At the Firewall Settings window, click on Security Log
If you see a "syslog.info Log file is full. Following messages will be discarded", you will need to click on the Clear Log or Save Log button, if you want new events to be logged.
| Time | Event | Event- Type | Details |
|---|---|---|---|
| Oct 7 07:49:55 2014 | System Log | Message | syslog.info Log file is full. Following messages will be discarded. |
If you click on the Save Log button, you can download the log
to your local system. The default file name is firewall.csv.
If you click on the Clear button, you will be warned that "You are about to clear the Security Log"; click on the Apply button to proceed.
You can click on the Settings button to change what is logged.
To see new entries in the log, you will need to click on the Refresh button.
The log buffer size of the log file on the router/firewall is farily small at 16 KB; a few dozen packets will fill it. You can increase the size from the System Settings menu, which you can get to by clicking on the Advanced button then selecting System Settings. But to make effective use of the data logged, you should to have it transmitted to a syslog server, i.e., an external system that will collect the log data and preserve it for later analysis or allow you to view the events being logged in real-time. Then you don't need to worry about the buffer size on the router filling, since every event is being transmitted to the syslog server for record keeping.
If you have a Linux system, you can set it up as a syslog server by installing a syslog server package for your distribution of Linux. If you have a Microsoft Windows system, there are also free and commercial syslog server programs you can utilize, such as the Kiwi Windows Syslog Server, which is available as free and paid versions with the paid version offering more features. I use WallWatcher, though support for it ended on February 1, 2011. The developer's website states "programs will remain available indefinitely, but without maintenance or enhancements, and no one is available to answer questions." It is shareware with a cost of $0.00, i.e., there's no cost to use it.
To configure the router/firewall to send data to a syslog server, take the following steps:
From the tool bar that you see at the top of the window when you log into the router, click on the Advanced button.
Put the IP address of the system that will be functioning as the syslog server in the "Remote System Host IP Address" of the System Logging section of the System Settings page and also in the Remote Security Host IP Address field of the Security Logging section.
