4 remote syslog notification, Introduction, Preconditions – Technicolor - Thomson 610v User Manual

3 SpeedTouch

TM

610 Syslog

Application Note Ed. 01

19

3.4 Remote Syslog Notification

Introduction

As described before the SpeedTouch

TM

610 can be configured to send all or a selection

of generated syslog messages to a host on the local or a remote network IP address.
This section describes how to configure the SpeedTouch

TM

610 syslog daemon for

sending messages to a particular host.

Preconditions

The host to send the syslog messages to, should have syslog daemon software installed
for capturing the messages, and a known, fixed IP address.

Syslog host on the local

network

By default, no traffic restrictions apply for the local network. Simply add a syslog rule via
the SpeedTouch

TM

610 syslog configuration web page or the CLI. Specify the IP address

of the host, and optionally refine the set of syslog messages to send.

Note

You can specify one or a selection of (comma-seperated) or all facilities.
Specifying a severity actually means specifying to send syslog messages with a
severity as specified, and all messages with a higher severity.
For a priority listing see

“ Syslog priority severities” on page 14

.

The following example shows the configuration via the CLI for a syslog host on the local
“Net10” network with fixed IP address 10.0.0.1 to send all generated syslog messages
(all facilities, with severity debug and higher) to:

Syslog host on a

remote network

The default firewall rules do allow traffic from the SpeedTouch

TM

610 syslog daemon

towards the WAN due to following firewall rule in the source:

Therefore, no additional firewall configuration is needed in case you want to configure a
syslog host on a remote network
The example below shows the syslog rule to add for a syslog host with IP address
192.6.11.1, accessible via the separate management PVC with the Routed IPoA Packet
Service configuration in the 192.6.11.x/24 range of IP addresses. The local syslog host
(10.0.0.1), configured before (See

“ Syslog host on the local network”

) will receive all

generated syslog messages; the remote syslog host only receives syslog messages from
all facilities with severity warning, error, critical, alert or emergency (all facilities, with
severity warning and higher):

=>syslog ruleadd
fac = all
sev = debug
dest = 10.0.0.1
:syslog ruleadd fac=all sev=debug dest=10.0.0.1
=>saveall
=>

:firewall rule create chain=source index=4 prot=udp dstport=syslog action=accept

=>syslog ruleadd fac=all sev=warning dest=192.6.11.1
=>
=>syslog list
1: all.debug 10.0.0.1
2: all.warning 192.6.11.1
=>
=>saveall
=>