Enabling Logging

Discuss and get help to configue CacheGuard to protect internet users
Post Reply
turboaaa
Posts: 2
Joined: 16 Apr 2018 21:04

Enabling Logging

Post by turboaaa »

I have the appliance running in my lab, but there are no logs that I can find. Neither URL requests or AV detection are showing on the dashboard. AV is enabled as it has blocked test files, and my test system is indeed using the appliance as it's web gateway.
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Enabling Logging

Post by david »

Hi,

Please check whether you have activated required logging. To do so, use the following command:

Code: Select all

log type
By default the Web access logging is turned off. To activate it use the following commands:

Code: Select all

log type web on
apply
Blocked traffic counters in the dashboard reflect all blocked traffic since the last log rotations. Log rotations are automatically performed during the night but you can ask for an explicit log rotation by using the following command.

Code: Select all

log rotate
After having performed that command, if you refresh your dashboard you should be able to view an overview of blocked traffic (since the last log rotations). You have also the possibility to save your rotated logs on a file server. Please refer to the log command (at https://www.cacheguard.net/doc/command/log.html) for further information.

Finally you can activate the Web audit mode in order to instantly inspect your logs. Use the following command to activate the Web audit mode:

Code: Select all

admin waudit on
admin topology internal on
port waudit 8091
apply
If you do so, you will be able to inspect your logs in a Web browser at the URL: https://<internal-ip>:8091 (where <internal-ip> is the internal IP of your CG).

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
turboaaa
Posts: 2
Joined: 16 Apr 2018 21:04

Re: Enabling Logging

Post by turboaaa »

I think I got it, the rotation is necessary for them to appear in the counters. I also got the web log audit page to load and am able to see the requests.

Two questions

1. Can I export the logs via rsyslog?
2. How can I create a custom list of URLs based on regex?
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Enabling Logging

Post by david »

Hi,

With CG you have the possibility to send some logs (for blocked traffic only) to one or more syslog servers. For instance if your syslog server has the 10.11.3.1 514 IP address and is listening on TCP/514 you can use the following commands to activate the logging on that syslog server:

Code: Select all

log syslog add tcp 10.11.3.1 514
apply force
For any questions related to URL filtering, please go to the Configure the URL Guarding section (viewforum.php?f=9).
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Post Reply