Introduction to Log Management

Log management includes managing system operation logs, device operation logs, syslog interworking logs and syslog receive configuration.

System Operation Log

System operation logs record various operations of the administrator in the ATIC management center. All operations that affect the database and are initiated by the administrator are logged. Such operations as view, query, and update that do not affect the database are not logged.

The administrator can perform the following operations on system operation logs:

View system operation logs and filter them based on the log level, administrator, log type, operation result, and log generation time.

System operation logs provide visibility into operations of the administrator.
Export system operation logs and save them to a specified local path.
Periodically dumping operation logs stores the logs recorded in the database to the Installation directory/Runtime/LegoRuntime/datastorage/sysoptlog path on the ATIC Management center server. You can download the dumped operation logs on the client and view them locally. In addition, you can delete the logs that are no longer needed from the ATIC Management center server, reducing the recording times of the database and ensuring sufficient database spaces.

NOTE:

Default administrator admin has all permissions. Common administrators that are assigned with the view, export, or dumping permissions can view, export, or dump their own operation logs only. Common administrators that have no view, export, or dumping permissions cannot view, export, or dump any operation logs.

The operation log level identifies the criticality of a log. The operation log level can be danger, minor, warning, or info from the most critical to the least critical. Table 1 defines the different levels of logs.

**Table 1** Log levels
Level	Definition
Danger	Refers to the operations that make the whole system or function modules faulty or unavailable.
Warning	Refers to the normal operations that performed in the system or on function modules.
Minor	Refers to the operations that may cause data inconsistency in system or on function modules.
Info	Refers to the operations that performed to access data in system or on function modules.

Device Operation Log

The device operation log records information about all command lines delivered by the AntiDDoS.

The ATIC management center allows you to view device operation logs and filter the logs based on the logging start time, end time, device IP address, terminal IP address, VTY interface, user name, VRF, and command line.

Device operation logs can be used to monitor the device or locate faults.
Device operation logs take up large database space and cannot be exported or dumped. You can specify a period of time on the Anti-DDoS Data Maintenance page to regularly delete the reserved device operation logs. The device operation logs are retained for 90 days by default.

Syslog Interworking Log

Syslog interworking logs record information about the logs that the Netflow device sends to the ATIC management center.

Syslog Receive Configuration

Configurate to receive Syslog.