Introduction to Log

System records various system logs, including event logs, alarm logs, security logs, IPS logs, configuration logs, network logs, NBC logs, traffic logs and debug logs.

Event - Event logs are divided into five severity levels: error, warning, notice, info and debug.

Alarm - Alarm logs are divided to three severities: urgent, alert and critical.

Security - Security logs record system security events, e.g. attack defense and application security, etc.

IPS - IPS logs keep records of events related to network intrusion protection.

Configuration - Configuration logs describe the changes of configuration operations, e.g. configurations on interfaces.

Network - Network logs record operations of network services, e.g. PPPoE and DDNS.

NBC - NBC logs contain information of network behavior control, e.g. MSN chatting content or web surfing, etc.

Traffic - Traffic logs contain information of traffic flow, e.g. the matching of data flow and policy.

Debug - The system debugging information. Only by CLI can you debug the system.

The log function is a tool to show device operation status, providing evidence for you to analyze the network and protect against network attacks.

Log Severity

Both event logs and alarm logs categorize system events by severities. The eight severities are described as follows:

Severity	No.	Description	Log Definition
Emergencies	0	Identifies invalid system events.	LOG_EMERG
Alerts	1	Identifies problems which need immediate attention such as device is being attacked.	LOG_ALERT
Critical	2	Identifies urgent problems, such as hardware failure.	LOG_CRIT
Errors	3	Generates messages for system errors.	LOG_ERR
Warnings	4	Generates messages for warning.	LOG_WARNING
Notifications	5	Generates messages for notice and special attention.	LOG_NOTICE
Informational	6	Generates informational messages.	LOG_INFO
Debugging	7	Generates all debugging messages, including daily operatiol messages.	LOG_DEBUG

Export Destinations

Log files can be sent to the following destinations:

Console - The default output destination. You can close this destination via CLI.

Remote - Includes Telnet and SSH.

Buffer - Memory buffer.

File - By default, the logs are sent to the specified USB destination in form of a file.

Syslog Server - Sends logs to UNIX or Windows Syslog Server.

Email - Sends logs to a specified email account.

Localdb - Sends logs to the local database of the device.

Log Format

To facilitate the access and analysis of the system logs, logs follow a fixed pattern of information layout, i.e. date/time, severity level@module: descriptions. See the example below:

2000-02-05 01:51:21, WARNING@LOGIN: Admin user "admin" logged in through console from localhost.