Configuring Syslog Alerting for Intrusion Events

After you enable syslog alerting in an intrusion policy, the system sends all intrusion events to the syslog, either on the managed device itself or to an external host or hosts. If you specify an external host, syslog alerts are sent from the managed device.

Procedure


Step 1

In the intrusion policy editor's navigation pane, click Advanced Settings.

Step 2

Make sure Syslog Alerting is Enabled, then click Edit.

A message at the bottom of the page identifies the intrusion policy layer that contains the configuration. The Syslog Alerting page is added under Advanced Settings.

Step 3

Enter the IP addresses of the Logging Hosts where you want to send syslog alerts.

If you leave the Logging Hosts field blank, the logging hosts details are taken from Logging in the associated Access Control Policy.

Step 4

Choose Facility and Severity levels as described in Facilities and Severities for Intrusion Syslog Alerts.

Step 5

To save changes you made in this policy since the last policy commit, choose Policy Information, then click Commit Changes.

If you leave the policy without committing changes, changes since the last commit are discarded if you edit a different policy.

What to do next

  • Deploy configuration changes.