Enabling Logging

Discuss and get help configuring CacheGuard to protect Web end-users
Post Reply
turboaaa
Posts: 2
Joined: 16 Apr 2018 21:04

Enabling Logging

Post by turboaaa » 16 Apr 2018 21:07

I have the appliance running in my lab, but there are no logs that I can find. Neither URL requests or AV detection are showing on the dashboard. AV is enabled as it has blocked test files, and my test system is indeed using the appliance as it's web gateway.

User avatar
david
Posts: 157
Joined: 08 Aug 2015 20:38

Re: Enabling Logging

Post by david » 17 Apr 2018 09:51

Hi,

Please check whether you have activated required logging. To do so, use the following command:

Code: Select all

log type
By default the Web access logging is turned off. To activate it use the following commands:

Code: Select all

log type web on
apply
Blocked traffic counters in the dashboard reflect all blocked traffic since the last log rotations. Log rotations are automatically performed during the night but you can ask for an explicit log rotation by using the following command.

Code: Select all

log rotate
After having performed that command, if you refresh your dashboard you should be able to view an overview of blocked traffic (since the last log rotations). You have also the possibility to save your rotated logs on a file server. Please refer to the log command (at https://www.cacheguard.net/doc/command/log.html) for further information.

Finally you can activate the Web audit mode in order to instantly inspect your logs. Use the following command to activate the Web audit mode:

Code: Select all

admin waudit on
admin topology internal on
port waudit 8091
apply
If you do so, you will be able to inspect your logs in a Web browser at the URL: https://<internal-ip>:8091 (where <internal-ip> is the internal IP of your CG).

Best Regards,
David Jan
CacheGuard Technical Team
https://www.cacheguard.com

turboaaa
Posts: 2
Joined: 16 Apr 2018 21:04

Re: Enabling Logging

Post by turboaaa » 17 Apr 2018 14:15

I think I got it, the rotation is necessary for them to appear in the counters. I also got the web log audit page to load and am able to see the requests.

Two questions

1. Can I export the logs via rsyslog?
2. How can I create a custom list of URLs based on regex?

User avatar
david
Posts: 157
Joined: 08 Aug 2015 20:38

Re: Enabling Logging

Post by david » 17 Apr 2018 15:43

Hi,

With CG you have the possibility to send some logs (for blocked traffic only) to one or more syslog servers. For instance if your syslog server has the 10.11.3.1 514 IP address and is listening on TCP/514 you can use the following commands to activate the logging on that syslog server:

Code: Select all

log syslog add tcp 10.11.3.1 514
apply force
For any questions related to URL filtering, please go to the Configure the URL Guarding section (viewforum.php?f=9).
David Jan
CacheGuard Technical Team
https://www.cacheguard.com

Post Reply