To configure security logging:
The Device Management page appears.
The View/Edit Configuration page appears.
The Create Security Logging page appears.
From the Mode list, select the mode of logging as stream or event.
To specify a source IP address or the IP address used when exporting security logs, enter the IP address in the Source Address field.
From the Format list, select the logging format as syslog, sd-syslog, or binary.
To limit the rate per second at which data plane logs are generated, enter the rate value in the Rate-Cap field.
To disable security logging for a device, select the Disable Logging check box.
To use Coordinated Universal Time (UTC) for security log timestamps, select the UTC-Timestamp check box.
To limit the rate per second at which logs are streamed, enter the event rate in the Event-rate field.
To create a new stream configuration:
Click the plus sign (+).
The Stream Configuration page appears.
In the Stream Name field, enter the name of the new stream configuration.
In the Host field, enter the IPv4 or IPv6 address.
In the Port field, enter the port number.
In the Severity list, select one of the following available required severity types:
Emergency
Alert
Critical
Error
Warning
Notice
Info
Debug
In the Category list, select the type of category as all or content-security.
In the Format list, select the type of format as syslog, sd-syslog, welf, or binary.
To create a new stream, click Ok.
You can modify or delete the existing streams. To modify or edit a stream, select the stream and click the pencil icon. To delete a stream, select the stream and click the minus sign (-).
In the File Name field, enter a filename for the log data file.
In the File Path field, enter the path where the log file is saved.
In the File Size field, enter the maximum size of the log file in megabytes.
In the Max No. Of files field, enter the maximum number of log files to create for each session.
In the Limit field, enter the maximum number of log entries to store in the cache memory. The default value is 10,000 entries.
To create a new exclude configuration:
Under the Exclude section, click the plus sign (+).
The Exclude Configuration page appears.
In the Name field, enter the name of a new exclude configuration.
Under the Destination section, in the IP Address field, enter the destination IP address in IPv4 or IPv6 address format. The audit log does not include security alarms from the specified destination IP address.
In the Port field, enter the destination IP address port.
Under the Source section, in the IP Address field, enter the source IP address in IPv4 or IPv6 address format. The audit log does not include security alarms from the specified source IP address.
In the Port field, enter the source IP address port.
Under the Other Filters section, configure the following parameters:
In the Event Id field, enter the event ID of the security event. The audit log does not include security alarms for this event ID.
To restrict the logging of failed events, select the Failure check box.
In the Interface field, enter the name of the interface. The audit log does not include security alarms from the specified interface.
In the Policy Name field, enter the policy name.
In the Process field, specify the name of the process that is generating the events.
In the Protocol field, enter the protocol name.
To restrict the logging of successful events, select the Success check box.
In the User Name field, enter the name of the authenticated user. All security events that are enabled by this user are not generated in the audit log.
To create a new exclude configuration, click Ok.
NoteĀ Security logging is not supported for the logical systems devices.