Connecting the USG6000 series to the log server

10

The method of connecting the USG2000&5000&6000 to the log server is as follows:
1. Run the system-view command to access the system view.
2. Optional: Run the info-center source { module-name | default } channel { channel-number | channel-name } [ log { state { on | off } | level severity } * ] command to add log information to the information channel.
By default, the information center dispatches the logs destined for a log server to information channel 2. Log output is enabled and the severity of the logs is informational. This command is used only to change the default configuration.
module-name specifies the module that outputs logs, and severity specifies the log severity.
3. Bind an information channel to a log server, so that logs are output to the log server through the information channel.
4. Configure the IP address and other parameters of the log server.
info-center loghost ip-address [ port ] [ module { module-name } &<1-6> ]
info-center loghost ip-address [ port ] [ channel { channel-number | channel-name } | facility local-number | language { chinese | english } ]*
The channel-number or channel-name configured here shall be consistent with that in step 1.
5. Optional: Run the info-center loghost source ip-address command to specify the IP address that sends log information.

Other related questions:
Connecting the USG2000&5000 series to the log server
The method of connecting the USG2000&5000&6000 to the log server is as follows: 1. Run the system-view command to access the system view. 2. Optional: Run the info-center source { module-name | default } channel { channel-number | channel-name } [ log { state { on | off } | level severity } * ] command to add log information to the information channel. By default, the information center dispatches the logs destined for a log server to information channel 2. Log output is enabled and the severity of the logs is informational. This command is used only to change the default configuration. module-name specifies the module that outputs logs, and severity specifies the log severity. 3. Bind an information channel to a log server, so that logs are output to the log server through the information channel. 4. Configure the IP address and other parameters of the log server. info-center loghost ip-address [ port ] [ module { module-name } &<1-6> ] info-center loghost ip-address [ port ] [ channel { channel-number | channel-name } | facility local-number | language { chinese | english } ]* The channel-number or channel-name configured here shall be consistent with that in step 1. 5. Optional: Run the info-center loghost source ip-address command to specify the IP address that sends log information.

Method used to input logs of the USG2000, USG5000, and USG6000 to the log server
The method used to input logs of the USG2000, USG5000, and USG6000 to the log server is as follows: 1. Run the system-view command to enter the system view. 2. (Optional) Run the info-center source { module-name | default } channel { channel-number | channel-name } [ log { state { on | off } | level severity }* ] command to add logs to the information channel. By default, the system outputs logs to the log server using information channel 2. The log switch is set to on and the severity is set to informational. You only need to configure this command when you modify the default system configuration. 3. Configure the module-name to set the module that outputs logs. 4. Configure the severity to set the severity of output logs. 5. Bind the information channel with the log server, so that logs can be output to the log server over this channel. 6. Configure the IP address and parameters of the log server. info-center loghost ip-address [ port ] [ module { module-name } &<1-6> ] info-center loghost ip-address [ port ] [ channel { channel-number | channel-name } | facility local-number | language { chinese | english } ]* The channel-number or channel-name must be consistent with that configured in 1. 7. (Optional) Run the info-center loghost source ip-address command to specify the IP address that sends logs.

Method used to output syslog logs of the USG2000, USG5000, or USG6000 to the log server
Method used to output syslog logs of the USG2000, USG5000, or USG6000 to the log server: Configuration procedure: 1. Enable the information center and allow the device to output logs through the information center. 2. Configure the source interface used to send logs. 3. Configure the log output channel to send logs of different modules to the specified log server. 4. Configure the log server to receive logs from the NGFW.

Query of antivirus logs on the USG6000 series
By checking threat logs, you can view detection and defense records for network threats such as viruses, learn historical and ongoing threat events, and adjust security policies or implement active defense in a timely manner. You can view threat logs only when the current device model supports hard disks and has hard disks installed. For the USG6000 series, you can view antivirus log details on the web UI. 1. Choose Monitor > Log > Threat Log to view threat logs such as antivirus logs. 2. Choose Customize and select/deselect conditions for threat log display. The following items can be customized: time, threat type, threat ID, threat name, source zone, destination zone, attacker, target, source address:source port, destination address:destination port, application, protocol, action, security policy, profile, source region, destination region, and virtual system.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top