CacheGuard OS
User's Guide - Version EH-1.3.7


Logging

Logging gives you visibility into all allowed or denied Web traffic. The system allows you to select which type of access should be logged. Available access types are: Web accesses in forwarding mode, reverse website accesses, rejected access by the URL guarding module, rejected Web access by the antivirus, rejected Web requests by the WAF and denied traffic by the firewall (see the command log for further information).

Managing logs

An automatic log rotation system allows you to backup logs for a period of n days (n is configured during the appliance installation). Each rotated log is identified by an integer between 1 and 10 called the log serial number. The most recent log (yesterday log) has the number 1. The older one has the number 2 and so on.

To save explicitly the current (today's) log, a log rotation should be forced. To explicitly rotate logs use the following command: This command is executed asynchronously. To check the end of this operation use the following command:

When the log rotation is finished it may be saved on a file server. To save the most recent access log in a file named "access-log.gz" located on the TFTP server identified by the IP address "172.18.2.1" use the following command: Logs are saved in a gzip compressed format. Note that only trusted file servers may be used. To declare a file server as trusted use the command "access file".

The logging feature may be completely disabled. To disable the logging use the followinf commands:

Logging Web Accesses

All Web accesses in forwarding mode and reverse mode can be logged into the system. This functionality allows you to observe all Web access in detail (which machine accesses which URL at which time?). To activated the Web and RWeb access logging use the following commands:

Logging Denied Accesses

To log all rejected accesses use the following commands: