12.1. Logs

UserGate LogAn logs all events that occur during its own operation and that of any servers connected to it. It uses the following logs:

  • Event log: events related to changes in UserGate LogAn server settings, user and administrator authentication, updates to various lists, etc.

  • Web access: a detailed log of all web requests processed by UserGate LogAn.

  • Traffic: a detailed log of all firewall, NAT, DNAT, port forwarding, and policy-based routing rules triggered. To log these events you need to enable logging in the required rules for the firewall, NAT, DNAT, Port forwarding, or Policy based routing.

  • IDPS: events logged by the intrusion detection and prevention system.

  • SCADA: events logged by SCADA control rules.

  • SSH inspection: log of triggered SSH inspection rules. To log these events, logging should be enabled.

  • Search history: user search queries in popular search engines.

  • Endpoint events: shows events received from the endpoint devices that are controlled using the UserGate Client software.

  • Endpoint rules: trigger events for the endpoint firewall rules where logging is enabled in the settings.

  • Endpoint applications: displays applications that were run on the endpoint devices.

  • Endpoint hardware: contains information on the devices connected to endpoint devices.

  • Syslog: displays messages about events from remote Unix systems received using the Syslog protocol.

Log management is automated: logs are cyclically overwritten providing the necessary free disk space for work.

Note

Event log entries are never overwritten.

Rotation of log entries except the event log is automated according to the criterion of free space on this partition. Database rotation records will be displayed in the event log.