Multi-Tech Systems RF600, RF660, RF760 Statistics & Logs

Chapter 6 – RouteFinder Software

Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 116

Statistics & Logs

Statistics & Logs

Various log files maintained by the RouteFinder can be viewed and/or downloaded to the browser. This function provides

current system information, status, and usage information. The information is valuable for troubleshooting and for monitoring

the RouteFinder‘s operational status and overall performance.

The following functions can be accessed under Statistics & Logs:

• Uptime (length of continuous RouteFinder operation and date last booted)

• Hardware (CPU, RAM, and Swap utilization)

• Networks (the internal network, NICs, Routing Table, and active Internet connections traffic)

• Interfaces (displays network traffic on each interface - LAN, WAN, DMZ)

• SMTP Proxy (displays email usage and status)

• Accounting (calculates and displays external NIC IP packet byte counts)

• Self Monitor (provides email notification of system-level issues)

• IPSec (displays VPN information)

• PPTP (displays processes and error messages)

• Packet Filters (displays defined filter rules, system-generated rules, and filter violations)

• Port scans (disables and logs attempted port scans)

• View Logs (displays a list of log files maintained by the RouteFinder

• HTTP Access (displays a list of users and the Internet sites visited by them)

• DHCP (displays information about the DHCP leases)

• SMTP Virus Quarantine (captures any virus-infected emails)

• POP3 Virus Quarantine (captures any virus-infected emails)

• SMTP SPAM Quarantine (using a Message Expression filter and an Attachment filter, SPAM emails will not be

relayed and will be quarantined in the SPAM area. They can then be evaluated by the system administrator.

• Administrative Authentication Log (shows successful/failed login attempts)

The data in the logs could be useful to outside attackers, and it may well be considered confidential too. For security

reasons, certain information should not be logged where an intruder could possibly access it.

The logs help you watch for usual patterns of usage, newly-developing trends in usage, and to alert you to any and all

exceptions to these patterns of typical use. Administrators should become very familiar with the typical log patterns and

messages, so that it can be recognized when something goes wrong (i.e., an unusual pattern of usage develops).

Generally speaking, log data falls into one of three categories:

1. Known to be OK - These are messages that can typically be ignored:

2. System running since Monday 21 October-2002 02:30:44PM, or CNAME_lookup_failed_temporarily._(#4.4.3)/, or

Watching superdaemon.pl ALL OK.

3. Known to be problems - Messages that should cause some action (email the administrator, start investigating

the cause, etc.). For example: a message about a bad disk block at location 0x56c8a7 or something similar.

4. Unknown - Messages that someone should examine, such as why someone is sending UDP packets from port

20 to some arbitrary port above port 1024 (doesn‘t match any known protocol).