Comodo Dome Firewall

• Comodo Dome Firewall Virtual Appliance - Quick Start Guide
  • Step 1 - Setup Dome Firewall Virtual Appliance And Login To The Console
  • Step 2 - Configure A System Access Rule For Hosts In The Network To Connect To The Firewall
  • Step 3 - Configure The Network Interfaces
  • Step 4 - Activate Your License
  • Step 5 - Configure Firewall Policy
  • Step 6 - View Logs And Generate Reports
• About Comodo Security Solutions

Step 6 - View Logs and Generate Reports

 

• The 'Logs' module shows events that are currently taking place across all modules, allowing you to troubleshoot problems and monitor activities in real time.

• You can customize the log viewers of various modules.

• Logs can be filtered according to date, keyword or module. You can export logs from selected modules to .csv files (comma separated values).

• You can also specify a remote syslog server to store the logs.

 

To configure log settings

• Click 'Logs' on the left and select 'Settings'

The interface contains three areas:

Log Viewing Options -

• Customize the log viewer screens of different DFW modules/services.

• Number of lines to display – The number of log entries shown on a single page in the log viewer

• Sort in reverse chronological order – Will show the most recent logs at the top of each page. Normally, logs are shown in chronological order, so the most recent logs are shown at the bottom.

Remote Logging

• If you want to post logs to a remote server, specify the target and the protocol to be used for the data transfer.

• Enabled - Select the checkbox to enable remote logging

• Syslog server - Enter the host name or IP of the remote logging server to which logs should be sent. Ensure that the server supports the latest IETF syslog protocol standards. If a remote syslog server is setup in the network by installing 'Dome Firewall Log Collector', specify the IP address or the hostname of the endpoint at which the log collector is installed.

• Protocol - Choose the data transfer protocol to be used for transferring the logs from the drop-down.

Tip: For Dome Firewall Log Collector, choose UDP as data transfer protocol.

Firewall Logging

The 'Firewall Logging' area lets you specify event types that should be included in the firewall logs. These are in addition to the usually logged events.

• Select the event types from the options in this area:

• Log packets with BAD constellation of TCP flags - Log packets with all flags set.

• Log NEW connections without SYN flag – Log all new connections without the synchronization flag.

• Log accepted outgoing connections – Log outgoing connections that pass through the firewall from internal network zones.

• Log refused packets – Log packets from external sources that were rejected.

• Click 'Save' for your configuration to take effect.

To view the logs

• Click 'Logs' on the left then select 'Live'

• The 'Live Logs' interface lists modules and their current events.

• Events are displayed in a scrolling window which is continuously updated.

• The window also allows you to filter logs according to specific criteria.

Realtime logs of the following modules are available:

• DHCP - Events from the DHCP server module of Dome Firewall. This includes assignment of fixed and dynamic IP addresses to devices in different internal network zones.

• Firewall - Log of connection attempts that were allowed or blocked by the Firewall. Click the '+' button at the right of a log entry to view the source and destination addresses, the connection protocol and more.

• SSLVPN - Events relevant to SSL VPN connections.

• Intrusion detection - Events generated by the Intrusion Detection System (IDS) service.

• Web proxy - Events generated by the HTTP/HTTPS Proxy services.

• System Access – Record of user logins to the firewall.

You can add or remove modules in the live log interface as required.

• To view the log of events for a specific module, click the 'Show this log only' link beside the module

• To view logs from several modules, select the modules and click the 'Show selected logs' button

The 'Live Log Viewer' will open in a new browser window.

• Click the '+' button at the right end of a log entry to view its details.

Click here to refer to the full Dome Cloud Firewall administrator guide.

 

Generate Reports

• The 'Reporting' interface lets you view logs of selected firewall modules with details on each event. Logs can be filtered by date.

• You can also export logs as a comma separated values (CSV) file for analysis, trouble shooting and archiving.

To generate reports

• Click 'Logs' on the left then choose 'Reporting' from the options

The 'Reporting' screen shows logs from various appliance modules.

• Use the check-boxes above the table to select the type of logs that should be included in the report

• Note - Don't select anything if you want to include all modules in the report

• Use the 'Start Date' and 'End Date' fields to specify the period that the report should cover

• Select the time of the day in the next step

The table will show log entries for the selected module(s) covering the specified time period.

• Click 'Export Logs' to download the displayed logs as a comma separated values (.csv) file

Click here to view the full admin guide.