Syslog tab

In the Syslog tab, up to four profiles can be configured to send logs to Syslog servers.

To increase the security of sent logs, Syslog servers must be configured with RGS-compliant algorithms.

You can send logs to the Stormshield Visibility Center (SVC) server, Stormshield's monitoring solution, in Syslog format. Refer to the SVC administration guide on the Stormshield's Technical Documentation website.

Syslogs are text files in UTF-8 and follow the WELF standard. The WELF format is a sequence of elements, written in the form of field=value and separated by spaces. Values may be framed by double quotes.

A log corresponds to a line ending with a return carriage (CRLF).

Syslog profiles

Status Enables or disables the syslog profile by double-clicking.
Name Displays the name of the syslog profile.

Details

The configuration of the syslog profile selected in the grid on the left can be viewed or modified in this zone.

Name Name assigned to the syslog profile.
Comments Comments can be entered in this field.
Syslog server Select or create a host object corresponding to the syslog server. Groups cannot be selected.
Protocol Select the protocol used for sending logs to the server:
  • UDP (possible loss of messages - messages sent in plaintext),
  • TCP (reliable - messages sent in plaintext),
  • TLS (reliable - messages encrypted).
Port Port used by syslog server.
Certification authority This field will only be active when the protocol selected is TLS.
Indicate the certification authority (CA) that signed the certificate that the firewall and server will present in order to authenticate mutually.
Server certificate This field will only be active when the protocol selected is TLS.
Select the certificate that the Syslog server will need to present in order to authenticate on the firewall.
Client certificate This field will only be active when the protocol selected is TLS.
Select the certificate that the firewall will need to present in order to authenticate on the Syslog server.
Format Choose the Syslog format to use:
  • LEGACY (format limited to 1024 character for each Syslog message),
  • LEGACY-LONG (no limit on message length),
  • RFC5424 (format compliant with RFC 5424).

Advanced properties

Backup server

This field will only be active when the protocol selected is TLS or TCP.

Select or create a host object corresponding to the backup syslog server. Groups cannot be selected.

Backup port

This field will only be active when the protocol selected is TLS or TCP.

Port used by the backup syslog server.

Category (facility) Associates an application system with the logs sent to the syslog server.

Logs enabled

In this table, the logs that need to be sent to the syslog server can be selected.

Status Enables or disables sending the selected log file. Double-click on it to change its status.
Name Type of logs to be sent (Alarm, Connection, Web, Filter…).