Configure Syslog

You can send events and audit log messages from Discover to a syslog server on your network. A syslog server collects log messages from servers and devices across your network. This enables you to use your own existing log infrastructure to manage Wi-Fi Cloud events and log messages.

You can use a WatchGuard AP configured in CIP mode to forward messages to the syslog server. Cloud Integration Point (CIP) technology enables the integration of WatchGuard Wi-Fi Cloud with third-party on-premise wireless controllers and event log management services. For more information, see Wi-Fi Cloud Integration with Third-Party Controllers using CIP.

To configure a syslog server:

  1. Select System > Third-Party Servers > Syslog.

Screen shot of the Syslog server page in Discover

  1. Select the Enable Syslog Servers check box.
  2. Click Add.
  3. Configure these options:
  • Syslog Server IP Address / Hostname — IP address or host name of the syslog server that Wi-Fi Cloud communicates with.
  • Port Number — Port number of the syslog server to which data is sent.
  • Primary Cloud Integration Point (CIP) — If you use a Cloud Integration Point on your network, select a CIP-enabled WatchGuard AP that you want to use as the primary CIP device to communicate with Wi-Fi Cloud. For more information on CIP, see Wi-Fi Cloud Integration with Third-Party Controllers using CIP.
  • Secondary Cloud Integration Point (CIP) — Select a CIP-enabled WatchGuard AP that you want to use as the secondary CIP device to communicate with Wi-Fi Cloud in the event the primary CIP device is unavailable. Services will continue to use the secondary CIP when the primary CIP becomes available again.
  • Message Format — Select Plain or IDMEF format for the messages that Wi-Fi Cloud sends to the syslog server.
  • Enabled — Enable messages and audit logs generated by Wi-Fi Cloud to be sent to the syslog server.
  • Append BOM Header — Append a BOM (Byte Order Mark) header to the messages that Wi-Fi Cloud sends to the syslog server.
  • Forward Events — Send event messages to the syslog server.
  • Forward Audit Logs — Send audit logs to the syslog server (plain text only).
  1. Click Save.

Current Status displays the status of the syslog integration service. If the host name of the syslog server cannot be resolved, the status displays the error: "Cannot resolve hostname for one or more destination servers".

  • Running — The service is running.
  • Stopped — The service has stopped.
  • Error — Indicates an error condition.