Copyright (c) 2008 Endian srl, Italy.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled "GNU
Free Documentation License".
Select Logs from the menu bar at the top of the screen.
Endian Firewall keeps logs of all firewall activities. The logs can be viewed and exported from this section.
Following is a list of links that appear in the submenu on the left side of the screen:
/var/log/messages) filtered by source and dateEach link will be explained individually in the following sections.
Select Logs from the menu bar at the top
of the screen, then select Live from the
submenu on the left side of the screen.
The live log viewer shows you a list of all log files that are available for real time
viewing. You can select the logs you want to see by ticking the checkboxes. After clicking on the Show selected logs
button a new window with the selected logs will open.
If you want to open a single log file you can click on the Show this log only link in the respective row.
This new window contains the main live log viewer. The viewer is configured at the top of the page in the Settings. On the right side the list of the logs that are currently displayed is shown. On the left side some additional control elements are shown. These control elements are:
| Filter | - | Only log entries that contain the expression in this field are shown. |
| Additional filter | - | Like the filter above. Only that this filter is applied after the first filter. |
| Pause output | - | Clicking on this button will prevent new log entries from appearing on the live log. However, after clicking the button once more all new entries will appear at once. |
| Highlight | - | All log entries that contain this expression will be highlighted in the chosen color. |
| Highlight color | - | By clicking on the colored square you can choose the color that will be used for highlighting. |
| Autoscroll | - | This option is only available if in the Logs, Settings
section Sort in reverse chronological order is turned off. In this case new entries will always be shown at the bottom of the page. If the checkbox is ticked the scrollbar will always be at the bottom of the Live logs section. If this is disabled the Live logs section will show the same entry no matter how many new entries are appended at the bottom. |
If you want to show other log files you can click on the Show more link right below the list of log files
that are shown. The controls will be replaced by a table in which you can select the log files you want to see by checking or unchecking the
respective checkboxes. If you want to change the color of a log file you can click on the color palette of that log type and then choose a new color.
To show the controls again you can click on one of the Close links below the table and below the list of
shown log files.
Finally you can also increase or decrease the window size by clicking on the Increase height or Decrease height
buttons respectively.
Select Logs from the menu bar at the top of the screen, then select Summary from the submenu on the left side of the screen.
On this page you can see your Endian Firewall's log summary. The following control elements are available:
| Month | - | Here you can select the month of the date that should be displayed. |
| Day | - | Here you can select the day of the date that should be displayed. |
| << / >> | - | By using these controls you can go one day back or forth in the history. |
| Update | - | By clicking this button the page content will be refreshed. |
| Export | - | Clicking this button will open a plain text file with logwatches output. |
Depending on the settings in the Log summaries section of the Logs, Settings page you will see more or less output on this page.
Select Logs from the menu bar at the top of the screen, then select System from the submenu on the left side of the screen.
In this section you can browse through the various system log files. You can search for log entries in the Settings section by using the following controls:
| Section | - | Here you can choose the type of logs you want to display. |
| Filter | - | Only lines that contain this expression are shown. |
| Jump to Date | - | Directly show log entries from this date. |
| Jump to Page | - | Directly show log entries from this page in your result set (how many entries per page are shown can be configured on the Logs, Settings page). |
| Update | - | By clicking on this button will perform the search. |
| Export | - | Clicking on this button will export the log entries to a text file. |
It is possible to see older and newer entries of the search results by clicking on the Older and Newer buttons right above the search results.
Select Logs from the menu bar at the top of the screen, then select Service from the submenu on the left side of the screen.
The service logs that can be seen here are those of the IDS (Intrusion Detection System), OpenVPN
and ClamAV.
All these log sites share the same functionality:
| Filter | - | Only lines that contain this expression are shown. |
| Jump to Date | - | Directly show log entries from this date. |
| Jump to Page | - | Directly show log entries from this page in your result set (how many entries per page are shown can be configured on the Logs, Settings page). |
| Update | - | By clicking on this button will perform the search. |
| Export | - | Clicking on this button will export the log entries to a text file. |
It is possible to see older and newer entries of the search results by clicking on the Older and Newer buttons right above the search results.
Select Logs from the menu bar at the top of the screen, then select Firewall from the submenu on the left side of the screen.
The firewall log search can be controlled like the search for service logs in Logs, Service. Please refer to that section for details.
Select Logs from the menu bar at the top of the screen, then select Proxy from the submenu on the left side of the screen.
| Filter | - | Only lines that contain this expression are shown. |
| Source IP | - | Show only log entries from the selected source IP. |
| Ignore filter | - | Lines that contain this expression are not shown. |
| Enable ignore filter | - | Tick this checkbox if you want to use the ignore filter. |
| Jump to Date | - | Directly show log entries from this date. |
| Jump to Page | - | Directly show log entries from this page in your result set (how many entries per page are shown can be configured on the Logs, Settings page). |
| Restore defaults | - | Clicking on this button will restore the default search parameters. |
| Update | - | By clicking on this button will perform the search. |
| Export | - | Clicking on this button will export the log entries to a text file. |
It is possible to see older and newer entries of the search results by clicking on the Older and Newer buttons right above the search results.
The content filter proxy log search can be controlled like the search for http proxy logs in Logs, Proxy, HTTP. Please refer to that section for details.
On this page you can enable the proxy analysis report generator by ticking the Enable checkbox
and clicking on Save afterwards.
Once the report generator is activated you can click on the Daily report, Weekly report and
Monthly report links for detailed HTTP reports.
The SMTP proxy log search can be controlled like the search for service logs in Logs, Service. Please refer to that section for details.
The SIP proxy log search can be controlled like the search for service logs in Logs, Service. Please refer to that section for details.
Select Logs from the menu bar at the top of the screen, then select Settings from the submenu on the left side of the screen.
On this page you can configure global settings for the logging of your Endian Firewall. The following options can be configured:
| Number of lines to display | - | This defines how many lines are displayed per log-page. |
| Sort in reverse chronological order | - | If this is enabled the newest results will be displayed first. |
| Keep summaries for __ days | - | This defines for how many days log summaries should be stored. |
| Detail level | - | This defines the detail level for the log summary. |
| Enabled (Remote Logging) | - | Check this box if you want to enable remote logging. |
| Syslog server | - | This specifies to which remote server the logs will be sent. The server must support the latest IETF syslog protocol standards. |
| Log packets with BAD constellation of TCP flags | - | If this is enabled the firewall will log packets with a bad constellation TCP flag (e.g. all flags are set). |
| Log NEW connections without SYN flag | - | If this is enabled new TCP connections without SYN flag will be logged. |
| Log accepted outgoing connections | - | If you want to log all accepted outgoing connections this checkbox must be ticked. |
| Log refused packets | - | If you enable this all refused packets will be logged by the firewall. |
To save the settings click on the Save button.