{{ secondMenu.name }}
During the operation of the security device, a large number of system, security, and running logs will be generated. However, the security device's storage space is insufficient for log storage, which tends to cause logs to be overwritten or lost, thus making it impossible to perform attack traceability analysis and meet regulatory requirements. Therefore, after the security device is successfully connected to the Syslog server, the security device sends logs to the Syslog server, thereby relieving the log storage pressure on the security device and meeting regulatory compliance requirements.
Syslog is used to send logs generated by the device to the Syslog server for storage. IP address and port details of the Syslog server need to be set.
An enterprise deployed a Athena NGFW device at its Internet port. To meet the regulatory requirements, the security logs need to be sent to a log server for storage, and the server can only receive UDP packets on port 514.
Step 1.Enable Security Logs and send them to the log server in the form of syslog, as shown in the following figure.
Step 2.Click Settings to enter the Application Control Logs Server Settings dialog box. Add a log server, and select a minimum log level, as shown in the following figure.
Step 3.Click Add Log Server to configure log servers. On the Log Servers page, click Add, set Port to 514, and select Security Logs for Log Type. You can configure multiple log servers, as shown in the following figure.
Step 4.View the security logs generated by Athena NGFW and select the logs that you want to send to the log server, as shown in the following figure.
Step 5.Send the logs to the log server.
1. You can only use a UDP connection and UTF-8 encoding to send syslog.
2. You can configure up to five syslog servers.
{{ $t('index.defaultHeader.chromeBrowserTip') }}