Local storage tab

Log configuration makes it possible to allocate disk space for each type of log on the firewall. In this menu, logging on the firewall can be enabled or disabled.


Enables or disables logging on the firewall. Logging is disabled by default if the firewall does not have a storage device.

Storage device

Storage device Select the storage device on which logs will be saved:
  • Firewall’s internal storage medium,
  • SD card for firewalls in equipped with an external storage device and with an External storage subscription.

NOTE
For more information, refer to the SNS Presentation and installation guide, under Appendix B: log storage.

Refresh Refreshes the list of storage media
Format Formats the storage device.

NOTE
In a high availability configuration, actions relating to the SD card are only valid for the card inserted into the active firewall. To use an SD card on the passive firewall, you must first switch from passive to active mode in the Maintenance module.

Configuring the space reserved for logs

There are several categories under which the firewall logs events detected by log functions, including data relating to capture features.

All categories share the same storage space. You can enable or disable logging for a particular category and modify its disk space quota by assigning a percentage to it.

The table

Enabled Shows that logging is enabled for a particular log category. Double-click to change the status.
Family Specifies the name of the log category or family.
Percentage

Shows the percentage of disk space assigned to the log family. Double-click to edit.

The total disk space reserved for all log families is shown at the bottom of the grid. A warning message will appear if it exceeds 100%. However, changes are allowed. If a storage device is full, the most recent logs erase the oldest logs.

Disk space quota Shows the proportion of disk space that each log family occupies on the storage device. This value varies according to the percentage assigned.

The Enable all or Disable all buttons make it possible to enable or disable logging in a single action for all log families.

Confirm changes by clicking on Apply. You must save your changes if the total disk space reserved exceeds 100%.

Log families

Administration (serverd) Events relating to the firewall administration server (serverd).
Authentication Events relating to user authentication.
Network connections Events relating to connections through and to the firewall.
System events Events directly relating to the system: shutdown and startup of the firewall, system error, etc. Shutting down and starting log functions correspond to shutting down and starting the daemons that generate logs.
Alarms Events relating to the application of intrusion prevention features.
HTTP proxy Events relating to HTTP traffic.
Application connections (plugin) Events relating to processes carried out by ASQ plugins.
SMTP proxy Events relating to SMTP traffic.
Filter policy Events relating to the application of filter functions.
IPsec VPN Events relating to the setup of SAs.
SSL VPN Events relating to setup of the SSL VPN.
POP3 proxy Events relating to message sending.
Statistics Events relating to real-time monitoring.
Vulnerability management Events relating to the application for consulting vulnerabilities on the Stormshield Network Vulnerability Manager network.
FTP proxy Events relating to FTP traffic.
SSL proxy Events relating to SSL traffic.
Sandboxing Events relating to the sandboxing of files if this option has been subscribed and enabled.
Network captures Data obtained from network captures activated on the firewall.
Router statistics Data obtained from statistics of routers and their gateways.