Configuring System Logging to One or More Remote Servers for Next Gen Services

You must enable global system logging for Next Gen Services in order to perform stream logging. See, Enabling Global System Logging for Next Gen Services.

To send system log messages about Next Gen Services to one or more remote servers, you can configure system logging for stream mode. This procedure describes the configuration process.

Note:

Next Gen Services system log messages are configured and collected at the service-set level.

In this procedure, you’ll configure a stream for the log messages between each service set and each remote server that you want to send log messages.

Complete this procedure for each service-set and each remote server for which you want to collect logs and send logs.

To configure stream mode system logging for Next Gen Services:

Specify the names of the service-set for which you want to collect log messages.
For example specify the service-set name to ss1.

Specify the security transport protocol for syslog messages.

(Optional) Specify the syslog source address.
Best Practice:
The syslog source address can be any arbitrary IP address. It does not have to be an IP address that is assigned to the device. Rather, this IP address is used on the syslog collector to identify the syslog source. The best practice is to configure the source address as the IP address of the interface that the traffic is sent out on.

Specify a local tag name for the log messages.

Enable stream mode system logging for the service-set.

Specify a name for the stream.

For example, let’s call the stream: stream-aa

Specify the categories for which you want to collect events.

For example, to collect logs for stateful firewall, sessions and NAT:

Specify the file format for the log.

Specify the IP address of syslog server to receive log messages,

Specify the level of severity for the stream.

Configuring System Logging to One or More Remote Servers for Next Gen Services

Related Documentation