Manualshelf

R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
72
# Specify the host 1.2.0.1/16 as the log host. Use channel loghost to output log information
(optional, loghost by default), and use local4 as the logging facility.
[Firewall] info-center loghost 1.2.0.1 channel loghost facility local4
# Disable the output of log, trap, and debugging information of all modules on channel loghost.
[Firewall] info-center source default channel loghost debug state off log state off
trap state off
To avoid outputting unnecessary information, disable the output of log, trap, and debugging
information on the specified channel (loghost in this example) before you configure an output rule.
# Configure an output rule to output to the log host ARP and IP log information that has a severity
level of at least informational. (The source modules allowed to output information depend on the
Firewall model.)
[Firewall] info-center source arp channel loghost log level informational state on
[Firewall] info-center source ip channel loghost log level informational state on
2. Configure the log host
The following configurations were performed on SunOS 4.0 which has similar configurations to
the UNIX operating systems implemented by other vendors.
a. Log in to the log host as a root user.
b. Create a subdirectory named Firewall under directory /var/log/, and create file info.log
under the Firewall directory to save logs of Firewall.
# mkdir /var/log/Firewall
# touch /var/log/Firewall/info.log
c. Edit the file /etc/syslog.conf and add the following contents.
# Firewall configuration messages
local4.info /var/log/Firewall/info.log
In the above configuration, local4 is the name of the logging facility used by the log host to receive logs.
info is the information level. The UNIX system will record the log information with severity level equal to
or higher than informational to file /var/log/Firewall/info.log.
NOTE:
Be aware of the following issues while editing the file /etc/syslog.conf:
Comments must be on a separate line and must begin with a pound (#) sign.
No redundant spaces are allowed after the file name.
The logging facility name and the information level specified in the /etc/syslog.conf file must be
identical to those configured on the Firewall using the info-center loghost and info-center source
commands. Otherwise the log information might not be output properly to the log host.
d. Display the process ID of syslogd, kill the syslogd process and then restart syslogd using the –r
option to make the modified configuration take effect.
# ps -ae | grep syslogd
147
# kill -HUP 147
# syslogd -r &
Now, the system can record log information into the log file.