Statistics & Logs - Multitech RouteFinder RF850 User Manual

Statistics & Logs
Various log files maintained by the RouteFinder can be viewed and/or downloaded to the browser. This function
provides current system information, status, and usage information. The information is valuable for
troubleshooting and for monitoring the RouteFinder's operational status and overall performance.
The following functions can be accessed under Statistics & Logs:
•
Uptime (length of continuous RouteFinder operation and the amount of time the system has been
running continuously). Can view start up history.
•
Hardware (CPU, RAM, and Swap utilization details)
•
Networks (network interface details, routing table details, network connections)
•
Interfaces (displays network traffic on each interface - LAN, WANLINK1 , WANLINK2)
•
SMTP Proxy (displays SMTP log, SMTP number of messages, SMTP concurrency, and SMTP status)
•
Accounting (displays interface-based accounting, IP-based accounting, VPN-based accounting)
•
Self Monitor (self monitor live log)
•
IPSec (IPSec live log and IPSec live log connections)
•
PPTP (PPTP live log, live connections, history of calls)
•
Packet Filters (displays defined filter rules, system-generated rules, and filter violations)
•
Port scans (Intrusion detection live log, port scan detection live log)
•
View Logs (displays a list of log files maintained by the RouteFinder
•
HTTP Access (generate and view HTTP Access Reports, Reject Reports)
•
DHCP (DHCP subnet information)
•
SMTP Virus Quarantine (displays virus-quarantined email)
•
POP3 Virus Quarantine (displays virus-quarantined email)
•
SMTP Spam Quarantine (using a Message Expression filter and an Attachment filter, SPAM emails will
not be relayed and will be quarantined in the SPAM area. They can then be evaluated by the system
administrator.
•
Administrative Authentication Log (shows successful/failed login attempts and HTTPS administrative
access logs)
•
QoS (displays bandwidth utilization of WANLINK1, WANLINK2, LAN)
•
DDNS Log (displays information about the updating of the domain name (IP address) and whether it
succeeded or failed in the DDNS server).
The data in the logs could be useful to outside attackers, and it may well be considered confidential too. For
security reasons, certain information should not be logged where an intruder could possibly access it.
The logs help you watch for usual patterns of usage, newly-developing trends in usage, and to alert you to any
and all exceptions to these patterns of typical use. Administrators should become very familiar with the typical
log patterns and messages, so that it can be recognized when something goes wrong (i.e., an unusual pattern
of usage develops).
Generally speaking, log data falls into one of three categories:
1. Known to be OK -
2. System running since Monday 21 October-2002 02:30:44PM, or
CNAME_lookup_failed_temporarily._(#4.4.3)/, or
Watching superdaemon.pl ALL OK.
3. Known to be problems -
investigating the cause, etc.). For example: a message about a bad disk block at location 0x56c8a7 or
something similar.
4. Unknown - Messages that someone should examine, such as why someone is sending UDP packets
from port 20 to some arbitrary port above port 1024 (doesn't match any known protocol).
Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
These are messages that can typically be ignored:
Messages that should cause some action (email the administrator, start
Chapter 6 – RouteFinder Software
Statistics & Logs
127