NSFOCUS WAF Syslog Introduction

NSFOCUS WAF Syslog Introduction

March 3, 2023 | NSFOCUS

In computing, syslog is a standard for message logging.  It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the type of system generating the message, and is assigned a severity level.

Computer system designers may use syslog for system management and security auditing as well as general informational, analysis, and debugging messages. A wide variety of devices, such as printers, routers, and message receivers, across many platforms use the syslog standard. This permits the consolidation of logging data from different types of systems in a central repository. Implementations of syslog exist for many operating systems.

When operating over a network, syslog uses a client-server architecture where a syslog server listens for and logs messages coming from clients.

To configure syslog settings on NSFOCUS WAF, follow these steps:

  • Choose Logs & Reports > Log Management > Syslog Configuration.
  • Enable Syslog: Yes or No
  • Log Content: Plaintext or Base64 encoding
  • Host Name Setting: user-defined

Click Add and configure the IP address and port of the syslog server.

NSFOCUS WAF grades syslog messages into eight severity levels: System unavailable, Immediate measure required, Critical, Error, Warning, Common but important, Notification message, and Debugging message. For each type of log, the severity level can be customized and the syslog function can be enabled and disabled.

To modify syslog parameters, follow these steps:

1. Choose Logs & Reports > Log Management > Log Sending Parameter Configuration.

2. Modify parameters and click Save.

Use Syslog Watcher Pro to parse WAF’s syslog messages.