Log Server configuration parameters

Not all parameters are included in the default configuration file. Some parameters might have to be added manually.

Table 1. Log Server configuration parameters in LogServerConfiguration.txt
Parameter name Description
ARCHIVE_DIR_0 Directory that is used for storing the logs archived by the Log Data tasks. By default, ARCHIVE_DIR_0=${SG_ROOT_DIR}/data/archive.

You can define up to 32 directories: ARCHIVE_DIR_0 … ARCHIVE_DIR_31.

AUDIT_ARCHIVE_DIR Directory used for archiving audit logs. By default, ${SG_ROOT_DIR}/data/audit/archive.
AUDIT_DISK_LIMIT The threshold for minimum available disk space for audit logs. If the free disk space goes below this limit, the Log Server stops storing audit logs.
AUDIT_LOG_DIR Directory used for audit logs. By default, ${SG_ROOT_DIR}/data/audit/log.
DISK_THRESHOLD_IN_KBYTES The threshold for minimum available disk space (in kilobytes). If the free disk space goes below this limit, the Log Server stops storing log records (100000 by default).
LOG_BACKUP_DIR Directory used for Log Server backup files. By default, ${SG_ROOT_DIR}/backups. The backup files must be moved to a separate media after creating a backup.
LOG_EXPORT_DIR Directory used for storing the files exported by Log Data tasks. By default, ${SG_ROOT_DIR}/data/export.
LOG_FW_PORT Log Server port that listens for connections from the NGFW Engines (3020 by default). Changing this value requires reinstalling the Log Server software.
LOG_LOGFILE_DIR Directory used for storing the logfile.txt that logs the task scheduler operations. By default, ${SG_ROOT_DIR}/data.
LOG_QUERY_TIMEOUT Timeout (in milliseconds) for queries in the Logs view (30000 by default).
LOG_SCRIPT_DIR Directory for the scripts used in Log Data tasks. By default, ${SG_ROOT_DIR}/data/script.
LOG_SERVER_ADD IP address of the Log Server. Changing this value requires reinstalling the Log Server software.
MGT_SERVER_ADD IP address of the Management Server. Do not change this parameter value directly to the file. Instead, use the sgChangeMgtIPOnLogSrv.bat (or .sh) script to change this parameter value.
NETFLOW_RECEPTION_PORT The UDP port for receiving NetFlow data. If this parameter has not been defined, the default port (2055 for both Windows and Linux) is used.
Note: In Linux, the value of this parameter must always be higher than 1024.
PHY_LOC Log Server database location. By default, ${SG_ROOT_DIR}/data/db/logserver.
PHY_PORT Log Server database port that the Log Server connects to (1314 by default).
SNMP_COMMUNITY SNMP community string used for sending SNMP messages from the Log Server (public by default).
SNMP_ENTERPRISE_OID SNMP Enterprise Object Identifier (OID) used for SNMP messages sent from the Log Server (.1.3.6.1.4.1.1369 by default).
SNMP_TRAP_RECEPTION_PORT Defines the port used for receiving SNMP traps. The default port is UDP 162 in Windows and UDP 5162 in Linux.
Note: Only the reception of SNMPv1 traps is supported.
SYSLOG_CONF_FILE Configuration file for syslog data. By default, the file is stored in ${SG_ROOT_DIR}/data/fields/syslog_templates.
SYSLOG_MESSAGE_PRIORITY The priority (0–191) of the syslog message is included at the beginning of each UDP packet (the default is 6). See RFC 3164.
SYSLOG_RECEPTION_PORT The UDP port for receiving syslog. If this parameter has not been defined, the default port (514 for Windows or 5514 for Linux) is used.
Note: In Linux, the value of this parameter must always be higher than 1024.
SYSLOG_RECEPTION_TCP_PORT The TCP port for receiving syslog. If this parameter has not been defined, the UDP default port (514 for Windows and 5514 for Linux) is used.
Note: In Linux, the value of this parameter must always be higher than 1024.
SYSLOG_USE_DELIMITER Defines whether to use double quotes (“) in syslog messages to delimit the field values. The default setting ALWAYS_EXCEPT_NULL uses double quotes only for nonempty fields. NEVER does not use delimiters. ALWAYS uses double quotes as delimiters for all empty and nonempty field values.