Support User Manuals

NETGEAR UTM5EW-100NAS Router User Manual

Open as PDF

of 704

Monitor System Access and Performance

508

ProSecure Unified Threat Management (UTM) Appliance

Overview of the Logs

The UTM generates logs that provide detailed information about malware threats and traffic

activities on the network. You can view these logs through the web management interface or

save the log records in CSV or HTML format and download them to a computer (the

downloading option is not available for all logs).

Note: For information about the quarantine logs, which are stored externally,

see Query and Manage the Quarantine Logs on page 514.

WARNING:

When you reboot the UTM, the logs are lost. If you want to save

the logs, make sure that you configure the UTM to send the logs to

a syslog server. For information about how to do this, and also

about how to email logs, see Configure and Activate System,

Email, and Syslog Logs on page 467.

The UTM provides 14 types of logs:

• Traffic. All scanned incoming and outgoing traffic.

• Spam. All intercepted spam.

• System. The system event logs that you have specified on the Email and Syslog screen

(see Configure and Activate System, Email, and Syslog Logs on page 467). However, by

default, many more types of events are logged in the system logs.

• Service. All events that are related to the status of scanning and filtering services that

you access from the Application Security main navigation menu. These events include

update success messages, update failed messages, network connection errors, and so

on.

• Malware. All intercepted viruses, spyware, and other malware threats.

• Email filters. All emails that are blocked because of file extension and keyword

violations.

• Content filters. All attempts to access blocked websites and URLs.

• IPS. All IPS events.

• Anomaly Behavior. All port scan and DDoS events.

• Application. All instant messaging, peer-to-peer and media application, and tool access

violations.

• Firewall. The firewall logs that you have specified on the Firewall Logs screen (see

Configure and Activate Firewall Logs on page 476).

• IPSec VPN. All IPSec VPN events.

• SSL VPN. All SSL VPN events.

• HTTPS Smart Block. All attempts to access domains that are blocked as part of an

active HTTPS Smart Block logs profile (see Configure HTTPS Smart Block on page 212).

previous next