Logs
The following is the list of logs used in views to sort by themes, and the name of the corresponding log file on the firewall:
Administration | l_server |
Alarms | l_alarm |
Authentication | l_auth |
Network connections | l_connection |
Filtering | l_filter |
FTP proxy | l_ftp |
IPsec VPN | l_vpn |
Application connections | l_plugin |
POP3 proxy | l_pop3 |
SMTP proxy | l_smtp |
SSL proxy | l_ssl |
System events | l_system |
Vulnerabilities | l_pvm |
HTTP proxy | l_web |
SSL VPN | l_xvpn |
Sandboxing | l_sandboxing |
The available views are:
- All logs
This view displays all logs: Administration, Alarms, Authentication, Network connections, Filter, FTP proxy, IPsec VPN, Application Connections, POP3 proxy, SMTP proxy, SSL proxy, System events, Vulnerabilities, HTTP proxy and SSL VPN.
NOTE
If the user does not have admin privileges, the Administration log will not be taken into account in this view.
- Network traffic
This view displays Network connections, Filter, FTP proxy, Application connections, POP3 proxy, SMTP proxy, SSL proxy, HTTP proxy and SSL VPN logs.
Two predefined filters searching for IPv4 traffic and IPv6 traffic are offered.
- Alarms
This view displays the Alarms log according to certain categories; this log only displays logs that do not belong to the filter alarm category.
Three predefined filters that search for Application (classification=1), Malware (classification=2) or Protection (classification=0) vulnerabilities are offered.
- Web
This view displays Network connections, Application connections, and HTTP proxy logs according to certain categories:
- The Network connections logs only display logs whose standard service corresponding to the destination port is HTTP, HTTPS or HTTP_PROXY.
- The Application connections log only displays logs with an associated plugin name that is either HTTP or HTTPS.
A predefined filter that looks for detected viruses is offered.
- Vulnerabilities
This view displays the Vulnerabilities log.
Two predefined filters that search for Client (targetclient=1) and Server (targetserver=1) vulnerabilities are offered.
- E-mails
This view displays Network connections, Application connections, POP3 proxy and SMTP proxy logs according to certain categories:
- The Network connections logs only display logs whose standard service corresponding to the destination port is SMTP, SMTPS, POP3, POP3S, IMAP or IMAPS.
- The Application connections log only displays logs with an associated plugin name that is either SMTP, SMTPS, POP3, POP3S, IMAP or IMAPS.
Two predefined filters that search for detected viruses (virus=infected) and detected spam (spamlevel entered and different from 0) are offered.
- VPN
This view displays IPsec VPN, System events and SSL VPN logs according to certain categories; the System events log only displays logs for which the reference message is PPTP.
- System events
This view displays Alarms and System events logs according to certain categories; the Alarms log only displays logs belonging to the system alarm category.
Two predefined filters that search for Minor (pri = 4) or Major (pri = 1) levels are offered.
- Filtering
This view displays Alarms and Filter logs according to certain categories; the Alarms log displays only logs belonging to the filter alarm category.
- Sandboxing
This view displays the Sandboxing log.
- Users
This view displays the Authentication log.