IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
Syslog tab
The Syslog tab allows configuring up to 4 profiles for sending logs to Syslog servers.
To increase the security of sent logs, Syslog servers must be configured with RGS-compliant algorithms.
Logs are in UTF-8 text format following the WELF standard. The WELF format is a sequence of elements, written in the form of field=value and separated by spaces. Values may be framed by double quotes.
A log corresponds to a line ending with a return carriage (CRLF).
Table of Syslog profiles
The table that presents the profiles consists of 2 columns:
| State |
Double-clicking on this allows enabling or disabling the profile. |
| Profile |
Displays the name of the Syslog profile |
Configuring a profile
Details
| Name |
Name assigned to the Syslog profile. |
| Comments |
Comments can be entered in this field. |
| Syslog server |
Select or create a host object corresponding to the Syslog server. Groups cannot be selected. |
| Protocol |
Select the protocol used for sending logs to the server:
|
| Certification authority |
This field will only be active when the protocol selected is TLS.
Indicate the certificate authority (CA) that signed the certificate that the firewall and server will present in order to authenticate mutually. |
| Server certificate |
This field will only be active when the protocol selected is TLS.
Select the certificate that the Syslog server will need to present in order to authenticate on the firewall. |
| Client certificate |
This field will only be active when the protocol selected is TLS.
Select the certificate that the firewall will need to present in order to authenticate on the Syslog server. |
| Format |
Choose the Syslog format to use:
|
Advanced properties
| Backup server |
This field will only be active when the protocol selected is TCP or TLS.
In this case, a server can be specified, to which Syslog messages will be sent in the event the nominal server is unavailable. 10 minutes after having switched its traffic to the backup server, the firewall will attempt to contact the nominal server again. In the event of a failure, the firewall will continue to send its traffic to the backup server while regularly retrying to contact the nominal server. |
| Backup port |
This field will only be active when the protocol selected is TCP or TLS.
This is the listening port of the backup Syslog server. |
| Category (facility) | Number added to the beginning of a log line. It can be used to differentiate several firewalls appliances when they send their logs to the same Syslog server. |
Logs enabled
This table allows selecting the type of logs that need to be sent to the Syslog server.
| Status |
Makes it possible to enable the sending of the selected log file. |
| Name |
Type of logs to be sent (Alarm, Connection, Web, Filter…). |