2.3. Events and Logging
2.3.1. Overview
The ability to log and analyze system activities is an essential feature of NetDefendOS. Logging
enables not only monitoring of system status and health, but also allows auditing of network
usage and assists in troubleshooting.
Log Message Generation
NetDefendOS defines a large number of different log messages, which are generated as a result
of corresponding system events. Examples of such events are the establishment and teardown of
connections, receipt of malformed packets as well as the dropping of traffic according to filtering
policies.
Log events are always generated for some aspects of NetDefendOS processing such as buffer
usage, DHCP clients, High Availability and IPsec. The generation of events for some NetDefendOS
subsystems such as IP Rules usage can be disabled or enabled as required.
Whenever an event message is generated, it can be filtered and distributed to all configured
Event Receivers. Multiple event receivers can be configured by the administrator, with each event
receiver having its own customizable event filter.
2.3.2. Log Messages
Event Types
NetDefendOS defines several hundred events for which log messages can be generated. The
events range from high-level, customizable, user events down to low-level and mandatory
system events.
The conn_open event, for example, is a typical high-level event that generates an event message
whenever a new connection is established, given that the matching security policy rule has
defined that event messages should be generated for that connection.
An example of a low-level event would be the startup_normal event, which generates a
mandatory event message as soon as the system starts up.
Message Format
All event messages have a common format, with attributes that include category, severity and
recommended actions. These attributes enable easy filtering of messages, either within
NetDefendOS prior to sending to an event receiver, or as part of the analysis after logging and
storing messages on an external log server.
A list of all event messages can be found in the NetDefendOS Log Reference Guide. That guide
also describes the design of event messages, the meaning of severity levels and the various
attributes available.
Event Severity
The default severity of each log event is predefined and it can be, in order of highest to lowest
severity, one of:
Chapter 2: Management and Maintenance
87
To Next Page
Loading...
