Monitoring You can monitor an appliance when it executes the filtering that ensures web security for your network. Monitoring is performed in different ways. Default monitoring on an appliance includes: Dashboard — Displays key information on the appliance system and activities Logging — Writes information about important events on an appliance into log files Error handling — Takes measures when incidents and errors occur on an appliance You can measure the performance of appliance functions and also use external devices for monitoring, such as a McAfee ePO server or an SNMP Agent. Dashboard The dashboard on the user interface of the appliance allows you to monitor key events and parameters, such as alerts, filtering activities, status, web usage, and system behavior. Logging Logging enables you to record web filtering and other processes on an appliance. Reviewing the log files that contain the recordings allows you to find reasons for failures and solve problems. Error handling When errors and incidents occur on an appliance, appropriate measures can be taken. Some of these measures are controlled by rules. Performance measurement Processing time for several appliance functions is measured and shown as performance information on the dashboard. You can record this information in log files and also measure and record processing time for individual rule sets. Event monitoring with SNMP Events that occur on the appliance system can be monitored using SNMP. Transferring data for McAfee ePO monitoring Transferring data from an appliance to the McAfee ePolicy Orchestrator® (McAfee ePO™) console allows you to monitor the appliance from the console. Best practice: Monitoring file system usage It is important to monitor file system usage in the /opt partition on Web Gateway, as this partition is used for storing system files while the appliance software is also installed there. This means that a full opt partition impacts the performance of the appliance. Best practices - Sending access log data to a syslog server You can configure Web Gateway to send data that is recorded in the access log to a syslog server. Best practice: Implementing TLS-secured usage of syslog data You can implement use of the TLS protocol that is provided by an rsyslog package for TLS-secured sending of messages with syslog data. Sending syslog data to McAfee Enterprise Security Manager Data that is logged on Web Gateway in syslog log files can be sent to McAfee® Enterprise Security Manager (McAfee ESM).