In this section you can configure some useful options.
The page is divided in four sections. Each of them are described below:
Lets you take effect on the output of the log lines:
Specifies how many log lines you want the log viewer to display on one page.
Tick this on if you'd like the log viewer to display chronologically newer log lines first.
This lets you configure the summary page, which will be described later in this document:
Lets you define for how many days you would like to save the daily summaries on disk.
Lets you decide the detail level of the log summary. You can choose from the following possibilities: Low, Medium, High. Due to this configuration the summary will provide you with less, more or much information.
It is possible to let Endian firewall log all its log files also to a remote syslog server. This is very useful if you would like to have all the logs of your company on one centralized log server and it is useful for example to have access to log files in case of a fatal disaster. In order to enable remote logging you need to provide the hostname or ip address of the remote syslog server in the text field labeled Syslog server and then tick on the checkbox Enabled. Endian Firewall then will log as well to the remote syslog server as to local log files.
Currently not every service is able to use syslog. Therefore some can only write down to log files and cannot log to a remote syslog server. Services which currently cannot use syslog are: all sort of HTTP services (administration web server, HTTP proxy, HTTP content filter, HAVP), FTP proxy, IDS (snort).
Usually if Endian Firewall has a public ip address and therefore is the door to the outside, there are very much packets that will be blocked by the firewall. Not all of these are hostile attempts of attackers, but will nevertheless be logged and create much data. Here you have the possibility to globally configure what you would like to have logged and what not:
TCP allows everybody to set flags in constellations which make no sense at all. Such constellations may confuse firewalls and/or computers in general and allow an attacker to gather more information than you would like to share. Especially portscanners do this. Endian Firewall blocks such attempts. Tick this on if you want to have it logged. You will find such attempts in the firewall log resulting as packets which passed the chain BADTCP.
You may enable portscan detection by ticking this checkbox on. The portscan detection will be performed using the netfilter psd match. You will find the logged portscans in the firewall log resulting as packets which passed the chain PORTSCAN.
Portscans will never be blocked! They will only be logged! If you have not configured any ports to be forwarded a portscan of an Endian Firewall will not reveal anything of interest to the attacker since there is nothing open.
Packets which should establish a TCP connection must have set the SYN flag. If it is not set, it is not sane. Endian Firewall will block such packets and you can log the attempts if you tick this checkbox on.
If you tick this on, Endian Firewall will log all connection attempts which have been denied by Endian Firewall. Since Endian Firewall as default denies all connection attempts and allows only what you have defined, this certainly will lead to a bunch of unneeded data, so you may toggle this off. It may be useful to check which ports you need to open for applications that are using ports you don't know.
Tick this on if you would like to globally log all connections which have successfully passed Endian Firewall without being dropped. You can use this to test if your newly created rules are correct as this allows you to see the connections made by your applications.
Check your local law! Enabling this may be prohibited by privacy law in most countries! But some countries may enforce you by law to enable this (For example the antiterror law in Italy). If you need to enable it, think about to backup your logs since you probably also need them after a case of fatal disaster! Ensure that nobody has access to backups and log files (privacy law)!