Using Nebula’s Event Log and Change Log for Monitoring Network and Quick Troubleshooting

Nebula_Yvonne Posts: 54  Zyxel Employee
First Anniversary Friend Collector First Comment
edited June 2023 in Other Topics

The event log can be used to check a number of events occurring across a network. Nebula Control Center (NCC) has two kinds of built-in logs: Device’s event log and Organization-wide change log. Besides the built-in logs, users can also configure the log path in NCC, sending the event messages directly from Nebula devices to a Syslog server. With these, users can easily navigate the event log and change log, built inside of NCC, and filter out extraneous information for monitoring purposes and troubleshooting.

In this article, we will Introduce how to navigate the logs GUI and how to set up a syslog server on NCC.

Firstly, there are two kinds of logs that can be checked on NCC directly:

Nebula Device’s Event log

The user may check the logs to track the events occurring in your network for troubleshooting.

Location: (Depends on the product type)
  • Site-wide > Monitor > Firewall > Event log
  • Site-wide > Monitor > Switches > Event log
  • Site-wide > Monitor > Access points > Event log

Figure 1: Event log of Firewall

The event log page has two parts: A. Filter/Search section and B. Result section.

 Figure 2: Event log has two parts

 A.   Filter/Search section:

Search the log with the customized parameters including Device (Switch, AP only), Keyword, Priority (Switch only), Category, Tag (Switch only), and Time.

B.  Result section:

Display the result to match the filtered parameters the user selected.

Note: The user can export the log to CSV or XML file. (Pro Pack feature)

Organization-wide change log

The user can check and monitor who/when/which site did what configuration change.

Location: Organization-wide > Organization-wide manage > Change log

Figure 3: The user can see when/who/which site has changed the SSID name.

The change log also supports filter/search functions with the specific parameters and the export of the result table to CSV or XML file.

Although we recommend the user to check logs on NCC, we still support a syslog server on our Nebula devices to fulfill other scenarios.

Site-side Syslog server

Location: Site-wide > Configure > Site settings > Reporting > Syslog server

Figure 4: The user can configure Syslog server IP at Site-wide > Configure > Site settings page

After saving the configuration and the configuration status is up to date, you should be able to see the syslog on your syslog server.

The syslog server feature is using UDP 514, so please make sure you have already configured it on your syslog server.

The screenshot below is the example of the Nebula Switch message displayed on a syslog server. (Some syslog server vendors may have a different event log look.)

Figure 5: The user can see the events that has occurred to the Switch in the syslog server.