Logging function - Syslog or else?

GiuseppeR
GiuseppeR Posts: 492 image  Master Member
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector

Hello everyone,

as per law request I need to send logs of my ORGs to a Company that saves them for months following specific retention policies.

Which sort of logs I can use with Nebula?

Is there a way to send them automatically somewhere else, like a syslog server?

When you have large networks like this one:

immagine.png

it would be nice to log everything, like who is gone where and when.

Not only management logs, to be clear.

In this way you can use an external logbox to understand what is going on there mixing data with servers and clients.

Please let me know

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,881 image  Guru Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @GiuseppeR

    The syslog server setting is on Site-wide settings page > Reporting.

    image.png

    Please note that after configure it, the device will send the logs to the syslog server directly.

    Zyxel Melen


  • GiuseppeR
    GiuseppeR Posts: 492 image  Master Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector

    Hi @Zyxel_Melen

    Thanks for this trick.

    1. Once the syslog is enabled is it possible to maintain a copy of the logs still inside Nebula?
    2. Having a lot of ORGs inside Nebula and choosing only one syslog server from a specific third party Company, how can we differentiate logs from a specific ORG on Zyxel? Is it possible to add a specific prefix to all logs from a chosen ORG?
    3. If it is enabled SecuReporter traffic log like below, will be possible to send traffic log ALSO to a syslog? immagine.png

    Thanks in advance

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,881 image  Guru Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @GiuseppeR

    Once the syslog is enabled is it possible to maintain a copy of the logs still inside Nebula?

    Yes, the logs are still been sent to Nebula. Therefore, you will have two places to store the logs, one is Nebula and another is your syslog server.

    Having a lot of ORGs inside Nebula and choosing only one syslog server from a specific third-party Company, how can we differentiate logs from a specific ORG on Zyxel? Is it possible to add a specific prefix to all logs from a chosen ORG?

    image.png

    AP has the syslog prefix for you to configure. Switch part, I recommend adding the org name in the device's name of the switch. Firewall part, I will check it for you.

    If it is enabled SecuReporter traffic log like below, will be possible to send traffic log ALSO to a syslog?

    In theory, it should be the same as question one. I will confirm this and update you.

    Zyxel Melen


  • GiuseppeR
    GiuseppeR Posts: 492 image  Master Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector

    Hi @Zyxel_Melen

    all my devices have specific names to identify them, but the PREFIX for everything directly from that specific page for that ORG (e.g. APs, switches, FWs, accessories…) could be a better solution to log everything quickly, with easy filters.

    The fact to send all the logs from Nebula to an external third party Company could be an issue if you cannot add the PREFIX to the ORG from Nebula, because I would need to tell that third party Company all the network names for items managed by Nebula. And if I add something new I have to remember to tell that third party Company also the new items' name. Something fully automatic from Nebula should be the answer.

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,881 image  Guru Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @GiuseppeR

    If it is enabled SecuReporter traffic log like below, will be possible to send traffic log ALSO to a syslog?

    Yes, the logs will be sent to SecuReporter and syslog server.

    all my devices have specific names to identify them, but the PREFIX for everything directly from that specific page for that ORG (e.g. APs, switches, FWs, accessories…) could be a better solution to log everything quickly, with easy filters.

    Since AP has supports syslog prefix, we will evaluate to add this feature for switch and FW. Here is the idea post and we will monitor it.

    Nebula syslog prefix enhancement — Zyxel Community

    Zyxel Melen


  • GiuseppeR
    GiuseppeR Posts: 492 image  Master Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula First Comment Friend Collector

    Hi @Zyxel_Melen

    I saw it.

    That would be great to give clients an easy way to get LOGs with NIS2 compliance.

Nebula Tips & Tricks