You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > System Management > Logging and Monitoring > Configuring Syslog

Configuring Syslog

If desired, you can configure the system to send logs to a syslog server.

To configure reporting to a syslog server:

  1. Select System > Log/Monitoring.
  2. Click the Settings tab to display the configuration page.

    Figure 197 shows the configuration page for Pulse Connect Secure.

  1. Specify the maximum log size and select the events to be logged.
  2. Specify the server configuration as described in Table 152, and click Add. You can specify multiple syslog servers.
  3. Save the configuration.

    Note: To enable syslog reporting for each local log category, you must perform this procedure on each local log tab: Events, User Access, Admin Access, and Sensors.

    Figure 197: Syslog Server Configuration Page – Pulse Connect Secure

Table 152: Syslog Server Configuration Guidelines



Server name/IP

Specify the fully qualified domain name or IP address for the syslog server.

NOTE: If you select TLS from the Type list, the server name must match the CN in the subjectDN in the certificate obtained from the server.


Select a syslog server facility level (LOCAL0-LOCAL7).

Your syslog server must accept messages with the following settings: facility = LOG_USER and level = LOG_INFO.


Select the connection type to the syslog server. You can select:

  • UDP (User Datagram Protocol) - A simple non-secure transport model.
  • TCP (Transmission Control Protocol) - A core protocol of the Internet Protocol suite (IP), but lacks strong security.
  • TLS (Transport Layer Security) - Uses cryptographic protocols to provide a secure communication.

Client Certificate

(optional) If you select TLS from the Type menu and your remote syslog server requires client certificates, select the installed client certificate to use to authenticate to the syslog server. Client certificates are defined in the Configuration > Certificates > Client Auth Certificates page. Client certificates must be installed on the device before they can be used.

NOTE: There is no fallback if a connection type fails.


Select a filter format. Any custom filter format and the following predefined filter formats are available:

  • Standard (default)—This log filter format logs the date, time, node, source IP address, user, realm, event ID, and message.
  • WELF—This customized WebTrends Enhanced Log Format (WELF) filter combines the standard WELF format with information about the system realms, roles, and messages.
  • WELF-SRC-2.0-Access Report—This filter adds access queries to the customized WELF filter. You can use this filter with NetIQ’s SRC to generate reports on user access methods.

Related Topics