CacheGuard-OSUser's Guide - Version UF-2.0.2
Logging
Logging gives you visibility into all allowed or denied Web traffic. The system allows you to select which type of access should be logged. Available access types are: Web accesses in forwarding mode, reverse website accesses, rejected access by the URL guarding module, rejected Web access by the antivirus, rejected Web requests by the WAF and denied traffic by the firewall (see the command log for further information).
Managing logs
An automatic log rotation system allows you to backup logs for a period of n days (n is configured during the appliance installation). Each rotated log is identified by an integer between 1 and 10 called the log serial number. The most recent log (yesterday log) has the number 1. The older one has the number 2 and so on.
To save explicitly the current (today's) log, a log rotation should be forced. To explicitly rotate logs use the following command:
- log rotate
- log rotate report
When the log rotation is finished it may be saved on a file server. To save the most recent access log in a file named "access-log.gz" located on the TFTP server identified by the IP address "172.18.2.1" use the following command:
- log save acess 1 tftp 172.18.2.1 access-log.gz
The logging feature may be completely disabled. To disable the logging use the followinf commands:
- mode log off
- apply
Logging Web Accesses
All Web accesses in forwarding mode and reverse mode can be logged into the system. This functionality allows you to observe all Web access in detail (which machine accesses which URL at which time?). To activated the Web and RWeb access logging use the following commands:- mode log on
- log type web on
- log type rweb on
- apply
Logging Denied Accesses
To log all rejected accesses use the following commands:- mode log on
- log type guard on
- log type antivirus on
- log type waf on
- log type firewall on
- apply