Step 6 - View Logs and Generate Reports
- The 'Logs' module shows events that are currently taking place across all modules, allowing you to troubleshoot problems and monitor activities in real time.
- You can customize the log viewers of various modules.
- Logs can be filtered according to date, keyword or module. You can export logs from selected modules to .csv files (comma separated values).
- You can also specify a remote syslog server to store the logs.
To configure log settings
- Click 'Logs' on the left and select 'Settings'
The interface contains three areas:
- Customize the log viewer screens of different DFW modules/services.
- Number of lines to display – The number of log entries shown on a single page in the log viewer
- Sort in reverse chronological order – Will show the most recent logs at the top of each page. Normally, logs are shown in chronological order, so the most recent logs are shown at the bottom.
- If you want to post logs to a remote server, specify the target and the protocol to be used for the data transfer.
- Enabled - Select the checkbox to enable remote logging
- Syslog server - Enter the host name or IP of the remote logging server to which logs should be sent. Ensure that the server supports the latest IETF syslog protocol standards. If a remote syslog server is setup in the network by installing 'Dome Firewall Log Collector', specify the IP address or the hostname of the endpoint at which the log collector is installed.
- Protocol - Choose the data transfer protocol to be used for transferring the logs from the drop-down.
Tip: For Dome Firewall Log Collector, choose UDP as data transfer protocol. |
The 'Firewall Logging' area lets you specify event types that should be included in the firewall logs. These are in addition to the usually logged events.
- Select the event types from the options in this area:
- Log packets with BAD constellation of TCP flags - Log packets with all flags set.
- Log NEW connections without SYN flag – Log all new connections without the synchronization flag.
- Log accepted outgoing connections – Log outgoing connections that pass through the firewall from internal network zones.
- Log refused packets – Log packets from external sources that were rejected.
- Click 'Save' for your configuration to take effect.
To view the logs
- Click 'Logs' on the left then select 'Live'
- The 'Live Logs' interface lists modules and their current events.
- Events are displayed in a scrolling window which is continuously updated.
- The window also allows you to filter logs according to specific criteria.
Realtime logs of the following modules are available:
- DHCP - Events from the DHCP server module of Dome Firewall. This includes assignment of fixed and dynamic IP addresses to devices in different internal network zones.
- Firewall - Log of connection attempts that were allowed or blocked by the Firewall. Click the '+' button at the right of a log entry to view the source and destination addresses, the connection protocol and more.
- SSLVPN - Events relevant to SSL VPN connections.
- Intrusion detection - Events generated by the Intrusion Detection System (IDS) service.
- Web proxy - Events generated by the HTTP/HTTPS Proxy services.
- System Access – Record of user logins to the firewall.
- To view the log of events for a specific module, click the 'Show this log only' link beside the module
- To view logs from several modules, select the modules and click the 'Show selected logs' button
The 'Live Log Viewer' will
open in a new browser window.
- Click the '+' button at the right end of a log entry to view its details.
Click here to refer to the full Dome Cloud Firewall administrator guide.
Generate Reports
- The 'Reporting' interface lets you view logs of selected firewall modules with details on each event. Logs can be filtered by date.
- You can also export logs as a comma separated values (CSV) file for analysis, trouble shooting and archiving.
To generate reports
- Click 'Logs' on the left then choose 'Reporting' from the options
The 'Reporting' screen shows logs from various appliance modules.
- Use the check-boxes above the table to select the type of logs that should be included in the report
- Note - Don't select anything if you want to include all modules in the report
- Use the 'Start Date' and 'End Date' fields to specify the period that the report should cover
- Select the time of the day in the next step
The table will show log entries for the selected module(s) covering the specified time period.
- Click 'Export Logs' to download the displayed logs as a comma separated values (.csv) file
Click here to view the full admin guide.