Logging overview

mbox has extensive support for syslog message logging. Syslogs are classified into different severity (Emegency, Alert, Critical, Error, Warning, Notice, Informational, debugging) and facilities etc. Regulations, such as the Sarbanes-Oxley Act, PCI DSS, HIPAA, and many others, are requiring organizations to implement comprehensive security measures, which often include collecting and analyzing logs from many different sources. Syslog has proven to be an effective format to consolidate logs. More details on syslog can be searched online.

Message logging typically include below types of logs:

- firewall access logs. (most widely used, eg. logs tracking permitted/denied user accesses through firewall rules)

- application access logs (eg. proxy URL logs, web server access logs)

- user authentication logs (eg. PAM logs, RADIUS logs)

- system status logs

- others

The objective of this document is to focus on mbox capability to support collecting all standard syslogs from any 3rd-party devices, and to generate and export firewall access logs, which are widely used for trace-back, compliance and auditing purposes. mbox HSG RADIUS also provides comprehensive authentication logs/accounting.

mbox supports syslog in two service modes:

  • syslog collector (server). We have dedicated models to function as syslog collector (LOG-500, LOG-1000, LOG-2000), which are special variants of mbox models with additional SSD/HDD storage capacity. It runs as a collector/receiver for syslogs, either self-originated or coming from other external hosts (log clients), and acts as central logging warehouse to consolidate logs from all devices within customer networks. Any devices supporting standard syslog protocol can potentially send their logs to mbox collector. Converters exist to convert Windows Event Log as well as other log formats to syslog. mbox also comes with a nice built-in loganalyzer/GUI to display live incoming logs, with sophisticated historical searching functions for investigation and compliance reporting purposes.
  • syslog client. Syslog clients are basically devices generating message logs in syslog format and export the logs to external syslog server/collector. All mbox product families support running as syslog client, like many other network devices, and are able to export syslog messages to mbox syslog collector or other 3rd-party syslog server, using standard syslog protocols.

See next: