Configure Syslog

MSL includes a syslog server for message logging. When a system event occurs, such as a failed authentication attempt or login failure, the affected service generates a message, which is recorded in a log file. You can examine these messages in the Log File Viewer.

You can enhance this functionality by enabling the local system to accept syslog messages from remote hosts, and by enabling the local system to send its own syslog messages to remote hosts.

Note: If you are on the SMB Controller, you will be able to only send local syslog event messages to a remote host; you will not be able to accept messages.

Note: If you are behind a firewall, make sure the firewall allows passage through the ports used by the syslog server.

 

Receiving Messages from Remote Hosts

You can configure the local syslog server to accept event messages from other syslog servers, provided that they are in list of trusted networks. The event messages can be received over UDP (using port 514) and TCP (using a configured port).

To start receiving syslog event messages from remote hosts:

  1. Under Security, click Syslog.

  2. Under Accept syslogs from remote hosts, do the following:

    1. In the Accept remote syslog on UDP field, click Enable.  

    2. (Optional) In the Accept remote syslog on TCP field, click Enable. In the Listen Port field, enter a port number (for example, 514), and then click Save.

 The local system can now receive syslog event messages from remote hosts.

To stop receiving syslog event messages from a remote host:

  1. Under Security, click Syslog.

  2. Under Accept syslogs from remote hosts, locate the protocol you wish to disable (UDP or TCP).

  3. Click Disable.

Sending Messages to Remote Hosts

You can configure the local syslog server to forward its own event messages to one or more other syslog servers.

 For the Server Manager to send local syslog event messages to a remote host, perform these steps:

  1. Under Security, click Syslog.

  2. Under Forward local syslogs, click Add remote syslog destination.

  3. In the Configure syslog screen, do the following:

    1. In the Facility field, select the type of program or the subsystem that is logging the message.

    Note: By default, the auth facility code (security/authorization messages) is selected. You may also select authpriv (messages generated internally by syslogd) or any other facility code. For a complete list of facility code descriptions, see RFC 3164.

     

    1. In the Destination Host (ip:port) field, enter the IP address and port number of the remote syslog server. For example, 10.37.28.103:514.

Notes:

  1.  

    1. In the Protocol field, select the transport protocol (UDP or TCP).

  1. Click Next and then click Add.

The local system will now forward syslog event messages to the designated remote host(s).

Example:

The following figure shows audit logs (authpriv) being forwarded to the syslog server 10.37.28.103, using UDP on port 514.

 

To stop the Server Manager from sending local syslog event messages to a remote host:

  1. Under Security, click Syslog.

  2. Under Forward local syslogs, locate the host you wish to disable.

  3. Click Remove twice..

Print Page