Log settings

The firewall provides extensive logging capabilities for traffic, system, and network protection functions. You can use logs to analyze network activity to help identify security issues and reduce network abuse. You can store logs locally or send them to syslog servers. The firewall supports syslog as defined in RFC 5424.

  • To store logs locally, select Local and then select logs.
  • To send logs to a syslog server, click Add and specify server details. Then, select logs.


To select all the log types, you can select the top-level check box. To select the log types within a category, you can select the category.

Restriction If you've used a special character in the server's name or the same name as another syslog server followed by the number 1 (example: test1 and test), selecting the category (example: for test1) doesn't select the individual log types. You must then select the log types individually.
Firewall logs provide information about traffic associated with the firewall configuration such as firewall rules, MAC filtering, and DoS attacks.
IPS logs provide records of detected and dropped attacks based on unknown or suspicious patterns (anomalies) and signatures.
Anti-virus logs provide details of viruses detected in HTTP, SMTP, FTP, POP3, IMAP4, HTTPS, SMTPS, IMAPS and POPS traffic.
Anti-spam logs provide details about SMTP, POP3, IMAP4, SMTPS, POPS, IMAPS spam and probable spam mails.
Content filtering
Content filtering logs provide details about web and application filtering events such as those associated with web policies.
Note To view events associated with a web policy, you must select Log firewall traffic in the associated firewall rule.
Event logs provide information about configuration activities, authentication activities, and system activities.
Web server protection
Web server protection logs provide details of web server protection activities, for example, protection policies.
Advanced threat protection
Advanced threat protection logs provide information about ATP events such as drops or alerts.
Wireless logs provide details about access point activity and SSIDs.
Heartbeat logs provide information about the health status of the endpoints.
System health
System health logs provide details of CPU usage, memory usage, number of live users, interfaces, and disk partitions.
Sandstorm logs provide records of all Sandstorm events.