Syslog Integration

Integration with syslog enables Wi-Fi Cloud to send events to syslog servers. You can choose between these two message formats:

  • Plain Text
  • IDMEF (Intrusion Detection Message Exchange Format)

Wi-Fi Cloud requires the IP Address or the host name and port on which the syslog server receives events.

You can forward these type of Wi-Fi cloud messages to a syslog server:

  • Event logs — You can forward security and system events generated by Wi-Fi Cloud. These events must be configured with the "Notify" action to be forwarded to a syslog server. For more information about event notifications, see Configure Event Notifications.
  • Audit logs — You can forward system audit logs that track Wi-Fi Cloud administrative user activity to a syslog server. For more information about audit logs, see Manage Audit Logs.

To send AP access logs to a syslog server, you must enable the Device Access Logs setting in a device template for an AP. For more information, see Device Settings.

To add a syslog server:

  1. Open Manage.
  2. Select Configuration > ESM Integration > Syslog Integration.
  3. Select the Enable Syslog Integration check box.

Screen shot of Syslog integration page in Manage

  1. Click Add Syslog Server.
  2. Configure these options:
  • Syslog Server IP Address / Hostname — IP address or host name of the syslog server that Wi-Fi Cloud communicates with.
  • Port Number — Port number of the syslog server to which data is sent.
  • CIP — If you use a Cloud Integration Point on your network, select a CIP-enabled WatchGuard AP that you want to use to communicate with Wi-Fi Cloud.
  • Message Format — Select Plain or IDMEF format for the messages that Wi-Fi Cloud sends to the syslog server.
  • Enabled — Enable messages and audit logs generated by Wi-Fi Cloud to be sent to the syslog server.
  • Append BOM Header — Append a BOM (Byte Order Mark) header to the messages that Wi-Fi Cloud sends to the syslog server.
  • Forward Events — Send event notification messages to the syslog server.
  • Forward Audit Logs — Send Wi-Fi Cloud administrative user activity logs to the syslog server (plain text only).

Screen shot of Syslog configuration in Manage

  1. Click OK.

Current Status displays the status of the syslog integration service. If the host name of the server cannot be resolved, the status displays the error: "Cannot resolve hostname for one or more destination servers”.

  • Running — The service is running.
  • Stopped — The service has stopped.