Logs are an essential part of a security-critical system like a firewall. Not only does it give out information in real time on what is happening on the system, but it also retraces its history, e.g. when something goes wrong in the system - a crash or an intrusion - it will find out why it happened and most generally figure out a solution.
First of all, you have the choice to activate (or not) the logging system on the local machine (the firewall itself). This, of course, will only be relevant if a display is directly attached to the firewalling machine. It will be possible to control:
Syslog Server (ex: 10.1.1.10) | You can choose to enter either the syslog server's name (i.e.: syslog.company.net) or the IP address. If you don't know the latter, use the ifconfig command as root, or /sbin/ifconfig as a normal user. |
Then, enter your Syslog Server's address. This is a way to better secure your logs, by not hosting them directly on your server but on a different machine.
Level for network log | Info |
This parameter controls the amount of information which will be displayed, according to the level you choose: