Configuring System Settings : Configuring log settings
  
Configuring log settings
You set up local and remote logging options in the Logging page.
By default, the system rotates each log file every 24 hours or if the file size reaches one Gigabyte uncompressed. You can change this default setting to rotate every week or month and you can rotate the files based on file size.
The automatic rotation of system logs deletes your oldest log file, labeled as Archived log #10, pushes the current log to Archived log #1, and starts a new current-day log file.
This section describes how to modify local logging and how to set remote logging for the SteelHead Interceptor.
Setting up system logging
You set up system logging for the system in the Logging page.
To set up system logging
1. Choose Administration > System Settings: Logging to display the Logging page.
2. To rotate the logs immediately, under Log Actions at the bottom of the page, click Rotate Logs.
After the logs are rotated, this message appears:
“logs have been successfully rotated”
When you click Rotate Logs, your archived file #1 contains data for a partial day because you are writing a new log before the current 24-hour period is complete.
3. Under Logging Configuration, complete the configuration as described in this table.
Control
Description
Minimum Severity
Select the minimum severity level for the system log messages. The log contains all messages with this severity level or higher. Select one of these levels from the drop-down list:
Emergency—Emergency, the system is unusable.
Alert—Action must be taken immediately.
Critical—Conditions that affect the functionality of the SteelHead.
Error—Conditions that probably affect the functionality of the SteelHead.
Warning—Conditions that could affect the functionality of the SteelHead, such as authentication failures.
Notice—Normal but significant conditions, such as a configuration change.
Info—Informational messages that provide general information about system operations.
This control applies to the system log only. It does not apply to the user log.
Maximum Number of Log Files
Specify the maximum number of logs to store. The default value is 10.
Lines Per Log Page
Specify the number of lines per log page. The default value is 100.
Rotate Based On
Select one of these rotation options:
Time—Select Day, Week, or Month from the drop-down list.
Disk Space—Specify how much disk space, in megabytes, the log uses before it rotates. The default value is 16 MB.
The log file size is checked at ten-minute intervals. If there is an unusually large amount of logging activity, it is possible for a log file to grow larger than the set disk space limit in that period of time.
4. Click Apply to apply your changes to the running configuration.
5. Click Save to save your settings permanently.
Adding or replacing a log certificate
To import or replace a log certificate, under Log Certificate select the Replace tab.
Importing or replacing a log certificate
These options are available for importing a log certificate:
Import Certificate and Private Key
Imports the certificate and key. The page displays controls for browsing to and uploading the certificate and key files. You can also use the text box to copy and paste a PEM file. The private key is required regardless of whether you are adding or updating the certificate.
Under Certificate select from the following options:
Upload
Browses to the local file in PKCS-12, PEM, or DER formats.
Paste it here (PEM only)
Allows you to copy and then paste the contents of a PEM file.
Private Key
Selects the private key origin. You can choose from the following private key options:
The Private Key is in a separate file (see below). You can either upload it or copy and paste it.
This file includes the Certificate and Private Key.
The Private Key for this Certificate was created with a CSR generated on this appliance.
Separate Private Key
Upload (PEM or DER formats)
Browses to the local file in PEM or DER formats.
Paste it here (PEM only)
Pastes the contents of a PEM file.
Decryption Password
Specifies the decryption password, if necessary. Passwords are required for PKCS-12 files, optional for PEM files, and never needed for DER files.
To generate a CSR, under Log Certificate select the Generate CSR tab. These configuration options are available:
Common Name
Specifies the common name (hostname).
Organization Name
Specifies the organization name (for example, the company).
Organization Unit Name
Specifies the organization unit name (for example, the section or department).
Locality
Specifies the city.
State
Specifies the state. Do not abbreviate.
Country
Specifies the country (2-letter code only).
Email Address
Specifies the email address of the contact person.
Generate CSR
Generates the Certificate Signing Request.
Adding or removing a remote log server
You add or remove a remote log servers in the Logging page.
To add or remove a log server
1. Choose Administration > System Settings: Logging to display the Logging page.
2. Under Remote Log Servers, complete the configuration as described in this table.
Control
Description
Add a New Log Server
Displays the controls to add new log servers.
Server IP or Hostname
Specify the server IP address or hostname. The server can be an IPv4 or IPv6 address, or a hostname.
Port
d
Minimum Severity
Select the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of these levels from the drop-down list:
Emergency—Emergency, the system is unusable.
Alert—Action must be taken immediately.
Critical—Conditions that affect the functionality of the SteelHead Interceptor.
Error—Conditions that probably affect the functionality of the SteelHead Interceptor.
Warning—Conditions that could affect the functionality of the SteelHead Interceptor, such as authentication failures.
Notice—Normal but significant conditions, such as a configuration change.
Info—Informational messages that provide general information about system operations.
Enable Secure Connection
Checking this box will enable the secure version of remote logging. To avoid an error, a log certificate for the secure remote log server must be installed before enabling this.
Add
Adds the server to the list.
Remove Selected
Select the check box next to the name, and then click Remove Selected.
3. Click Save to save your settings permanently.
Filtering logs by application or process
You can filter a log by one or more applications or one or more processes. This is particularly useful when capturing data at a lower severity level where a SteelHead Interceptor might not be able to sustain the flow of logging data the service is committing to disk.
To filter a log
1. Choose Administration > System Settings: Logging to display the Logging page.
2. Under Per-Process Logging, complete the configuration as described in this table.
Control
Description
Add a New Process Logging Filter
Displays the controls to add a process-level logging filter.
Process
Select a process to include in the log from the drop-down list:
alarmd—Alarm Manager.
cmcfc—CMC Autoregistration Utility.
rgpd—CMC Connection Manager.
rgp—CMC Connector.
cli—command-line interface.
mgmtd—Device control and management, which directs the entire device management system. It handles message passing between various management daemons, managing system configuration and general application of system configuration on the hardware underneath through the hardware abstraction layer daemon (hald).
hald—Hardware abstraction layer daemon, which handles access to the hardware.
pm—Process Manager, which handles launching of internal system daemons and keeps them up and running.
sched—Process Scheduler, which handles one-time scheduled events.
statsd—Statistics Collector, which handles queries and storage of system statistics.
wdt—Watchdog Timer, the motherboard watchdog daemon.
webasd—Web Application Process, which handles the web user interface.
Minimum Severity
Select the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of these levels from the drop-down list:
Emergency—Emergency, the system is unusable.
Alert—Action must be taken immediately.
Critical—Conditions that affect the functionality of the SteelHead Interceptor.
Error—Conditions that probably affect the functionality of the SteelHead Interceptor.
Warning—Conditions that could affect the functionality of the SteelHead Interceptor, such authentication failures.
Notice—Normal but significant conditions, such as a configuration change.
Info—Informational messages that provide general information about system operations.
Add
Adds the filter to the list. The process now logs at the selected severity and higher level.
Remove Selected
Select the check box next to the name and click Remove Selected to remove the filter.
3. Click Save to save your settings permanently.