Difference between revisions of "Flow/Settings/Alerting/Syslog"
Kevin Wilkie (Talk | contribs) |
Kevin Wilkie (Talk | contribs) |
||
Line 19: | Line 19: | ||
[[File:Settings_alerting_syslog.png]] | [[File:Settings_alerting_syslog.png]] | ||
+ | |||
+ | |||
+ | == Syslog Message Types == | ||
+ | 0 1486311603 1475077532786 -12 8 221.229.172.74 Black List Src Hit(Blocklist.de SSH) 77.95.163.13->221.229.172.74 1 {"Application":"SSH TCP/22","Black List":"http://lists.blocklist.de/lists/ssh.txt","Black List Type":"Destination","Eventer":"221.229.172.74","appid":393238,"bytes":606,"device":"88.151.80.179","domain":"","dstadd":"221.229.172.74","dstport":59313,"duration":0,"flags":25,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":1,"proto":6,"srcadd":"77.95.163.13","srcport":22,"time":1475077566570,"timeH":"28-Sep-2016 16:46:06.570","tos":0,"user":""} http://lists.blocklist.de/lists/ssh.txt Blocklist.de SSH 100 100 77.95.163.13 |
Revision as of 10:58, 29 September 2016
You can automatically have alerts sent to you syslog server(s) for choice.
In this page you can select what type of alerts to send to the syslog server(s). the syslog servers input can have multiple entries, separated by a comma ","
e.g. 172.21.40.1,172.21.40.2,172.21.40.3
Each entry can also have a port, facility and logging level set by using the format
IP_Address:Port:Facility:Level
e.g. 172.21.40.1:515:4:23,172.21.40.2:516:23:4
The above would send messages to 2 servers, .1 is on port 515 and .2 is on port 516
Both are using the "Local 7" Facility and the "Warning" level [[1]]
Syslog Message Types
0 1486311603 1475077532786 -12 8 221.229.172.74 Black List Src Hit(Blocklist.de SSH) 77.95.163.13->221.229.172.74 1 {"Application":"SSH TCP/22","Black List":"http://lists.blocklist.de/lists/ssh.txt","Black List Type":"Destination","Eventer":"221.229.172.74","appid":393238,"bytes":606,"device":"88.151.80.179","domain":"","dstadd":"221.229.172.74","dstport":59313,"duration":0,"flags":25,"fwevent":0,"fwextcode":0,"inif":30,"macdst":"00:00:00:00:00:00","macsrc":"00:00:00:00:00:00","outif":12,"packets":1,"proto":6,"srcadd":"77.95.163.13","srcport":22,"time":1475077566570,"timeH":"28-Sep-2016 16:46:06.570","tos":0,"user":""} http://lists.blocklist.de/lists/ssh.txt Blocklist.de SSH 100 100 77.95.163.13