Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-23-2016 07:25 AM
Hi,
I have attached my syslog configuration .
but in my syslog i missed most of the logs .
then assigned to the policy
To forward all the logs , attached configuration
what if i choose another facilty ?
if i put one interface in tap mode can i forward the log to syslog server
Thanks
03-23-2016 07:43 AM
Hi Sib
are you seeing some logs or none on the syslog server ?
the facility is merely a 'view' option in syslog, you should be able to toggle your syslog server to that view to make sure the logs are being received
to verify logs are being forwarded properly, please take a look at
> debug log-receiver statistics
at the bottom you will see
External Forwarding stats:
Type Enqueue Count Send Count Drop Count Queue Depth Send Rate(last 1min)
syslog 0 0 0 0 0
which can help determine if syslog is being sent out properly or not
03-23-2016 09:38 AM
Hi,
What is the differnces between facility 7 and facilty 6 .
choosing facilty 7 will increase the visibilty of the logs , (mean wil it include all logs )
Thanks
03-23-2016 05:50 PM
As I understand syslog facility is used on the syslog server to decide which log goes into which file. Facility will not help to increase or decrease the level of logging on the firewall.
As per RFC: https://tools.ietf.org/html/rfc3164 following are the facility codes defined:
| Facility code | Keyword | Description |
|---|---|---|
| 0 | kern | kernel messages |
| 1 | user | user-level messages |
| 2 | mail system | |
| 3 | daemon | system daemons |
| 4 | auth | security/authorization messages |
| 5 | syslog | messages generated internally by syslogd |
| 6 | lpr | line printer subsystem |
| 7 | news | network news subsystem |
| 8 | uucp | UUCP subsystem |
| 9 | clock daemon | |
| 10 | authpriv | security/authorization messages |
| 11 | ftp | FTP daemon |
| 12 | - | NTP subsystem |
| 13 | - | log audit |
| 14 | - | log alert |
| 15 | cron | scheduling daemon |
| 16 | local0 | local use 0 (local0) |
| 17 | local1 | local use 1 (local1) |
| 18 | local2 | local use 2 (local2) |
| 19 | local3 | local use 3 (local3) |
| 20 | local4 | local use 4 (local4) |
| 21 | local5 | local use 5 (local5) |
| 22 | local6 | local use 6 (local6) |
| 23 | local7 | local use 7 (local7) |
Whereas the severity under the Log forwarding profile helps to decide what kind of logs you want to send to the syslog server.
You can choose to send different severity logs to the same syslog server with different facility values, so that they can be handled separately by the server. I hope this helps.
-BR
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
