Redirecting Alerts and Logs to External syslog server (asg_syslog)
Use asg_syslog to redirect alert messages and firewall logs to remote syslog servers.
This command lets you:
- Configure remote syslog servers to log all alert messages by:
- Disable/Enable firewall logs to be sent to the Log Server.
- Log Server is configured from SmartDashboard:
- Right-click gateway object > > >
- Make sure the configuration is consistent on all SGMs.
- Recover configuration on all SGMs by forcing current SGM configuration on all SGMs.
asg_syslog is available only from Expert mode.
Syntax
# asg_syslog verify|print [ -v ]|recover
Parameter
|
Description
|
verify
|
Verify configuration consistency on all SGMs
|
print [-v]
|
Print remote syslog servers configuration
-v - Verbose mode
|
recover
|
Recover configuration files on all SGMs and restart syslog service
|
Example 1
# asg_syslog verify
Output
------------------------------------------------------------------
|Service |Path |Result |
------------------------------------------------------------------
|CPLog |/etc/syslog_servers_list.conf |Passed |
------------------------------------------------------------------
|Alert |/etc/syslog.conf |Passed |
------------------------------------------------------------------
|
Note - Configuration files on all SGMs are identical.
|
Example 2
# asg_syslog print
Output
---------------------------------------
|Service |Server IP |Status |
----------------------------------------
|alert |5.5.5.5 |disable |
----------------------------------------
|alert |6.6.6.6 |enable |
----------------------------------------
* Firewall logging is disabled
Syntax
Configure remote syslog servers for alerts:
# asg_syslog disable|enable|set|delete alert <ip>|<host_name>
Configure remote syslog server for firewall logs:
Syntax
# asg_syslog disable|enable|set[-s <status>]|delete cplog <ip>|<host_name>
|
Note - When you configure alert syslog servers, the syslog service restarts on all SGMs.
|
Parameter
|
Description
|
set
|
Set remote syslog server
|
-s <status>
|
Set connection status
Valid values:
|
disable
|
Disable firewall logs and alerts to be sent to a remote syslog server defined by IP address or host name.
Note: This does not remove the configuration. You can enable it again using enable.
|
enable
|
Enable firewall logs and alerts to be sent to a remote syslog server defined by IP address or host name.
You can use this parameter after the remote server has been configured.
|
delete
|
Delete the remote syslog server
|
<ip>|<host_name>
|
IPv4 address or hostname of the remote syslog server.
|
Examples
# asg_syslog set alert 5.5.5.5
Writing new configuration
Updating all SGMs with new configuration
Restarting syslog service on all SGMs
syslog alert server 5.5.5.5 configured successfully
----------------------------------------
|Service |Server IP |Status |
----------------------------------------
|alert |5.5.5.5 |enable |
----------------------------------------
Firewall logging is disabled
# asg_syslog disable alert 5.5.5.5
Updating all SGMs with new configuration
Restarting syslog service on all SGMs
syslog alert server 5.5.5.5 status changed to disable
----------------------------------------
|Service |Server IP |Status |
----------------------------------------
|alert |5.5.5.5 |disable |
----------------------------------------
* Firewall logging is disabled
#asg_syslog set cplog 6.6.6.6 -s disable
Writing new configuration
Updating all SGMs with new configuration
syslog cplog server 6.6.6.6 configured successfully
----------------------------------------
|Service |Server IP |Status |
----------------------------------------
|alert |5.5.5.5 |disable |
----------------------------------------
|cplog |6.6.6.6 |disable |
----------------------------------------
* Firewall logging is disabled
Syntax
Use this command to disable or enable firewall logs to be sent to the Firewall log server (SmartView Tracker):
# asg_syslog disable|enable log_server
Parameter
|
Description
|
disable
|
Disable sending firewall logs to the log server.
Log server is configured in SmartDashboard.
|
enable
|
Enable sending firewall logs to the log server.
Log server is configured in SmartDashboard.
|
Example
# asg_syslog disable log_server
# asg_syslog print -v
--------------------------------------------------------------------------------
|Service |Server IP |Port |Protocol# |RFC version |Status |
--------------------------------------------------------------------------------
* Firewall logging is disabled
|
