NAS 272 Using Your NAS as a Syslog Server Enable your NAS as a Syslog Server to centrally manage the logs from all network devices A S U S T O R C O L L E G E
COURSE OBJECTIVES Upon completion of this course you should be able to: 1. Use your NAS as a Syslog Server to centrally collect and manage all logs from syslogcompliant network devices. PREQUISITES Course Prerequisites: None Students are expected to have a working knowledge of: N/A OUTLINE 1. Configuring Syslog Server 2. Configuring Syslog Client 3. Managing Syslog Server 3.1 Overview 3.2 Log 3.3 Archive 3.4 Notification A S U S T O R C O L L E G E / 2
1. Configuring Syslog Server In the following example, we will configure ASUSTOR NAS s Syslog Server. Before you begin, log in to ADM from your web browser and then search for and install [Syslog Server] from [App Central]. When the installation is finished, click on the [Syslog Server ] icon in ADM to access it. STEP 1 Select [Settings] from the left panel, check the [Enable Syslog Server] option and choose [Enable TCP] or [Enable UDP], then click [Apply]. A S U S T O R C O L L E G E / 3
Note: 1. All syslog-compliant clients can send logs via UDP protocol, but not all syslog clients support TCP transmission. Thus, after you specify the receiving protocol (TCP/UDP) on Syslog Server, please make sure that all syslog clients can use the same protocol to transmit logs. 2. The default port number for Syslog protocol is 514. If you change the port number on Syslog Server, please use the same port on the client side. 3. ASUSTOR Syslog Server supports TCP encrypted transmission via SSL. If you enable SSL for TCP receiving on Syslog Server, please click the [Export] button below to save the SSL certificate to your local PC, and import it to all Syslog clients. 4. If there are multiple Syslog Servers in the same local network, please do not configure them in a loop. For example, devices A, B, C are running Syslog Server and Syslog Client simultaneously. If the syslog route is defined as A B C A, then it is a loop. The messages will be repeatedly transmitted in a loop, which could then crash the entire LAN. STEP 2 Switch to the [Filter] tab and click the [Add] button to create filters. Syslog Server will only receive and save logs that match the specified criteria. A S U S T O R C O L L E G E / 4
Facility: The parameters below are provided according to RFC 3164: Value Description auth authorization messages authpriv Non-system authorization messages cron scheduling daemon daemon system daemons ftp FTP daemon kern kernel messages lpr line printer subsystem mail mail system news network news subsystem security security messages syslog messages generated internally by syslogd user user-level messages uucp UUCP subsystem local0 local use 0 (local0) local1 local use 1 (local1) local2 local use 2 (local2) local3 local use 3 (local3) local4 local use 4 (local4) local5 local use 5 (local5) A S U S T O R C O L L E G E / 5
local6 local7 local use 6 (local6) local use 7 (local7) Severity: The parameters below are provided according to RFC 3164: Value Description Emerg System is unusable Alert Action must be taken immediately Crit Critical conditions Err Error conditions Warning Warning conditions Notice Normal but significant condition Info Informational messages Debug Debug messages 2. Configuring Syslog Client In the following example, we will configure ASUSTOR NAS as a syslog client. As to the syslog client settings of other network devices, please refer to their user manuals. STEP 1 Click [System Information] on ADM, select the [Log] tab and click the [Syslog] button. A S U S T O R C O L L E G E / 6
STEP 2 Check the [Enable Syslog Client] option, then enter the Syslog Server IP, protocol type and port number. Select the log type and level that you want to send to the Syslog Sever, then click [OK]. Note: If there are multiple Syslog Servers in the same local network, please do not configure them in a loop. 3. Managing Syslog Server 3.1 Overview There are 3 types of graphical interfaces that allow managers to quickly view the number and the distribution of logs. 3.2 Log You can view all the received logs here. A S U S T O R C O L L E G E / 7
Export: You can select the export file format (HTML or CSV) here. Most recent log: Use this button to switch among recent log and archived logs. Clear: Use this button to clear all recent logs. Advanced Search: Here you can define the search conditions (keyword, device, level, facility, time period, program name) to view specific logs. 3.3 Archive A S U S T O R C O L L E G E / 8
Save to: Here you can specify the folder to save archived logs in. Log name and format: You can define the naming rules for auto archived logs here. Auto Archive Rules: Here you can define the criteria (log size, log count, log time) for the system to archive logs automatically. 3.4 Notification Here you can define rules to get e-mail notifications when specific logs are received or when specific events occur. Note: Before enabling this function, please go to [Settings] -> [Notification] in ADM, and complete e-mail sender configurations on the [Send] tab first. A S U S T O R C O L L E G E / 9
A S U S T O R C O L L E G E / 10