System Log Configuration

The firewall produces extensive logs of network activity. As the volume of log messages can be very large, the firewall includes several features which help manage and use the system log. These include:

• The ability to filter system log messages based on text patterns, and take different actions for different matches. The actions include echoing the message to the screen with different attributes, printing it on a printer, or relaying it to a pager or cellular phone SMS service.
• The ability to view subsets of the system log based on time/date ranges, and pattern matches.
• The ability to graph patterns of system log activity.
• The ability to generate summary reports of log activity.

Section 5.1 describes how these facilities are used from within fwadmin, while Section 5.5 describes how even more functionality can be accessed using a WWW browser and the webadmin service.

  

Figure 4.54: The System Logging Setup Screen

The System Logging Setup Screen (Figure 4.54) is used to configure various system log features. The fields in this screen are:

Archive Logs For

This allows you to specify how many months system logs should be archived for. Logs can be archived for up to ten months (giving eleven months in total when the current month is included). If you want to archive logs for longer than this you should save copies of the log archives on some other machine. The log archives can be found in the /log directory.

Filter at Week End

If set to yes, then the firewall will strip out log messages not needed for reports at the end of each week before archiving. This can help to reduce the size of the log archives.

Log Newsgroup Access

If set to yes, the firewall will log the last newsgroup visited and number of bytes exchanged each time a user who is reading news changes their active newsgroup or terminates an NNTP session.

Log VPN Access

If set to yes, the firewall will log all sessions tunnelled to other CEQURUX Technologies proprietary virtual private networks.

Log WWW URL Access

If set to yes, the firewall will log all requested URLs by users accessing the World-Wide Web.

Mail To

If you have log filter actions which involve mailing log messages, this field allows you to specify who they should be mailed to.

Remote Log Host

The IP address, if any, of a host to which log messages should be copied using the UDP syslog service (port 514).

Use WebTrends WELF Format

If set to yes, some of the more important log messages will be logged in WebTrends WELF format instead of the default format.

In WELF format, each log message contains several key=value fields, where values that contain embedded spaces or certain other special characters are enclosed in double quotes ("..."). If a value contains embedded double quote characters, they are converted to single quotes (').

WebTrends Log Server Address

If set, then any WebTrends compatible log messages will also be sent to this server address using the UDP syslog service.

Windows Popup Host

This field allows you to specify the NetBIOS name of a MS-Windows host to be used for sending popup alerts to.

The log filter facility allows you to selectively send log messages to your pager, or to a GSM cellular phone using the GSM short message service (SMS). The remaining fields pertain to this:

Service

This allows you to select which SMS or pager system to use. The set of choices corresponds to the available scripts in the /usr/local/pagers directory on the firewall. If your provider is not listed, you will need to add a script yourself (please send us a copy so that we can add it into future releases). The script will be invoked with the log message as the first argument, and any additional information you specify as the second argument.

If a pager script contains a line starting with `#P#', then that line will be displayed as help text on the screen for the provider. Similarly, if the script contains a line starting with `#A#', then that line will be displayed as help text on the screen for the argument.

Script Argument

This is the additional information that should be passed to the pager script. This argument varies from one service to another, but would usually include the pager identification code or telephone number.