Configure Syslog Logging for Threat Defense Devices

Tip

If you are configuring devices to send syslog messages about security events (such as connection and intrusion events), most threat defense platform settings do not apply to these messages. See Threat Defense Platform Settings That Apply to Security Event Syslog Messages.

To configure syslog settings, perform the following steps:

Before you begin

See requirements in Guidelines for Logging.

Procedure


Step 1

Choose Devices > Platform Settings and create or edit the threat defense policy.

Step 2

Click Syslog from the table of contents.

Step 3

Click Logging Setup to enable logging, specify FTP Server settings, and specify Flash usage. For more information, see Enable Logging and Configure Basic Settings

Step 4

Click Logging Destinations to enable logging to specific destinations and to specify filtering on message severity level, event class, or on a custom event list. For more information, see Enable Logging Destinations

You must enable a logging destination to see messages at that destination.

Step 5

Click E-mail Setup to specify the e-mail address that is used as the source address for syslog messages that are sent as e-mail messages. For more information, see Send Syslog Messages to an E-mail Address

Step 6

Click Events List to define a custom event list that includes an event class, a severity level, and an event ID. For more information, see Create a Custom Event List

Step 7

Click Rate Limit to specify the volume of messages being sent to all configured destinations and define the message severity level to which you want to assign rate limits. For more information, see Limit the Rate of Syslog Message Generation

Step 8

Click Syslog Settings to specify the logging facility, enable the inclusion of a time stamp, and enable other settings to set up a server as a syslog destination. For more information, see Configure Syslog Settings

Step 9

Click Syslog Servers to specify the IP address, protocol used, format, and security zone for the syslog server that is designated as a logging destination. For more information, see Configure a Syslog Server