The default logging level for all categories is Warning. You can also configure IP address of a syslog server to
which the switch can direct these logs.
In the WebUI
1. Navigate to the Configuration > Management > Logging >Servers page.
2. To configure logging server, select the Serverstab.
3. To add a logging server, click New in the Logging Servers section.
4. Click Add to add the logging server to the list of logging servers. Ensure that the syslog server is enabled and
configured on this host.
5. Select the IP address type (IPv4 address or IPv6 address) of the logging server.
6. Type the IPv4 address or IPv6 address of the logging server.
7. Select the category or subcategory to log.
8. Select the logging facility.
9. Select the severity level.
10.Choose the logging format (CEF or RFC3164).
The ArcSight Common Event Format (CEF) is a log management standard that uses a standardized logging format so
that data can easily be collected and aggregated for analysis by an enterprise management system.
11.Click Add.
12.Click Apply.
13.To select the types of messages you want to log, select the Levels tab.
14.Select the category or subcategory to be logged.
15.To select the severity level for the category or subcategory, scroll to the bottom of the page. Select the level
from the Logging Level drop-down menu. Click Done.
16.Click Apply to apply the configuration.
In the CLI
logging <ipaddr>
logging level <level> <category> [subcat <subcategory>]
Syslog operates over UDP and is connectionless. Therefore, it is not possible for the switch to recognize a
failure of the syslog server or the network path to the syslog server. By establishing an IPsec tunnel between
the switch and the syslog server, (see Planning a VPN Configuration) it is possible to indirectly track the status
of the syslog server link.
After a failure occurs, the network administrator has to manually re-synchronize log files by copying them from
the switch to the syslog server. Use the tar logs CLI command to create an archive of all local logs, then use
the copy CLI command to copy this archive to an external server. Log space is limited on the switch, and
depending on how long the outage lasted some local logs may be overwritten.
Syslog Logging Enhancement
Currently, syslog messages originate from the switch IP. Starting from AOS-W OS 6.5.2 a new config knob is
introduced for syslog messages to originate from any IP other than the switch IP. Users now have the option
of setting the source interface vlan through which syslog messages are sent to the remote server. The IP
address associated with the source-interface vlan specified by the user is set as the source IP to send the syslog
messages to the remote server.
AOS-W 6.5.3.x | User Guide Management Access | 867
To Next Page
Loading...