System logging can be tricky to interpret when the IP address of the client is different than that of the server. Because of this, RADIUS and TACACS do not allow a fixed IP address for outgoing packets. Instead, they use a list of valid IP addresses. This list is a necessity for interpreting system logging at the server site.
GigaVUE H Series node logging command
The GigaVUE H Series node has a number of features that help you manage the device. A GUI allows you to view the system status, manage and configure network devices, and configure security. It also offers metric and gauge visualizations. You can also use the console port to connect to the device.
GigaVUE H Series nodes can be configured to store syslog information. To configure logging, use the logging command and specify the IP address to send logged events to an external syslog server. The IP address can be either IPv4 or IPv6. Starting with software version 4.7, you can specify a hostname as well.
Configuring a hostname for IPv4 or IPv6
Configuring a hostname for IPv6 or IPv4 logging requires that you change the IP address of the SteelHead appliance. This can be done by going to Manage> Appliances> Host Settings. There are specific instructions on how to do this, but you’ll have to be aware of the implications of changing the hostname.
To configure the hostname for IPv4 logging, open the ‘General Settings’ window. Click ‘Edit’. Scroll down to the ‘hostname’ field and click ‘Edit’. You’ll need to click the ‘log export and reporting’ tab to find the IPv4 and IPv6 addresses of the interface.
Configuring a rate limit for network firewall log messages
Configuring a rate limit for network firewall login log messages allows you to limit the 192.168.0.1 number of messages that are sent out to the log server each second. This limit is based on a combination of conditions. Log messages that exceed this limit are not logged. The following options can be used to limit network firewall log messages.
Rate limiting can also help you to limit the impact of TCP SYN flood attacks. The following example shows how to configure a rate limit for a T1 link. This example assumes that the source IP address of a hacker is 22.214.171.124.
Configuring a configured IP address as the source IP address
You can configure your router to log in from a specific IP address. To do this, you can use the “configure” command. There are several options you can choose from. For example, you can use MAC address filtering, or you can use a single IP address for both inbound and outgoing traffic.
In addition, if you are running an Apache server, you can configure the log to use the XFF header instead of the IP address of the client. This can help you track down a problem that occurred during a particular session.