Syslog Logs

Introduces information about setting up Syslog log rules.

Introduction

Unified Content Secure Server (UCSS) uses Syslog servers to record system logs and supports sending customized log content to multiple servers, allowing administrators to stay informed about system status at any time.

Select System > Basic Settings > Syslog to enter the Syslog log rules list page. The added Syslog servers are displayed in the list, along with information such as name, description, status, server, Syslog module, transport, port, creation time, and creator.

The Syslog function is disabled by default globally. The function can be enabled by sliding the status bar.

Basic Information

A Syslog log rule includes the following basic information.
  • Name - Enter the name which is identical from other items.
    Note: The name field supports Chinese characters, English characters, numbers, and certain special characters. You cannot save the item if an unsupported character is entered.
  • Description - Describe the use of the item.
    Tip: The description field should contain all necessary information that the security administrator needs to manage the item in the long run.
    Note: The entered name cannot be exactly the same name as an existing or predefined item.
  • Status - Click on the side button to enable or disable the item.

Syslog Settings

A Syslog log rule includes the following information related to Syslog server settings.
  1. Hostname/IP: Enter the IP address of the Syslog server.
  2. Port: Enter the port number of the Syslog server (default port 514).
  3. Transport Method: Select the transport protocol, supporting UDP and TCP.
    Note: When the transport format is TCP, choose whether to enable a secure connection (SSL) to encrypt the sent information.
  4. Syslog Module: Select the Syslog module, i.e., the log sending format. The default Syslog format is user-level messages.

    After configuration, click the Send Test Message button to verify the connectivity of the Syslog server.

  5. Delimiter Settings: (Optional) Choose whether to set a custom delimiter for log content.
  6. Null Value Settings: (Optional) Choose whether to send null values N/A to the log server.

Selecting Content to Send to Syslog Server

The following content can be configured in a Syslog log rule to be sent to the Syslog server.
  • System Logs: Send the selected log field content of system logs from Unified Content Secure Server (UCSS) and all registered devices to the server.
  • Network Events: Send the selected log field content of network event logs to the server.
  • Discovery Events: Send the selected log field content of discovery event logs to the server.
  • Endpoint Events: Send the selected log field content of endpoint event logs to the server.
  • Mobile Events: Send the selected log field content of mobile event logs to the server.
  • SWG Proxy Logs: Send the selected log field content of Advanced Secure Web Gateway (ASWG) proxy logs to the server.
  • Email Logs: Send the selected log field content of email logs from Unified Content Secure Server (UCSS) and all registered devices to the server.
  • Email Connection Logs: Send the selected log field content of email connection logs from Unified Content Secure Server (UCSS) and all registered devices to the server.
  • API Traffic Logs: Send the selected log field content of API traffic logs to the server.
  • Audit Logs: Send the selected log field content of audit logs from Unified Content Secure Server (UCSS) to the server.
  • Masked Logs: Send masked log field content to the server.
  • DCP Logs: Send classification and categorization log field content to the server.