Configuring a Dedicated Logging Port
The 61000/41000 Security System logging mechanism lets each SGM forward logs directly to a logging server over the SSM's management ports. However, management ports can experience a high load when a large number of logs are forwarded. Load on the SSM management ports can be significantly reduced by:
- Setting up a dedicated SSM port for logging
- Assigning the dedicated logging port to each SGM
To set up a dedicated logging port:
- Install a log server and create an object for it in SmartDashboard.
- Connect the log server directly to a management port on the SSM.
Important - Do not use the same port which connects to the Security Management server.
- In
gclish, use set interface to configure the port as a dedicated logging port:
Syntax
> set interface <if_name> ipv4-address <ip> mask-length <length>
Parameter
|
Description
|
<if_name>
|
The interface that connects directly to the log server
|
<ip>
|
IPv4 address of the logging server
|
<length>
|
Subnet mask length
|
Example
> set interface eth1-Mgmt2 ipv4-address 2.2.2.10 mask-length 24
Output
1_0l:
success
1_02:
success
1_03:
success
2_01:
success
2_02:
success
2_03:
success
>
Notes:
- For each SGM, eth1-Mgmt2 is set as a unique logging port.
2.2.2.0/24 is the logging server network or leads to the logs server network
To connect to the logging server:
- Open SmartDashboard.
- Open the Single Management Object (SMO) for the 61000/41000 Security System.
- On the > page, select.
- Select the dedicated log server.
- Install the policy.
|
Note -
- The SMO in SmartDashboard makes sure that return traffic from the logging server, such as ACKS, reaches the correct SGM.
- 61000/41000 Security System can be configured to send logs to more than one log server.
|
|
|
