Remote Logging Configuration on RV220W and RV120W

Objective

Remote and local logging provides information about denial of service attacks, general attacks, login attempts, dropped packets, etc. Remote logging is one of the methods to monitor log files of multiple hosts. Also, in some cases the user might want to store logs on a separate secure network which is not physically accessible, this is when remote logging comes into use.

This document describes how to configure remote logging on the RV220W and RV120W.

Applicable Devices

• RV220W
• RV120W

Software Version

• v1.0.4.17

Configure Remote Logging

Add a Remote Log Identifier

Adds a remote log identifier to work with the SMTP server and configures the log settings with the desired e-mails.

Step 1. Log in to the web configuration utility and choose Administration > Logging > Remote Logging Configuration. The Remote Logging Configuration page opens:

Step 2. Enter a prefix to add to every logged message for easier identification of the source of the message in the Remote Log Identifier field.The log identifier will be added to both email and Syslog messages.

Step 3. Check the E-mail Logs check box to send all logs to the e-mail configured below.

Step 4. Enter the IP address or Internet name of the Simple Mail Transfer Protocol (SMTP) server in the E-mail Server Address field. The router will connect to this server to send e-mail logs when required.

Step 5. Enter the port number used to connect to SMTP server in SMTP Port field.

Step 6. Enter the e-mail address which the SMTP server will use to send e-mails in the Return E-mail Address field.

Step 7. Enter the e-mail address where the log alerts are to be sent in the Send To E-Mail Address(1) field. This is the e-mail where log alerts will be sent.

Step 8. (Optional) Enter the e-mail address where the log alerts are to be sent in the Send To E-Mail Address(2) field. This is an additional e-mail where log alerts will be sent.

Step 9.  (Optional) Enter the e-mail address where the log alerts are to be sent in the Send To E-Mail Address(3) field. This is another additional e-mail where log alerts will be sent.

Step 10. Choose the desired authentication type from the Authentication with SMTP Server drop-down list.

• None — This disables authentication.

• Login Plain — This requires SMTP server authentication before it accepts connections. This is a common method to log in to an SMTP server. After the username and password are sent from the client to the server, they are combined to a base64 encoded string. The username and password are not sent as plain text over the Internet, unlike MD5.

• CRAM-MD5 — This requires SMTP server authentication before it accepts connections. In CRAM-MD5 authentication, the server first sends a challenge string to the client and a response is received from the client as a string. The types of security this provides is that no hash can be duplicated without its password, others cannot replay the hash, and the observers do not have an option to learn the password.

Step 11. Enter the username and password which will be used for authentication in the Username and Password fields if Login Plain or CRAM-MD5 was chosen in Step 8.

Step 12. Click Test to verify that the e-mail logs function is configured correctly.

Step 13. Check the Respond to Identd from SMTP Server check box to configure the router to respond to an IDENTD request from the SMTP server. The Ident Protocol is a scheme to verify the e-mail of sender (a common daemon program to provide the ident service which is called identd.

Send E-mail Logs by Schedule

Configures the schedule such that logs are e-mailed at specific times of the day/week. Logging policy can be configured as desired to work with the times of schedule.

Step 1. Log in to the web configuration utility and choose Administration > Logging > Remote Logging Configuration. The Remote Logging Configuration page opens:

Step 2. Choose the desired unit from the Unit drop-down list for the frequency of e-mail logs.

Step 3. (Optional) If Weekly was chosen in Step 2, choose the desired day from the Day drop-down list for the frequency of e-mail logs.

Step 4. (Optional) If Weekly or Daily was chosen in Step 2, choose the desired time of the day from the Time drop-down list for the specific time (hour) of e-mail logs to be sent.

Step 5. Click Configure Logging Policy and the Logging Policies page opens:

Step 6. Click Add and the Add / Edit Logging Policy Configuration page opens:

Step 7. Enter the preferred policy name in the Policy Name field.

Step 8. Check the IPsec VPN Logs check box to enable the logs related to IPsec negotiations. These are related to user space logs.

Step 9. Check the appropriate check box in the variable severity configuration table:

• Emergency — This sends logs when the system is unusable with an emergency state. Like an "urgent" condition which affects multiple apps/servers/sites. All tech will be notified when this happens.

• Alert — This sends logs when immediate action is needed. This needs to be corrected immediately therefore notify staff. An example of this would be the loss of a primary ISP connection.

• Critical — This sends logs when the device was in critical condition. These logs can be fixed right away but these logs indicate primary failure of system. An example of this would be the loss of the backup ISP connection. These logs are directed at the global level.

• Error — This sends logs which pertain to error conditions. These logs indicate a serious problem, but are in a category that does not require immediate attention. These log messages can be described as non-urgent failures and need to be relayed to developers or admins. Each error log needs to be taken care of within a given time.

• Warning — This sends logs with warning conditions. This is a heads up for a potential problem, but not a response to an actual problem. It is a warning that indicates that a component or application is not in an ideal state. These messages are not an error, but an indication that an error will occur if action is not taken, such as when the file system is 85% full.

• Notification — This sends logs which are normal but have significant conditions. These logs are not like error conditions. The solution set to these log messages is to summarize them in an email and email your admins or developers to spot a potential problem, but an immediate action is not required.

• Information — This sends logs which have informational messages only. These log messages contain non-critical information for the admin and can be further harvested for documentation issues.

• Debugging — This sends logs which have debugging messages only. These logs are useful to developers to debug the application, but not useful amidst operations.

Step 10. Click Save to apply changes.

Syslog Server

If you want the router to send logs to a Syslog server, configure the following. You can configure up to 8 Syslog servers.

Step 1. Log in to the web configuration utility and choose Administration > Logging > Remote Logging Configuration. The Remote Logging Configuration page opens:

Step 2. Check the Syslog Server check box to enable the Syslog policy.

Step 3. Enter the server name in the Syslog Server 1 field.

Step 4. Choose the policy from the Logging Policy drop-down list. The options are from the policies added on the Logging Policies page.

Steo 5. Click Save to apply settings.