stream (Security Log)

Every stream can configure file or host.

• Values:

  • category— Type of events that may be logged.

    • all— All events are logged

    • content-security — Content security events are logged

    • fw-auth— Fw-auth events are logged.

    • screen— Screen events are logged.

    • alg— Alg events are logged.

    • nat— Nat events are logged.

    • flow— Flow events are logged.

    • sctp— Sctp events are logged.

    • gtp— Gtp events are logged.

    • ipsec— IPsec events are logged.

    • idp— Idp events are logged.

    • rtlog— Rtlog events are logged.

    • pst-ds-lite— Pst-ds-lite events are logged.

    • appqos— Appqos events are logged.

    • secintel— AAMW events are logged.

  • file— Security log file options for logs in local file.

    • allow-duplicates— To disable log consolidation.

    • file-name— Name of local log file.

    • file-size— Specify the local log file size in megabytes.

      • Range: 10M through 50M.

    • rotation— Configure the max file number for rotation.

      • Range: 2 through 19.

  • filter threat-attack— Selects the filter to filter the threat attack security events to be logged

  • format (binary | protobuf | sd-syslog | syslog | welf)— Specify the log stream format in binary or sd-syslog or syslog formats.

  • host ip-address— Specify the IP address of the server to which the security logs are streamed.

    • port— Specify the host port number.

    • routing-instance— Specify the routing instance name that is used to send security logs to the specified host..

  • radius— Configure RADIUS accounting for security events by specifying the RADIUS accounting server.

    • ipaddr — Specify the IP address of the RADIUS server for accounting messages.

      • primary — IP address of the Primary RADIUS server. Configure the primary IP address to enable radius stream.

      • backup — IP address of the backup RADIUS server.

  • rate-limit rate— Specify the rate limit for security logs.

    • The range is 1 through 65535 logs per second and the default value is 65535

  • severity— Specify the severity threshold for security logs.

    • alert— Specify the conditions that require immediate attention.

    • critical— Specify the critical conditions.

    • debug— Specify the information normally used in debugging.

    • emergency— Specify the conditions that cause security functions to stop.

    • error— Specify the general error conditions.

    • info— Specify the Information about normal security operations.

    • notice— Specify the non error conditions that are of interest.

    • warning— Specify the general warning conditions.

  • source-address— Specify the source address to the stream log.

  • time-format (year | millisecond)— Specify the year, the millisecond, or both in the timestamp.

  • transport— Set the security log transport settings.

    • protocol (tcp | tls | udp)— Specify the security log transport protocol for the device. Values: tcp, tls, and udp.

    • tcp-connections— Specify the number of tcp connections per stream. Values: 1 through 5.

      Note:

      tcp-connections is not supported on logical and tenant systems.

    • tls-profile— Specify the tls profile.