Setting up syslog notifications

Edit online

The syslog protocol is a standard protocol for forwarding log messages from a sender to a receiver on an IP network. The system can send syslog messages that notify personnel about an event. You can set up syslog event notifications with either the management GUI or the command-line interface (CLI).

About this task

The system can transmit syslog messages in either expanded or concise format. Servers configured with facility values of 0 - 3 receive syslog messages in concise format. Servers configured with facility values of 4 - 7 receive syslog messages in fully expanded format. The default value is 0. The facility number that is used in syslog messages also identifies the origin of the message to the receiving server. You can use a syslog manager to view the syslog messages that the system sends. For error, warning, and information notifications the format that messages are sent in depends on the facility setting. Audit (-audit) and authentication (-login) messages are sent in a single format so for these messages there is no distinction between concise and expanded format. The system supports both TCP and UDP transmission protocols to send the syslog message to the specified syslog servers. You can specify up to a maximum of six syslog servers with either an IP address or a fully qualified domain name and its corresponding port. The default port for the TCP protocol is port 6514, and the default port for UDP transmissions is 514. If you are using a domain name to identify a syslog server, ensure that a DNS server is configured on the system. Domain names cannot exceed 40 characters. To configure a DNS server, select Settings > Network > DNS in the management GUI or use the mkdnsserver command.

The system supports the following syslog notifications and message types:
Error notifications
Select this option to send error notifications that can indicate a serious problem with the system.
Warning notifications
Select this option to send warning notifications that can indicate a problem or unexpected condition with the system. Always immediately investigate this type of notification to determine the effect that it might have on your operation, and make any necessary corrections.
Information notifications
Select this option to send information messages that indicate an expected operation has completed on the system.
Audit log messages
Select this option to include any CLI or management GUI operations on the specified syslog servers.
Authentication log messages
Select this option to send successful and failed authentication attempts to the specified syslog servers.

To configure or work with syslog notification settings in the management GUI, select Settings > Notifications > Syslog.

To configure and work with notification settings, use the following commands:

Procedure

  1. Enter the mksyslogserver CLI command to specify the action that you want to take when a syslog error or event is logged to the error log.
    For example, you can enter the following CLI command to set up a syslog notification:
    mksyslogserver syslog_server_name -ip ip_address_or_domain_name

    where syslog_server_name is the name of the syslog server definition and ip_address_or_domain_name is the external Internet Protocol (IP) address or fully qualified domain name of the syslog server.

  2. To modify a syslog notification, enter the chsyslogserver command.
    For example:
    chsyslogserver syslog_server_name -ip ip_address_or_domain_name

    where syslog_server_name is the name of the syslog server definition and ip_address_or_domain_name is the external IP address or domain name of the syslog server.

  3. To delete a syslog notifications and server definitions, enter the rmsyslogserver command.
    For example:
    rmsyslogserver syslog_server_name -force
  4. To display either a concise list or a detailed view of syslog servers that are configured on the system, enter the lssyslogserver command.
    For example, to display a concise view, enter the following command: 
    lssyslogserver -delim :
    To display a detailed view of a syslog server, enter the following command:
    lssyslogserver syslog_server_name_or_id
    where syslog_server_name_or_id is the name or ID of an existing syslog server.