NETGEAR UTM5EW-100NAS Router User Manual


 
Monitor System Access and Performance
508
ProSecure Unified Threat Management (UTM) Appliance
Overview of the Logs
The UTM generates logs that provide detailed information about malware threats and traffic
activities on the network. You can view these logs through the web management interface or
save the log records in CSV or HTML format and download them to a computer (the
downloading option is not available for all logs).
Note: For information about the quarantine logs, which are stored externally,
see Query and Manage the Quarantine Logs on page 514.
WARNING:
When you reboot the UTM, the logs are lost. If you want to save
the logs, make sure that you configure the UTM to send the logs to
a syslog server. For information about how to do this, and also
about how to email logs, see Configure and Activate System,
Email, and Syslog Logs on page 467.
The UTM provides 14 types of logs:
Traffic. All scanned incoming and outgoing traffic.
Spam. All intercepted spam.
System. The system event logs that you have specified on the Email and Syslog screen
(see Configure and Activate System, Email, and Syslog Logs on page 467). However, by
default, many more types of events are logged in the system logs.
Service. All events that are related to the status of scanning and filtering services that
you access from the Application Security main navigation menu. These events include
update success messages, update failed messages, network connection errors, and so
on.
Malware. All intercepted viruses, spyware, and other malware threats.
Email filters. All emails that are blocked because of file extension and keyword
violations.
Content filters. All attempts to access blocked websites and URLs.
IPS. All IPS events.
Anomaly Behavior. All port scan and DDoS events.
Application. All instant messaging, peer-to-peer and media application, and tool access
violations.
Firewall. The firewall logs that you have specified on the Firewall Logs screen (see
Configure and Activate Firewall Logs on page 476).
IPSec VPN. All IPSec VPN events.
SSL VPN. All SSL VPN events.
HTTPS Smart Block. All attempts to access domains that are blocked as part of an
active HTTPS Smart Block logs profile (see Configure HTTPS Smart Block on page 212).