![background image](http://html1.mh-extra.com/html/d-link/netdefend-soho-dfl-160/netdefend-soho-dfl-160_user-manual_3341027034.webp)
3.5. Logging
NetDefendOS Log Messages
During NetDefendOS operation, log messages are routinely generated to indicate when certain
events occur. These messages form an important audit trail that show what has occurred during
system operation and can dealt with in various ways.
There are dozens of events for which event messages can be generated. The events range from
high-level user events down to low-level system events. The conn_open event, for instance, is a
typical high-level event that generates an event message whenever a new connection, such as a
TCP/IP link is established. An example of a low-level event would be the startup_normal event,
which generates a mandatory event message as soon as the system starts up.
All event messages have a common format, with attributes that include category, severity and
recommended actions. These attributes enable easy filtering and analysis of messages, either within
NetDefendOS or on an external SysLog server.
A list of all event messages can be found in the DFL-160 Log Reference Guide. That guide also
describes the design of event messages, the meaning of severity levels and the various attributes
available. The severity of each event is predefined and it can be, in order of severity, one of:
1 - Emergency (the most severe)
2 - Alert
3 - Critical
4 - Error
5 - Warning
6 - Notice
7 - Info
8 - Debug
By default all messages of severity Info and above are sent. The Debug category of messages is
designed for troubleshooting only and is only used when troubleshooting a problem.
Logging Options
The Logging page of the web interface is divided into three option sections:
A. Syslog Settings
B. Audit Logging
C. Email Alerts
A. Syslog Settings
Syslog is a log message standard that is widely used for sending messages to a separate Syslog
Server. NetDefendOS supports this standard and up to two syslog servers can be configured to
receive messages from NetDefendOS by specifying their IP addresses.
The Syslog Facility is a way of marking syslog messages with a specific source identifier. For
instance, one DFL-160 might be given the syslog facility local0 while a second might be local1.
When messages are sent to the same syslog server, the messages from one unit can be distinguished
from the messages of the other unit.
B. Audit Logging
When data connections are opened and closed, these events are not normally part of the log
3.5. Logging
Chapter 3. The System Menu
34
Summary of Contents for NetDefend SOHO DFL-160
Page 11: ...1 3 The LED Indicators Chapter 1 Product Overview 11...
Page 22: ...2 4 Console Port Connection Chapter 2 Initial Setup 22...
Page 39: ...3 7 Dynamic DNS Settings Chapter 3 The System Menu 39...
Page 76: ...4 10 Schedules Chapter 4 The Firewall Menu 76...
Page 78: ...5 1 Ping Chapter 5 The Tools Menu 78...
Page 93: ...6 11 DHCP Server Status Chapter 6 The Status Menu 93...
Page 102: ...7 6 Technical Support Chapter 7 The Maintenance Menu 102...