Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Herschel_Liang
Collaborator

CP GW syslog configuration question

YK-FW-A> show configuration syslog
add syslog log-remote-address 2.2.2.2 level all
set syslog filename /var/log/messages
set syslog cplogs on
set syslog mgmtauditlogs on
set syslog auditlog permanent
set syslog uncompressmessages off

YK-FW-A> show syslog all
Syslog Parameters:
Remote Address 2.2.2.2
Levels all
Auditlog permanent
Destination Log Filename /var/log/messages
YK-FW-A>

微信截图_20220909202925.png

I can see GW  written some logs into /var/log/message, but still can not find any GW syslogs written in the SMS /var/log/message file. Who can give me some ideas?

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

“Accept Syslog Messages” means the SMS can be a target of syslog messages from other devices.
Those logs will not appear in /var/log/messages on the SMS but in with SmartView similar to Access/Threat Prevention.
Unless you have parsers written for the messages, they may not appear in a very useful format.

Please describe what your ultimate goal is.

0 Kudos
Herschel_Liang
Collaborator

YK-FW-A> show configuration syslog
add syslog log-remote-address 2.2.2.2 level all
set syslog filename /var/log/messages
set syslog cplogs on
set syslog mgmtauditlogs on
set syslog auditlog permanent
set syslog uncompressmessages off

YK-FW-A> show syslog all
Syslog Parameters:
Remote Address 2.2.2.2
Levels all
Auditlog permanent
Destination Log Filename /var/log/messages
YK-FW-A>

The ultimate goal is sending local GW system logs(like account log in/ log out) to the SMS  and Syslog server storage.

0 Kudos
PhoneBoy
Admin
Admin

When you say “to the SMS” where precisely do you expect to see the syslog messages appear?
If you expect gateway syslogs to be sent to /var/log/messages on the SMS, that’s not how “Accept Syslog Messages” works and is probably not what you want.

What is precisely meant by “syslog server storage.”
That sounds like an external (not gateway, not SMS) device…what exactly is it?

0 Kudos
Herschel_Liang
Collaborator

When you say “to the SMS” where precisely do you expect to see the syslog messages appear?
----->Yes
If you expect gateway syslogs to be sent to /var/log/messages on the SMS, that’s not how “Accept Syslog Messages” works and is probably not what you want.
----->Oh, so where is“Accept Syslog Messages”used?
What is precisely meant by “syslog server storage.”
That sounds like an external (not gateway, not SMS) device…what exactly is it?
----->Yes, I mean an external device.

0 Kudos
PhoneBoy
Admin
Admin

Like I said, the logs will show in exactly the same place your Access and Threat Prevention logs will show, which is not /var/log/messages.
In my experience, the OS logs won’t appear to be very useful when viewed in SmartConsole/SmartView.
Possible they may be more useful if you write a parser for said logs, but we don’t provide one for that purpose by default.

If your goal is to collect the OS syslogs centrally, all devices should send their syslogs directly to your collector and not have them sent to your management.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events