System Logging

Choose System Logging from the System Configuration heading under the main Configuration screen in Voyager. You will see the default Voyager configuration for system logging that is shown in Figure 20.18. By default, system logs are stored in a file named messages in the /var/log directory on your Nokia system. You can change the logging parameters so that you can accept syslog messages from remote machines, send local logs to a remote machine, and enable logging of Voyager changes through the System Logging configuration interface. If you decide to enable network logging, syslog will use UDP port 514 to transmit the messages. If your log data is traversing a firewall, you might need to open this port for remote logging to operate.

Figure 20.18: System Logging Configuration

Local System Logging

To view local system logs, click the Monitor link in Voyager and select System Message Log under the System Logs heading. Here you have the option of searching through the messages file. To view an entire month of data, select the month and click Apply. Here you will see system boot messages, crontab messages, SSH key, user logins, and Voyager configuration change messages, among other things. The messages file is rotated monthly, and you can even select past messages files to include in your search criteria.

If you select the option to accept syslog messages from remote machines, your Nokia will begin listening for syslog messages on the network and will log any messages it receives locally, including the host name of the sending machine in the log entry.

Remote Logging

Your Nokia can be configured to send syslog messages to a remote system. This functionality can be useful if you want to have a central syslog server that stores logs. This remote device might even be configured to search your logs for suspicious or unusual activities and generate alerts based on the system logs. Any logs that are sent to a remote syslog server will also be logged locally in the /var/log/messages file. To configure remote system logging in Voyager, follow these six easy steps:

1. Log in to Voyager and click Config.

2. Click System Logging under the System Configuration heading.

3. Enter the IP address of the remote syslog server in the box labeled Add new remote IP address to log to:. In Figure 20.19 we have added 10.10.10.1. Note that Voyager in IPSO 3.4.x does not accept host names in the remote address box, only IP addresses. This is an IPSO bug that is fixed in 3.5.

   
   Figure 20.19: Remote System Logging Configuration

4. Click Apply.

5. Now you need to choose the severity level of logs that you want to send to the remote server. Your choices are Emergency, Alert, Critical, Error, Warning, Notice, Info, Debug, and All. The level you choose and all higher levels will be sent to the syslog server.

6. Click Apply and then click Save. If you enter more than one severity level, the least severe level will be used.

Audit Logs

Using the System Configuration Auditlog option within the System Logging Configuration screen allows you to track the changes that are made to the system configuration. By default, logging config changes is disabled, but you can choose to enable logging for either transient changes only (generated when the Apply button is selected) or for both transient and permanent changes (generated when the Save button is selected).

If you choose to enable configuration logging, you need to specify a file to send these logs to. The default filename is the standard system log file /var/log/messages. You can choose to create a separate file for configuration logs, however, such as /var/log/voyager. Keep in mind that you might need to maintain a new file by rotating it occasionally, especially if you are making a large number of changes to your system.