Logging Configuration
Your Ingate Firewall generates log messages for various events and for the traffic to and through the firewall. Here, you select log classes to state what to do with the log messages.
When an IP packet is received by the firewall, a log message is generated, containing sender and receiver IP addresses and other information such as the protocol used and if the packet was allowed, rejected or discarded. The firewall then uses the log settings for Rules, Relays, Configuration transport and Log class when no rule matches to know how to process the log message.
The firewall also produces log messages for SIP-related and VPN-related events as well as administrator events (when the administrator logs on or when a setting is changed). Here, you configure what will happen to these log messages.
Inbound traffic
Log class when no rule matches
Here, you select a log class for packets that do not match any rules and are therefore processed by the IP policy (discard or reject) that you selected on the Basic Configuration page.
Log class for spoofed packets
Here, you select a log class for packets with obviously spoofed addresses. A spoofed IP address can be a non-existing IP address on a network connection or packets where the sender or receiver address is an IP address in the range 127.0.0.0 - 127.255.255.255.
Log class for DHCP requests
Here, you select a log class for DHCP requests. DHCP is a protocol used for dynamic allocation of IP addresses. Requests are sent by broadcast from computers wanting an IP address to a DHCP server. The firewall logs all DHCP related packets using the log class you select here. There are usually a lot of these packets, so we recommend using the log class "None", meaning that no packets are logged at all.
Log class for SNMP requests to the firewall
Here, you select a log class for SNMP requests to the firewall. SNMP is a protocol for monitoring network equipment such as firewalls and routers.
Log class for packets to the firewall
Here, you select a log class for traffic addressed to the firewall itself. Even if you select not to log this traffic, the configuration traffic to the firewall will be logged according to the log class set on the Access Control page.
Master logging
Select not to log anything, to log all traffic no matter its marking, or only log for the rules/relays that are marked under Log class in Rules, Relays and Configuration computers.
Log class for master logging
If Log all is selected, you must select a log class for this logging. This log class will be used for all rules, relays and configuration server logins, instead of the separate log classes selected in Rules, Relays and Log class for configuration server (below).
Warnings
Log class for hardware errors
Some firewalls have hardware monitoring, and will generate log messages when the hardware fails in some way. Here, you select a log class for these messages.
Log class for email errors
If the firewall is unable to send email messages, for example, if the mail server won't reply, the firewall generates a log message. Here, you select a log class for these messages.
Log class for RADIUS errors
Radiusmux (see the RADIUS section in chapter 9, Basic Configuration) generates messages for incomprehensible RADIUS server responses and for denying logins on account of permissions (a user defined for road warriors is not automatically allowed to log onto the configuration server). Here, you select a log class for these messages.
Log class for SNMP errors
The firewall generates messages about SNMP errors. Here, you select a log class for these messages.
SIP events
The same settings can also be found on the Basic page under SIP.
Log class for SIP errors
The firewall sends a message if there are any SIP errors. Select a log class for these log messages.
Log class for SIP signaling
For each SIP packet, the firewall generates a message, containing the sender and receiver of the packet and what type of packet it is. Select a log class for these log messages.
Log class for SIP packets
The firewall logs all SIP packets (one SIP packet is many lines). Select a log class for the SIP packets.
Log class for SIP debug messages
The firewall logs a lot of status messages, for example the SIP initiation phase of a reboot. Select a log class for these messages.
VPN events
The same settings can also be found on the IPSec Settings and PPTP pages under Virtual Private Networks.
Log class for IPsec key negotiation
Here, you set the log class for new negotiations of IPsec connections keys.
Log class for IKE and NAT-T packets
Here, you set the log class for the packets used for IKE key negotiations and for NAT-T packets. As they both use the same port on the firewall, it will log both using the same log class.
Log class for ESP packets
Specify what log class the firewall should use for encrypted packets (ESP packets to the firewall). Logging of encrypted packets will generate a lot of log events.
Log class for IPsec user authentications
Here, you set the log class for firewall messages about road warrior authentications via RADIUS and their disconnections.
Log class for packets to and from blacklisted IP addresses
Here, you set the log class for the packets that are rejected or discarded according to the blacklisting policy selected above.
Log class for blacklisting events
Here, you specify how the firewall should report beginnings and ends of blacklisting events.
Log class for PPTP negotiations
The firewall generates log messages about the progress of the PPTP negotiations. Here, you select a log class for these messages.
Log class for PPTP packets
PPTP clients wanting to establish a VPN tunnel connects to the firewall on port 1723. Here, you select a log class for these packets.
Log class for GRE packets
The encrypted traffic through the VPN tunnel is sent as GRE packets. Here, you select a log class for these packets.
Other
Log class for configuration server logins
Each time a user logs onto the firewall configuration server, a message is generated, containing information about the type of login and more. Here, you select a log class for these messages.
Log class for administration and configuration
Each time a user logs onto the firewall configuration server, a message is generated, containing information about the type of login and more. Here, you select a log class for these messages.
Log class for PPPoE negotiations
The firewall generates log messages for its own PPPoE negotiations. Here, you select a log class for these messages.
Save
Saves the Logging Configuration configuration to the preliminary configuration.
Undo
Reverts all of the above fields to their previous configuration.