Adding additional syslog server to a host

Contents

Syslog is a widely used mechanism for logging system events. NIOS appliances generate syslog messages that y’all can view through the Syslog viewer and download to a directory on your direction station. In improver, you tin configure a NIOS appliance to ship the messages to one or more external syslog servers for subsequently analysis. Syslog messages provide information near appliance operations and processes. NIOS appliances include syslog messages generated by the bloxTools service. You can choose logging categories to send specific syslog messages. The prefixes in the syslog messages are based on the logging categories you configure in the syslog. Note that syslog messages are prefixed but when you lot select logging categories. For information about how to configure logging categories, meet

Specifying Syslog Servers
. Y’all tin can also include audit log messages and specific BIND messages among the letters the appliance sends to the syslog server.

In addition to saving system messages to a remote syslog server, a NIOS appliance also stores the organisation messages locally. When the syslog file reaches its maximum size, which is 300 MB for Infoblox appliances and VMware virtual appliances, and 20 MB for Riverbed virtual appliances, the apparatus automatically writes the file into a new file past adding a .
extension to the get-go file and incrementing subsequent file extensions past one.
Files are compressed during the rotation process, adding
a.gz
extension following the numerical increment (
file.#.gz
). The sequential incrementation goes from zero through nine. When the eleventh file is started, the tenth log file (
file.9.gz
) is deleted, and subsequent files are renumbered accordingly. For case, the current log file moves to
file.0.gz
, the previous

file.0.gz

moves to

file.i.gz
, and so on through

file.9.gz
. A maximum of 10 log files (0-9) are kept.
You can prepare syslog parameters at the Grid and member levels. At the member level, you can override Filigree-level syslog settings and enable syslog proxy.
You can configure the appliance to back up rotated syslog files to external servers through FTP or SCP. When you exercise and then, the appliance forwards the rotated syslog files to the external servers that you lot configure. Yous can configure upward to 10 external syslog backup servers each at the Grid and member levels. You lot can besides override the Grid-level server configuration at the member level. For information about configuring syslog backup servers, encounter

Configuring Syslog Backup Servers

.

This section includes the following topics:








Specifying Syslog Servers

To configure a NIOS appliance to transport messages to a syslog server:

  1. From the
    Grid
    tab, select the
    Grid
    Director
    tab ->
    Members
    tab, and so click
    Filigree
    Backdrop
    ->
    Edit
    from the Toolbar.
  2. In the
    Filigree
    Properties
    editor, select the
    Monitoring
    tab, so complete the following:
    Syslog

    In addition to storing the syslog on a Grid member, you can configure the Filigree to send the log to an external syslog server.
    • Syslog size (MB): Specify the maximum size for a syslog file. Enter a value between x and 300. The default is 300.
      When the syslog file reaches the size you enter here, the appliance automatically writes the file into a new file past adding a .0 extension to the get-go file and incrementing subsequent file extensions by i.
    • Log
      to
      External
      Syslog
      Servers:
      Select this to enable the appliance to transport messages to a specified syslog server. Grid Manager displays the current syslog servers in the table. To define a new syslog server, click the Add together icon and complete the following:

      • Accost:
        Enter the IP address of the syslog server. Entries may be an IPv4 or IPv6 address.
      • Transport:
        From the drop-down listing, select whether the appliance uses
        Secure
        TCP,
        TCP
        or
        UDP
        to connect to the external syslog server.
      • Server
        Certificate: Click
        Select
        to upload a self-signed or a CA-signed server document. In the
        Upload
        dialog, click
        Select
        and navigate to the certificate file, and then click
        Upload. Note that this is valid but for
        Secure
        TCP
        send.
      • Interface:
        From the drop-down list, select the interface through which the appliance sends syslog messages to the syslog server.

        • Any: The apparatus chooses any port that is available for sending syslog letters.
        • LAN: The appliance uses the LAN1 port to transport syslog letters.
        • MGMT: The appliance uses the MGMT port if it has been configured. Otherwise, it uses the LAN1 port.
      • Source:
        From the drop-downward listing, select which syslog messages the appliance sends to the external syslog server:

        • Whatever:
          The appliance sends both internal and external syslog messages.
        • Internal:
          The appliance sends syslog messages that it generates.
        • External:
          The appliance sends syslog letters that it receives from other devices, such as syslog servers and routers.
      • Node

        ID
        : Specify the host or node identification cord that identifies the appliance from which syslog letters are originated. This string appears in the header message of the syslog packet. Select one of the post-obit:

        • LAN: Use the LAN1 IP address of the apparatus. For an HA pair, this is the LAN1 accost of the agile or passive node. This is the default.
        • Host

          Name
          : Apply the host proper name of the apparatus in FQDN format.
        • IP

          and

          Host

          Name
          : Employ both the FQDN and the IP address of the apparatus. The IP address tin can be the LAN1 or MGMT IP address depending on whether the MGMT port has been configured. Annotation that if the MGMT port is not configured, the LAN1 IP address is used.

          Specifying Syslog Servers

          provides more data about which IP address is used in the syslog configuration file when the MGMT port has been configured.
        • MGMT: Use the MGMT IP accost, if the port has been configured. If the MGMT port is not configured, the LAN1 IP accost is used. This can be an IPv4 or IPv6 address.
      • Port:
        Enter the destination port number. The default is 514 for TCP and UDP. For Secure TCP, the default port is 6514.
      • Severity:
        Cull a severity filter from the drop-down list. When y’all cull a severity level, the apparatus sends log letters with the selected level and the levels above information technology. The severity levels range from the lowest,
        debug, to the highest,
        emerg. For case, if yous cull
        debug, the appliance sends all syslog letters to the server. If you choose
        err, the apparatus sends messages with severity levels
        err,
        crit,
        alert, and
        emerg.

        • emerg: Panic or emergency conditions. The system may be unusable.
        • warning: Alerts, such as NTP service failures, that crave immediate actions.
        • crit: Critical weather condition, such as hardware failures.
        • err: Fault messages, such every bit client update failures and duplicate leases.
        • warning: Warning messages, such every bit missing keepalive options in a server configuration.
        • observe: Informational messages regarding routine organisation events, such as “starting BIND”.
        • info: Informational messages, such as DHCPACK messages and discovery condition.
        • debug: Messages that contain information for debugging purposes, such every bit changes in the latency timer settings and AD authentication failures for specific users.
      • Logging

        Category: Select ane of the following logging categories:

        • Send

          all
          : Select this to log all syslog letters, irrespective of categories to which it belongs. When you select this option, the appliance logs syslog messages for all the events, including all DNS and Infoblox related events. Yet, the syslog messages are not prefixed when you select this option.
        • Send

          selected

          categories
          : Select this to configure logging categories from the list of bachelor logging categories. Utilise the arrows to move logging categories from the
          Bachelor
          table to the
          Selected
          table and vice versa. The appliance sends syslog messages for the categories that are in the
          Selected
          tabular array. When you select this option, you must add at least i logging category. The syslog messages are prefixed with a category proper name to which it belongs. As well, the RPZ events logged in the syslog messages uses specific prefixes for the selected categories. Note that the syslog messages are prefixed when you lot prepare logging categories for at to the lowest degree one external syslog server, even if yous set other external syslog servers as
          Send

          All
          .
Popular:   Edifecs to Unveil Expanded Risk Adjustment, Interoperability and Value-Based Payment Solutions at HIMSS22|||

Note:
The syslog categories you specify here is different from that of logging categories specified in the
Logging
tab in the
Grid
DNS
Properties
or
Member
DNS
Backdrop
editor. The external server preserves contents of the selected categories even when selection is changed from
Send
all
to
Send
selected
categories
and vice versa.


        • Click
          Add
          to add together the extern
          al syslog server information.
    • Copy

      Inspect


      Log

      Letters

      to

      Syslog:
      Select this for the apparatus to include audit log messages information technology sends to the syslog server. This function can exist helpful for monitoring administrative activities on multiple appliances from a central location.

      • Syslog

        Facility:

        This is enabled when you select
        Copy

        audit

        log

        letters

        to


        syslog
        . Select the facility that determines the processes and daemons from which the log messages are generated.

3. Save the configuration and click
Restart
if it appears at the tiptop of the screen.




Syslog Message Prefixes

You can configure the syslog external backup servers to send (archive) syslog files to unlike destinations by their logging categories. This allows you to split syslog files based on the service and efficiently perform troubleshooting. For example, you can archive all DNS related logs on Server 1, and all DHCP related logs on Server 2. For data about how to configure an external syslog backup server, see


Configuring Syslog Fill-in Server

.
When y’all select the
Send
selected
categories
option, the syslog messages are prefixed with a category name to which it belongs.

For syslog bulletin prefixes to exist enabled, you must bank check the

Log to External Syslog Servers

check box in

Grid Properties

>

Monitoring
. As well, the external syslog server (which can exist a virtual or a physical server) must accept at least one of the syslog categories selected instead of the

Send all

option selected in the

Logging Category

field.


Note:
When you set
Ship
all
in the
Logging
Category, the appliance logs syslog letters for all the events and they are not prefixed. The syslog messages are prefixed even if one external syslog server is set with the
Transport
selected
categories
pick.


Following are the prefixes used for different logging categories:

  • DNS
    Logging
    Categories: All DNS related messages use the post-obit prefixes:
    client, config, database, dnssec, full general, lame_servers, network, notify, queries, query_rewrite, resolver, responses, rpz, security, update, update_security, xfer_in, and
    xfer_out.


Sample syslog bulletin for queries:

2014-ten-27T08:fifteen:49+00:00 daemon ib-10-35-117-12.infoblox.com named[1923]: info

queries: customer 10.35.117.12#55190 (i.0.0.127.in-addr.arpa): query:

1.0.0.127.in-addr.arpa IN PTR +E (10.35.117.12)


Sample syslog bulletin for xfer-out:

2014-x-10T06:44:09+00:00 daemon infoblox.localdomain named[17630]: info xfer-out:

client 10.120.20.157#58275 (zone.com): transfer of 'zone.com/IN': AXFR started

  • ADP: All Infoblox related messages use prefix
    adp.

Note:
There is no prefix for RPZ syslog letters that does not belong to the DNS or ADP category.


  • DHCP: All DHCP related messages use the following prefixes:
    dhcpd, omshell, dhcrelay, and
    dhclient.


Sample syslog message for dhcp:

Sep 4 09:23:44 ten.34.half dozen.28 dhcpd[20310]: DHCPACK on 70.1.20.250 to fc:5c:fc:5f:10:85 via

eth1 relay x.120.twenty.66 lease-duration 600

  • DTC: All DTC related messages use the following prefixes:
    idns_healthd
    and
    idnsd.


Sample syslog message for idns_healthd:

Sep three 12:12:35 10.34.6.30 idns_healthd[1220]: resource wellness status [Monitor 'icmp'

(ICMP, port 0) checked server 's1' (IP 10.34.half-dozen.23), status: IPv4=ONLINE]

  • Cloud: All cloud related messages use prefix
    cloud_api.


Sample syslog message for cloud_api:

Sep iv ten:53:30 10.34.half dozen.32 cloud_api[5354]: [admin]: Login_Allowed - -

to=Serial\040Console apparently_via=Remote ip=10.120.20.66 auth=Local

group=.admin-group

  • NTP: All NTP related letters employ prefix
    ntpd.


Sample syslog message for NTP:

Sep 28 06:57:21 10.35.116.7 ntpd[12186]: precision = 0.053 usec

Sep 28 06:57:21 10.35.116.7 ntpd[12186]: Listening on interface #0 wildcard, 0.0.0.0#123

Disabled

  • File
    Distribution: All File Distribution related messages employ the following prefixes:
    ftpd
    and
    tftp.

Sample syslog message for TFTP:

Sep 3 thirteen:03:09 ten.34.6.xxx monitor[23623]: Type: TFTP, State: Red, Event: A TFTPD daemon

failure has occurred

  • Authentication: All Authentication related messages utilise the following prefixes:
    auth, authpriv, Advertisement, and
    radiusd.


Sample syslog message for RADIUS hallmark:

Sep 28 10:09:55 10.35.116.four httpd: 2015-09-28 ten:09:55.912Z [user1]: Login_Allowed - -

to=AdminConnector ip=x.120.253.227 auth=RADIUS grouping=admin-grouping apparently_via=GUI

  • Microsoft
    Integration: All Microsoft Integration related messages employ the following prefixes:
    dns_server, connect_status, dns_zone, dhcp_server, dhcp_leases, clear_lease, ad_site, and
    ad_users.


Sample syslog bulletin for microsoft integration:

dns_server:

Sep 7 09:46:17 x.34.22.20 mssyncd[22315]: dns_server address x.102.thirty.157 : Conflict

in property Forwarders: NIOS value (property=<NULL IP assortment>) and Microsoft value

(property={10.0.ii.35, 10.0.two.sixty}). Resolved past using the Microsoft value

dhcp_server:

Sep vii ten:08:48 x.34.22.20 mssyncd[22316]: dhcp_server address 10.102.thirty.157 : Couldn't

open up RPC interface <MS-WKST>: an example of a named pipage cannot be found in the listening

state

Sep seven 10:08:48 ten.34.22.twenty mssyncd[22317]: dns_server address ten.102.30.157 : Opened

RPC interface <MS-WKST> as user 'ad-xv\frtest'

IP Address Used in the Syslog Configuration File

The following table describes which IP accost the apparatus uses as the node ID in the syslog configuration file, provided that the MGMT port has been configured. If the MGMT port is not configured, the LAN1 IP address is always used regardless of the configuration.




Table
37.1
IP
address
Used
in
Syslog
Config
File
when
MGMT
Port
is
Configured

Interface

Node
ID

IP
used
in
syslog
configuration
file

Whatever

MGMT

MGMT IP accost

Any

IP and Host Name

MGMT IP accost

MGMT

MGMT

MGMT IP address

MGMT

IP and Host Name

MGMT IP accost

LAN

MGMT

LAN1 IP address

LAN

IP and Host Name

LAN1 IP accost




Configuring Syslog Backup Servers

You can configure external syslog backup servers to forward rotated syslog files. Yous can configure up to 10 external syslog fill-in servers.
To configure external backup servers:

  1. Grid: From the
    Filigree
    tab ->
    Grid
    Manager
    tab, expand the Toolbar and click
    Grid
    Backdrop
    ->
    Edit.


    Member: From the
    Grid
    tab ->
    Grid
    Manager
    tab, click the
    Members
    tab, select the
    member
    check box, and click the
    Edit
    icon.
  2. Grid: In the
    Grid
    Backdrop
    editor, select the
    Syslog
    Backup
    tab.
    Member: In the
    Grid
    Member
    Backdrop
    editor, select the
    Syslog
    Fill-in
    tab and and so click
    Override
    to override the Grid-level settings.
    Complete the following to modify backup server settings:
    • Accost: Enter the IP accost of the external backup server. You are not allowed to configure more than one server using the same IP address at the aforementioned level (Grid or fellow member). Withal, yous can use the aforementioned server IP address at different levels (Grid or member). Note that you lot cannot modify the IP address for the overridden server.
    • Protocol: Select
      SCP
      or
      FTP
      from the drop-downwardly list.
    • Port: Enter the destination port number. The default port is 20 for FTP and 22 for SCP.
    • Path: Enter the directory path for the syslog file.
    • Username: Enter the username of your FTP or SCP account.
    • Password: Enter the password of your FTP or SCP account. If you exercise not modify the password of the overridden server, then brand sure that you use the aforementioned password specified at the Filigree level.
    • Enabled: Select this bank check box to enable the FTP or SCP server. The appliance frontward the rotated syslog files to the external servers that you configure merely after yous select this check box. Articulate the check box to disable the server.
Popular:   Worldwide Smart Routers Industry to 2028 - by Type, Application and Region - ResearchAndMarkets.com|||

3. Click
Save
and
Close.






Configuring Syslog for Grid Me
mbers

You tin override Grid-level syslog settings and enable syslog proxy for individual members. When you enable syslog proxy, the member receives syslog messages from specified devices, such every bit syslog servers and routers, and and so forwards these messages to an external syslog server. You can besides enable appliances to utilize TCP for sending syslog messages. Using TCP is more reliable than using UDP; this reliability is important for security, bookkeeping, and auditing letters sent through the syslog. Note that you cannot enable syslog proxy for Grid members, if they are configured on a Grid Master.
To configure syslog parameters for a member:

  1. From the
    Grid
    tab, select the
    Filigree
    Manager
    tab ->
    Members
    tab ->
    fellow member
    check box, and and so click the Edit icon.
  2. In the
    Filigree
    Member
    Backdrop
    editor, select the
    Monitoring
    tab ->
    Basic
    tab, click
    Override
    in the Syslog section, and then complete the fields as described in

    Configuring Syslog Servers
    .

    In addition to storing the organization log on a Grid fellow member, you can configure a fellow member to transport the log to a syslog server.
  3. Select the
    Advanced
    tab and complete the following:

    • Enable
      syslog
      proxy:
      Select this to enable the appliance to receive syslog messages from other devices, such as syslog servers and routers, and then frontward these messages to an external syslog server.

      • Enable
        listening
        on
        TCP:
        Select this if the apparatus uses TCP to receive messages from other devices. Enter the number of the port through which the appliance receives syslog letters from other devices.
      • Enable
        listening
        on
        UDP:
        Select this if the apparatus uses UDP to receive letters from other devices. Enter the number of the port through which the appliance receives syslog messages from other devices.
    • Proxy

      Access


      Command:

      Select ane of the following to configure access control when receiving syslog messages from specific syslog servers or routers:

      • None: Select this if you do non want to configure syslog proxy. When you select this pick, none of the devices tin can send syslog letters to the apparatus. This is selected by default.
      • Named

        ACL:

        Select this and click
        Select

        Named


        ACL

        to select a named ACL that contains just IPv4 addresses and networks. This does not support TSIG fundamental based ACEs. When yous select this, the appliance permits clients that accept
        Let
        permission in the named ACL to let syslog messages from specific syslog servers or routers. You tin can click
        Clear
        to remove the selected named ACL.
      • Ready
        of
        ACLs: Select this to configure private admission control entries (ACEs). Click the Add together icon and select ane of the post-obit from the drop-downward listing. Grid Managing director adds a row to the table.

        • IPv4

          Accost


          or

          IPv6

          Address:

          Select this to add an IPv4 or IPv6 address entry. Click the
          Value
          field and enter the address. The default permission is
          Allow, which means that the appliance allows access to and from this device. You tin change this to
          Deny
          to block access.
        • IPv4

          Network


          or


          IPv6


          Network:

          Select this to add an IPv4 or Ipv6 network entry. Click the
          Value
          field and enter the network. The default permission is
          Allow, which means that the apparatus allows syslog messages sent by this network. Y’all tin can alter this to
          Deny
          to cake access.
        • Whatsoever

          Accost/Network:

          Select this to allow or deny access to all IPv4 and IPv6 addresses and networks. The default permission is
          Allow, which means that the appliance allows syslog messages sent by all addresses and networks. Y’all can alter this to
          Deny
          to block access.

Afterwards you lot accept added access control entries, you can practise the following:

        • Select the ACEs that you lot want to group and put into a named ACL. Click the Create new named ACL icon and enter a name in the
          Convert
          to
          Named
          ACL
          dialog box.
        • Reorder the listing of ACEs using the up and downwardly arrows next to the table.
        • Select an IPv4 network and click the Edit icon to modify the entry.
        • Select an ACE and click the Delete icon to delete the entry. You can select multiple ACEs for deletion.

4. Salvage the configuration and click
Restart
if information technology appears at the top of the screen.






Setting DNS Logging Categorie
southward

You can specify logging categories y’all desire the syslog to capture. Furthermore, you can filter these messages by severity at the Grid and member levels. For information about severity types, encounter

Configuring Syslog Servers
.
To specify logging categories:

  1. From the
    Data
    Management
    tab, select the
    DNS
    tab, so click
    Grid
    DNS
    Backdrop
    from the Toolbar.

    or
    From the
    Data
    Management
    tab, select the
    DNS
    tab ->
    Members
    tab ->
    Grid_member
    check box, and and then click the Edit icon.
  2. In the
    Grid
    DNS
    Properties
    or
    Member
    DNS
    Properties
    editor, click
    Toggle
    Expert
    Mode
    if the editor is in the basic mode, select the
    Logging
    tab, and then complete the following:

    • Logging
      Facility:
      Select a facility from the drop-downwardly list. This is the location on the syslog server to which you want to sort the DNS logging messages.
    • Logging
      Category: Select one or more of these log categories:

      • general:
        Records the Bind letters that are non specifically classified.
      • customer:
        Enables the logging of messages related to query processing, but not the queries themselves. Examples of messages include exceeding recursive customer quota, and other errors related to recursive clients, blacklist and NXDOMAIN interception, query proper name rewrite, and others.
      • config:
        Records the configuration file parsing letters.
      • database:
        Records Bind’southward internal database processes.
      • dnssec:
        Records the DNSSEC-signed responses.
      • lame
        servers:
        Records bad delegation instances.
      • network:
        Records the network functioning messages.
      • notify:
        Records the asynchronous zone modify notification messages.
      • queries:
        Records the DNS queries. Note that enabling the logging of queries and responses volition significantly affect organization performance. Ensure that your system has sufficient CPU capacity before you enable DNS query logging.
      • rate-limit: Logs RRL (Response Rate Limiting) events. You must enable RRL in order for the appliance to log RRL events to this logging category.
      • resolver:
        Logs messages related to outgoing queries from the ‘named’ procedure, when it is acting every bit a resolver on behalf of clients.
      • responses: Records DNS responses. Note that enabling the logging of queries and responses will significantly affect arrangement performance. Ensure that your system has sufficient CPU chapters earlier you enable DNS response logging.
      • rpz: Records log messages when responses are modified through RPZs or for which explicit passthrus were invoked in the RPZs. This bank check box is not selected past default.
      • security:
        Logs miscellaneous messages that are related to security, such as denial or approval (mostly denial) of certain operations.
      • transfer-in:
        Records zone transfer messages from the remote proper name servers to the appliance.
      • transfer-out:
        Records zone transfer letters from the NIOS appliance to remote name servers.
      • update:
        Records the dynamic update instances.
      • update-security: Records the security updates.
      • DTC
        load
        balancing: Records information about which customer is directed to which server.
      • DTC
        wellness
        monitors: Records any changes to the health state of a monitored server.
Popular:   Cloud Hosting Registration - Setup a Virtual Web Server

three. Save the configuration and click
Restart
if it appears at the pinnacle of the screen.






Viewing the Syslog

  1. From the
    Administration
    tab, select the
    Logs
    tab ->
    Syslog
    tab.
  2. From the drop-down list at the upper right corner, select the Grid member on which you want to view the syslog.
  3. Optionally, apply the filters to narrow down the organization messages you want to view. Click
    Bear witness
    Filters
    to enable the filters. Configure the filter criteria, and and so click
    Apply.
    Based on your filter criteria (if any), Filigree Manager displays the following in the
    Syslog
    viewer:


    •  : The Action icon cavalcade is displayed only when you accept installed the RPZ license. Click this to view threat details in the
      RPZ

      Threat

      Details
      dialog box. For information, see

      Viewing the RPZ Threat Details
    • Timestamp: The engagement, fourth dimension, and time zone of the log message. The fourth dimension zone is the time zone configured on the fellow member.
    • Facility: The location on the syslog server that determines the processes and daemons from which the log messages are generated.
    • Level: The severity of the message. This can be ALERT, Disquisitional, DEBUG, EMERGENCY, ERROR, INFO, Observe, or WARNING.
    • Server: The name of the server that logs this message, plus the process ID.
    • Bulletin: Detailed information about the job performed. For Deject Network Automation, this contains comma separated values of the admin, source, action, object, object blazon and bulletin values. Note that source is defined but if the cloud API request was proxied by the Cloud Platform Appliance. The format for this field is
      proxied from:host,IP
      where
      host
      and
      IP
      are the host name and IP address of the proxy.

Note:
If the selected member is an HA pair, Grid Manager displays the syslog in two tabs —
Agile

and
Passive.
Click the respective tab to view the syslog for each node.





Viewing the RPZ Threat Details

Make certain that DNS resolution is enabled and running properly on the fellow member to view threat details. To view threat details for the RPZ zones being queried, consummate the following:

  1. From the
    Administration
    tab, select the
    Logs
    tab ->
    Syslog
    tab.
  2. Click the Activeness icon


    and select
    View
    Threat
    Context
    to open the
    RPZ
    Threat
    Details
    dialog. The
    View
    Threat
    Context
    pick is disabled if in that location is no RPZ rule.

    • RPZ
      Rule: Displays the name of the RPZ rule.
    • First
      Identified: The date and timestamp of the first occasion that the threat was detected.
    • Brusk
      Description: The brief description of the threat.
    • Clarification: The description of the RPZ rule.

Note:
The
RPZ
Threat
Details
dialog box may display
Unknown
if threat is unknown or
Unavailable
if threat is known and threat details are not available.


three. Click the Close icon to close the
RPZ
Threat
Details
dialog.

You can besides do the following in the
Syslog
viewer:

  • Toggle between the single line view and the multi-line view for display.
  • Navigate to the next or last page of the file using the paging buttons.
  • Refresh the syslog output with newly logged letters.
  • Click the Follow icon to have the appliance automatically refresh the log every 5 seconds.
  • Clear the contents of the syslog.
  • Apply filters and the
    Go
    To
    function to narrow downward the listing. With the autocomplete feature, you tin can only enter the first few characters of an object name in the
    Go
    to
    field and select the object from the possible matches.
  • Create a quick filter to save frequently used filter criteria. For information, see

    Using


    Quick


    Filters
    .
  • To filter Microsoft synchronization related events, click
    Show
    Filter, select
    Server
    from the first drop-downwardly listing, and select
    MS_Server
    from the drib-downwards list in the value field. This filter displays entries that begin with the prefix
    ms. To view values that vest to a specific Microsoft server, you must specify either the name or IP accost of a given Microsoft server in the
    Message
    field. When you lot filter the syslog for a specific Grid member, it displays the log entries of Microsoft servers that are assigned to the respective Filigree member when the entries are logged.
  • Print the written report or consign it in CSV format.
  • Bookmark the syslog page.






Searching in the Syslog

Instead of paging through the syslog to locate messages, you can have the apparatus search for syslog messages with certain text strings. To search for specific messages:

  • Enter a search value in the search field below the filters, and and then click the
    Search
    icon.
    The apparatus searches through the syslog and highlights the search value in the viewer. You tin use the arrow keys next to the Search icon to locate the previous or next message that contains the search value.






Downloading the Syslog File

You tin download the syslog file to a specified directory, if you lot want to analyze it later.

  1. From the
    Assistants
    tab, select the
    Logs
    tab ->
    Syslog
    tab, so click the Download icon.
  2. Navigate to a directory where you lot desire to salvage the file, optionally modify the file proper noun (the default names are
    node_1_sysLog.tar.gz
    and
    node_2_sysLog.tar.gz), and so click
    OK. If you desire to download multiple syslog files to the same location, rename each downloaded file before downloading the adjacent.

Notation:
If your browser has a popular-up blocker enabled, you must plough off the pop-up blocker or configure your browser to allow pop-ups for downloading files.


Adding additional syslog server to a host

Source: https://docs.infoblox.com/display/NAG8/Using+a+Syslog+Server