Logs

The following is the list of logs used in views to sort by themes, and the name of the corresponding log file on the firewall:

Administration l_server
Alarms l_alarm
Authentication l_auth
Network connections l_connection
Filtering l_filter
FTP proxy l_ftp
IPSec VPN l_vpn
Application connections (plugin) l_plugin
POP3 proxy l_pop3
SMTP proxy l_smtp
SSL proxy l_ssl
System events l_system
Vulnerabilities l_pvm
HTTP proxy l_web
SSL VPN l_xvpn
Sandboxing l_sandboxing

The available views are:

  • All logs

This view displays all logs: Administration, Alarms, Authentication, Network connections, Filter, FTP proxy, IPSec VPN, Application Connections, POP3 proxy, SMTP proxy, SSL proxy, System events, Vulnerabilities, HTTP proxy and SSL VPN.

Description : infoNOTE 

If the user does not have admin privileges, the Administration log will not be taken into account in this view.

 

  • Network traffic

This view displays Network connections, Filter, FTP proxy, Application connections, POP3 proxy, SMTP proxy, SSL proxy, HTTP proxy and SSL VPN logs.

Two predefined filters searching for IPv4 traffic and IPv6 traffic are offered.

  • Alarms

This view displays the Alarms log according to certain categories; this log only displays logs that do not belong to the filter alarm category.

Three predefined filters that search for Application (classification=1), Malware (classification=2) or Protection (classification=0) vulnerabilities are offered.

  • Web

This view displays Network connections, Application connections, and HTTP proxy logs according to certain categories:

  • The Network connections logs only display logs whose standard service corresponding to the destination port is HTTP, HTTPS or HTTP_PROXY.
  • The Application connections log only displays logs with an associated plugin name that is either HTTP or HTTPS.

A predefined filter that looks for detected viruses is offered.

  • Vulnerabilities

This view displays the Vulnerabilities log.

Two predefined filters that search for Client (targetclient=1) and Server (targetserver=1) vulnerabilities are offered.

  • E-mails

This view displays Network connections, Application connections, POP3 proxy and SMTP proxy logs according to certain categories:

  • The Network connections logs only display logs whose standard service corresponding to the destination port is SMTP, SMTPS, POP3, POP3S, IMAP or IMAPS.
  • The Application connections log only displays logs with an associated plugin name that is either SMTP, SMTPS, POP3, POP3S, IMAP or IMAPS.

Two predefined filters that search for detected viruses (virus=infected) and detected spam (spamlevel entered and different from 0) are offered.

  • VPN

This view displays IPSec VPN, System events and SSL VPN logs according to certain categories; the System events log only displays logs for which the reference message is PPTP.

  • System events

This view displays Alarms and System events logs according to certain categories; the Alarms log only displays logs belonging to the system alarm category.

Two predefined filters that search for Minor (pri = 4) or Major (pri = 1) levels are offered.

  • Filtering

This view displays Alarms and Filter logs according to certain categories; the Alarms log displays only logs belonging to the filter alarm category.

  • Sandboxing

This view displays the Sandboxing log.

  • Users

This view displays the Authentication log.