SonicOS 7.0 Objects

Log and Alerts > Adding Log and Alerts Profiles
Table of Contents

Adding Log and Alerts Profiles

To add a Log and Alert Profile

  1. Navigate to OBJECT | Profile Objects > Log and Alerts.

  2. Click the Add icon.

    By the default, General tab opens.

  3. Enter a Name for Log and Alerts Profile.

  4. Set the Frequency Filter Interval (secs) between reports.

     

    • The Frequency Interval (secs) controls how many seconds to countdown from before logging another occurrence of the same Event Message ID. The range of interval is 0 to 86400 seconds.
    • In general, most messages seen on Log Monitor are logged at one occurrence for every 60 seconds. Most Syslog messages are generated at one occurrence every 60 seconds. Most e-mail alerts are sent at one occurrence every 900 seconds.
    • To allow all occurrences with no filtering, a value of zero should be configured.

  5. Set the General options of the Log and Alerts Profile.

    Display Events in Log Monitor To display the log events in the Log Monitor.
    Send Events as E‐mail Alerts

    To send events as e-mail alerts.

    When this option is enabled, enter the e-mail address in the Send Alerts to E-Mail Address field to send the events.
    Report Events via Syslog

    To report events through Syslog.

    The Syslog Profile can be found in DEVICE | Log > Syslog > Syslog Servers tab.

    When this option is enabled, enter the Sylog Profile you would like to use.
    Report Events via IPFIX To report events by way of IPFIX.
  6. Click the Color box and set the specific color for Log Monitor display.

  7. Click the Events tab.

  8. Enable the Events options of the Log and Alerts Profile.

    Policy Matched

    When a security rule is matched, the log message id=1640 Policy Matched is originated from the rule lookup when a new flow is encountered.
    Report Begin

    When a connection associated with a rule is opened or started, this controls whether the log message id=98 Connection Opened is originated. If disabled, there will be no Connection Opened log message generated for the packets or flow associated with this log profile.
    Report End

    This controls whether the closing or ending of the connection is reported using log message ids (97 Syslog Website Accessed or 537 Connection Closed). These two messages (97, 537) are essentially the same except for extra Web Stream information included in (97) because it is generated for Web Stream types of connections that have non-zero traffic data. Non-Web Stream connections use (537). An exception for Web Stream connection that has zero traffic data will also use (537) since there will be no extra Web Stream information inspected.
  9. Click Save.
  10. Click Close to go back to Log and Alerts page.