Configure a Syslog Server

About this task

You can configure syslog server profiles for device log entry storage. The syslog administrator can then sort messages by facility and see all the ones relating to Extreme Networks devices. The administrator can further sort the messages by IP address and by severity.
Note

Note

Using NTP to synchronize the time stamp on messages from all syslog clients can ensure that all messages reported to the syslog server appear in their proper chronological order. Otherwise, it can be very difficult to interpret a series of events affecting multiple network devices, such as reconnaissance probes and network intrusion exploits. To further ensure synchronicity, all syslog clients should use the same NTP time server. See Configure an NTP Server.

Procedure

  1. Toggle the Syslog Server function to ON.
  2. Choose to use an existing Syslog Server Setting, or proceed to the next step.
  3. Enter a name for the server.
  4. Enter an optional description.
  5. For Non-IQ Syslog Facility, select a syslog facility to categorize messages sent to syslog from non-IQ Engine devices.
  6. Select the expand arrow to expand the Syslog Group.
    Syslog groups organize messages by category and limit the number of messages sent based on severity level.
  7. Assign a minimum severity level to each group from the drop-down lists.
    Messages below the assigned level will not be sent from the AP to the syslog server.
  8. If you must make PCI DSS compliance reports, leave that check box selected or clear the check box if the servers are on an external network outside the firewall.
  9. Select the plus sign to add a syslog server.
  10. Select an existing syslog IP Address or host name, or use the add icon to create a new IP Address or host name.
  11. From the drop-down list, choose the minimum severity level of messages that devices will send to the syslog server.
    Devices send syslog messages for the severity level you choose, plus messages for all of the more severe levels above it.
  12. To add another syslog server, select the add icon, and repeat the previous steps.
    Note

    Note

    Use the up or down arrows to reorder the list of syslog servers in the table.
  13. To apply Syslog servers via classification, select an existing classification rule or select the add icon to add a new rule.
    To add a new rule, see Configure a Classification Rule.
  14. Select Save Syslog Server.