5.3.11 Configuring Syslog
Events → Syslog
Syslog
– the standard for sending messages about the events occurring in the
system (logs) used in IP networks. Syslog protocol is simple: when certain events
occur, the PSW switch sends a short text message, less than 1024 bytes in size, to the
recipient of the message. Messages are sent by UDP (port 514). Syslog is used for
ease of administration and information security.
The switch may be adjusted to respond only to certain events to which an
appropriate level of significance is assigned. (Tab Events → Event List) Levels
range from 0 to 7, where 0 is the highest level of significance.
The following range of levels is generally accepted:
(0) Emergency
: the system is inoperable
(1) Alert
: the system requires immediate intervention
(2) Critical
: the state of the system is critical
(3) Error
: error messages
(4) Warning
: warnings about possible problems
(5) Notice
: messages of normal, but important events
(6) Informational
: information messages
(7) Debug
: debugging messages
Such separation of events significance levels allows to process the events
differently on the recipient side. For example, messages about level 6 and 7 events
can simply be recorded in the event log, while messages about level 0-3 events will
be shown to the operator.
Syslog message format
According to the Syslog standard, the message has the following format:
<significance level> <date and time> <sender's IP address> <message>
Note:
the <date and time> field shows the date and time received by the SNTP
protocol. If no time data is received or SNTP is not configured, the <date and time>
field will show the time in seconds after the switch is turned on.
Here is an example to illustrate that: We have a message
,
received over Wireshark:
Figure 5.3.11.1 SNTP is not configured
As we see, the time has not been set. The time after switch start is shown.
