Joined: 09 Oct 2002
Location: Lausanne, Switzerland
|Posted: Fri Jan 24, 03 9:27 Post subject: How do I use Syslog ?
|To activate Syslog services you need to tell the MultiCom where to send the Syslog messages and have software capable of listening for these messages. To enable Syslog enter "Syslog LogHost 10.0.0.10" where 10.0.0.10 is the IP address of the computer running a Syslog Daemon to capture the messages. There is 3rd Party Syslog software from http://www.kiwi-enterprises.com/ on your CD-Rom or available directly from their web site.
Below are some points to remember when using Syslog (much of it is in the Reference manual as well.)
- the Syslog will give you notices for cold starts, failed logins, SecureWall™ blocked access, and leased line failure and recovery
- the other notices are based on filtering rules with the word "log" attached to them
- if you want to use filtering rules to create Syslog messages for data going to or coming from the MultiCom router directly you need to add "IP Filter RouterFrames On" to your configuration.
- default values for Syslog are Facility = user, Priority = info. More messages are available when Priority is set to debug.
Below are some outputs from the Syslog of the Pocket MultiCom
|ping of the router (ICMP) --> 02-09-2001 11:00:27 User.Warning 10.0.0.1 IP FILTER: Allow incoming ICMP frame: 10.0.0.10(id:1024) 10.0.0.1<000>
bad telnet login --> 02-09-2001 10:59:50 User.Notice 10.0.0.1 login: Incorrect username or password<000>
telnet access --> 02-09-2001 10:59:46 User.Warning 10.0.0.1 IP FILTER: Allow incoming TCP frame: 10.0.0.10:2926 10.0.0.1:23<000>
udp packet access --> 02-09-2001 11:54:53 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.10:2995 10.0.0.1:222<000>
securewall blocking unrequested access attempt to access port 80/web server --> 02-09-2001 11:39:22 User.Warning 10.0.0.1 PAT: Discard incoming TCP frame: 126.96.36.199:2972 188.8.131.52:80<000>
securewall blocking unrequested access attempt to access port 20000 --> 02-09-2001 11:46:33 User.Warning 10.0.0.1 PAT: Discard incoming TCP frame: 184.108.40.206:2981 220.127.116.11:20000<000>