Configure Netscreen Syslog storage to the LinuxSyslog Server

Configure the syslogs of Netscreen to be stored on the Linux Syslog Server-Linux Enterprise Application-Linux server application. For details, see the following. When I went on a business trip to Hebei province two days ago to debug the Netscreen500 firewall of Juniper for a Netcom company, they asked me to store the logs recorded by the firewall to the log server created on the Linux platform, if you still have such information, we will discuss and share it with you. we will share with you how to configure Syslog.

Configure Netscreen Syslog storage to Linux Syslog Server

Store the Syslog information of the IDC firewall (x. x. x.65) to the Syslog server (x. x. x.116) to track the Firewall Status and Log check.

Syslog Server Configuration:

　　 1. Configure Syslogd

Change the/etc/syslog. conf configuration file and add the following parts:

# Save Debug Message of Netscreen (x. x. x.65) to ns. log
Local1. */var/log/ns. log

Store the information of the local1 device (facility) in/var/log/ns. log. This configuration allows you to store the log information of different devices in different files for ease of viewing.

　　 2. Configure logrotate

The logrotate program in Linux is used to poll log files. You can save multiple log files by specifying the file size, time, and other configurations.

Change the/etc/logratate. conf file and add the following parts:

/Var/log/ns. log {
Weekly
Rotate 10
}

Set the file ns stored in syslog. logs are saved every week. A total of 10 files are saved, that is, they are saved as ns in the first week. log. The file name of this week will be changed to ns by next Monday. log.1, and so on.

　　 3. Restart syslogd
Service syslog restart

Netscreen Configuration:

　　 1. View log levels
Get event level

You can see the current netscreen event level, for example:

Alert level 1: immediate action is required
Critical level 2: functionality is affected
Debug level 7: detailed information for troubleshooting
Emergency level 0: system is unusable
Error level 3: error condition
Information level 6: general information about operation
Notification level 5: normal events
Warning level 4: functionality may be affected

Select the desired level. Here we select the Debug information.

　　 2. Configure Syslog
Set syslog config "x. x. x.116" "local7" "local1"
Set syslog enable
Set syslog traffic

The first is syslog configuration, which stores syslog data to x. x. x.116 is the syslog server, local7 (security facility) is the Debug Level we saw earlier, and local1 is the device (facility). Do you still remember the local1 we configured in linux syslog?

Second, enable syslog.

Article 3 record the traffic information in syslog.

　　 3. Save it.
Save

View syslog:

If you want to view syslog data on the syslog server,/var/log/ns. log. If you want to view log information in real time, tail-f/var/log/ns. log