System Log Settings

The InstaGate and ThreatWall product lines now offer the ability to integrate with a remote syslog server. You can also change the local system log settings and choose which logs to keep and how long to store them for. Most servers, including Windows, Linux, Cisco and Unix, have the ability to act as a syslog server. For more information regarding the setup and configuration of a syslog server please consult the server manufacturer or additional information. With an active syslog server on the network, an InstaGate or ThreatWall can upload its log files for long term storage and review.

To access the Log Settings on an InstaGate click on System then Log Settings (on a ThreatWall click on Reports & Log then Log Settings). Here, you can set the number of days to keep logs, and activate various types of logging.

To enable remote logging check the enabled box under Remote Log Settings. Once enabled the protocol used, server address and server port number need to be entered. Please consult your syslog server documentation if this information is not known. Then simply check the boxes associated with the service(s) to be logged remotely. The Log areas in WELF check box may appear depending on whether the Web or Email ThreatPaks have been installed. This format refers to WebTrends Enhanced Log File (WELF) format.

Please note that since most syslog servers use UDP to transmit information there is no failure notifications sent. Therefore the eSoft device will not display a success or failure notification on the screen when apply is clicked. The syslog server itself should be monitored to verify that the selected log files have been uploaded.

Below is a listing of the various log files and what information can be found in each:

General – This is the main system log. In it will be information regarding the system itself.

Access – This log shows access and browsing of the administrative user interface.

Firewall – This is the firewall log. Please note only blocked traffic is logged. (Not available on the ThreatWall)

Email Server – This area shows email that is handled by the Email ThreatPak or Complete Mail Server, if enabled.

Web Proxy – If logging, and the Web ThreatPak are enabled, this area will show all web traffic that is sent through the web proxy.

Deep Packet Inspection – This is where information from Anti-Virus and Anti-Spyware is logged.

Intrusion Prevention – This is the Intrusion Prevention log.

Spam Filter – These logs show brief information on the This is the spam filter log.