Log Settings

Logs > Log Settings

From the Log Settings screen, you can configure:

• Global Log Settings such as the length of time to store logs and the maximum log size to store.

• Global Log Filter by user names using the bandwidth filter and by both user names and domains using policy enforcement, Internet access, Internet security, data security, and access control filters.

• Anonymous Logging can be enabled or disabled.

• Syslog Servers to use for additional log storage based on type and priority.

• Mounting a local or external location, off loading previous logs (at least last 45th day logs) to the mounted location, and importing the logs from that location.

To configure Global Log Settings:

1. Go to Logs > Log Settings.

The Log Settings screen appears.

2. Under Global Log Settings section, configure the following:

1. Store logs for: Enter the number of days to retain logs before purging.

2. Setting the value to more than 62 days could cause the accumulated data to become large enough to affect performance.

2. Maximum logs disk size: Set the maximum file size of log data to be stored. If log data exceeds the size specified, IWSVA deletes the oldest logs first.

3. Mound device: Enter the path of the local or external location where you want to save logs, and then click mount.

4. Log Offload: Select this option if you want to save the logs to the mounted location.

5. Log Import: Select this option if you wan to import and use historical logs saved at the mounted location for log analysis.

6. Click Save.

3. Under Global Log Filter section, do the following:

1. Select a policy and a user from the drop down lists, and type a filter name in the text field provided.

2. Click + icon.

3. Click Save.

4. If you would like all logs forwarded to a syslog server, then under Syslog Server section, do the following:

1. Click Add.

The Syslog Configuration: Add Server screen appears.

2. Select Enable Syslog.

3. Enter the IP address and port number of the server where the syslogs can be forwarded.

4. Select the log type(s) or syslog priority level(s) you want to save.

5. Click Save to save configuration and return to the Log Settings screen.

6. Select the Syslog Server.

5. Click Save.

Global Log Filtering

Use global log filtering when you want specific data omitted from your logs. For example, use this filter in a case where you do not need to log Internet Access logs for user John Smith or Bandwidth usage for users who visit www.google.com.

Anonymous Logging

Some European countries have laws stating that user names cannot be recorded in logs. After enabling this feature, user names within the log will be recorded as MD5 values instead of the actual user names.

Log Offload and Retrieval

IWSVA has a log storage limit. If you do not want to purge old logs, you can offload the logs to an external device for permanent storage. If you want to analyze the logs in future, you can retrieve these logs from the storage device and restore them in IWSVA. See Mounting Devices for Log Offload for details.

See also:

• Syslog Configuration

• Add Syslog Server

• Edit Syslog Server

• Mounting Devices for Log Offload