# provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514
Then restart:
sudo /etc/init.d/rsyslogd restart
Then go into your Zywall and click on the “gears” tab – the configuration.
Click on Log & Report -> Log Settings.
Click on “Remote Server 1” in the list, and click “edit”.
Set the log format to CEF/Syslog, and set the server address to your Linux server’s address.
Set Log Facility to “1”. A facility is kind of like what service is being logged. In syslog, you don’t log a service or program, but a facility, which is like a classification of services. It’s not formalized – for example, you just say “I’m doing mail” and log to the mail log. I’m not sure what this number means, but probably corresponds to the traditional unix log facilities. 1 means “user” in this system.
The log lines will end up in /var/log/syslog.
Save the settings. Then click “Apply” to activate them.
You should be able to tail /var/log/syslog and see Zywall message. There should be a lot of them.
Go back into the Zywall’s logging configuration, and into the remote config, and scroll down to the area where you can turn specific log messages on and off. Turn off logging for the following:
Interface Statistics
System Monitoring
Traffic Log