Monitoring |
 |
|
Firewall Logs & E-mail |
The router can be configured to log and e-mail denial of service attacks,
general attack information, login attempts, dropped packets, etc. to a specified
e-mail address or a SysLog server. |
Log Options |
Log Identifier: Every logged message will contain a prefix for easier
identification of the source of the message. The log identifier will be prefixed
to both, e-mail and Syslog messages. |
E-mail logs according to this schedule |
To receive e-mail logs according to a schedule, select the appropriate schedule.
To enable scheduling, configure the e-mail settings in the
Enable E-Mail Logs section. To disable sending
logs, select
Never. |
Unit: Select the period of time that you need to
send the log:
Hourly,
Daily, or
Weekly. To disable sending of logs, select
Never.
This option is useful when you do not want to receive logs by e-mail, but want
to keep e-mail options configured so that you can use the
Send Log function from the
View Logs page. |
Day: If
Weekly is selected, choose the day of the week. |
Time: Select the time when logs should be sent. |
Routing Logs |
This section is used to configure the logging options for each network segment
(for example, LAN-WAN). |
Note: Enabling logging options may generate a
significant volume of log messages and is recommended for debugging purposes
only. |
Accepted Packets: Logs packets that were
successfully transferred through the segment. This option is useful when the
Default Outbound Policy is “Block
Always” (see the Firewall Rules page under the Security menu).
Example: If
Accept Packets from LAN to WAN is enabled and there is a firewall rule to
allow ssh
traffic from LAN, then whenever a LAN machine tries to make an ssh connection,
those packets will be accepted and a message will be logged. (Make sure the log
option is set to allow for this firewall rule.) |
Dropped Packets: Logs packets that were blocked
from being transferred through the segment. This option is useful when the
Default Outbound Policy is “Allow
Always” (see the Firewall Rules page under the Security menu).
Example: If
Drop Packets from LAN to WAN is enabled and there is a firewall rule to
block ssh traffic from LAN, then whenever a LAN machine tries to make an ssh connection,
those packets will be dropped and a message will be logged. (Make sure the log
option is set to allow for this firewall rule.) |
System Logs |
Select the type of system events to be logged. The following system events can
be recorded: |
Change of Time by NTP: Logs a message when the
system time changes after a request from a Network Time server. |
Login Attempts: Logs a message when a login is
attempted from the LAN network. Both, successful and failed login attempts will
be logged. |
Secure Login Attempt: Logs a message when a login
is attempted using the Secure Remote Management URL (see the
Remote Management page under the
Administration menu). Both, successful and failed
login attempts will be logged. |
Reboots: Record a message when the device has been
rebooted through the Web interface. |
All Unicast Traffic: All unicast packets directed to the router are logged. |
All Broadcast/Multicast Traffic: All broadcast or multicast packets directed to the router are logged. |
WAN Status: WAN link status related logs are enabled |
Enable E-mail Logs |
This section is used to configure e-mail settings for sending logs. |
E-Mail Logs is disabled by default. Select the
Yes radio box to enable e-mail logs. |
E-mail Server address: Enter the IP address or
Internet Name of an SMTP server. The router will connect to this server to send
the e-mail logs. |
Return E-mail Address: Type the e-mail address where
the replies from the SMTP server are to be sent; for example, failure messages. |
Send To E-mail Address: Type the e-mail address where the logs and alerts are to be sent. |
Respond to Identd from SMTP Server Check this radio box
to configure the router to respond to an IDENT request from the SMTP server. |
Authentication with SMTP server: If the SMTP server
requires authentication before accepting connections, select either Login Plain
or CRAM-MD5 and enter the User Name and Password to be used for authentication.
To disable authentication, select the No Authentication radio box. |
Enable SysLogs |
If you want the router to send logs to a SysLog server, select the
Yes radio box and input the following fields: |
SysLog Server: Enter the IP address or Internet
Name of the SysLog server. |
SysLog Facility: Select the appropriate syslog
facility (Local0 to Local7). |
|