UserGate NGFW logs all events that occur during its operation. It uses the following logs:
-
Events: events related to changes in NGFW settings, user and administrator authentication, updates to various lists, etc.
-
Web access: a detailed log of all web requests processed by NGFW.
-
DNS: events related to the DNS traffic.
-
Traffic: detailed log of all firewall, NAT, DNAT, Port forwarding, and Policy-based routing rules triggered. To log these events you need to enable logging in the required rules for the firewall, NAT, DNAT, Port forwarding, or Policy based routing.
-
IDPS: events logged by the intrusion detection and prevention system.
-
SCADA: events logged by SCADA control rules.
-
SSH inspection: log of triggered SSH inspection rules. To log these events, logging should be enabled.
-
Search history: user search queries in popular search engines.
-
Mail traffic protection: contains events triggered by mail traffic protection rules that have logging enabled in their settings.
-
UserID agent: contains description of events reflecting the result of UserID agent's work.
Log management is automated: logs are cyclically overwritten, providing free disk space necessary for work.
Log records (except the event log) are rotated automatically based on the free space on a given partition. Database rotation records appear in the LogAn event log. If LogAn is connected, then the record will be displayed in the event log.
Event log records are never rotated.