Syslog Message Reference Guide
This document is intended to provide a reference for the syslog messages that are generated by the /login and /appliance interfaces of the Secure Remote Access Appliance, as well as any clients that generate syslog messages such as the access console. It is assumed that the reader is familiar with the syslog concept and functionality. This document lists the different events that are logged by the syslog service that resides on the appliance and describes what the events mean as well as what triggers them.
To enable syslog messages from the Secure Remote Access Appliance, go to /appliance > Security > Appliance Administration and scroll down to the Syslog section.
You can configure your appliance to send log messages to up to three syslog servers. Enter the hostname or IP address of the syslog host server receiving system messages from this appliance in the Remote Syslog Server field. Select the data format for the event notification messages. Choose from the standards specification RFC 5424, one of the legacy BSD formats, or Syslog over TLS. Syslog over TLS defaults to using TCP port 6514. All other formats default to using UDP 514. However, the defaults can be changed. The Secure Remote Access Appliance logs are sent using the local0 facility.
For Cloud deployments, ports are always static to the default ports.
When changing or adding a syslog server, an alert is emailed to the administrator's email address. The administrator's information is configured at Security > Email Configuration > Security :: Admin Contact.