Log Server configuration parameters
Not all parameters are included in the default configuration file. Some parameters might have to be added manually.
| Parameter name | Description |
|---|---|
ARCHIVE_DIR_0
|
Directory that is used for storing the logs archived by the Log Data tasks. By default, ARCHIVE_DIR_0=${SG_ROOT_DIR}/data/archive. You
can define up to 32 directories: |
AUDIT_ARCHIVE_DIR |
Directory used for archiving audit logs. By default, ${SG_ROOT_DIR}/data/audit/archive. |
AUDIT_DISK_LIMIT
|
The threshold for minimum available disk space for audit logs. If the free disk space goes below this limit, the Log Server stops storing audit logs. |
AUDIT_LOG_DIR
|
Directory used for audit logs. By default, ${SG_ROOT_DIR}/data/audit/log. |
DISK_THRESHOLD_IN_KBYTES
|
The threshold for minimum available disk space (in kilobytes). If the free disk space goes below this limit, the Log Server stops storing log records (100000 by default). |
LOG_BACKUP_DIR |
Directory used for Log Server backup files. By default, ${SG_ROOT_DIR}/backups. The backup files must be moved to a separate media after
creating a backup. |
LOG_EXPORT_DIR
|
Directory used for storing the files exported by Log Data tasks. By default, ${SG_ROOT_DIR}/data/export. |
LOG_FW_PORT |
Log Server port that listens for connections from the NGFW Engines (3020 by default). Changing this value requires reinstalling the Log Server software. |
LOG_LOGFILE_DIR |
Directory used for storing the logfile.txt that logs the task scheduler operations. By default, ${SG_ROOT_DIR}/data. |
LOG_QUERY_TIMEOUT
|
Timeout (in milliseconds) for queries in the Logs view (30000 by default). |
LOG_SCRIPT_DIR |
Directory for the scripts used in Log Data tasks. By default, ${SG_ROOT_DIR}/data/script. |
LOG_SERVER_ADD |
IP address of the Log Server. Changing this value requires reinstalling the Log Server software. |
MGT_SERVER_ADD |
IP address of the Management Server. Do not change this parameter value directly to the file. Instead, use the sgChangeMgtIPOnLogSrv.bat (or .sh) script to change this parameter value. |
NETFLOW_RECEPTION_PORT
|
The UDP port for receiving NetFlow data. If this parameter has not been defined, the default port (2055 for both Windows and Linux) is used. Note: In
Linux, the value of this parameter must always be higher than 1024.
|
PHY_LOC |
Log Server database location. By default, ${SG_ROOT_DIR}/data/db/logserver. |
PHY_PORT |
Log Server database port that the Log Server connects to (1314 by default). |
SNMP_COMMUNITY |
SNMP community string used for sending SNMP messages from the Log Server (public by default). |
SNMP_ENTERPRISE_OID |
SNMP Enterprise Object Identifier (OID) used for SNMP messages sent from the Log Server (.1.3.6.1.4.1.1369 by default). |
SNMP_TRAP_RECEPTION_PORT
|
Defines the port used for receiving SNMP traps. The default port is UDP 162 in Windows and UDP 5162 in Linux. Note: Only the reception of SNMPv1 traps is
supported.
|
SYSLOG_CONF_FILE |
Configuration file for syslog data. By default, the file is stored in ${SG_ROOT_DIR}/data/fields/syslog_templates. |
SYSLOG_MESSAGE_PRIORITY
|
The priority (0–191) of the syslog message is included at the beginning of each UDP packet (the default is 6). See RFC 3164. |
SYSLOG_RECEPTION_PORT
|
The UDP port for receiving syslog. If this parameter has not been defined, the default port (514 for Windows or 5514 for Linux) is used. Note: In Linux,
the value of this parameter must always be higher than 1024.
|
SYSLOG_RECEPTION_TCP_PORT
|
The TCP port for receiving syslog. If this parameter has not been defined, the UDP default port (514 for Windows and 5514 for Linux) is used. Note: In
Linux, the value of this parameter must always be higher than 1024.
|
SYSLOG_USE_DELIMITER
|
Defines whether to use double quotes (“) in syslog messages to delimit the field values. The default setting ALWAYS_EXCEPT_NULL uses
double quotes only for nonempty fields. NEVER does not use delimiters. ALWAYS uses double quotes as delimiters for all empty and nonempty
field values. |