Configuring a Dedicated Logging Port on Scalable Chassis

The Chassis logging mechanism lets each SGM forward logs directly to a dedicated Log Server over the SSM's management ports.

However, the SSM's management ports can experience a high load when SGMs generate a large number of logs.

To reduce the load on the SSM management ports:

  1. Configure a dedicated SSM port for logging

  2. Configure the Chassis to send the logs to the dedicated Log Server

Topology:

[Management Server](some interface) <===> (SSM port 1)[Chassis]

[Management Server](some interface) <===> (interface 1) [Log Server] (interface 2) <===> (SSM port 2)[Chassis]

Procedure:

Step

Instructions

1

Install a dedicated Log Server:

  1. Install a dedicated Log Server with two physical interfaces.

    See the Installation and Upgrade Guide for your version > Chapter Installing a Dedicated Log Server or SmartEvent Server.

  2. Connect one physical interface on the dedicated Log Server to the Management Server.

  3. Connect another physical interface on the dedicated Log Server directly to an available SSM port.

    Important - Do not use the same SSM port, which connects to the Management Server.

  4. In SmartConsole, create the required object that represents the dedicated Log Server.

    See the Installation and Upgrade Guide for your version > Chapter Installing a Dedicated Log Server or SmartEvent Server.

2

In the Gaia OS of the Security Group, configure in Gaia gClish the dedicated management port on the SSM.

Syntax:

[Expert@SG-s01-01:0]# gclish

[Global] SG-s01-01> set interface ethX-MgmtY ipv4-address <IPv4 Address> mask-length <Mask Length>

Example:

[Global] SG-s01-01 > set interface eth1-Mgmt2 ipv4-address 2.2.2.10 mask-length 24

Note - You must assign an IPv4 address from the same subnet as assigned to the dedicated interface on the Log Server, which connects to the SSM.

3

In SmartConsole, configure the Security Group object to send its logs to the dedicated Log Server.

See the Logging and Monitoring Administration Guide for your version > Chapter Getting Started > Section Deploying Logging Section - Subsection Configuring the Security Gateways for Logging.

Note - The SMO makes sure that return traffic from the Log Server reaches the correct Security Group Member in the Security Group.