Remote Syslog FAQ

1. How do I send syslog traffic from my NG Firewall to a syslog server?

This is done by enabling Syslog under Config > Events > Syslog. More information regarding the process including how to create Syslog Event rules can be found in the article below:

https://support.untangle.com/hc/en-us/articles/115012950828-How-to-Create-Syslog-Event-Rules 

 

   

2. What syslog software does NG Firewall work with?

NG Firewall can send data to any syslog server that is using standard syslog format and syntax. Some syslog products are easier to set up than others. Kiwi, a third-party syslog daemon, is a favorite of many admins using Windows, while those on *nix can use rsyslog.

 

 

3. Why shouldn't I use the default syslog rule?

Syslog uses a considerable amount of resources when enabled. The resource usage increases with the amount of data being gathered and sent to a remote server. Our default rule, which is meant as nothing more than a placeholder and example for reference, has all classes selected so uses the most amount of resources. On devices that are already fairly busy this can cause performance issues.

 

 

4. Why do you provide a default rule if you do not recommend using it?

The default rule is meant as nothing more than a placeholder and example for reference.

 

 

5. Can I send syslog data to an offsite server or service?

Yes, you can send syslog data to any IP address that the NG Firewall is able to access.

 

 

Follow
Was this article helpful?
1 out of 5 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk