Please implement a reader friendly log-, and live log reader which will output any of the the text logs to a formatted output (similar to the actual paket filter live log). Should offer following features for viewing all types of logs:
- formatted output (as paketfilter live log)
- colored (drop, pass, block, info and so on)
- expression filters
- possibility to filter (do not show) logentries (similar to user portal / smtp log), where you can hide unwanted informations)258 votes
Add the ability to globally search all logs for matching strings from a single entry box for a specified date/time range.82 votes
This feature is planned for the UTM 9.2 release later in 2013. Stay tuned.
In the Flow Monitor, it would be nice to be able to click on a Host/Client, and list all of their connected Host/Clients, ports that they are using, and bandwidth used for each of those. Currently The Flow Monitor only list total traffic used by a Client/Host, but for more information the text logs have to be searched.
It would also nice to be able to have fine grain control of that traffic (throttle and blocking) in real-time from inside the flow monitor. Options like Temporary blocks, or data caps, would all be bonus too.79 votes
Companies have to prove to the law that the logs are not manipulated. Hence device must hash the log files with the time stamp. We need a menu for that on UTM. For example, customers should be able to choose the needed logs through WebAdmin, and make hashing with required logs. When needed they should be able to download the hash and log files.47 votes
I would like to see better and more granular search options/filters for log searching.
What if I'm interesting in a host only when it's a source and only when it goes to port 25 on another host. Today I can only give a simple search term and get way to much data back for it to be useful fast without spending too much time looking through the result.42 votes
This feature will be part of the UTM 9.2 release which will enter public beta in September 2013 for GA release in November. Stay tuned!
Please, give a way to display all available live logs together of all services in only one single window31 votes
When you install a new server, all logs are lost since the logs remain at the old server.18 votes
Please add the ability to verify the remote archive log files server credentials (Test Button) so the admin may be certain that the archives will be written - prior to a warning email notice that the files could not be written on the target server.17 votes
Add support for storage devices such as iSCSI, so that Astaro can write long term data such as logs, reporting, and quarantine data to storage off of the appliance. this would allow for better recovery in the event of hardware failure.17 votes
Would it be possible to support searching with asterisk within the search engine logs? So when some people had searched for "i want a new job" or "better Jobs" I want a search within the log with "*jobs*" and I can see all those search terms from the users.16 votes
I have found out that packets forwarded by the Generic Proxy is not shown in the live log.
When i use the firewall live log I want to see ALL packets passing the firewall, regardless of direction or anything else.13 votes
Basically exactly as the title says. The logging to external syslog as it is now does not follow either RFC 3164 or RFC 5424.
Since the RFC 3164 was replaced by RFC 5424 it would be nice to have the option to select the format of syslog messages that are sent to external syslog server to follow this RFC standard. Right now if the external syslog is following the RFC standard and receives a syslog message from ASG which is NOT RFC compliant the message is malformed and not stored correctly which naturally causes a lot of problems.13 votes
It would be nice to have the possibility to send notifications not only with email and snmp, but also via Feed RSS. In this case admin should set the interfaces/ip address authorized to access to this feeds. It is a non invasive way (such as mail) to notificate important events to admins.12 votes
Imagine that you have 100 packetfilter rules not logged, 50 nat rules not logged, some im/p2p rules set as "Do not control". If you have troubles, perhaps it would be very usefull to easly and fastly switch from actual logging level to full logging level, without manually set (and then restore) every log option for each rule.
This "Full log" option, should also:
- log autopacket rules, that in this moment are not logged
- overrides those exceptions (ie. in web security) that prevents some hosts to be logged.10 votes
For troubleshooting purposes, including the interface that a packet/URL is going out would be very helpful.
While viewing a live log I would just need the interface, eth0, eth1, br1, etc, added to the line so that I can be sure that my multipathi rules are working.
2010:05:12-07:17:47 proxy httpproxy: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.0.2" user="" request="0" url="http://somelink.com" INTERFACE="eth1"9 votes
delete the log files should be possible to be awarded a free period.
currently, the log files are deleted only after predefined periods. we need as But a period of only 2 months9 votes
Allow exporting of HTTP content filter log to a csv/ms excel/ods file (especially after using the filter to search the HTTP content filter log)8 votes
These are very useful options and I guess these are very necessary features for ASG:
* Instant Messenger Controls:
* Controls file transfer through Skype, MSN, Yahoo, Google Talk and other popular instant messengers based on file name, extension and size
* Shadow copies are created of files uploaded and downloaded over IMs
* Logs are archived for chat conversation as well as file upload and download8 votes
In addition to the "support for multiple remote syslog servers" it would be very nice if one could choose which log files to send to which remote syslog server.
There could be profiles that allow e.g. to only send Content Filter logs to an ARM server but send Packet Filter logs to another alerting system and maybe backup all log files on a third central syslog server.
There is the possibility to choose which log files to send, but not on a per-remote-syslog server level.8 votes
The IPSec VPN live log does contain the connection name
2011:02:11-14:15:30 HOSTNAME-1 pluto[xyz]: "S_ABC_VPN" #[number]: initiating Quick Mode.....
but view "view log file" you only get
2011:02:11-14:15:30 HOSTNAME-1 pluto[xyz]: "S_REF_jYhIsAnhzG_3" #[number]: initiating Quick Mode.....
so you have to lookup the REF yourself AND it is much less "readable" as the connection name itself in the log file.
I suggest, that the connection name is also contained in the "plain" ipsec vpn logfile, and not only displayed in the live log.7 votes
- Don't see your idea?