Technical FAQs

Ask a Question

How to configure the Tofino Firewall Event Logger?

Tofino Firewall Event Logger
Setting up Event Logging
Product Line
Tofino Firewall
 Setting up the TCSEFEA23F3F2x Tofino Event Logger:
You can configure the Event Logger by clicking on the Event Logger folder displayed in the Project View.
Then enter in the Syslog Server IP Address, Default Gateway and Destination Port. Then select the level of logging.

 Syslog Server IP Address:
This is the address of the Syslog server where you would like your logs sent to. In order to disable the remote syslog feature, set this field to all zeros.

 Default Gateway:
This is the IP address of the forwarding router on the network where the Tofino SA is located. This is only required if the Syslog server is on a different network than the Tofino SA. If the syslog feature is not being used, or if the Tofino SA and the Syslog server are on the same subnet, set this field to all zeros.

 Destination Port:
This is the UDP port number your syslog server is listening for log messages on (usually Port 514). To disable the syslog feature, leave the field blank.

 Lowest Priority Logged:
This is the cut-off as to the lowest logging level you would like the Tofino SA to record. Setting the priority to 0 would result in just the emergency events being recorded while setting the priority to 7 would result in every detected event with smaller or equal priority being
recorded. The default setting is 5.

The following table shows the priority settings for the various event logs generated by the Tofino SA. Set the Lowest Priority Logged value to 3 or higher, so that events logs are recorded when packets are denied by the Firewall or Enforcer modules.
Lowest Priority Message to be Logged
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages
Was this helpful?
What can we do to improve the information ?