Configuring Syslog Host Using NSM (NSM Procedure)
To configure syslog hosts using NSM:
Click the Add icon in the Syslog configuration screen. The host configuration dialog box appears as shown in Figure 1.
Specify the hostname and the port to which the security device sends syslog messages.
For each syslog host, you specify the following:
Whether the security device includes traffic log entries, event log entries, or both traffic and event log entries
The security facility, which classifies and sends messages to the Syslog host for security-related actions; and the regular facility, which classifies and sends messages for events unrelated to security
Which transport protocol (UDP or TCP) is used for sending syslog messages
Use WebTrends reporting to configure a device to send syslog reports to a WebTrends Syslog host. WebTrends Firewall Suite enables you to customize syslog reports to display the information you want in a graphical format as shown in Figure 2.
To configure the security device to send syslog reports to a WebTrends Syslog host, you first enable WebTrends reporting, and then specify the name of the WebTrends host and the port on which the syslog messages are sent. If you are sending reports through a VPN tunnel, click Use Trust Zone Interface.
As of ScreenOS 6.3, the event log, traffic log, and IDP log formats follow the WebTrends Enhanced Format (WELF) log regulation. If backup for the logs is enabled, logs can be sent to a maximum of four WebTrends servers. TCP or UDP transport protocol can be used for communication. IP connections can be manually reset.
For more details on configuring these reporting options, see the Network and Security Manager Administration Guide.