logo.gif VCR 2220
host: vcr.northwestern.edu

Logging using syslog

You can send the Event log to one or more syslog servers on the network for storage or analysis.

To configure the syslog facility, go to Logs > Syslog.

On this page:

Syslog settings

Refer to this table for assistance when configuring Syslog settings:

Field Field description Usage tips
Host address 1 to 4

Enter the IP addresses of up to four Syslog receiver hosts.

The number of packets sent to each configured host is displayed next to its IP address.

Facility value

A configurable value for the purposes of identifying events from the IP VCR on the Syslog host. Choose from the following options:

  • 0 - kernel messages
  • 1 - user-level messages
  • 2 - mail system
  • 3 - system daemons
  • 4 - security/authorization messages (see Note 1)
  • 5 - messages generated internally by syslogd
  • 6 - line printer subsystem
  • 7 - network news subsystem
  • 8 - UUCP subsystem
  • 9 - clock daemon (see Note 2)
  • 10 - security/authorization messages (see Note 1)
  • 11 - FTP daemon
  • 12 - NTP subsystem
  • 13 - log audit (see Note 1)
  • 14 - log alert (see Note 1)
  • 15 - clock daemon (see Note 2)
  • 16 - local use 0 (local0)
  • 17 - local use 1 (local1)
  • 18 - local use 2 (local2)
  • 19 - local use 3 (local3)
  • 20 - local use 4 (local4)
  • 21 - local use 5 (local5)
  • 22 - local use 6 (local6)
  • 23 - local use 7 (local7)

Choose a value that you will remember as being the IP VCR.


Note: Various operating system daemons and processes have been found to utilize Facilities 4, 10, 13 and 14 for security/authorization, audit, and alert messages which seem to be similar.

Various operating systems have been found to utilize both Facilities 9 and 15 for clock (cron/at) messages.

Processes and daemons that have not been explicitly assigned a Facility value may use any of the "local use" facilities (16 to 21) or they may use the "user-level" facility (1) - and these are the values that we recommend you select.

Using syslog

The events that are forwarded to the syslog receiver hosts are controlled by the event log capture filter.

To define a syslog server, simply enter its IP address and then click Update syslog settings. The number of packets sent to each configured host is displayed next to its IP address.


Note: Each event will have a severity indicator as follows:

Related topics