Summary of Log Types
A log subscription associates a log type with a name, a logging level, and other characteristics such as file size and destination information. Multiple subscriptions for all log types, except configuration history logs, are permitted. The log type determines the data that are recorded in the log. You select the log type when you create a log subscription. See Log Subscriptions for more information.
AsyncOS generates the following log types:
|
Log Type |
Description |
|---|---|
|
Authentication Logs |
The authentication log records successful logins and unsuccessful login attempts, for locally and externally authenticated users, for both GUI and CLI access to the Security Management appliance. In Debug and more verbose modes, if external authentication is turned on, all LDAP queries appear in these logs. |
|
Backup Logs |
Backup logs record the backup process from start to finish. Information about backup scheduling is in the SMA logs. |
|
CLI Audit Logs |
The CLI audit logs record all CLI activity on the system. |
|
Configuration History Logs |
Configuration history logs record the following information: What changes were made on the Security Management appliance, and when were the changes made? A new configuration history log is created each time a user commits a change. |
|
FTP Server Logs |
FTP logs record information about the FTP services enabled on the interface. Connection details and user activity are recorded. |
|
GUI logs |
GUI logs include a history of page refreshes in the web interface, session data, and the pages a user accesses. You can use the gui_log to track user activity or investigate errors that users see in the GUI. The error traceback will normally be in this log. GUI logs also include information about SMTP transactions, for example information about scheduled reports emailed from the appliance. |
|
HTTP Logs |
HTTP logs record information about the HTTP and secure HTTP services enabled on the interface. Because the graphical user interface (GUI) is accessed through HTTP, the HTTP logs are essentially the GUI equivalent of the CLI audit logs. Session data (for example, new sessions and expired sessions) are recorded, as well as the pages accessed in the GUI. |
|
Haystack logs |
Haystack logs record web transaction tracking data processing. |
|
Text Mail Logs |
Text mail logs record information about the operations of the email system (for example, message receiving, message delivery attempts, opening and closing connections, bouncing messages, and so forth). For important information about when attachment names are included in mail logs, see Tracking Service Overview. |
|
LDAP Debug Logs |
Use these logs to debug problems when you are configuring LDAP in System Administration > LDAP. For example, these logs record the results of clicking the Test Server and Test Queries buttons. For information about failed LDAP authentications, see the Authentication logs. |
|
NTP Logs |
NTP logs record the conversation between the appliance and any configured Network Time Protocol (NTP) servers. For information about configuring NTP servers, see Configuring the System Time. |
|
Reporting Logs |
Reporting logs record actions associated with the processes of the centralized reporting service. |
|
Reporting Query Logs |
Reporting query logs record actions associated with the reporting queries that are run on the appliance. |
|
SMA Logs |
SMA logs record actions associated with general Security Management appliance processes, not including the processes of the centralized reporting, centralized tracking, and spam quarantine services. These logs include information about backup scheduling. |
|
SNMP Logs |
SNMP logs record debug messages related to the SNMP network management engine. In Trace or Debug mode, this includes SNMP requests to the Security Management appliance. |
|
Safelist/Blocklist Logs |
Safelist/blocklist logs record data about the safelist/blocklist settings and database. |
|
Spam Quarantine GUI Logs |
Spam quarantine GUI logs record actions associated with the spam quarantine GUI, such as quarantine configuration through the GUI, end user authentication, and end user actions (for example, releasing email). |
|
Spam Quarantine Logs |
Spam quarantine logs record actions associated with the spam quarantine processes. |
|
Status Logs |
Status logs record system statistics found in the CLI status commands, including status detail and dnsstatus . The period of recording is set using the setup subcommand in logconfig . Each counter or rate reported in status logs is the value since the last time the counter was reset. |
|
System Logs |
System logs record the following: boot information, DNS status information, and comments users typed using the commit command. System logs are useful for troubleshooting the state of the appliance. |
|
Tracking Logs |
Tracking logs record actions associated with the processes of the tracking service. Tracking logs are a subset of the mail logs. |
|
Updater Logs |
Information about service updates, such as time zone updates. |
|
Upgrade Logs |
Status information about upgrade download and installation. |
|
Audit Logs |
The Audit logs record AAA (Authentication, Authorization, and Accounting) events. Some of the audit log details are as follows:
|