Enabling Logging
Enabling Logging
I have the appliance running in my lab, but there are no logs that I can find. Neither URL requests or AV detection are showing on the dashboard. AV is enabled as it has blocked test files, and my test system is indeed using the appliance as it's web gateway.
Re: Enabling Logging
Hi,
Please check whether you have activated required logging. To do so, use the following command:
By default the Web access logging is turned off. To activate it use the following commands:
Blocked traffic counters in the dashboard reflect all blocked traffic since the last log rotations. Log rotations are automatically performed during the night but you can ask for an explicit log rotation by using the following command.
After having performed that command, if you refresh your dashboard you should be able to view an overview of blocked traffic (since the last log rotations). You have also the possibility to save your rotated logs on a file server. Please refer to the log command (at https://www.cacheguard.net/doc/command/log.html) for further information.
Finally you can activate the Web audit mode in order to instantly inspect your logs. Use the following command to activate the Web audit mode:
If you do so, you will be able to inspect your logs in a Web browser at the URL: https://<internal-ip>:8091 (where <internal-ip> is the internal IP of your CG).
Best Regards,
Please check whether you have activated required logging. To do so, use the following command:
Code: Select all
log typeCode: Select all
log type web on
applyCode: Select all
log rotateFinally you can activate the Web audit mode in order to instantly inspect your logs. Use the following command to activate the Web audit mode:
Code: Select all
admin waudit on
admin topology internal on
port waudit 8091
applyBest Regards,
Re: Enabling Logging
I think I got it, the rotation is necessary for them to appear in the counters. I also got the web log audit page to load and am able to see the requests.
Two questions
1. Can I export the logs via rsyslog?
2. How can I create a custom list of URLs based on regex?
Two questions
1. Can I export the logs via rsyslog?
2. How can I create a custom list of URLs based on regex?
Re: Enabling Logging
Hi,
With CG you have the possibility to send some logs (for blocked traffic only) to one or more syslog servers. For instance if your syslog server has the 10.11.3.1 514 IP address and is listening on TCP/514 you can use the following commands to activate the logging on that syslog server:
For any questions related to URL filtering, please go to the Configure the URL Guarding section (viewforum.php?f=9).
With CG you have the possibility to send some logs (for blocked traffic only) to one or more syslog servers. For instance if your syslog server has the 10.11.3.1 514 IP address and is listening on TCP/514 you can use the following commands to activate the logging on that syslog server:
Code: Select all
log syslog add tcp 10.11.3.1 514
apply force