Log file types

There are several types of log files on an appliance. They differ in the kind of content that is recorded and in the way the recording is done.

Log files that record the same kind of content are stored in the same folder. A folder for storing log files with the same kind of content is called a log.

Depending on their content, log files are maintained by system functions, modules, or logging rules.

System-maintained log files

Some log files are maintained by functions of the appliance system, which includes the operating system and several system-related services.

You can view these files on the user interface, but not edit or delete them. However, when system log files are unreadable, they are not displayed on the user interface.

The files are also rotated in regular intervals by system functions. There are no options for configuring this rotation.

Module-maintained log files

Other log files are maintained by particular modules of the appliance, such as the proxy module or the Anti-Malware module.

You can view these files on the user interface, but not edit or delete them. The files are stored in subfolders that are located on the appliance under:

/opt/mwg/log

Rotation, deletion, and pushing of these files in regular intervals is handled by the Log File Manager, which you can configure settings for.

All files in these folders are handled by the Log File Manager, except those that have mwgResInfo as a part of their names.

The folders with the following names are also not handled by the Log File Manager: cores, feedbacks, tcpdump, migration, system, ruleengine_tracing, connection_tracing, message_tracing.

Logs for module-maintained log files include the following:

  • Audit log — Stores log files that record changes to the appliance configuration
  • Debug log — Stores log files that record debugging information
  • Migration log — Stores log files that record migration activities
  • MWG errors logs — Store log files that record errors occurring in appliance components

    There are separate errors logs for the core and coordinator subsystems, the Anti-Malware module, the user interface, and the system configuration daemon.

  • Update log — Stores log files that record updates of modules and files

Rule-maintained log files

There are also log files that are maintained by logging rules. The recording of data is executed by events that are triggered when these rules apply.

For example, a rule triggers an event when an object that a user requested is infected by a virus. The triggered event writes an entry with information on the user, the infected object, date and time of the request, and other parameters, to the log file.

You can work with the rules for this type of log files in the same way as with any other rules.

Rotation, deletion, and pushing of these files in regular intervals is handled by the File System Logging module, which you can configure settings for.

The following rule-maintained log files are provided on an appliance by default:

  • Access log — Stores log files that record requests and related information, including date and time, user name, requested object, infection of an object, blocking of an object
  • Found viruses log — Stores log files that record the names of viruses and other malware that were found to infect requested objects

    The log also records date and time, user name, requested URL, and the IP address of the client a request was sent from.

  • Incident logs — Store log files that record incidents concerning various functions, such as licensing, monitoring, or updates

To these default logs, you can add logs that you have created yourself.