Logs

The following table displays the maximum number of system log messages in the ZyWALL.

Specifications: Logs 

Label
Description
Maximum Number of Log Messages (System Log)
512
Maximum Number of Log Messages (Debug Log)
1024

Note: When a log reaches the maximum number of log messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first.

View Log Screen

The View Log screen displays the current log messages. You can change the way the log is displayed, you can e-mail the log, and you can also clear the log in this screen.

Log messages are stored in two separate logs, one for regular log messages and one for debugging messages. In the regular log, you can look at all the log messages by selecting All Logs, or you can select a specific category of log messages (for example, firewall or user). You can also look at the debugging log by selecting Debug Log. All debugging messages have the same priority.

If an event generates log messages and alerts, it is displayed in red. Otherwise, it is displayed in black.

Maintenance > Log > View Log 

Label
Description
Show Filter / Hide Filter
Click this button to show or hide the filter settings.
If the filter settings are hidden, the Display, Email Log Now, Refresh, and Clear Log fields are available.
If the filter settings are shown, the Display, Priority, Source Address, Destination Address, Service, Keyword, and Search fields are available.
No Filter
These fields are displayed when you hide the filter.
Display
Select the log(s) you want to view. You can also view All Logs on one screen, or you can view the Debug Log. The screen is updated right after you change the selection.
Email Log Now
Click this button to send the selected log message(s) to the Active e-mail address(es) specified in the Send Log To field on the Log Settings page. (See Log Settings Summary or Log Settings Edit E-mail for more information about these fields.)
Refresh
Click this button to update the information on the log screen.
Clear Log
Click this button to clear the whole log, regardless of what is currently displayed on the screen.
Filter
These fields are displayed when you show the filter. When the filter is shown, the filter criteria are not applied until you click the Search button.
Display
Select the log message(s) you want to view. You can also view All Logs at one time, or you can view the Debug Log.
Priority
This field is read-only if the Category is Debug Log. Select the lowest-priority log messages you would like to see. The log will display every log message with this priority or higher. Choices are: emerg, alert, crit, error, warn, notice, and info, from highest priority to lowest priority.
Source Address
Type the IP address of the source of the incoming packet when the log message was generated. Do not include the port in this filter.
Destination Address
Type the IP address of the destination of the incoming packet when the log message was generated. Do not include the port in this filter.
Service
Select the service whose log messages you would like to see. The web configurator uses the protocol and destination port number(s) of the service to select which log messages you see.
Keyword
Type a keyword to look for in the Message, Source, Destination and Note fields. If a match is found in any field, the log message is displayed. You can use up to 63 alphanumeric characters and the underscore, as well as punctuation marks ()' ,:;?! +-*/= #$% @ ; the period, double quotes, and brackets are not allowed.
Search
Click this button to update the log using the current filter settings.
Total Logging Entries
This is the number of logs recorded in the ZyWALL.
entries per page
Select the number of log messages you would like to see on one screen. Choices are: 30, 50, and 80.
Page x of x
This is the number of the page of entries currently displayed and the total number of pages of entries. Type a page number to go to or use the arrows to navigate the pages of entries.
#
This field is a sequential value, and it is not associated with a specific log message.
Priority
This field displays the priority of the log message. It has the same range of values as the Priority field above.
Category
This field displays the log that generated the log message. It is the same value used in the Display and (other) Category fields.
Message
This field displays the reason the log message was generated. The text "[count=x]", where x is a number, appears at the end of the Message field if log consolidation is turned on and multiple entries were aggregated to generate into this one.
Source
This field displays the source IP address and the port number in the event that generated the log message.
Destination
This field displays the destination IP address and the port number of the event that generated the log message.
Note
This field displays any additional information about the log message.

Log Settings Screens

The Log Settings screens control log messages and alerts. A log message stores the information for viewing (for example, in the View Log tab) or regular e-mailing later, and an alert is e-mailed immediately. Usually, alerts are used for events that require more serious attention, such as system errors and attacks.

The ZyWALL provides a system log and supports e-mail profiles and remote syslog servers. The system log is available on the View Log tab, the e-mail profiles are used to mail log messages to the specified destinations, and the other four logs are stored on specified syslog servers.

The Log Settings tab also controls what information is saved in each log. For the system log, you can also specify which log messages is e-mailed, where it is e-mailed, and how often it is e-mailed.

For alerts, the Log Settings tab controls which events generate alerts and where alerts are e-mailed.

The Log Settings Summary screen provides a summary of all the settings. You can use the Log Settings Edit screen to maintain the detailed settings (such as log categories, e-mail addresses, server names, etc.) for any log. Alternatively, if you want to edit what events is included in each log, you can also use the Active Log Summary screen to edit this information for all logs at the same time.

Log Settings Summary

Maintenance > Log > Log Setting 

Label
Description
#
This field is a sequential value, and it is not associated with a specific log.
Name
This field displays the name of the log (system log or one of the remote servers).
Log Format
This field displays the format of the log. Formats are Internal and ZyXEL VRPT.
Internal - system log; you can view the log on the View Log tab.
ZyXEL VRPT - syslog-compatible format.
Summary
This field is a summary of the settings for each log.
Modify
This column provides icons to activate or deactivate logs and to modify the settings.
To activate or deactivate a log, click the Active icon.
To edit the settings, click the Edit icon next to the associated log. The Log Settings Edit screen appears.
Active Log Summary
Click this button to open the Active Log Summary Edit screen.
Apply
Click this button to save your changes (activate and deactivate logs) and make them take effect.

Log Settings Edit E-mail

The Log Settings Edit screen controls the detailed settings for each log in the system log (which includes the e-mail profiles). Go to the Log Settings Summary screen , and click the appropriate Edit icon.

Maintenance > Log > Log Setting > E-mail > Edit 

Label
Description
E-Mail Server 1/2
 
Active
Select this to send log messages and alerts according to the information in this section. You specify what kinds of log messages are included in log information and what kinds of log messages are included in alerts in the Active Log and Alert section.
Mail Server
Type the name or IP address of the outgoing SMTP server.
Mail Subject
Type the subject line for the outgoing e-mail.
Send From
Type the e-mail address from which the outgoing e-mail is delivered. This address is used in replies.
Send Log To
Type the e-mail address to which the outgoing e-mail is delivered.
Send Alerts To
Type the e-mail address to which alerts are delivered.
Sending Log
Select how often log information is e-mailed. Choices are: When Full, Hourly, Daily, and Weekly.
Day for Sending Log
This field is available if the log is e-mailed Weekly. Select the day of the week the log is e-mailed.
Time for Sending Log
This field is available if the log is e-mailed Weekly or Daily. Select the time of day (hours and minutes) when the log is e-mailed. Use 24-hour notation.
SMTP Authentication
Select this check box if it is necessary to provide a user name and password to the SMTP server.
User Name
This box is effective when you select the SMTP Authentication check box. Type the user name to provide to the SMTP server when the log is e-mailed.
Password
This box is effective when you select the SMTP Authentication check box. Type the password to provide to the SMTP server when the log is e-mailed.
Active Log and Alert
 
Log Category
This field displays each category of messages. It is the same value used in the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software.
System log
Select which events you want to log by Log Category (except All Logs; see below). There are three choices:
Disable All Logs (red X) - do not log any information from this category
Enable Normal Logs (green checkmark) - create log messages and alerts from this category
Enable All Logs (yellow checkmark) - create log messages, alerts, and debugging information from this category; the ZyWALL does not e-mail debugging information, however, even if this setting is selected.
If you select one of the check boxes for All Logs, it affects the settings for every category.
E-mail Server 1
Select whether this category of events should be included in the log messages when it is e-mailed (green checkmark) and/or in alerts (yellow exclamation point) for the e-mail settings specified in E-Mail Server 1. The ZyWALL does not e-mail debugging information, even if it is recorded in the System log.
E-mail Server 2
Select whether this category of events should be included in log messages when it is e-mailed (green checkmark) and/or in alerts (yellow exclamation point) for the e-mail settings specified in E-Mail Server 2. The ZyWALL does not e-mail debugging information, even if it is recorded in the System log.
Log Consolidation
 
Active
Select this to activate log consolidation. Log consolidation aggregates multiple log messages that arrive within the specified Log Consolidation Interval. In the View Log tab, the text "[count=x]", where x is the number of original log messages, is appended at the end of the Message field, when multiple log messages were aggregated.
Log Consolidation Interval
Type how often, in seconds, to consolidate log information. If the same log message appears multiple times, it is aggregated into one log message with the text "[count=x]", where x is the number of original log messages, appended at the end of the Message field.
OK
Click this to save your changes and return to the previous screen.
Cancel
Click this to return to the previous screen without saving your changes.

Log Settings Edit syslog

The Log Settings Edit screen controls the detailed settings for each log in the remote server (syslog). Go to the Log Settings Summary screen, and click the appropriate Edit icon.

Maintenance > Log > Log Setting > Remote Server > Edit 

Label
Description
Log Settings for Remote Server 1
 
Active
Select this check box to send log information according to the information in this section. You specify what kinds of messages are included in log information in the Active Log section.
Log Format
This field displays the format of the log information. It is read-only.
Internal - system log; you can view the log on the View Log tab.
ZyXEL VRPT - syslog-compatible format.
Server Address
Type the server name or the IP address of the syslog server to which to send log information.
Log Facility
Select a log facility. The log facility allows you to log the messages to different files in the syslog server. Please see the documentation for your syslog program for more information.
Active Log
 
Log Category
This field displays each category of messages. It is the same value used in the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software.
Selection
Select what information you want to log from each Log Category (except All Logs; see below). Choices are:
disable all logs (red X) - do not log any information from this category
enable normal logs (green checkmark) - log regular information and alerts from this category
enable all logs (yellow checkmark) - log regular information, alerts, and debugging information from this category
If you check one of the check boxes for All Logs, it affects the settings for every category.
OK
Click this to save your changes and return to the previous screen.
Cancel
Click this to return to the previous screen without saving your changes.

Active Log Summary

The Active Log Summary screen allows you to view and to edit what information is included in the system log, e-mail profiles, and remote servers at the same time. It does not let you change other log settings (for example, where and how often log information is e-mailed or remote server names).

This screen provides a different view and a different way of indicating which messages are included in each log and each alert. (The Default category includes debugging messages generated by open source software.)

The following table describes the fields in this screen.

Maintenance > Log > Log Setting > Active Log Summary 

Label
Description
Active Log Summary
 
Log Category
This field displays each category of messages. It is the same value used in the Display and Category fields in the View Log tab. The Default category includes debugging messages generated by open source software.
Selection
Select what information you want to log from each Log Category (except All Logs; see below). Choices are:
disable all logs (red X) - do not log any information from this category
enable normal logs (green checkmark) - log regular information and alerts from this category
enable all logs (yellow checkmark) - log regular information, alerts, and debugging information from this category
If you check one of the check boxes for All Logs, it affects the settings for every category.
OK
Click this to save your changes and return to the previous screen.
Cancel
Click this to return to the previous screen without saving your changes.