Configure a Syslog Server

You can configure syslog server profiles for device log entry storage. The syslog administrator can then sort messages by facility and see all the ones relating to Extreme Networks devices. The administrator can further sort the messages by IP address and by severity. Syslog server settings can be configured as common objects, from within the network policy workflow, and at the device level. Device-level settings override network policy settings.
Note

Note

Using NTP to synchronize the time stamp on messages from all syslog clients can ensure that all messages reported to the syslog server appear in their proper chronological order. Otherwise, it can be very difficult to interpret a series of events affecting multiple network devices, such as reconnaissance probes and network intrusion exploits. To further ensure synchronicity, all syslog clients should use the same NTP time server. See Configure an NTP Server.
  1. Enter a name for the server.
  2. Enter an optional description.
  3. For IQ Engine Syslog Facility, select a syslog facility to categorize messages sent to syslog from IQ Engine devices.

    Because syslog servers can receive messages from many types of network devices, such as routers, firewalls, mail servers, and so on, you can designate one of the twelve syslog facilities reserved for local use—Auth, Authpriv, Security, User, and Local0 to Local7—to mark messages from all the devices to which you apply this management service set.

  4. For Non-IQ Syslog Facility, select a syslog facility to categorize messages sent to syslog from non-IQ Engine devices.
  5. Select the expand arrow to expand the Syslog Group.
    Syslog groups organize messages by category and limit the number of messages sent based on severity level.
  6. Assign a minimum severity level to each group from the drop-down lists.
    Messages below the assigned level will not be sent from the AP to the syslog server.
  7. If you must make PCI DSS compliance reports, leave that check box selected or clear the check box if the servers are on an external network outside the firewall.
  8. Select the plus sign to add a syslog server.
  9. Select an existing syslog IP Address or host name, or use the plus sign to create a new IP Address or host name.
  10. From the drop-down list, choose the minimum severity level of messages that devices will send to the syslog server.
    Devices send syslog messages for the severity level you choose, plus messages for all of the more severe levels above it.
  11. To add another syslog server, select the plus sign, and repeat the previous steps.
  12. Select Save.
    Note

    Note

    Use the up or down arrows to reorder the list of syslog servers in the table.