The SBG6580-2 has the ability to send firewall attack reports out to a standard Syslog server so that many instances can be logged over a period of time. Â There are four types of logs as followed:
- Permitted Connections - Allows the server to e-mail logs of who is connecting to the network.
- Blocked Connections - Allows the server to e-mail logs of who is blocked from connecting to the network.
- Known Internet Attacks - Allows the server to e-mail logs of known Internet attacks against the network.
- Product Configurations Event - Allows the server to e-mail logs of the basic product configuration event logs.
The Firewall Remote Log is not enabled by default. This document describes how to enable and configure the Firewall Remote Log.
Requirements
- The Syslog server must be on the same network on the LAN (Local Area Network) behind the Gateway (typically 192.168.0.x).
- The Syslog server must be configured and running to receive log entries from the SBG6580-2. Please refer to the manufacturer's documentation for assistance.
Enable Firewall Remote Log
- Launch a Firefox or Safari browser.  Enter http://192.168.0.1 into the address box, and press the Enter key. Â
NOTE: A browser message on Chrome, Edge, Firefox, and Opera, may appear when accessing the Web Manager. The message includes 192.168.01 uses an unsupported protocol and ERR_SSL_VERSION_OR_CIPHER_MISMATCH. The Web Manager uses an earlier version of the TLS protocol and does not match the version allowed by the web browser.  Safari browsers on Apple PC and mobile devices are not impacted.  The workaround to access the Web Manager with a PC is to use the Firefox browser and set the TLS version to 1. For workaround instructions refer to article # 19435 - 192.168.0.1 uses an unsupported protocol.Â
 - A security or private risk alert may appear on the web browser advising users to proceed with caution when accessing the Web Manager. There is no risk in proceeding to the Web Manager. For instructions to bypass the alert screen, refer to article # 18181 - Alert Message for Web Manager Access.
 - On the Login page, enter admin or a customized username in the Username field.
 - Enter password or a customized password in the Password field.
NOTE: On later versions of the SBG6580-2, the Wi-Fi Security Key is used as the default admin password printed on the bottom white label. For assistance with Web Manager Access, refer to article # 18752 – SBG6580-2: Web Manager Access.
 - Click the Login button.  The Home page will appear.
 - Move the mouse cursor over Firewall on the main menu and click the Remote Log link on the sub-menu.  The Firewall - Remote page will appear.
 - On the Firewall - Remote Log page, check the Permitted Connections box to enable the log.
 - Check the Blocked Connections box to enable the log.
 - Check the Known Internet Attacks box to enable the log.
 - Check the Product Configurations Event box to enable the log.
NOTE: Normally the IP address of the Syslog server should be hard-coded so that the address does not change and always agrees with the entry on this page.
 - Enter the last digit of the Syslog server's IP address into the to Syslog server at 192.168.0. field.
 - Click the Apply button.
