200
Chapter 20: Logging and Reporting
Reading Logs and Reports
The logs and reports that the firewall writes are in ASCII, easy for you and reporting
scripts to read. This section presents a brief overview of what the logs and reports look
like, and what the items indicate.
Logs
The log file (/var/log/SYSLOG) contains a chronological list of events written by the
kernel, proxies, authentication management system, and other processes. The sample
below shows all of the events that the firewall logged in a two-minute period between
10:47:00 and 10:48:59.
Oct 30 10:47:22 firewall http-gw[12079]: permit host=unknown/10.0.1.17 use of gateway (Ver g3.0.3 / 0)
Oct 30 10:47:22 firewall http-gw[12079]: log host=unknown/10.0.1.17 protocol=HTTP cmd=dir
dest=www.tis.com path=/
Oct 30 10:47:23 firewall http-gw[12079]: content-type= text/html
Oct 30 10:47:23 firewall http-gw[12079]: exit host=unknown/10.0.1.17 cmds=1 in=2392 out=0 user=unauth
duration=6
Oct 30 10:47:23 firewall http-gw[12080]: permit host=unknown/10.0.1.17 use of gateway (Ver g3.0.3 / 0)
Oct 30 10:47:23 firewall http-gw[12080]: log host=unknown/10.0.1.17 protocol=HTTP cmd=get
dest=www.tis.com path=/art/actual/title.gif
Oct 30 10:47:25 firewall http-gw[12080]: content-type= image/gif
Oct 30 10:47:27 firewall http-gw[12080]: exit host=unknown/10.0.1.17 cmds=1 in=5581 out=0 user=unauth
duration=4
Oct 30 10:47:28 firewall http-gw[12081]: permit host=unknown/10.0.1.17 use of gateway (Ver g3.0.3 / 0)
Oct 30 10:47:28 firewall http-gw[12081]: log host=unknown/10.0.1.17 protocol=HTTP cmd=get
dest=www.tis.com path=/art/buttons/2.netsec.gif
Oct 30 10:47:28 firewall http-gw[12081]: content-type= image/gif
Oct 30 10:47:28 firewall http-gw[12081]: exit host=unknown/10.0.1.17 cmds=1 in=135 out=0 user=unauth
duration=0
Oct 30 10:48:24 firewall smap[12082]: connect host=cosmo.clientsite.com/192.94.214.96
Oct 30 10:48:24 firewall smap[12082]: host=cosmo.clientsite.com/192.94.214.96 bytes=1005
from=<[email protected]> to=<@firewall.trusted.com:[email protected] >
Oct 30 10:48:24 firewall smap[12082]: exiting host=cosmo.clientsite.com/192.94.214.96 bytes=1005
Oct 30 10:48:39 firewall sendmail[12084]: KAA12084: from=<[email protected]>, size=921, class=0,
pri=30921, nrcpts=1, msgid=<[email protected]>, relay=uucp@localhost
Oct 30 10:48:39 firewall smapd[12083]: delivered file=sma012082
Oct 30 10:48:40 firewall sendmail[12086]: KAA12084: to=<@firewall.yoyodyne.com:[email protected]>,
ctladdr=<[email protected]> (6/0), delay=00:00:01, mailer=smtp, relay=mail.yoyodyne.com. [10.0.1.126],
stat=Sent (Ok)
Содержание Gauntlet
Страница 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Страница 16: ......
Страница 26: ......
Страница 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Страница 28: ......
Страница 43: ...PART TWO Configuring and Using Proxies II ...
Страница 44: ......
Страница 50: ......
Страница 56: ......
Страница 64: ......
Страница 72: ......
Страница 94: ......
Страница 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Страница 110: ......
Страница 140: ......
Страница 146: ...120 Chapter 17 The Graphical Management Interface Figure 17 3 Gauntlet Introductory Management Form 1 of 3 ...
Страница 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Страница 148: ...122 Chapter 17 The Graphical Management Interface Figure 17 5 Gauntlet Introductory Management Form 3 of 3 ...
Страница 150: ...124 Chapter 17 The Graphical Management Interface Figure 17 6 Networks and Interfaces Configuration Form 1 of 2 ...
Страница 151: ...Networks and Interfaces Configuration Form 125 Figure 17 7 Networks and Interfaces Configuration Form 2 of 2 ...
Страница 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Страница 162: ...136 Chapter 17 The Graphical Management Interface Figure 17 10 Proxy Servers Configuration Form 1 of 3 ...
Страница 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Страница 164: ...138 Chapter 17 The Graphical Management Interface Figure 17 12 Proxy Servers Configuration Form 3 of 3 ...
Страница 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Страница 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Страница 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Страница 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Страница 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Страница 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Страница 214: ......
Страница 232: ......
Страница 233: ...Appendixes IV ...
Страница 234: ......
Страница 294: ......
Страница 305: ......