Packeteer Home Page Choose a PacketGuide version   

 Feedback

 Search

 Index

 Contents

What's New?

 Home

 PolicyCenter Home

 Overviews

 Recommendations

 Tasks
    Setup
    Classification
    Traffic Tree Mgmt.
    Monitoring
    Partitions
    Policies
    Policy Manager
    Graphs & Reports
    Measurement
    Event Notification
      Set Up Notification
      Predefined Events
      Define
      Register
      View Status
      View Graphs
      View Logs
      Manage Email Queue
    Response Time
    Xpress
    Administration
    Customer Portal
    Adaptive Response
    Direct Standby
    Watch Mode

 PolicyCenter Tasks

 Reference

 Product Information
   Documents



 

Set Up Syslog

The logging feature gives administrators a way to centrally log and analyze configuration events and system error messages. For example, if you are using RADIUS authentication, each failed login attempt will be sent to the defined Syslog server.

Syslog can be used in conjunction with the adaptive response and user events feature. For example, when you register an event, you will be asked if you want to send events to Syslog; you can define and register an event that sends a message to a Syslog server when retransmissions rise to 30 percent of your network activity.

To set up logging, you need to:

1. Define one or more Syslog servers.

2. Enable the logging feature.

Define the Syslog Server

To define a Syslog server, use the setup syslog add command from the command-line interface as described below. You can add up to four Syslog servers.

To define a Syslog server:

1. Access the CLI.

2. At the command-line prompt, use the following command:

setup syslog add host:<ipaddress> [output:<facility>,<level>] [port:<portnum>] [datetime]

host:<ipaddress> The Syslog server IP address — for example, host:10.7.38.100
output:<facility>,<level>

The facility and severity level — for example, output:local1,6
Up to three outputs can be specified. The default facility is local4 and the default level is 7. Packeteer user events are at severity level 6; if you want to capture them with Syslog, you must set the level to 6 or 7.

See Facility Types and Severity Levels below for lists of the valid facility types and levels.
port:<portnum> The port number of the Syslog server; if the port isn’t specified, port 514 is used
datetime Include the date and time in the message; the date and time are not included unless you specify the datetime parameter

For example:

setup syslog add host:10.7.38.100 output:local4,3 datetime

Facility Types

You can enter the keyword or value specified in the following table.

Description

Keyword

Value

Kernel

kern

0

User Processes

user

1

Electronic Mail

mail

2

Background System Processes

daemon

3

Authorization

auth

4

System Logging

sysl

5

Printing

lpr

6

Usenet News

news

7

Unix-to-Unix Copy Program

uucp

8

Clock Daemon

clkd

9

Security

sec2

10

FTP Daemon

ftpd

11

NTP Subsystem

ntp

12

Log Audit

audi

13

Log Alert

alert

14

Clock Daemon

clkd2

15

For Local Use

local0-local7

16-23

Severity Levels

You can enter the keyword or value specified in the following table. Set the level to specify which messages to suppress to the Syslog server. For example, setting the severity level to 3 allows messages with levels 0 - 3 and suppresses messages with levels 4 - 7. If you don't specify a severity level, 7 is used. With the default severity level, messages of all levels will get sent to the Syslog server.

Description

Keyword

Value

System unusable

emerg

0

Take immediate action

alert

1

Critical condition

crit

2

Error message

err

3

Warning message

warn

4

Normal but significant condition

notice

5

Informational (includes Packeteer user events)

info

6

Debug message

debug

7

At the "warn" level, Packeteer will send the following types of messages to the Syslog server:

  • Login failed
  • Hard drive status
  • Measurement Engine status
  • Direct standby status
  • Plug-in status

See Packeteer Syslog Warn Messages for a list of these messages.

User events that are configured to send a syslog message when a threshold is crossed are sent at the info severity level (6). See event register for more information on configuring an event to send a syslog message.

Adaptive response action files that include the send syslog command can designate the severity level at which the message is sent to the Syslog server; any level can be specified.

Enable the Logging Feature

To enable the logging feature so that messages will be sent to the defined Syslog server(s), type the following command at the command-line prompt:

setup syslog on

To check whether the logging feature is on or off, use the setup syslog show command.

 

PacketGuide™ for PacketWise® 8.3