- Related Topics
- IDP Logs and Reports in NSM Task Summary
Configuring Syslog Collection (NSM Procedure)
You configure syslog settings if you want to forward a copy of IDP logs to a syslog server.
You have the option of configuring NSM to forward a copy of its log collection to a syslog server or configuring syslog settings for each IDP device.Figure 1 shows the NSM Report Settings page, where you configure syslog settings.
Figure 1: NSM Device Configuration Editor: Report Settings
To configure syslog forwarding for NSM, see the NSM online Help.
To configure syslog forwarding for a single IDP device:
- In the NSM Device Manager, double-click the IDP device to display the device configuration editor.
- Click Report Settings.
- Select Enable Syslog.
- Specify the syslog server IP address.
- Specify whether to forward packet logs to the syslog server.
- Click OK.
The following example shows a syslog message record:
[syslog@juniper.net dayId="20061012" recordId="0" timeRecv="2006/10/12 21:52:21" timeGen="2006/10/12 21:52:21" domain="" devDomVer2="0" device_ip="10.209.83.4" cat="Predefined" attack="TROJAN:SUBSEVEN:SCAN" srcZn="NULL" srcIntf="NULL" srcAddr="192.168.170.20" srcPort="63396" natSrcAddr="NULL" natSrcPort="0" dstZn="NULL" dstIntf="NULL" dstAddr="192.168.170.10" dstPort="27374" natDstAddr="NULL" natDstPort="0" protocol="TCP" ruleDomain="" ruleVer="5" policy="Policy2" rulebase="IDS" ruleNo="4" action="NONE" severity="LOW" alert="no" elaspedTime="0" inbytes="0" outbytes="0" totBytes="0" inPak="0" outPak="0" totPak="0" repCount="0" packetData="no" varEnum="31" misc="<017>'interface=eth2" user="NULL" app="NULL" uri="NULL"]
