Configuring a Syslog Server

Configuring a remote Syslog server can be defined using either an IP address or hostname. The severity levels you can select from are the following:

  • Emergency
  • Alert
  • Critical
  • Error
  • Warning
  • Notice
  • Informational
  • Debug 

The preferred severity level would be to set it to Informational

Navigate to the System tab in the bottom left of the Web UI (EdgeRouter Web UI) and define the syslog server and log level.

System > System Log

  • Log to remote server: <siem-server-ip>
    Log Level: <severity-level>

NOTE: EdgeOS uses the BSD Syslog format, the rsyslogd service and UDP port 514 (not customizable) for Syslog by default.

The above configuration can also be set using the CLI. (CLI: Access the EdgeRouter Command Line Interface):

  • configure
    set system syslog <siem-server-ip> facility all level
    commit ; save