Configuring a NetScreen firewall

Thanks to George McCashin for providing this information.

Web based configuration:

1). Log on to the web interface as an "admin" user

2). Go to Configuration->Report Settings->Syslog

3). Click on 'Enable Syslog'

4). If you want all traffic logged also click on 'Include Traffic Log' as well

5). Enter the log host address and port (Address of Kiwi Syslog Server and UDP port 514)

Additional note provided by Kevin Branch:

This will log all traffic coming through all types of Netscreen policies (permit/deny/tunnel), as well as log traffic permitted by default (if the Netscreen is set to permit sessions that are not specifically denied).

The "Log Packets Terminated to Self" option has nothing to do with sessions across the Netscreen, but rather logs sessions to the Netscreen itself (which should only be Netscreen management traffic, but will also show up probes from the Internet)

Alternatively, you can configure the NetScreen from the CLI.

Command Line Interface configuration:

The specific commands required to set up a Syslog server are listed below:

 set syslog config ip_address security_facility

 local_facility

 set syslog enable

 set syslog traffic

 set log module system level level destination syslog

Note: The set syslog config command requires that you define the security facility and local facility. See the syslog command in the NetScreen CLI Reference Guide for a complete list of options for security_facility and local_facility.

Note: You must enter the set log command once for each message level. The options for level are listed below:

 emergency

 alert

 critical

 error

 warning

 notification

 information