access log

Security Gateway Discussions
Post Reply
racso
Posts: 13
Joined: 26 Jan 2018, 09:08

access log

Post by racso » 27 Aug 2018, 16:06

Do exist a way in order to read the date-time of the users log-in?
thanks

Peter
Posts: 696
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: access log

Post by Peter » 28 Aug 2018, 13:17

Hello.

That depends on what kind if user login you are talking about, logging in to the Firewall WebUI for management? In that scenario a log is generated that looks something like the one below, it includes the date and time:

Code: Select all

2018-08-28 13:08:33 SYSTEM 03203000 Notice(5) event=admin_login authsystem=HTTP interface=WAN username=admin
usergroups="administrators, auditors" access_level=administrator authsource=LocalUserDatabase userdb=AdminUsers
server_ip=192.168.155.11 server_port=80 client_ip=192.168.155.2 client_port=52556
A similar log can also be generated if a user logs in to the Firewall using for example WebAuth or the User Identity Awareness (UIA/IDA) which will include date/time when a user logs in to the Active Directory.

There are also other functions/features that can require a username/password such as L2TP/IPsec, XAuth, SSL-VPN, PPTP and more that will generate a log with date/time.

Best regards
/Peter

racso
Posts: 13
Joined: 26 Jan 2018, 09:08

Re: access log

Post by racso » 28 Aug 2018, 13:38

perfect, this is the reply to help me, but I don't understand where is the link in order to find this log... I use "WebUI".
thanks

Peter
Posts: 696
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: access log

Post by Peter » 28 Aug 2018, 14:58

The Firewall constantly generates logs and by default the Firewall only stores 500 log entries in memory before it starts to be overwritten by newer log entries. This means that any previous login history will most likely be lost as they are being replaced.

For systems with a lot of traffic 500 log entries will be filled in milliseconds. The memory log in the WebUI is only intended for basic log searches as it will be very difficult to catch the specific log you are looking for due to the large amount of logs usually being generated.

To search for logs during a longer time span, a log receiver must be setup and configured. That way logs are saved to a local disk and you can query the log using InControl (or some 3'rd party software that supports Syslogs).

The WebUI logs can be found under Status->Logging and e.g. System logs.

More information about Events and Logging please see section 2.3 in the administrator guide (in version 12.00.10).

Best regards
/Peter

Post Reply