Redirecting Alerts and Logs to External syslog server (asg_syslog)
Description
asg_syslog command should be used in order to redirect alert messages and firewall logs to remote syslog servers.
This command allows configuring the following:
- Remote syslog servers either by IPv4 address or by hostname to log all alert messages.
- Remote syslog servers to log FW logs.
- Disable/Enable firewall logs to be sent to the Log Server. (Log Server is configured from SmartDashboard: Right-click gateway object > Edit > Logs and Masters > Log Servers)
- Verify configuration consistency on all SGMs.
- Recover configuration on all SGMs by forcing current SGM configuration on all SGMs.
asg_syslog is available only from Expert shell
Syntax:
asg_syslog <verify|print [ -v ]|recover>
Parameter
|
Description
|
<verify>
|
Verify configuration consistency on all SGMs
|
<print> [-v]
|
Print remote syslog servers configuration
|
<recover>
|
Recover configuration files on all SGMs and restart syslog service
|
Example 1
asg_syslog verify
Output
------------------------------------------------------------------
|Service |Path |Result |
------------------------------------------------------------------
|CPLog |/etc/syslog_servers_list.conf |Passed |
------------------------------------------------------------------
|Alert |/etc/syslog.conf |Passed |
------------------------------------------------------------------
Notes
Configuration files on all SGMs are identical
Example 2 asg_syslog print
Output
---------------------------------------
|Service |Server IP |Status |
----------------------------------------
|alert |5.5.5.5 |disable |
----------------------------------------
|alert |6.6.6.6 |enable |
----------------------------------------
* Firewall logging is disabled
Syntax
Configure remote syslog servers for alerts:
Usage
asg_syslog <disable|enable|set|delete> alert <IP address|hostname>
Configure remote syslog server for firewall logs:
Usage
asg_syslog <disable|enable|set[-s <status>]|delete> cplog <IP address>
Note: When configuring alert syslog servers, syslog service is being restarted on all SGMs.
Parameter
|
Description
|
<set>
|
Set remote syslog server
|
-s <status>
|
Set connection with status <enable> or <disable>
|
<disable>
|
Disable sending Firewall logs / alerts to a remote syslog server defined by IP address or host name.
Note: disable operation will not remove the configuration. You can enable it again using the ‘enable’ parameter
|
<enable>
|
Enable sending Firewall logs / alerts to a remote syslog server defined by IP address or host name.
This parameter can be used after the remote server has been configure ( see ‘set’ parameter)
|
<delete>
|
Delete remote syslog server.
|
<ip address | host name>
|
IPv4 address or hostname of the remote syslog server. Hostname will be applicable when hostname resolution can be made, either via DNS or by static configuration.
|
Examples:
# asg_syslog set alert 5.5.5.5
Writing new configuration
Updating all SGMs with new configuration
Restarting syslog service on all SGMs
syslog alert server 5.5.5.5 configured successfully
----------------------------------------
|Service |Server IP |Status |
----------------------------------------
|alert |5.5.5.5 |enable |
----------------------------------------
Firewall logging is disabled
# asg_syslog disable alert 5.5.5.5
Updating all SGMs with new configuration
Restarting syslog service on all SGMs
syslog alert server 5.5.5.5 status changed to disable
----------------------------------------
|Service |Server IP |Status |
----------------------------------------
|alert |5.5.5.5 |disable |
----------------------------------------
* Firewall logging is disabled
#asg_syslog set cplog 6.6.6.6 -s disable
Writing new configuration
Updating all SGMs with new configuration
syslog cplog server 6.6.6.6 configured successfully
----------------------------------------
|Service |Server IP |Status |
----------------------------------------
|alert |5.5.5.5 |disable |
----------------------------------------
|cplog |6.6.6.6 |disable |
----------------------------------------
* Firewall logging is disabled
Syntax:
To Disable/Enable firewall logs to be sent to Firewall log server (i.e. SmartView Tracker):
asg_syslog < disable | enable > log_server
Parameter
|
Description
|
<disable>
|
Enable sending firewall logs to the log server.
(log server is configured in Smart Dashboard)
|
<enable>
|
Disable sending firewall logs to the log server.
(log server is configured in Smart Dashboard)
|
Example:
# asg_syslog disable log_server
# asg_syslog print -v
--------------------------------------------------------------------------------
|Service |Server IP |Port |Protocol# |RFC version |Status |
--------------------------------------------------------------------------------
* Firewall logging is disabled
|