Logging function - Syslog or else?
Master Member
Hello everyone,
as per law request I need to send logs of my ORGs to a Company that saves them for months following specific retention policies.
Which sort of logs I can use with Nebula?
Is there a way to send them automatically somewhere else, like a syslog server?
When you have large networks like this one:
it would be nice to log everything, like who is gone where and when.
Not only management logs, to be clear.
In this way you can use an external logbox to understand what is going on there mixing data with servers and clients.
Please let me know
All Replies
-
Hi @GiuseppeR
The syslog server setting is on Site-wide settings page > Reporting.
Please note that after configure it, the device will send the logs to the syslog server directly.
Zyxel Melen0 -
Hi @Zyxel_Melen
Thanks for this trick.
- Once the syslog is enabled is it possible to maintain a copy of the logs still inside Nebula?
- Having a lot of ORGs inside Nebula and choosing only one syslog server from a specific third party Company, how can we differentiate logs from a specific ORG on Zyxel? Is it possible to add a specific prefix to all logs from a chosen ORG?
- If it is enabled SecuReporter traffic log like below, will be possible to send traffic log ALSO to a syslog?
Thanks in advance
0 -
Hi @GiuseppeR
Once the syslog is enabled is it possible to maintain a copy of the logs still inside Nebula?
Yes, the logs are still been sent to Nebula. Therefore, you will have two places to store the logs, one is Nebula and another is your syslog server.
Having a lot of ORGs inside Nebula and choosing only one syslog server from a specific third-party Company, how can we differentiate logs from a specific ORG on Zyxel? Is it possible to add a specific prefix to all logs from a chosen ORG?
AP has the syslog prefix for you to configure. Switch part, I recommend adding the org name in the device's name of the switch. Firewall part, I will check it for you.
If it is enabled SecuReporter traffic log like below, will be possible to send traffic log ALSO to a syslog?
In theory, it should be the same as question one. I will confirm this and update you.
Zyxel Melen0 -
Hi @Zyxel_Melen
all my devices have specific names to identify them, but the PREFIX for everything directly from that specific page for that ORG (e.g. APs, switches, FWs, accessories…) could be a better solution to log everything quickly, with easy filters.
The fact to send all the logs from Nebula to an external third party Company could be an issue if you cannot add the PREFIX to the ORG from Nebula, because I would need to tell that third party Company all the network names for items managed by Nebula. And if I add something new I have to remember to tell that third party Company also the new items' name. Something fully automatic from Nebula should be the answer.
0 -
Hi @GiuseppeR
If it is enabled SecuReporter traffic log like below, will be possible to send traffic log ALSO to a syslog?
Yes, the logs will be sent to SecuReporter and syslog server.
all my devices have specific names to identify them, but the PREFIX for everything directly from that specific page for that ORG (e.g. APs, switches, FWs, accessories…) could be a better solution to log everything quickly, with easy filters.
Since AP has supports syslog prefix, we will evaluate to add this feature for switch and FW. Here is the idea post and we will monitor it.
Zyxel Melen0 -
Hi @Zyxel_Melen
I saw it.
That would be great to give clients an easy way to get LOGs with NIS2 compliance.
0
Guru Member
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 196 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.3K Security
- 475 USG FLEX H Series
- 312 Security Ideas
- 1.6K Switch
- 82 Switch Ideas
- 1.3K Wireless
- 45 Wireless Ideas
- 6.8K Consumer Product
- 284 Service & License
- 446 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
