Configure a Syslog Server

You can configure syslog server profiles for device log entry storage. The syslog administrator can then sort messages by facility and see all the ones relating to Extreme Networks devices. The administrator can further sort the messages by IP address and by severity.

Note

Using NTP to synchronize the time stamp on messages from all syslog clients can ensure that all messages reported to the syslog server appear in their proper chronological order. Otherwise, it can be very difficult to interpret a series of events affecting multiple network devices, such as reconnaissance probes and network intrusion exploits. To further ensure synchronicity, all syslog clients should use the same NTP time server. See Configure an NTP Server.

Go to Configure > Network Policies.
Select an existing network policy, and then select , or select to create a new policy.
From the Policy Settings menu, select Syslog Server.
Toggle the Syslog Server setting to ON.
Optional: To use existing syslog server settings, choose a syslog server from the menu.
Configure the Syslog Server Settings.
Select the plus sign to add a syslog server.
Select an existing syslog IP Address or host name, or use the add icon to create a new IP Address or host name.
From the drop-down list, choose the minimum severity level of messages that devices will send to the syslog server.
Devices send syslog messages for the severity level you choose, plus messages for all of the more severe levels above it.
To add another syslog server, select the add icon, and repeat the previous steps.

Note
Use the up or down arrows to reorder the list of syslog servers in the table.
To apply Syslog servers via classification, select an existing classification rule or select the add icon to add a new rule.
To add a new rule, see Configure a Classification Rule.
Select Save Syslog Server.