Modify Log Server elements
One Log Server element is automatically created during Secure SD-WAN Manager installation. You can change the settings as necessary.
You can:
- Rename the Log Server element.
- Change the Log Server’s IP address.
- Change the platform on which the Log Server runs.
- Define other Log Servers that you can use as backup Log Servers.
For more details about the product and how to configure features, click Help or press F1.
Steps
Log Server Properties dialog box
Use this dialog box to define Log Server properties.
Option | Definition |
---|---|
General tab | |
Name | The name of the element. |
Installation ID | Shows the unique installation identifier (UIID) for the Secure SD-WAN Manager. |
IPv4 Address | Specifies the IPv4 address of the server. The server can have both an IPv4 and an IPv6 address. |
IPv6 Address | Specifies the IPv6 address of the server. The server can have both an IPv4 and an IPv6 address. |
Resolve | Automatically resolves the IP address of the server. |
Location
(Optional) |
Specifies the location to which the server belongs if there is a NAT device between the server and other Secure SD-WAN Manager components. |
Contact Addresses section (All optional settings) |
|
Default | Used by default when a component that belongs to another Location connects to this server. |
Exceptions | Allows you to define exceptions to the default contact address. Opens the Exceptions dialog box. |
Port
(Optional) |
Enter the Log Server's TCP Port Number. We recommend that you always use the default port 3020 if possible. |
Log Storage Full | Specifies the action when the log storage on the Log Server is full.
|
Category (Optional) |
Includes the element in predefined categories. Click Select to select a category. |
Tools Profile | Adds commands to the right-click menu for the element. Click Select to select an element. |
Comment (Optional) |
A comment for your own reference. |
Exclude from Log Browsing, Statistics and Reporting
(Optional) |
Select this option if you do not want the Log Server to gather statistical information for monitoring and you do not want its logging data to be included in Reports. In most situations, it is better to leave this option deselected. |
Option | Definition |
---|---|
High Availability tab | |
Secondary Log Servers | Shows the secondary Log Servers. Click Add to add an element to the list, or Remove to remove the selected element. |
Option | Definition |
---|---|
Elasticsearch tab The Elasticsearch tab is only visible after you have created an Elasticsearch Cluster element. Important: Forwarding log data to an Elasticsearch cluster is an advanced feature that requires knowledge of how to configure Elasticsearch. You must already have an Elasticsearch cluster deployed and configured in your environment.
|
|
Elasticsearch Cluster | Shows the Elasticsearch cluster that receives log data from the SMC server. |
Client Authentication Settings |
Defines how the connection between the server and the Elasticsearch cluster is secured.
|
TLS Certificate |
(When Override is selected.) Specifies the TLS certificate that is used to secure the connection between the SD-WAN Manager server and the Elasticsearch cluster.
|
Option | Definition |
---|---|
Monitoring tab | |
Log Server | The Log Server that monitors the status of the element. |
Status Monitoring | When selected, activates status monitoring for the device. You must also select the Probing Profile that contains the definitions for the monitoring. When you select Status Monitoring, the element is added to the tree in the Home view. |
Probing Profile | Shows the name of the selected Probing Profile. Click Select to select a Probing Profile element. |
Log Reception | Activates syslog reception from this device. You must select the Logging Profile that contains the definitions for converting the syslog entries to Secure SD-WAN Manager log entries. You must also select the Time Zone in which the device is located. By default, the local time zone of the computer you are using is selected. |
Logging Profile | Shows the name of the selected Logging Profile. Click Select to select a Logging Profile element. |
Time Zone | Selects the time zone for the logs. |
Encoding | Selects the character set for log files. |
SNMP Trap Reception | Enables the reception of SNMP traps from the third-party device. |
NetFlow Reception | Enables the reception of NetFlow data from the third-party device. The supported versions are NetFlow v5, NetFlow v9, and IPFIX (NetFlow v10). |
Option | Definition |
---|---|
Audit Forwarding or Log Forwarding tab Click Add to add a row to the table, or Remove to remove the selected row. |
|
Target Host | The Host element that represents the target host to which data is forwarded. Double-click to open the Select Host dialog box. |
Service | Click the cell, then select the network protocol for forwarding data from the drop-down list. For log data in IPFIX or NetFlow v9 format, UDP is the only available network
protocol. Note: You might have to define an Access rule that allows traffic to the target host. In this case, make sure that the Service you select is also used as the
Service in the Access rule.
|
Port | The Port that is used for forwarding data. Double-click to edit the cell. The default port is 2055. For log data, the default port used by IPFIX/NetFlow data collectors is
2055. Note: You might have to define an Access rule that allows traffic to the target host. In this case, make sure that the Port you select is also used as the Port in the
Access rule.
|
Format | Click the cell, then select the data forwarding format from the drop-down list.
|
Filter
(Optional) |
An optional local filter that defines which data is forwarded. The local filter is only applied to the data that matches the Audit Forwarding or Log Forwarding rule. Double-click to open the Local Filter Properties dialog box. |
TLS Profile | Allows you to select a TLS Profile element that contains settings for cryptography, trusted certificate authorities, and the TLS version used in TLS-protected traffic. Double-click to open the Select Element dialog box. The TLS Profile is only available if you have selected TCP with TLS as the Service. |
TLS Server Identity
(Optional) |
(When a TLS Profile is selected) Select the identity of a TLS server to secure the TLS-protected traffic from the Management Server or Log Server to an external syslog server. Double-click to open the TLS Server Identity dialog box. |
TLS Certificate Used for Forwarding Logs | Select the certificate for TLS-protected data forwarding.
|
Option | Definition |
---|---|
NAT tab (All optional settings) |
|
Firewall | Shows the selected firewall. |
NAT Type | Shows the NAT translation type: Static or Dynamic. |
Private IP Address | Shows the Private IP Address. |
Public IP Address | Shows the defined Public IP Address. |
Port Filter | Shows the selected Port Filters. |
Comment | An optional comment for your own reference. |
Add NAT Definition | Opens the NAT Definition Properties dialog box. |
Edit NAT Definition | Opens the NAT Definition Properties dialog box for the selected definition. |
Remove NAT Definition | Removes the selected NAT definition from the list. |