Contents
Syslog is a widely used mechanism for logging system events. NIOS appliances generate syslog messages that y’all can view through the Syslog viewer and download to a directory on your direction station. In improver, you tin configure a NIOS appliance to ship the messages to one or more external syslog servers for subsequently analysis. Syslog messages provide information near appliance operations and processes. NIOS appliances include syslog messages generated by the bloxTools service. You can choose logging categories to send specific syslog messages. The prefixes in the syslog messages are based on the logging categories you configure in the syslog. Note that syslog messages are prefixed but when you lot select logging categories. For information about how to configure logging categories, meet
Specifying Syslog Servers
. Y’all tin can also include audit log messages and specific BIND messages among the letters the appliance sends to the syslog server.
In addition to saving system messages to a remote syslog server, a NIOS appliance also stores the organisation messages locally. When the syslog file reaches its maximum size, which is 300 MB for Infoblox appliances and VMware virtual appliances, and 20 MB for Riverbed virtual appliances, the apparatus automatically writes the file into a new file past adding a .
extension to the get-go file and incrementing subsequent file extensions past one.
Files are compressed during the rotation process, adding
a.gz
extension following the numerical increment (
file.#.gz
file.9.gz
file.0.gz
file.0.gz
moves to
file.i.gz
file.9.gz
You can prepare syslog parameters at the Grid and member levels. At the member level, you can override Filigree-level syslog settings and enable syslog proxy.
You can configure the appliance to back up rotated syslog files to external servers through FTP or SCP. When you exercise and then, the appliance forwards the rotated syslog files to the external servers that you lot configure. Yous can configure upward to 10 external syslog backup servers each at the Grid and member levels. You lot can besides override the Grid-level server configuration at the member level. For information about configuring syslog backup servers, encounter
Configuring Syslog Backup Servers
.
This section includes the following topics:
Specifying Syslog Servers
To configure a NIOS appliance to transport messages to a syslog server:
- From the
Grid
tab, select the
Grid
Director
tab ->
Members
tab, and so click
Filigree
Backdrop
->
Edit
from the Toolbar. - In the
Filigree
Properties
editor, select the
Monitoring
tab, so complete the following:
Syslog
In addition to storing the syslog on a Grid member, you can configure the Filigree to send the log to an external syslog server.
-
-
Syslog size (MB): Specify the maximum size for a syslog file. Enter a value between x and 300. The default is 300.
When the syslog file reaches the size you enter here, the appliance automatically writes the file into a new file past adding a .0 extension to the get-go file and incrementing subsequent file extensions by i. -
Log
to
External
Syslog
Servers:
Select this to enable the appliance to transport messages to a specified syslog server. Grid Manager displays the current syslog servers in the table. To define a new syslog server, click the Add together icon and complete the following:-
Accost:
Enter the IP address of the syslog server. Entries may be an IPv4 or IPv6 address. -
Transport:
From the drop-down listing, select whether the appliance uses
Secure
TCP,
TCP
or
UDP
to connect to the external syslog server. -
Server
Certificate: Click
Select
to upload a self-signed or a CA-signed server document. In the
Upload
dialog, click
Select
and navigate to the certificate file, and then click
Upload. Note that this is valid but for
Secure
TCP
send. -
Interface:
From the drop-down list, select the interface through which the appliance sends syslog messages to the syslog server.- Any: The apparatus chooses any port that is available for sending syslog letters.
- LAN: The appliance uses the LAN1 port to transport syslog letters.
- MGMT: The appliance uses the MGMT port if it has been configured. Otherwise, it uses the LAN1 port.
-
Source:
From the drop-downward listing, select which syslog messages the appliance sends to the external syslog server:-
Whatever:
The appliance sends both internal and external syslog messages. -
Internal:
The appliance sends syslog messages that it generates. -
External:
The appliance sends syslog letters that it receives from other devices, such as syslog servers and routers.
-
Whatever:
-
Node
ID: Specify the host or node identification cord that identifies the appliance from which syslog letters are originated. This string appears in the header message of the syslog packet. Select one of the post-obit:- LAN: Use the LAN1 IP address of the apparatus. For an HA pair, this is the LAN1 accost of the agile or passive node. This is the default.
-
Host
Name: Apply the host proper name of the apparatus in FQDN format. -
IP
and
Host
Name: Employ both the FQDN and the IP address of the apparatus. The IP address tin can be the LAN1 or MGMT IP address depending on whether the MGMT port has been configured. Annotation that if the MGMT port is not configured, the LAN1 IP address is used.
Specifying Syslog Servers
provides more data about which IP address is used in the syslog configuration file when the MGMT port has been configured. - MGMT: Use the MGMT IP accost, if the port has been configured. If the MGMT port is not configured, the LAN1 IP accost is used. This can be an IPv4 or IPv6 address.
-
Port:
Enter the destination port number. The default is 514 for TCP and UDP. For Secure TCP, the default port is 6514. -
Severity:
Cull a severity filter from the drop-down list. When y’all cull a severity level, the apparatus sends log letters with the selected level and the levels above information technology. The severity levels range from the lowest,
debug, to the highest,
emerg. For case, if yous cull
debug, the appliance sends all syslog letters to the server. If you choose
err, the apparatus sends messages with severity levels
err,
crit,
alert, and
emerg.- emerg: Panic or emergency conditions. The system may be unusable.
- warning: Alerts, such as NTP service failures, that crave immediate actions.
- crit: Critical weather condition, such as hardware failures.
- err: Fault messages, such every bit client update failures and duplicate leases.
- warning: Warning messages, such every bit missing keepalive options in a server configuration.
- observe: Informational messages regarding routine organisation events, such as “starting BIND”.
- info: Informational messages, such as DHCPACK messages and discovery condition.
- debug: Messages that contain information for debugging purposes, such every bit changes in the latency timer settings and AD authentication failures for specific users.
-
Logging
Category: Select ane of the following logging categories:-
Send
all: Select this to log all syslog letters, irrespective of categories to which it belongs. When you select this option, the appliance logs syslog messages for all the events, including all DNS and Infoblox related events. Yet, the syslog messages are not prefixed when you select this option. -
Send
selected
categories: Select this to configure logging categories from the list of bachelor logging categories. Utilise the arrows to move logging categories from the
Bachelor
table to the
Selected
table and vice versa. The appliance sends syslog messages for the categories that are in the
Selected
tabular array. When you select this option, you must add at least i logging category. The syslog messages are prefixed with a category proper name to which it belongs. As well, the RPZ events logged in the syslog messages uses specific prefixes for the selected categories. Note that the syslog messages are prefixed when you lot prepare logging categories for at to the lowest degree one external syslog server, even if yous set other external syslog servers as
Send
All.
-
Send
-
Accost:
-
Syslog size (MB): Specify the maximum size for a syslog file. Enter a value between x and 300. The default is 300.
Note:
The syslog categories you specify here is different from that of logging categories specified in the
Logging
tab in the
Grid
DNS
Properties
or
Member
DNS
Backdrop
editor. The external server preserves contents of the selected categories even when selection is changed from
Send
all
to
Send
selected
categories
and vice versa.
-
-
-
- Click
Add
to add together the extern
al syslog server information.
- Click
-
-
Copy
Inspect
Log
Letters
to
Syslog:
Select this for the apparatus to include audit log messages information technology sends to the syslog server. This function can exist helpful for monitoring administrative activities on multiple appliances from a central location.-
Syslog
Facility:
This is enabled when you select
Copy
audit
log
letters
to
syslog. Select the facility that determines the processes and daemons from which the log messages are generated.
-
Syslog
-
3. Save the configuration and click
Restart
if it appears at the tiptop of the screen.
Syslog Message Prefixes
You can configure the syslog external backup servers to send (archive) syslog files to unlike destinations by their logging categories. This allows you to split syslog files based on the service and efficiently perform troubleshooting. For example, you can archive all DNS related logs on Server 1, and all DHCP related logs on Server 2. For data about how to configure an external syslog backup server, see
Configuring Syslog Fill-in Server
.
When y’all select the
Send
selected
categories
option, the syslog messages are prefixed with a category name to which it belongs.
For syslog bulletin prefixes to exist enabled, you must bank check the
Log to External Syslog Servers
check box in
Grid Properties
>
Monitoring
. As well, the external syslog server (which can exist a virtual or a physical server) must accept at least one of the syslog categories selected instead of the
Send all
option selected in the
Logging Category
field.
Note:
When you set
Ship
all
in the
Logging
Category, the appliance logs syslog letters for all the events and they are not prefixed. The syslog messages are prefixed even if one external syslog server is set with the
Transport
selected
categories
pick.
Following are the prefixes used for different logging categories:
-
DNS
Logging
Categories: All DNS related messages use the post-obit prefixes:
client, config, database, dnssec, full general, lame_servers, network, notify, queries, query_rewrite, resolver, responses, rpz, security, update, update_security, xfer_in, and
xfer_out.
Sample syslog bulletin for queries:
2014-ten-27T08:fifteen:49+00:00 daemon ib-10-35-117-12.infoblox.com named[1923]: info
queries: customer 10.35.117.12#55190 (i.0.0.127.in-addr.arpa): query:
1.0.0.127.in-addr.arpa IN PTR +E (10.35.117.12)
Sample syslog bulletin for xfer-out:
2014-x-10T06:44:09+00:00 daemon infoblox.localdomain named[17630]: info xfer-out:
client 10.120.20.157#58275 (zone.com): transfer of 'zone.com/IN': AXFR started
-
ADP: All Infoblox related messages use prefix
adp.
Note:
There is no prefix for RPZ syslog letters that does not belong to the DNS or ADP category.
-
DHCP: All DHCP related messages use the following prefixes:
dhcpd, omshell, dhcrelay, and
dhclient.
Sample syslog message for dhcp:
Sep 4 09:23:44 ten.34.half dozen.28 dhcpd[20310]: DHCPACK on 70.1.20.250 to fc:5c:fc:5f:10:85 via
eth1 relay x.120.twenty.66 lease-duration 600
-
DTC: All DTC related messages use the following prefixes:
idns_healthd
and
idnsd.
Sample syslog message for idns_healthd:
Sep three 12:12:35 10.34.6.30 idns_healthd[1220]: resource wellness status [Monitor 'icmp'
(ICMP, port 0) checked server 's1' (IP 10.34.half-dozen.23), status: IPv4=ONLINE]
-
Cloud: All cloud related messages use prefix
cloud_api.
Sample syslog message for cloud_api:
Sep iv ten:53:30 10.34.half dozen.32 cloud_api[5354]: [admin]: Login_Allowed - -
to=Serial\040Console apparently_via=Remote ip=10.120.20.66 auth=Local
group=.admin-group
-
NTP: All NTP related letters employ prefix
ntpd.
Sample syslog message for NTP:
Sep 28 06:57:21 10.35.116.7 ntpd[12186]: precision = 0.053 usec
Sep 28 06:57:21 10.35.116.7 ntpd[12186]: Listening on interface #0 wildcard, 0.0.0.0#123
Disabled
-
File
Distribution: All File Distribution related messages employ the following prefixes:
ftpd
and
tftp.
Sample syslog message for TFTP:
Sep 3 thirteen:03:09 ten.34.6.xxx monitor[23623]: Type: TFTP, State: Red, Event: A TFTPD daemon
failure has occurred
-
Authentication: All Authentication related messages utilise the following prefixes:
auth, authpriv, Advertisement, and
radiusd.
Sample syslog message for RADIUS hallmark:
Sep 28 10:09:55 10.35.116.four httpd: 2015-09-28 ten:09:55.912Z [user1]: Login_Allowed - -
to=AdminConnector ip=x.120.253.227 auth=RADIUS grouping=admin-grouping apparently_via=GUI
-
Microsoft
Integration: All Microsoft Integration related messages employ the following prefixes:
dns_server, connect_status, dns_zone, dhcp_server, dhcp_leases, clear_lease, ad_site, and
ad_users.
Sample syslog bulletin for microsoft integration:
dns_server:
Sep 7 09:46:17 x.34.22.20 mssyncd[22315]: dns_server address x.102.thirty.157 : Conflict
in property Forwarders: NIOS value (property=<NULL IP assortment>) and Microsoft value
(property={10.0.ii.35, 10.0.two.sixty}). Resolved past using the Microsoft value
dhcp_server:
Sep vii ten:08:48 x.34.22.20 mssyncd[22316]: dhcp_server address 10.102.thirty.157 : Couldn't
open up RPC interface <MS-WKST>: an example of a named pipage cannot be found in the listening
state
Sep seven 10:08:48 ten.34.22.twenty mssyncd[22317]: dns_server address ten.102.30.157 : Opened
RPC interface <MS-WKST> as user 'ad-xv\frtest'
IP Address Used in the Syslog Configuration File
The following table describes which IP accost the apparatus uses as the node ID in the syslog configuration file, provided that the MGMT port has been configured. If the MGMT port is not configured, the LAN1 IP address is always used regardless of the configuration.
Table
37.1
IP
address
Used
in
Syslog
Config
File
when
MGMT
Port
is
Configured
|
Interface |
Node |
IP |
|---|---|---|
|
Whatever |
MGMT |
MGMT IP accost |
|
Any |
IP and Host Name |
MGMT IP accost |
|
MGMT |
MGMT |
MGMT IP address |
|
MGMT |
IP and Host Name |
MGMT IP accost |
|
LAN |
MGMT |
LAN1 IP address |
|
LAN |
IP and Host Name |
LAN1 IP accost |
Configuring Syslog Backup Servers
You can configure external syslog backup servers to forward rotated syslog files. Yous can configure up to 10 external syslog fill-in servers.
To configure external backup servers:
-
Grid: From the
Filigree
tab ->
Grid
Manager
tab, expand the Toolbar and click
Grid
Backdrop
->
Edit.
Member: From the
Grid
tab ->
Grid
Manager
tab, click the
Members
tab, select the
member
check box, and click the
Edit
icon. -
Grid: In the
Grid
Backdrop
editor, select the
Syslog
Backup
tab.
Member: In the
Grid
Member
Backdrop
editor, select the
Syslog
Fill-in
tab and and so click
Override
to override the Grid-level settings.
Complete the following to modify backup server settings:
-
- Accost: Enter the IP accost of the external backup server. You are not allowed to configure more than one server using the same IP address at the aforementioned level (Grid or fellow member). Withal, yous can use the aforementioned server IP address at different levels (Grid or member). Note that you lot cannot modify the IP address for the overridden server.
-
Protocol: Select
SCP
or
FTP
from the drop-downwardly list. - Port: Enter the destination port number. The default port is 20 for FTP and 22 for SCP.
- Path: Enter the directory path for the syslog file.
- Username: Enter the username of your FTP or SCP account.
- Password: Enter the password of your FTP or SCP account. If you exercise not modify the password of the overridden server, then brand sure that you use the aforementioned password specified at the Filigree level.
- Enabled: Select this bank check box to enable the FTP or SCP server. The appliance frontward the rotated syslog files to the external servers that you configure merely after yous select this check box. Articulate the check box to disable the server.
3. Click
Save
and
Close.
Configuring Syslog for Grid Me
mbers
You tin override Grid-level syslog settings and enable syslog proxy for individual members. When you enable syslog proxy, the member receives syslog messages from specified devices, such every bit syslog servers and routers, and and so forwards these messages to an external syslog server. You can besides enable appliances to utilize TCP for sending syslog messages. Using TCP is more reliable than using UDP; this reliability is important for security, bookkeeping, and auditing letters sent through the syslog. Note that you cannot enable syslog proxy for Grid members, if they are configured on a Grid Master.
To configure syslog parameters for a member:
- From the
Grid
tab, select the
Filigree
Manager
tab ->
Members
tab ->
fellow member
check box, and and so click the Edit icon. - In the
Filigree
Member
Backdrop
editor, select the
Monitoring
tab ->
Basic
tab, click
Override
in the Syslog section, and then complete the fields as described in
Configuring Syslog Servers
.
In addition to storing the organization log on a Grid fellow member, you can configure a fellow member to transport the log to a syslog server. - Select the
Advanced
tab and complete the following:-
Enable
syslog
proxy:
Select this to enable the appliance to receive syslog messages from other devices, such as syslog servers and routers, and then frontward these messages to an external syslog server.-
Enable
listening
on
TCP:
Select this if the apparatus uses TCP to receive messages from other devices. Enter the number of the port through which the appliance receives syslog letters from other devices. -
Enable
listening
on
UDP:
Select this if the apparatus uses UDP to receive letters from other devices. Enter the number of the port through which the appliance receives syslog messages from other devices.
-
Enable
-
Enable
-
-
Proxy
Access
Command:
Select ane of the following to configure access control when receiving syslog messages from specific syslog servers or routers:- None: Select this if you do non want to configure syslog proxy. When you select this pick, none of the devices tin can send syslog letters to the apparatus. This is selected by default.
-
Named
ACL:
Select this and click
Select
Named
ACL
to select a named ACL that contains just IPv4 addresses and networks. This does not support TSIG fundamental based ACEs. When yous select this, the appliance permits clients that accept
Let
permission in the named ACL to let syslog messages from specific syslog servers or routers. You tin can click
Clear
to remove the selected named ACL. -
Ready
of
ACLs: Select this to configure private admission control entries (ACEs). Click the Add together icon and select ane of the post-obit from the drop-downward listing. Grid Managing director adds a row to the table.-
IPv4
Accost
or
IPv6
Address:
Select this to add an IPv4 or IPv6 address entry. Click the
Value
field and enter the address. The default permission is
Allow, which means that the appliance allows access to and from this device. You tin change this to
Deny
to block access. -
IPv4
Network
or
IPv6
Network:
Select this to add an IPv4 or Ipv6 network entry. Click the
Value
field and enter the network. The default permission is
Allow, which means that the apparatus allows syslog messages sent by this network. Y’all tin can alter this to
Deny
to cake access. -
Whatsoever
Accost/Network:
Select this to allow or deny access to all IPv4 and IPv6 addresses and networks. The default permission is
Allow, which means that the appliance allows syslog messages sent by all addresses and networks. Y’all can alter this to
Deny
to block access.
-
IPv4
-
Proxy
Afterwards you lot accept added access control entries, you can practise the following:
-
-
-
- Select the ACEs that you lot want to group and put into a named ACL. Click the Create new named ACL icon and enter a name in the
Convert
to
Named
ACL
dialog box. - Reorder the listing of ACEs using the up and downwardly arrows next to the table.
- Select an IPv4 network and click the Edit icon to modify the entry.
- Select an ACE and click the Delete icon to delete the entry. You can select multiple ACEs for deletion.
- Select the ACEs that you lot want to group and put into a named ACL. Click the Create new named ACL icon and enter a name in the
-
-
4. Salvage the configuration and click
Restart
if information technology appears at the top of the screen.
Setting DNS Logging Categorie
southward
You can specify logging categories y’all desire the syslog to capture. Furthermore, you can filter these messages by severity at the Grid and member levels. For information about severity types, encounter
Configuring Syslog Servers
.
To specify logging categories:
- From the
Data
Management
tab, select the
DNS
tab, so click
Grid
DNS
Backdrop
from the Toolbar.
or
From the
Data
Management
tab, select the
DNS
tab ->
Members
tab ->
Grid_member
check box, and and then click the Edit icon. - In the
Grid
DNS
Properties
or
Member
DNS
Properties
editor, click
Toggle
Expert
Mode
if the editor is in the basic mode, select the
Logging
tab, and then complete the following:-
Logging
Facility:
Select a facility from the drop-downwardly list. This is the location on the syslog server to which you want to sort the DNS logging messages. -
Logging
Category: Select one or more of these log categories:-
general:
Records the Bind letters that are non specifically classified. -
customer:
Enables the logging of messages related to query processing, but not the queries themselves. Examples of messages include exceeding recursive customer quota, and other errors related to recursive clients, blacklist and NXDOMAIN interception, query proper name rewrite, and others. -
config:
Records the configuration file parsing letters. -
database:
Records Bind’southward internal database processes. -
dnssec:
Records the DNSSEC-signed responses. -
lame
servers:
Records bad delegation instances. -
network:
Records the network functioning messages. -
notify:
Records the asynchronous zone modify notification messages. -
queries:
Records the DNS queries. Note that enabling the logging of queries and responses volition significantly affect organization performance. Ensure that your system has sufficient CPU capacity before you enable DNS query logging. - rate-limit: Logs RRL (Response Rate Limiting) events. You must enable RRL in order for the appliance to log RRL events to this logging category.
-
resolver:
Logs messages related to outgoing queries from the ‘named’ procedure, when it is acting every bit a resolver on behalf of clients. - responses: Records DNS responses. Note that enabling the logging of queries and responses will significantly affect arrangement performance. Ensure that your system has sufficient CPU chapters earlier you enable DNS response logging.
- rpz: Records log messages when responses are modified through RPZs or for which explicit passthrus were invoked in the RPZs. This bank check box is not selected past default.
-
security:
Logs miscellaneous messages that are related to security, such as denial or approval (mostly denial) of certain operations. -
transfer-in:
Records zone transfer messages from the remote proper name servers to the appliance. -
transfer-out:
Records zone transfer letters from the NIOS appliance to remote name servers. -
update:
Records the dynamic update instances. - update-security: Records the security updates.
-
DTC
load
balancing: Records information about which customer is directed to which server. -
DTC
wellness
monitors: Records any changes to the health state of a monitored server.
-
general:
-
Logging
three. Save the configuration and click
Restart
if it appears at the pinnacle of the screen.
Viewing the Syslog
- From the
Administration
tab, select the
Logs
tab ->
Syslog
tab. - From the drop-down list at the upper right corner, select the Grid member on which you want to view the syslog.
- Optionally, apply the filters to narrow down the organization messages you want to view. Click
Bear witness
Filters
to enable the filters. Configure the filter criteria, and and so click
Apply.
Based on your filter criteria (if any), Filigree Manager displays the following in the
Syslog
viewer:
-
-
: The Action icon cavalcade is displayed only when you accept installed the RPZ license. Click this to view threat details in the
RPZ
Threat
Details
dialog box. For information, see
Viewing the RPZ Threat Details
- Timestamp: The engagement, fourth dimension, and time zone of the log message. The fourth dimension zone is the time zone configured on the fellow member.
- Facility: The location on the syslog server that determines the processes and daemons from which the log messages are generated.
- Level: The severity of the message. This can be ALERT, Disquisitional, DEBUG, EMERGENCY, ERROR, INFO, Observe, or WARNING.
- Server: The name of the server that logs this message, plus the process ID.
-
Bulletin: Detailed information about the job performed. For Deject Network Automation, this contains comma separated values of the admin, source, action, object, object blazon and bulletin values. Note that source is defined but if the cloud API request was proxied by the Cloud Platform Appliance. The format for this field is
proxied from:host,IP
where
host
and
IP
are the host name and IP address of the proxy.
-
Note:
If the selected member is an HA pair, Grid Manager displays the syslog in two tabs —
Agile
and
Passive.
Click the respective tab to view the syslog for each node.
Viewing the RPZ Threat Details
Make certain that DNS resolution is enabled and running properly on the fellow member to view threat details. To view threat details for the RPZ zones being queried, consummate the following:
- From the
Administration
tab, select the
Logs
tab ->
Syslog
tab. - Click the Activeness icon
and select
View
Threat
Context
to open the
RPZ
Threat
Details
dialog. The
View
Threat
Context
pick is disabled if in that location is no RPZ rule.-
RPZ
Rule: Displays the name of the RPZ rule. -
First
Identified: The date and timestamp of the first occasion that the threat was detected. -
Brusk
Description: The brief description of the threat. - Clarification: The description of the RPZ rule.
-
RPZ
Note:
The
RPZ
Threat
Details
dialog box may display
Unknown
if threat is unknown or
Unavailable
if threat is known and threat details are not available.
three. Click the Close icon to close the
RPZ
Threat
Details
dialog.
You can besides do the following in the
Syslog
viewer:
- Toggle between the single line view and the multi-line view for display.
- Navigate to the next or last page of the file using the paging buttons.
- Refresh the syslog output with newly logged letters.
- Click the Follow icon to have the appliance automatically refresh the log every 5 seconds.
- Clear the contents of the syslog.
- Apply filters and the
Go
To
function to narrow downward the listing. With the autocomplete feature, you tin can only enter the first few characters of an object name in the
Go
to
field and select the object from the possible matches. - Create a quick filter to save frequently used filter criteria. For information, see
Using
Quick
Filters
. - To filter Microsoft synchronization related events, click
Show
Filter, select
Server
from the first drop-downwardly listing, and select
MS_Server
from the drib-downwards list in the value field. This filter displays entries that begin with the prefix
ms. To view values that vest to a specific Microsoft server, you must specify either the name or IP accost of a given Microsoft server in the
Message
field. When you lot filter the syslog for a specific Grid member, it displays the log entries of Microsoft servers that are assigned to the respective Filigree member when the entries are logged. - Print the written report or consign it in CSV format.
- Bookmark the syslog page.
Searching in the Syslog
Instead of paging through the syslog to locate messages, you can have the apparatus search for syslog messages with certain text strings. To search for specific messages:
- Enter a search value in the search field below the filters, and and then click the
Search
icon.
The apparatus searches through the syslog and highlights the search value in the viewer. You tin use the arrow keys next to the Search icon to locate the previous or next message that contains the search value.
Downloading the Syslog File
You tin download the syslog file to a specified directory, if you lot want to analyze it later.
- From the
Assistants
tab, select the
Logs
tab ->
Syslog
tab, so click the Download icon. - Navigate to a directory where you lot desire to salvage the file, optionally modify the file proper noun (the default names are
node_1_sysLog.tar.gz
and
node_2_sysLog.tar.gz), and so click
OK. If you desire to download multiple syslog files to the same location, rename each downloaded file before downloading the adjacent.
Notation:
If your browser has a popular-up blocker enabled, you must plough off the pop-up blocker or configure your browser to allow pop-ups for downloading files.
Adding additional syslog server to a host
Source: https://docs.infoblox.com/display/NAG8/Using+a+Syslog+Server