To provide enterprise-class logging capabilities, IMSS supports sending logs through the syslog protocol to multiple external syslog servers in a structured format. You can send different event log types to multiple syslog servers. On the IMSS management console, you can add, delete, import and export syslog servers.
The following steps describe how to add a syslog server.

Procedure

  1. Go to LogsSyslog Settings.
  2. Click Add.
    The Add Syslog Server screen appears.
  3. In the Syslog Server Setting section, select a facility level.
    Note
    Note
    The facility level specifies the source of a message. This lets the configuration file specify that messages from different facilities will be handled differently.
  4. In the Syslog Type section, select syslog types from the following:
    • Message tracking
    • Policy events
    • System events
      Note
      Note
      If you select System events, audit logs for the operating system and IMSS are already included.
      Make sure you do not select local6 if you have selected System events.
    • MTA events
    • Sender filtering
    • Content scanning
    • Administration
  5. In the Syslog Server section, specify the IP address, port number and supported protocol of the syslog server and click Add Syslog Server.
    The new syslog server appears in the syslog server list within the Syslog Server section.
    Note
    Note
    You can continue to add more servers, edit the existing servers, and delete servers from the syslog server list.
  6. Click Save.
    The details about each facility level such as the syslog type and server are shown on the Syslog Settings screen.
    A green check mark appears for each facility level, indicating that the associated syslog server has been enabled. To disable a facility level, click the green check mark.