The method used to send logs from the USG2000 or USG5000 to the eLog system

24

The method used to send logs from the USG2000 or USG5000 to the eLog system is as follows:
1. Configure the IP address of the USG firewall, and add the interfaces to the security zone.

2. For USG series, configure interzone packet filtering to ensure normal network communication.

3. Adjust the time zone and time of the USG firewall to remain consistent with those on the log collector.

4. Adjust the time zone and time of the USG firewall to remain consistent with those on the log collector.

5. Enable the session log collection and sending functions.

6. Redirect logs in the information center to the log collector.

Other related questions:
Cases for outputting binary logs from the USG2000 or USG5000 to the eLog system
Cases for outputting binary logs from the USG2000 or USG5000 to the eLog system Configuration procedure: 1. Configure the system to output the session logs and application control logs to two eLog system in the binary format. 2. Configure ACL rules to enable the system to send sessions that comply with ACL rules to the eLog system.

Method used to view logs of the USG2000 or USG5000
Method used to collect logs using the command lines on the USG2000, USG5000, or USG6000 1. In CLI mode: [USGXXXX]display logbuffer //Collect logs. 2. Collect logs on the web UI: a. Collect logs on the USG2000 or USG5000 as follows: Choose Logs > Log Display, and select the corresponding log type in the right option box. b. Collect logs on the USG6000 as follows: Choose Monitor > Logs > System Logs to view system logs. Note: You cannot query the discarded or overwritten historical logs.

Methods used to export logs of the USG2000, USG5000, and USG6000
Methods used to export logs of the USG2000, USG5000, and USG6000: 1. The method used to export logs of the USG6000 is as follows: Choose Monitor > Logs > Traffic Logs/Threat Logs/URL Logs/Content Logs/Operation Logs/System Logs/User Activity Logs/Policy Matching Logs/Mail Filtering Logs/Audit Logs. Click Export to export system logs in the CSV format to the administrator's PC. 2. The method used to export logs of the USG2000 or USG6000 is as follows: a. Choose Logs > Log Display > Log Display. b. Select the Log Display tab. c. Open or save a log file in the following ways: 1) Click Export. In the displayed File Download dialog box, click Open to view the configuration of the log buffer and log content. 2) Click Save to save the file driver or folder. Click Save. If the operation is successful, you can view the saved logs in the log export path.

Method used to input logs of the USG2000, USG5000, and USG6000 to the log server
The method used to input logs of the USG2000, USG5000, and USG6000 to the log server is as follows: 1. Run the system-view command to enter the system view. 2. (Optional) Run the info-center source { module-name | default } channel { channel-number | channel-name } [ log { state { on | off } | level severity }* ] command to add logs to the information channel. By default, the system outputs logs to the log server using information channel 2. The log switch is set to on and the severity is set to informational. You only need to configure this command when you modify the default system configuration. 3. Configure the module-name to set the module that outputs logs. 4. Configure the severity to set the severity of output logs. 5. Bind the information channel with the log server, so that logs can be output to the log server over this channel. 6. Configure the IP address and parameters of the log server. info-center loghost ip-address [ port ] [ module { module-name } &<1-6> ] info-center loghost ip-address [ port ] [ channel { channel-number | channel-name } | facility local-number | language { chinese | english } ]* The channel-number or channel-name must be consistent with that configured in 1. 7. (Optional) Run the info-center loghost source ip-address command to specify the IP address that sends logs.

Method used to output syslog logs of the USG2000, USG5000, or USG6000 to the log server
Method used to output syslog logs of the USG2000, USG5000, or USG6000 to the log server: Configuration procedure: 1. Enable the information center and allow the device to output logs through the information center. 2. Configure the source interface used to send logs. 3. Configure the log output channel to send logs of different modules to the specified log server. 4. Configure the log server to receive logs from the NGFW.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top