Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, troubleshooting, and other essential IT operational tasks.
A big advantage of Syslog is that the log server can monitor a vast number of Syslog events via log files. Routers, switches, firewalls, and servers can generate log messages, as well as many printers and other devices.
The Syslog server receives, categorizes, and stores log messages for analysis, maintaining a comprehensive view of what is going on everywhere on the network. Without this view, devices can malfunction unexpectedly, and outages can be hard to trace. Syslog messages are sent via User Datagram Protocol (UDP), port 514. UDP is what is called a connectionless protocol, so messages aren’t acknowledged or guaranteed to arrive. This can be a drawback but also leaves the system simple and easy to manage.
Umbrella VAs can forward logs to a remote Syslog server. Forwarding of logs related to internal DNS queries, logs on upgrades and reboots of the VA, and admin audit logs are supported.
#1) Configure the destination (remote Syslog server) on the VA with the following command:
config logexport destination server-ip-address:port udp
#2) Configure the forwarding of logs on the VA:
config logexport enable health
config logexport enable audit
#3) To check the status of the log forwarding, use the following command:
config logexport status
To turn off logging, use the following command:
config logexport disable <feature>
The feature parameter can take the value of “internaldns”, “health”, “audit” or “all”.