[ログ]メニュー

Select Logs from the menu bar at the top of the screen. Endian UTM Appliance keeps logs of all firewall activities. The logs can be viewed and exported from this section.

Following is a list of links that appear in the submenu on the left side of the screen:

  • Live - get quick, live view of the latest log entries as they are being generated
  • Summary - get daily summaries of all logs (generated by logwatch)
  • System - system logs (/var/log/messages) filtered by source and date
  • Service - logs from the intrusion detection system (IDS), OpenVPN and antivirus (ClamAV)
  • Firewall - logs from the IP firewall rules
  • Proxy - logs from the HTTP proxy, the SMTP proxy and the SIP proxy
  • Settings - specify log options such as how long log files should be kept

Each link will be explained individually in the following sections.

Live

Select Logs from the menu bar at the top of the screen, then select Live from the submenu on the left side of the screen. The live log viewer shows you a list of all log files that are available for real time viewing. You can select the logs you want to see by ticking the checkboxes. After clicking on the Show selected logs button a new window with the selected logs will open. If you want to open a single log file you can click on the Show this log only link in the respective row.

This new window contains the main live log viewer. The viewer is configured at the top of the page in the Settings. On the right side the list of the logs that are currently displayed is shown. On the left side some additional control elements are shown. These control elements are:

Filter
Only log entries that contain the expression in this field are shown.
Additional filter
Like the filter above. Only that this filter is applied after the first filter.
Pause output
Clicking on this button will prevent new log entries from appearing on the live log. However, after clicking the button once more all new entries will appear at once.
Highlight
All log entries that contain this expression will be highlighted in the chosen color.
Highlight color
By clicking on the colored square you can choose the color that will be used for highlighting.
Autoscroll
This option is only available if in the Logs ‣ Settings section Sort in reverse chronological order is turned off. In this case new entries will always be shown at the bottom of the page. If the checkbox is ticked the scrollbar will always be at the bottom of the Live logs section. If this is disabled the Live logs section will show the same entry no matter how many new entries are appended at the bottom.

If you want to show other log files you can click on the Show more link right below the list of log files that are shown. The controls will be replaced by a table in which you can select the log files you want to see by checking or unchecking the respective checkboxes. If you want to change the color of a log file you can click on the color palette of that log type and then choose a new color. To show the controls again you can click on one of the Close links below the table and below the list of shown log files. Finally you can also increase or decrease the window size by clicking on the Increase height or Decrease height buttons respectively.

Summary

Select Logs from the menu bar at the top of the screen, then select Summary from the submenu on the left side of the screen.

On this page you can see your Endian UTM Appliance‘s log summary. The following control elements are available:

Month
Here you can select the month of the date that should be displayed.
Day
Here you can select the day of the date that should be displayed.
<< / >>
By using these controls you can go one day back or forth in the history.
Update
By clicking this button the page content will be refreshed.
Export
Clicking this button will open a plain text file with logwatches output.

Depending on the settings in the Log summaries section of the Logs, Settings page you will see more or less output on this page.

System

Select Logs from the menu bar at the top of the screen, then select System from the submenu on the left side of the screen.

In this section you can browse through the various system log files. You can search for log entries in the Settings section by using the following controls:

Section
Here you can choose the type of logs you want to display.
Filter
Only lines that contain this expression are shown.
Jump to Date
Directly show log entries from this date.
Jump to Page
Directly show log entries from this page in your result set (how many entries per page are shown can be configured on the Logs, Settings page).
Update
By clicking on this button will perform the search.
Export
Clicking on this button will export the log entries to a text file.

It is possible to see older and newer entries of the search results by clicking on the Older and Newer buttons right above the search results.

Service

Select Logs from the menu bar at the top of the screen, then select Service from the submenu on the left side of the screen.

The service logs that can be seen here are those of the IDS (Intrusion Detection System), OpenVPN and ClamAV. All these log sites share the same functionality:

Filter
Only lines that contain this expression are shown.
Jump to Date
Directly show log entries from this date.
Jump to Page
Directly show log entries from this page in your result set (how many entries per page are shown can be configured on the Logs ‣ Settings page).
Update
By clicking on this button will perform the search.
Export
Clicking on this button will export the log entries to a text file.

It is possible to see older and newer entries of the search results by clicking on the Older and Newer buttons right above the search results.

Firewall

Select Logs from the menu bar at the top of the screen, then select Firewall from the submenu on the left side of the screen.

The firewall log search can be controlled like the search for service logs in Logs ‣ Service. Please refer to that section for details.

Proxy

Select Logs from the menu bar at the top of the screen, then select Proxy from the submenu on the left side of the screen.

HTTP

Filter
Only lines that contain this expression are shown.
Source IP
Show only log entries from the selected source IP.
Ignore filter
Lines that contain this expression are not shown.
Enable ignore filter
Tick this checkbox if you want to use the ignore filter.
Jump to Date
Directly show log entries from this date.
Jump to Page
Directly show log entries from this page in your result set (how many entries per page are shown can be configured on the Logs ‣ Settings page).
Restore defaults
Clicking on this button will restore the default search parameters.
Update
By clicking on this button will perform the search.
Export
Clicking on this button will export the log entries to a text file.

It is possible to see older and newer entries of the search results by clicking on the Older and Newer buttons right above the search results.

Content filter

The content filter proxy log search can be controlled like the search for http proxy logs in Logs, Proxy, HTTP. Please refer to that section for details.

HTTP report

On this page you can enable the proxy analysis report generator by ticking the Enable checkbox and clicking on Save afterwards. Once the report generator is activated you can click on the Daily report, Weekly report and Monthly report links for detailed HTTP reports.

SMTP

The SMTP proxy log search can be controlled like the search for service logs in Logs ‣ Service. Please refer to that section for details.

SIP

The SIP proxy log search can be controlled like the search for service logs in Logs ‣ Service. Please refer to that section for details.

Settings

Select Logs from the menu bar at the top of the screen, then select Settings from the submenu on the left side of the screen.

On this page you can configure global settings for the logging of your Endian UTM Appliance. The following options can be configured:

Number of lines to display
This defines how many lines are displayed per log-page.
Sort in reverse chronological order
If this is enabled the newest results will be displayed first.
Keep summaries for *__* days
This defines for how many days log summaries should be stored.
Detail level
This defines the detail level for the log summary.
Enabled (Remote Logging)
Check this box if you want to enable remote logging.
Syslog server
This specifies to which remote server the logs will be sent. The server must support the latest IETF syslog protocol standards.
Log packets with BAD constellation of TCP flags
If this is enabled the firewall will log packets with a bad constellation TCP flag (e.g. all flags are set).
Log NEW connections without SYN flag
If this is enabled new TCP connections without SYN flag will be logged.
Log accepted outgoing connections
If you want to log all accepted outgoing connections this checkbox must be ticked.
Log refused packets
If you enable this all refused packets will be logged by the firewall.

To save the settings click on the Save button.

目次

前のトピックへ

[Hotspot]メニュー

次のトピックへ

付録: GNU Free Documentation License