1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DSR-500N
    5. /
  5. 34
Page 166 / 270 Scroll up to view Page 161 - 165
Unified Services Router
User Manual
164
Figure 113: Facility se ttings for Logging
The display for logging can be customized based on where the logs are sent, either
the Event Log viewer in the GUI (the Event Log viewer is in the
Status > Logs
page) or a remote Syslog server for later review. E-mail logs, discussed in a
subsequent section, follow the same configuration as logs configured for a Syslog
server.
Tools > Log Settings > Logs Configuration
This page allows you to determine the type of traffic through the router that is
logged for display in Syslog, E-mailed logs, or the Event Viewer. Denial of service
attacks, general attack information, login attempts, dropped packets, and similar
events can be captured for review by the IT administrator.
Traffic through each network segment (LAN, WAN, DMZ) can be tracked based on
whether the packet was accepted or dropped by the firewall.
Accepted Packets are those that were successfully transferred through the
corresponding network segment (i.e. LAN to WAN). This option is particularly
useful when the Default Ou
tbound Policy is “Block Always” so the
IT admin can
monitor traffic that is passed through the firewall.
Example: If Accept Packets from LAN to WAN is enabled and there is a
firewall rule to allow SSH traffic from LAN, then whenever a LAN machine
Page 167 / 270
Unified Services Router
User Manual
165
tries to make an SSH connection, those packets will be accepted and a
message will be logged. (Assuming the log option is set to A llow for the
SSH firewall rule.)
Dropped Packets are packets that were intentionally blocked from being transferred
through the corresponding network segment. This option is useful when the Default
Ou
tbound Policy is “Allow Always”.
Example: If Drop Packets from LAN to WAN is enabled and there is a
firewall rule to block SSH traffic from LAN, then whenever a LAN machine
tries to make an SSH connection, those packets will be dropped and a
message will be logged. (Make sure the log option is set to allow for this
firewall rule.)
Enabling accepted packet logging through the firewall may generate a significant
volume of log messages depending on the typical network traffic. This is
recommended for debugging purposes only.
In addition to network segment logging, unicast and multicast traffic can be logged.
Unicast packets have a single destination on the network, whereas broadcast (or
multicast) packets are sent to all possible destinations simultaneously. One other
useful log control is to log packets that are dropped due to configured bandwidth
profiles over a particular interface. This data will indicate to the admin whether the
bandwidth profile has to be modified to account for the desired internet traffic of
LAN users.
Page 168 / 270
Unified Services Router
User Manual
166
Figure 114: Log configuratio n options for traffic through route r
Tools > Log Settings > IPv6 logging
This page allows you to configure the IPv6 logging
Page 169 / 270
Unified Services Router
User Manual
167
Figure 115: IPv6 Log configuratio n options for traffic through route r
9.4.2
Sending Logs to E-mail or Syslog
Tools > Log Settings > Remote Logging
Once you have configured the type of logs that you want the router to collect, they
can be sent to either a Syslog server or an E-Mail address. For remote logging a key
configuration field is the Remote Log Identifier. Every logged message will contain
the configured prefix of the Remote Log Identifier, so that syslog servers or email
addresses that receive logs from more than one router can sort for the relevant
device’s logs.
Once you enable the option to e-mail logs, enter the e-
mail server’s address (IP
address or FQDN) of the SMTP server. The router will connect to this server when
s ending e-mails out to the configured addresses. The SMTP port and return e-mail
addresses are required fields to allow the router to package the logs and send a valid
e-
mail that is accepted by one of the configured “send
-
to” addresses.
Up to three e-
mail addresses can be configured as log recipients.
In order to establish a connection with the configured SMTP port and server, define
the server’s authentication requirements.
The router supports Login Plain (no
encryption) or CRAM-MD5 (encrypted) for the username and password data to be
sent to the SMTP server. Authentication can be disabled if the server does not have
this requirement. In some cases the SMTP server may send out IDENT requests, and
this router can have this res ponse option enabled as needed.
Once the e-mail server and recipient details are defined you can determine when the
router should send out logs. E-mail logs can be sent out based on a defined schedule
by first choosing the unit (i.e. the frequency) of sending logs: Hourly, Daily, or
Weekly. Selecting Never will disable log e -mails but will preserve the e-mail server
settings.
Page 170 / 270
Unified Services Router
User Manual
168
Figure 116: E-mail configuratio n as a Re mote Logging option
An external Syslog server is often used by network administrator to collect and store
logs from the router. This remote device typically has less memory constraints than
the local Event Viewer on the router’s GUI, and thus can collect a considerable
number of logs over a sustained period. This is typically very useful for debugging
network issues or to monitor router traffic over a long duration.
This router supports up to 8 concurrent Syslog servers. Each can be configured to
receive different log facility messages of varying severity. To enable a Syslog server
select the checkbox next to an empty Syslog server field and assign the IP address or
FQDN to the Name field. The selected facility and severity level messages will be

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top