Configure Syslog

MSL includes a syslog server for message logging. When a system event occurs, such as a failed authentication attempt or login failure, the affected service generates a message which is recorded in a log file. You can examine these messages in the Log File Viewer.

You can enhance this functionality by enabling the local system to accept syslog messages from remote hosts, and by enabling the local system to send its own syslog messages to remote hosts.

Receiving Messages from Remote Hosts

You can configure the local syslog server to accept event messages from other syslog servers, provided that they are in list of trusted networks. The event messages can be received over UDP (using port 514) and TCP (using a configured port).

To start receiving syslog event messages from remote hosts:

  1. Under Security, click Syslog.

  2. Under Accept syslogs from remote hosts, do the following:

    1. In the Accept remote syslog on UDP field, click Enable.

    2. (Optional) In the Accept remote syslog on TCP field, click Enable. In the Listen Port field, enter a port number (for example, 514), and then click Save.

The local system can now receive syslog event messages from remote hosts.

To stop receiving syslog event messages from a remote host:

  1. Under Security, click Syslog.

  2. Under Accept syslogs from remote hosts, locate the protocol you wish to disable (UDP or TCP).

  3. Click Disable.

Sending Messages to Remote Hosts

You can configure the local syslog server to forward its own event messages to one or more other syslog servers.

To start sending local syslog event messages to a remote host:

  1. Under Security, click Syslog.

  2. Under Forward local syslogs, click Add remote syslog destination.

  3. In the Configure syslog screen, do the following:

    1. In Facility, select type of program or subsystem that is logging the message. By default, the auth facility code (security/authorization messages) is selected. You may also select authpriv (messages generated internally by syslogd) or any other facility code. For a complete list of facility code descriptions, see RFC 3164.

    2. In Destination Host (ip:port), enter the IP address and port number of the remote syslog server.
      Note:

      • A port number is required only if TCP is selected as the transport.

      • You can enter multiple destination hosts, provided that they use the same facility and port number. Use commas to separate the individual entries.

    3. In Protocol, select the transport, either UDP or TCP.

  4. Click Next, and then click Add.

    The local system will new forward syslog event messages to the designated remote host(s).

To stop sending local syslog event messages to a remote host:

  1. Under Security, click Syslog.

  2. Under Forward local syslogs, locate the host you wish to disable.

  3. Click Remove twice.

Parent topic: About Remote Access