MultiCom Technical Support Forum Index MultiCom Technical Support
Supporting MultiCom Routers, Firewalls and VPN
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

How do I use Syslog ?

 
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 2.x Frequently Asked Questions
View previous topic :: View next topic  
Author Message
Support



Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland

PostPosted: Fri Jan 24, 03 9:27    Post subject: How do I use Syslog ? Reply with quote

To activate Syslog services you need to tell the MultiCom where to send the Syslog messages and have software capable of listening for these messages. To enable Syslog enter "Syslog LogHost 10.0.0.10" where 10.0.0.10 is the IP address of the computer running a Syslog Daemon to capture the messages. There is 3rd Party Syslog software from http://www.kiwi-enterprises.com/ on your CD-Rom or available directly from their web site.

Below are some points to remember when using Syslog (much of it is in the Reference manual as well.)

  • the Syslog will give you notices for cold starts, failed logins, SecureWall™ blocked access, and leased line failure and recovery
  • the other notices are based on filtering rules with the word "log" attached to them
  • if you want to use filtering rules to create Syslog messages for data going to or coming from the MultiCom router directly you need to add "IP Filter RouterFrames On" to your configuration.
  • default values for Syslog are Facility = user, Priority = info. More messages are available when Priority is set to debug.

Below are some outputs from the Syslog of the Pocket MultiCom
Code:
ping of the router (ICMP) -->  02-09-2001 11:00:27 User.Warning 10.0.0.1 IP FILTER: Allow incoming ICMP frame: 10.0.0.10(id:1024) 10.0.0.1<000>

bad telnet login -->  02-09-2001 10:59:50 User.Notice 10.0.0.1 login: Incorrect username or password<000>

telnet access -->  02-09-2001 10:59:46 User.Warning 10.0.0.1 IP FILTER: Allow incoming TCP frame: 10.0.0.10:2926 10.0.0.1:23<000>

udp packet access -->  02-09-2001 11:54:53 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.10:2995 10.0.0.1:222<000>

securewall blocking unrequested access attempt to access port 80/web server -->   02-09-2001 11:39:22 User.Warning 10.0.0.1 PAT: Discard incoming TCP frame: 190.3.2.1:2972 194.230.147.94:80<000>

securewall blocking unrequested access attempt to access port 20000 --> 02-09-2001 11:46:33 User.Warning 10.0.0.1 PAT: Discard incoming TCP frame: 190.3.2.1:2981 194.230.144.23:20000<000>
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 2.x Frequently Asked Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group