Use the Log Settings page to enable the Log feature and configure the log settings. You can set the log buffer size, log all unicast traffic or broadcast traffic destined to your device for troubleshooting purposes, specify which syslogs to be mailed to a specified email address on schedule, and set the severity level of the events that are logged. If you have a remote syslog server support, you can save logs to the remote syslog server.
1. Click Device Management > Logs > Log Settings.
2. In the Log Settings area, enter the following information:
• Log: Click On to enable the Log feature, or click Off to disable it.
• Log Buffer: If you enable the Log feature, specify the size for the local log buffer. The default value is 409600 bytes.
NOTE: After you enable the Log feature and set the log buffer size, specify the severity level of the events that you want to log. These logs will be saved to the local log daemon. See Step 7..
3. In the System Logs area, if you want to monitor the security appliance with more traffic data, you can choose to log all unicast traffic and/or all broadcast or multicast traffic directed to your security appliance for troubleshooting purposes. The logs for unicast traffic and broadcast or multicast traffic are at the Information severity level.
• Unicast Traffic: Click On to log all unicast packets directed to the security appliance. Unicast traffic for all facilities will be logged, regardless of internal or external traffic.
• Broadcast/Multicast Traffic: Click On to log all broadcast or multicast packets directed to the security appliance. Broadcast or multicast traffic for all facilities will be logged, regardless of internal or external traffic.
If both are unselected, the security appliance only logs the events based on your facility settings. The log facilities are used to log some interest events, such as wireless clients are associated, packets are blocked by firewall rules, viruses are detected by the Anti-Virus service, and so forth.
4. In the Email Server area, specify which syslogs to be mailed to a specified email address on schedule.
• Email Alert: Shows if the Syslog Email feature is enabled or disabled.
• From Email Address: The email address used to send the logs.
• To Email Address: The email address used to receive the logs.
• SMTP Server: The IP address or Internet name of the SMTP server.
• SMTP Authentication: Shows if the SMTP authentication is enabled or disabled.
NOTE: The above email server settings are read only. You must enable the Syslog Email feature and configure the email server settings to send the syslog messages to a specified email address. You can click the Set Email Alert link or go to the Device Management > Administration > Email Alert page to do this. See Configuring Email Alert Settings.
• Mail Subtitle: Enter the subtitle that is displayed in the email. For example, if you set the device name as the subtitle, the email recipient can recognize quickly what device the logs or alerts are coming from.
• Severity: Choose the severity level for the logs that you want to send.
For example: If you select Critical, all logs listed under the Critical, Emergency, and Alert categories are sent.
5. In the Email Schedule area, specify the schedule to send the logs.
• Frequency: Choose the period of time that you want to send the logs.
– Hourly: Send the logs on an hourly basis.
– Daily: Send the logs at a specific time of every day. If you choose this option, specify the time to send the logs in the Time field.
– Weekly: Send the logs on a weekly basis. If you choose this option, specify the day of the week in the Day field and the time in the Time field.
• Day: If the logs are sent on a weekly basis, choose the day of the week
• Time: Choose the time of day when the logs should be sent.
6. In the Remote Logs area, specify how to save the logs to a remote syslog server.
• Remote Logs: Click On to save the logs to the specified remote syslog server, or click Off to disable it.
• Syslog Server: Enter the IP address or domain name of the remote syslog server that runs a syslog daemon.
• Severity: Choose the severity level of the logs that you want to save to the remote syslog server.
For example: If you select Critical, the logs listed under the Critical, Emergency, and Alert categories are saved to the remote syslog server.
7. In the Local Log area, choose the severity level for the events that you want to log. The logs will be saved to the local syslog daemon.
For example: If you select Critical, all log messages listed under the Critical, Emergency, and Alert categories are saved to the local syslog daemon.
8. Click Save to apply your settings.
• To specify which system messages are logged based on the facility, go to the Log Facilities page. See Configuring Log Facilities.
• (Optional) To enable the Syslog Email feature and configure the email server settings to send the syslog messages to a specified email address, go to the Device Management > Administration > Email Alert page. See Configuring Email Alert Settings.