Professional Documents
Culture Documents
Chapter 13 - Monitor and Log
Chapter 13 - Monitor and Log
Chapter 13 - Monitor and Log
HCSA-NGFW 2022
1 Monitor
Contents
2 Log
3 Report
4 Advanced Configuration
Monitor
Monitor
• System can monitor the following objects:
- User Monitor
- Application Monitor
- Cloud Application Monitor
- User Quota Monitor
- URL Hit
- Link Status Monitor
- iQoS Monitor
- Device Monitor
- Keyword Block
- Application Block
- Authenticated User
www.hillstonenet.com
User Monitor
• Displays the application statistics within the specified period. The statistics include the application traffic and
applications' concurrent sessions.
www.hillstonenet.com
Application Monitor
• Displays the statistics of applications, application categories, application subcategories, application risk levels,
application technologies, and application characteristics within the specified period
www.hillstonenet.com
Cloud Application Monitor
• Cloud application monitor page displays the statistics of cloud applications and users within a specified period
www.hillstonenet.com
Configure User Quota
Policy > Traffic Quota > Profile,click『New』to create profile、rule,and select zone
www.hillstonenet.com
User Quota Monitor
• Display the current used traffic, support to clear daily used/monthly used traffic.
www.hillstonenet.com
URL Hit
• Displays the URL statistics within the specified period, such as top 10 Users/URLs/URL categories
www.hillstonenet.com
Link Configuration
• Link Configuration
• Detection Destination
www.hillstonenet.com
Link Status
www.hillstonenet.com
iQoS Monitor
• Display the real-time traffic details or traffic trends of pipes and sub-pipes in Level-1 Control
or Level-2 Control
www.hillstonenet.com
Device Monitor
• Display the device statistics within the specified period, including the total traffic, interface traffic, zone traffic,
CPU/memory status, sessions, hardware status and online IP.
www.hillstonenet.com
Authenticated User
• Display the authenticated user information
15 www.hillstonenet.com
Log
16
Log
• StoneOS log type:
- Event Log
- Network Log
- Configuration Log
- Share Access Log
- Threat Log
- Session Log
- PBR Log
- NAT Log
- URL Log
- File Filter Log
- Content Filter Log
- Network Behavior Record
- Cloud Sandbox Log
www.hillstonenet.com
Log Severity
Severity Level Description Log Definition
Emergency 0 Identifies illegitimate system events. LOG_EMERG
www.hillstonenet.com
Network Log
• Log information related to network service operations, such as PPPoE 、DHCP and DDNS etc.
www.hillstonenet.com
Configuration Log
www.hillstonenet.com
Threat Log
www.hillstonenet.com
Session Log
• Enable the session log in policy
• Display the session start、session end and policy information
www.hillstonenet.com
PBR Log
• Enable the PBR log at Route> Policy-based Routing
www.hillstonenet.com
NAT Log
• Enable the NAT Log at SNAT/DNAT configuration page
www.hillstonenet.com
URL Log
26 www.hillstonenet.com
Destination of Exported Log
• Console
• Terminal
• Memory Buffer
• File
• Syslog Server
• Email address
• Local database (send log to local hard disk)
• SMS
27 www.hillstonenet.com
Report
28
Report Template
www.hillstonenet.com
Report Task
www.hillstonenet.com
Report File
www.hillstonenet.com
Advanced Configuration
32
Log Management(WebUI)
Monitor > Log > Log Management Session log、NAT log and URL log is disabled by default
www.hillstonenet.com
Log Configuration(WebUI)
• Log Server Configuration
• Web Mail Configuration
• Facility Configuration
• SMS Configuration
www.hillstonenet.com
Configure Syslog Sever
• Hostname is the IP address of the log server
• Default transit port is UDP 514
www.hillstonenet.com
Web Email Configuration
• Need to configure the mail server in advance
• Add the Email address for receiving logs
www.hillstonenet.com
Facility Configuration
• Support to change facility name, default is Local7
www.hillstonenet.com
SMS Configuration
• Need to configure the SMS modem or SMS gateway
• Add the mobile number here for receiving logs
www.hillstonenet.com
Operational Highlights 1 – Log Server Configuration
• Log Server provides the visibility to the configured multiple logs at same page, you can send logs separately
to different syslog server.
www.hillstonenet.com
Operational Highlights 2 – Log Export
• Log and session can be exported to txt file for analysis via ftp/tftp
SG-6000# show logging | redirect
ftp:// Uniform Resource Locator (ftp://[username:password@]x.x.x.x[:port:vrid]/filename)
tftp:// Uniform Resource Locator (tftp://x.x.x.x[:vrid]/filename)
SG-6000# show logging event | redirect tftp://1.1.1.20/log.txt
www.hillstonenet.com
Operational Highlights 3 – Log Analysis
• Provide the close reason for session in session log page. Help system Admin to do troubleshooting
www.hillstonenet.com
Operational Highlights 4 – Traceability of
Management Behavior
• Trace the management behaviors in configuration log page. Record all the configuration changes, to be
checked if there was some setting problems.
www.hillstonenet.com
Question
1. How many logs can be supported at Hillstone FW? What are the contents stored by each
type of log?
2. What types of output destination does a Hillstone device support?
3. What types of stat-sets does a Hillstone device support?
4. How can we find the root cause of disconnection from session logs?
www.hillstonenet.com
Thanks