Symantec Firewall/VPN Expert level

On the Expert level screen, there's a number of settings that I didn't comment on on the Basics page. I'll try to cover some of them here, in addition to a few other things.

What does User-Level and Debug-Level mean?

I stumbled onto this one almost by mistake. I recently installed a server with the syslog daemon, and wanted to see what sort of information was logged. So, I switched it to "Debug-level" on the Expert Level page thinking that I'd get to see a lot of information. But no such luck. There didn't seem to be any difference.

Then I noticed that all the lights on my switch was flashing, as if there was a lot of broadcast traffic going on. Since I don't have anything running that should cause this, I started up a packet sniffer, and to my surprise found that all the traffic on my LAN was being broadcast all over. As it turns out, selecting "Debug-Level" causes the switch to act more like a hub. The "debug" feature is that you can sit with a sniffer and see the traffic... Pretty cool! Unless you need to see this stuff, leave it on "User-Level".

Syslog server

On the Log Settings screen, you can enter in an IP address of a syslog server. If you do, you'll need to know the facility that it logs it to. And I'm going to tell you what it is. It's local0. It doesn't log much more than what you get in the regular log, but at least you won't lose your logs during a power outage or reboot.

