Setting Up the Syslog Facility on UNIX
The ZyAIR is able to send four types of system log to a Syslog deamon such as Unix Syslogd. The four system logs are CDR, Packet Triggered, Filter and PPP logs. The ZyAIR supports Packet Triggered log and PPP log because if the PPP encapsulation is in use it behaves like a dial-up connection.
|
Configuration:
1. Active, use the space bar to turn on the syslog option.
2. Syslog IP Address, enter the IP address of the UNIX server that you wish to send
the syslog.
3. Log Facility, use the space bar to toggle between the 7 different local options.
4. The settings of the four logs types are shown in the following table.
Types | Description |
CDR | Call Detail Record (CDR) logs all data phone line activity if set to Yes. |
Packet Triggered | The first 48 bytes or octets and protocol type of the triggering packet is sent to the UNIX syslog server when this field is set to Yes. |
Filter Log | No filters are logged when this
field is set to No. To enable the Filter log,
You must have syslog server and the packets must match the log condition. |
PPP Log | PPP events are logged when this field is set to Yes. |
1. Make sure that your syslogd is started with -r argument.
-r, this option will enable the facility to receive message from the network using an Internet domain socket with the syslog services. The default setting is not enabled.
2. Edit the file /etc/syslog.conf by adding the following line at the end of the /etc/syslog.conf file.
local1.* /var/log/zyxel.log
Where /var/log/zyxel.log is the full path of the log file.
3. Restart syslogd.
Format:
sdcmdSyslogSend( SYSLOG_CDR, SYSLOG_INFO, String );
String = board xx line xx channel xx, call xx, str
board = the hardware board ID
line = the WAN ID in a board
channel = channel ID within the WAN
call = the call reference number which starts from 1 and increments by 1 for each new call
str = C01 Outgoing Call dev xx ch xx (dev:device No. ch:channel No.)
C01 Incoming Call xxxxBps xxxxx (L2TP,xxxxx means Remote Call ID)
C01 Incoming Call xxxx (means connected speed) xxxxx (means Remote Call ID)
L02 Tunnel Connected(L2TP)
C02 OutCall Connected xxxx (means connected speed) xxxxx (means Remote Call ID)
C02 CLID call refused
L02 Call Terminated
C02 Call Terminated
Example:
Feb 14 16:57:17 192.168.1.1 ZyXEL Communications Corp.: board 0 line 0 channel 0,
call 18, C01 Incoming Call OK Feb 14 17:07:18 192.168.1.1 ZyXEL Communications Corp.: board 0 line 0 channel 0, call 18, C02 Call Terminated |
Format:
sdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String );
String = Packet trigger: Protocol=xx Data=xxxxxxxxxx
Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG)
Data: We will send forty-eight Hex characters to the server
Example:
Jul 19 11:28:39 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger:
Protocol=1,
Data=4500003c100100001f010004c0a86614ca849a7b08004a5c020001006162636465666768696a6b6c6d6e6f7071727374 Jul 19 11:28:56 192.168.102.2 ZyXEL Communications Corp.: Packet Trigger: Protocol=1, Data=4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd40000020405b4 |
This message is available when the 'Log' is enabled in the filter rule setting. The message consists of the packet header and the log of the filter rules.
Format:
sdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String );
String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxxx dpo=xxxxx]S04>R01mD
IP[...] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match
(m) drop (D).
Src: Source Address
Dst: Destination Address
prot: Protocol (TCP,UDP,ICMP)
spo: Source port (5 digits in decimal)
dpo: Destination port (5 digits in decimal)
Example:
Jul 19 14:44:09 192.168.1.1 ZyXEL Communications Corp.:
IP[Src=202.132.154.1 Dst=192.168.1.33 UDP spo=01170 dpo=00021]}S03>R01mF Jul 19 14:44:13 192.168.1.1 ZyXEL Communications Corp.: IP[Src=192.168.1.33 Dst=202.132.154.1 ICMP]}S03>R01mF |
Format:
sdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String );
String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto Shutdown
Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP /IPXCP
Example:
Jul 19 11:43:25 192.168.1.1 ZyXEL Communications Corp.: ppp:LCP Starting Jul 19 11:43:29 192.168.1.1 ZyXEL Communications Corp.: ppp:IPCP Starting Jul 19 11:43:34 192.168.1.1 ZyXEL Communications Corp.: ppp:CCP Starting Jul 19 11:43:38 192.168.1.1 ZyXEL Communications Corp.: ppp:BACP Starting Jul 19 11:43:43 192.168.1.1 ZyXEL Communications Corp.: ppp:IPCP Opening Jul 19 11:43:51 192.168.1.1 ZyXEL Communications Corp.: ppp:CCP Opening Jul 19 11:43:55 192.168.1.1 ZyXEL Communications Corp.: ppp:BACP Opening Jul 19 11:44:00 192.168.1.1 ZyXEL Communications Corp.: ppp:LCP Closing Jul 19 11:44:05 192.168.1.1 ZyXEL Communications Corp.: ppp:IPCP Closing Jul 19 11:44:09 192.168.1.1 ZyXEL Communications Corp.: ppp:CCP Closing Jul 19 11:44:14 192.168.1.1 ZyXEL Communications Corp.: ppp:BACP Closing |
All contents copyright © 2004 ZyXEL Communications Corporation.