Enable logging destinations

Enable logging destinations to ensure that syslog messages are received at the specified destination. This task allows you to control which messages are sent by applying message filters to each destination.

To see messages at a logging destination, enable the destination and specify a message filter.

Tip

If you are configuring devices to send syslog messages about security events (such as connection and intrusion events), most Firewall Threat Defense platform settings do not apply to these messages. See Firewall Threat Defense platform settings that apply to security event syslog messages.

Before you begin

Before you begin, ensure you have access to the system and the necessary permissions to configure logging destinations.

Procedure

Step 1

Choose Devices > Platform Settings and create or edit the Firewall Threat Defense policy.

Step 2

Select Syslog > Logging Destinations.

Step 3

Click Add to enable a destination and apply a logging filter, or edit an existing destination.

Step 4

In the Logging Destinations dialog box, select a destination and configure the filter for that destination:

  1. Choose the destination to enable in the Logging Destination drop-down list. You can create one filter for each destination. Examples include Console, E-Mail, Internal buffer, SNMP trap, SSH Sessions, and Syslog servers.

    Note

    Console and SSH session logging works in the diagnostic CLI only. Enter system support diagnostic-CLI .

  2. In Event Class, choose the filter that will apply to all classes not listed in the table.

    You can configure these filters:

    • Filter on severity —Select the severity level. Messages at this level or higher are sent to the destination

    • Use Event List —Select the event list that defines the filter. You create these lists on the Event Lists page.

    • Disable Logging —Prevents messages from being sent to this destination.

  3. To create filters for each event class, click Add for a new filter or edit an existing filter. Select the event class and severity level to limit messages in that class. Click OK to save the filter.

    For an explanation of the event classes, see Syslog message classes and associated message ID numbers.

  4. Click OK.

Step 5

Click Save.

You can now go to Deploy > Deploy and deploy the policy to assigned devices. The changes are not active until you deploy them.

After completing this task, the selected logging destinations will receive syslog messages according to the filters you have configured.