R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
62
NOTE:
Be aware of the following issues while editing file /etc/syslog.conf:
• Comments must be on a separate line and begin with the # sign.
• No redundant spaces are allowed after the file name.
• The logging facility name and the information level specified in the /etc/syslog.conf file must be
identical to those configured on the device using the info-center loghost and info-center source
commands; otherwise the log information may not be output properly to the log host.
Step6 After log file info.log is created and file /etc/syslog.conf is modified, you need to issue the following
commands to display the process ID of syslogd, kill the syslogd process and then restart syslogd using
the –r option to make the modified configuration take effect.
# ps -ae | grep syslogd
147
# kill -HUP 147
# syslogd -r &
After the above configurations, the system will be able to record log information into the log file.
Outputting log information to a Linux log host
Network requirements
• Send log information to a Linux log host with an IP address of 1.2.0.1/16;
• Log information with severity higher than informational will be output to the log host;
• All modules can output log information.
Figure 20 Network diagram for outputting log information to a Linux log host
Configuration procedure
Before the configuration, make sure that there is a route between Firewall and PC.
Step1 Configure Firewall
# Enable information center.
<Sysname> system-view
[Sysname] info-center enable
# Specify the host with IP address 1.2.0.1/16 as the log host, use channel loghost to output log
information (optional, loghost by default), and use local5 as the logging facility.
[Sysname] info-center loghost 1.2.0.1 channel loghost facility local5
# Disable the output of log, trap, and debugging information of all modules on channel loghost.
[Sysname] info-center source default channel loghost debug state off log state off trap
state off