Log file details

Log files are used in the WebAdmin console to generate reports. You can view logs using the log viewer.

Using the Command Line Interface (CLI) you can find the log files in the /log directory. You can be access the CLI by going to admin > Console, in the upper right corner of the WebAdmin.

In the CLI, select option 5. Device Management then option 3. Advanced Shell. Then change to the log directory using the command cd /log.

Note When a log rotates, a file extension of .log.0 is created. For example, smtpd_main.log.0.

Antivirus and anti-spam

Name

Description

Logfile

Service

Antivirus

Antivirus service

av.log

Antivirus

Antivirus updates

Antivirus update service

up2date_av.log

Anti-spam

Anti-spam service

ctasd.log

Anti-spam

CTIP

CTIP daemon

ctipd.log

ctipd

Sandbox

Sandbox service

sandboxd.log

sandboxd

Sandbox

Sandbox service

sessiontbl.log

-

  • XG Firewall uses Avira and Sophos Anti-Virus.
  • Sophos is an OEM customer of Cyren for anti-spam and IP reputation services.

Authentication

Name

Description

Logfile

Service

Access server

User authentication, authorization and accounting service

access_server.log

access_server

Chromebook authentication

Chromebook SSO service

chromebook-sso-backend.log

clientless_access

NASM

NTLM authentication service

nasm.log

nasm

  • Access server is a custom developed service to handle AAA activity.

Database

Name

Description

Logfile

Service

Configuration database

Configuration database logfiles

confdbstatus.log

Configuration database

Configuration database logfiles

crreportdb.log

Configuration database

Configuration database logfiles

crreportdb.log

Garner

Logging service for postponement, event log and graphs

garner.log

garner

Migration database

Report migration logfiles

sac-feedback.log

Migration database

Report migration logfiles

reportmigration.log

Postgres database

Configuration database service

postgres.log

postgres

Signature database

Signature database service

sigdb.log

sigdb

Reporting database

Report database service

reportdb.log

reportdb

Firewall

Name

Description

Logfile

Service

BWM

Bandwidth management service (QoS)

bwm.log

bwm

Firewall rule logging.

Firewall rule logging service

firewall_rule.log

Firewall

Virtual host service

vhost.log

FWlog

Firewall logging service

fwlog.log

fwlog

NAT

NAT rule logfiles

nat_rule.log

NAT

NAT rule logfiles

pimd.log

pmid

Pktcap

Packet capture service (GUI DG option)

pktcapd.log

pktcapd

GUI and CLI

Name

Description

Logfile

Service

Apache

GUI service

apache.log

apache

Apache

GUI Service

apache_access.log

apache

Dropbear

SSH logs

dropbear.log

Error Log

Error log messages for GUI and CLI

error_log.log

Tomcat

GUI service

tomcat.log

tomcat

High availability

Name

Description

Logfile

Service

Ctsync

Conntrack synchronization service

ctsyncd.log

ctsyncd

High availability

HA configuration and status updates

applog.log

High availability

HA pair service

ha_pair.log

ha_pair

High availability

HA tunnel service

ha_tunnel.log

ha_tunnel

Msync

HA synchronization service

msync.log

msync

Note High availability cluster logs are stored on the same appliance they are generated on. We recommended using an external Sophos iView server to view the consolidated reports from both devices. To view the raw logs of the auxiliary appliance you must connect to its admin port via SSH. To do this use the command ssh admin@IPADDRESS. You must change IPADDRESS to be the admin port IP address of the auxiliary appliance.

Intrusion prevention and Application filter

Name

Description

Logfile

Service

Application filter

The application filter uses the same service and logfile as IPS

ips.log

ips

Intrusion prevention / Application filter

Antivirus service

avd.log

antivirus

Intrusion prevention / Application filter

Intrusion prevention upgrade service

sig_upgrade.log

Intrusion prevention / Application filter

Intrusion prevention migration service

sigmigration.log

IPS

Intrusion prevention filter service

ips.log

ips

Network

The following logs relate to general networking services.

Name

Description

Logfile

Service

Dead gateway detection

MLM, VPN failover, dead gateway detection

dgd.log

DGD

DHCP

Dynamic host configuration server service

dhcpd.log

dhcpd

DHCP6

Dynamic Host control service for IPv6

dhcp6.log

dhcpd6

DDC

Dynamic domain name service client service

ddc.log

ddc

DNS

DNS service

dnsd.log

dnsd

DNS

DNS service

dnsgrabber.log

dnsd

DNS

DNS service

eacd.log

DNS

DNS service

entity.log

Network

Network service - Interface/IP/PPPOE

networkd.log

networkd

Network

FQDN logging service

fqdnd.log

fqdnd

Network

FQDN logging service

fqdndebug.log

fqdnd

NTPclient

Network time protocol client service

ntpclient.log

ntpclient

RAD

Router advertisement service for IPv6

radvd.log

radvd

The following logs relate to dynamic-routing services.

Name

Description

Logfile

Service

BGP

Border Gateway Protocol routing service

bgpd.log

bgpd

OSPF

Open Shortest Path First routing service

ospfd.log

ospfd

RIP

Routing Information Protocol routing service

ripd.log

ripd

The following logs relate to static routing services.

Name

Description

Logfile

Service

Application based routing

Application based routing service

appcached.log

appcached

Application based routing

Redis Service

redis

redis-appcache

Multicast-routing

Multicast routing service

mrouting.log

mrouting

Zebra

Static routing service

zebra.log

zebra

Proxy (HTTPs - SMTPs - POP - IMAP - FTP - WAF)

Name

Description

Logfile

Service

Awarrenhttp

HTTPS Proxy service

awarrenhttp.log

awarrenhttp

Awarrenhttp access

HTTPS proxy service website access

awarrenhttp_access.log

awarrenhttp

Awarrensmtp

SMTPS legacy proxy service

awarrensmtp.log

awarrensmtp

Awarrenmta

Mail transfer agent proxy service

awarrenmta.log

awarrenmta

Awarrenmta debug

(v17+) Mail transfer agent proxy service debug mode

awarrenmta_debug.log

awarrenmta

FTP

FTP proxy service

ftpproxy.log

FTPproxy

nSXLd

(v17+) web categorization

nSXLd.log

nSXLd

Skein

HTTP/FTP legacy proxy

skein.log

SMTP

(v17.5+) Mail transfer agent proxy service

smtpd_main.log

smtpd

SMTP error

(v17.5+) Mail transfer agent proxy service errors

smtpd_error.log

smtpd

SMTP panic

(v17.5+) Mail transfer agent proxy service panic

smtpd_panic.log

smtpd

SMTP reject

(v17.5+) Mail transfer agent proxy service reject

smtpd_reject.log

smtpd

Warren

POP/IMAP proxy service

warren.log

warren

WAF

Web application firewall proxy service

reverseproxy.log

reverseproxy

Web proxy

Web proxy service

webproxy.log

WINGc

(v15+) web categorization

WINGc.log

WINGc

VPN

Name

Description

Logfile

Service

Clientless SSL VPN

Clientless SSL VPN client service

clientless_access.log

clientless_access

IPsec

(v15-v16) IPsec VPN service

ipsec.log

ipsec

IPsec

(v17+) IPsec VPN service

strongswan.log

strongswan

IPsec

(v17+) IPsec VPN service

charon.log

strongswan

IPsec

IPsec connection testing logfiles

ipsec_Test_Connect.log

IPsec

IPsec monitoring service

ipsec_monitor.log

ipsec_monitor

L2TP

Layer 2 tunneling protocol daemon

l2tpd.log

l2tpd

PPTP

Point-to-point tunneling VPN daemon

pptpvpn.log

pptpd

SSL VPN

SSL VPN client service

sslvpn.log

sslvpn

VPN PKI

VPN PKI logs

vpncertificate.log

VPN PKI

VPN PKI logs

wc_remote.log

VPN service

VPN service

strongswan-monitor.log

strongswan

VPN service

VPN service

sync.log

XFRM

XFRM tunnel interface service

xfrmi.log

  • Sophos XG Firewall uses OPENSWAN for IPsec VPN and OPENVPN for SSL VPN.

Other logs

Name

Description

Logfile

Service

API

API service log

apiparser.log

API

API service log

app-feedback.log

AWED

Wireless controller service

awed

Category updates.

Category update log file

catUpdateLog

Central management.

Central management service

centralmanagement.log

Central management.

Central management service

sophos-central.log

CSC

Sophos Central service which manages all services

csc.log

csc

CSC helper.

CSC helper service

cschelper.log

csc

CSC

CSC service

csd.log

csc

Hearbeat

Heartbeat to Sophos Central communication service

fwcm-eventd

Hearbeat

Heartbeat to Sophos Central communication service

fwcm-heartbeatd

Hearbeat

Heartbeat to Sophos Central communication service

fwcm-updaterd

Hotspot

Hotspot service

hostapd.log

hostapd

Hotspot

Hotspot service

hotspotd.log

hotspotd

Hotspot

Hotspot service

hotspotd.log

hotspotd

iView

iVew logging service

iview.log

Licensing

Licensing log

licensing.log

Net-SNMP

SNMP logfile

snmpd.log

snmpd

OpenSSH

OpenSSH/Dropbear service

sshd.log

OpenSSH

OpenSSH/Dropbear service

ssod.log

ssod

RED

RED service

red.log

red

SMB filesystem

SMB filesystem logfiles

smbnetfs.log

SMB filesystem

SMB filesystem logfiles

snireport.log

Sysinit

System FSCK logs

sysinit.log

sysinit

Syslog

Syslog service

syslog.log

syslog

System Updates

System update log

u2d.log

u2d

Signature upgrade

Signature upgrade log

sig_update.log

Validation

Validation logfiles

validation.log

Validation

Validation logfiles

validationError.log

VMware tools

VMware tool service (SRM)

vmtool.log

vmtool

WiFi

WiFi Authentication Service

wifiauth.log