Knowledge Search


How to forward logs from NSM to a Syslog server

  [KB11810] Show Article Properties

How to forward device logs received in NSM directly to an external Syslog server
Cannot receive logs to a Syslog server from NSM
In order to allow NSM device logs to be automatically forwarded to an external Syslog server, use the following procedure:

  1. Login to NSM GUI

  2. Go to "Action Manager" and click  "Action Parameters"

  3. Fill in the Syslog server IP address and the Syslog facility that NSM will categorize the logs as.

  4. Click "OK"

This informs NSM that an external Syslog server is available for use.  Two mode are available to forward logs to Syslog.

Device Log Action Criteria Mode:   Located under the "action manager", this mode allows defining a global logging criteria for all devices in a domain.
The criteria can be based on category, sub-category and severity and will apply to all logs received.

Policy Manager Mode:  Allows finer control on which traffic log will be forwarded to Syslog by adding the "Log action" to the desired rule options.   This allows forwarding of traffic logs to Syslog only for the desired rules.    Enable "Syslog" under "Log/Count" rule options for each rule.
Related Links: