslog work?
When a Vutlan monitoring system is running the syslog daemon, system messages are generated and sent to a centralized log collection server.
The relaying of Syslog messages is sent over UDP port 514. Once collected, an administrator can use a syslog viewer to view, sort, and even alert on the various log messages coming in.
Syslog message components
Each log event contains a timestamp along with the event message itself and the origin IP/domain name for identification purposes.
The event is then categorized into one of eight severity levels.
VALUE | SEVERITY | KEYWORD | DESCRIPTION | EXAMPLES |
|---|---|---|---|---|
0 | Emergency | emerg | System is unusable | This level should not be used by applications. |
1 | Alert | alert | Should be corrected immediately | Loss of the primary ISP connection. |
2 | Critical | crit | Critical conditions | A failure in the system's primary application. |
3 | Error | err | Error conditions | An application has exceeded its file storage limit and attempts to write are failing. |
4 | Warning | warning | May indicate that an error will occur if action is not taken. | A non-root file system has only 2GB remaining. |
5 | Notice | notice | Events that are unusual, but not error conditions. |
|
6 | Informational | info | Normal operational messages that require no action. | An application has started, paused or ended successfully. |
7 | Debug | debug | Information useful to developers for debugging the application. |
|
Configure Syslog
To configure the export of logs do the following:
"Main menu" "", -> "Preferences" -> "Logging" -> "Syslog" in the Interface.
Set the IP address of your centralized log collection server to export the logs to and press "Save".
# | Option | Description |
|---|---|---|
1 | Syslog Server Address | Indicate IP address and port number of the Syslog server (For example, 192.168.0.15:514) |
Attention
Check your Syslog server configuration. Syslog reception over UDP must be enabled.