Syslogs
Syslogs are standardized event logging messages used across network devices and systems to record operational data.
With syslogs you can:
- Monitoring Devices: Network equipment (routers, switches, etc.) automatically generates syslog messages for status changes, errors, and security events
- Centralize Collection: Aggregate logs from multiple devices into a unified repository
- Monitor Integration: You can trigger alerts based on log patterns (failed logins, interface errors), enable automated responses through Playbooks, and provide audit trails for compliance reporting
Syslog File Retention Period/Size
Set the retention period for Syslog files.
- Click [Settings] on the Global Menu.
Add Syslog Rule
According to set conditions, you can sort Syslog output destinations, forward Syslogs to other hosts, and exclude unnecessary messages.
To add a Syslog rule:
-
Click [Settings] on the Global Menu.
-
Click [Syslog], then click the
button under “Syslog rules”.
- In the left sidepanel, click on [Syslog Filter] and [Syslog Action] to configure settings.
Syslog filter Items
| Filter | Explanation |
|---|---|
| Log level | Filter by Syslog level. If you enable the “Include higher levels” option, filtering will be performed at the selected level and above. |
| IP Address | Filter by IP address. |
| [Single] filters by a single IP address | |
| [Range] filters by IP range | |
| If not entered, filtering by IP address will not be performed. | |
| Hostname | Filter by hostname. |
| If not entered, filtering by host name will not be performed. | |
| Message | Filters syslogs containing the specified string. |
| In the “Message” field, you can filter by partial match. | |
| Uppercase/lowercase letters are case sensitive. | |
| Filtering based on regular expressions (Regex) is not supported. | |
| If not entered, message filtering will not be performed. | |
| Time | Filter by time. |
| Syslogs received within the time specified by the start time and end time are subject to filtering. | |
| Day of week | Filter by day of the week. |
Syslog action items
| Action | Item | Explanation |
|---|---|---|
| Output to file | File name | Specify the Syslog file name to output. |
| Split files by | Divide the output Syslog file into specified units. | |
None: Do not split |
||
Log Level: Divide by log level |
||
IP address: Divide by IP address or octet (1st, 2nd, 3rd) |
||
Hostname: Split by host name |
||
Time: Divide into selected time units |
||
| Forward | Transfer format | Select the transfer format from Syslog and SNMP. |
| Target IP/Host name | Specify the forwarding destination. | |
| Port | Set the forwarding destination port number. | |
| Protocol | Select the transfer protocol from UDP or TCP. | |
| Displayed when the transfer format is Syslog | ||
| Spoofed source IP | Displayed when the transfer format is Syslog | |
| Community | Specify the SNMP trap community. | |
| Displayed when the transfer format is SNMP | ||
| Discard | ― | Excludes the Syslog specified by the Syslog filter and will no longer log it to the Syslog file. |
- After configuration, click [OK].
- Click [OK] on the server settings screen.