All logging functionality in DMZ Gateway comes preconfigured with the optimal settings. The information below is provided to help you understand what is in the logs. When necessary, modifying the configuration for the logging functionality should only be performed with the aid of Globalscape Customer Support.
The following logs are created and populated during the operation of DMZ Gateway:
DMZ Gateway Communications Activity Log (DMZActivity.log)
DMZ Gateway Server Diagnostics Log (DMZGatewayServer.log)
DMZ Gateway Server Service Diagnostics Log (DMZGatewayServerService.log)
DMZ Gateway Statistics Log (DMZStatistics.log)
DMZ Gateway Server Event Viewer (Windows Operating Systems Only)
DMZ Gateway Server Syslog (Solaris/Linux-based Operating Systems Only)
The DMZ Gateway communications activity logging records messages relating to communications to a W3C Extended Log File-formatted file. By default, this log file is created as <installation directory>\logs\DMZActivity.log. The format of the log file consists of a header at the beginning of the file and subsequent lines for each communications message generated by the DMZ Gateway Server. (Not all fields will be populated for every message. More information on the W3C Extended Log File format is available on the W3C Web site at http://www.w3.org/TR/WD-logfile.html.)
(The examples below are for illustration only and do not necessarily reflect your version or installation of DMZ Gateway.)
The header is of the format:
#Software: DMZ Gateway Server Version: 3.0.0 build 4
#Version: 3.0
#Date: 2009-09-28 07:31:48
#Fields: time status rs-ip rs-comment s-ip s-comment c-ip c-comment
where:
Software – Identifies the application that generated the log file. In this case, the DMZ Gateway Server. This line will also contain the application version and build number of the DMZ Gateway Server.
Version – The version of the extended log file format used.
Date – The date and time the log file was initially created.
Fields – The field names for the fields included in each log message. The fields are defined as:
time – The date and time the log message was generated
status – The status of the message where a value of 0 indicates a failure or error and a value of 1 indicates success.
rs-ip – The remote server IP Address and Port number. This represents the peer server connected to the Peer Notification Channel. This will typically be the EFT or Mail Express.
rs-comment – Textual status message related to the remote server.
s-ip – The server IP Address and port. This represents the DMZ Gateway Server.
s-comment – Textual status message related to the DMZ Gateway Server.
c-ip – The client IP Address and port. This represents the FTP client connection.
c-comment – Textual status message related to the client.
The verbosity of messages written to the communications activity log is configurable via the DMZ Gateway administration interface. By default, verbose logging is not enabled. When set to false, only basic communications initialization and de-initialization messages are logged to the activity log. This includes messages concerning Peer Notification Channel listener startups and stops. When verbose logging is enabled, additional communications messages concerning client connections are logged.
Essentially, messages that may occur throughout the course of operating the DMZ Gateway Server are governed by the "Verbose Activity Logging" setting whereas messages that only occur during initial startup and shutdown are always logged. The DMZ Gateway Server appends the log during each run of the DMZ Gateway Server.
The log file will automatically archive itself when reaching 10 MB in size and maintains the last 10 log files in the form DMZActivity.<X> where X is a number from 1 to 10, with 1 being the most recently archived log file and 10 being the oldest.
The DMZ Gateway Server diagnostics logging functionality provides diagnostic-level messages for the operation of the DMZ Gateway Server. This diagnostic information may be used to identify errors, warnings, and other information of interest that occur during the operation of the DMZ Gateway Server.
By default this functionality logs to the file <installation directory>\logs\DMZGatewayServer.log.
The DMZ Gateway Server appends the log during each run of the DMZ Gateway administration interface. The log file automatically archives itself when reaching 10 MB in size and maintains the last 10 log files in the form DMZGatewayAdmin.<X> where X is a number from 1 to 10, with 1 being the most recently archived log file and 10 being the oldest.
This logging records diagnostic information generated by the DMZ Gateway Server service executable. The diagnostic information may be used to identify errors or warnings that occur during startup of the DMZ Gateway Server. By default, this functionality logs to the following file:
<installation directory>\logs\DMZGatewayServerService.log.
The DMZ Gateway Server appends the log during each run of the DMZ Gateway Server. The log file automatically archives itself when it reaches 10 MB in size and maintains the last 10 log files in the form DMZGatewayServerService.log.<X> where X is a number from 1 to 10, with 1 being the most recently archived log file and 10 being the oldest.
Statistics logging is disabled by default, because statistics are typically viewed through the DMZ Gateway administration interface. When enabled, this functionality records various statistical data in CSV format to the log file <installation directory>\logs\DMZStatistics.log. A header row is generated at the beginning of each file and then data rows are periodically added for each Profile/Peer Server connection.
The statistical data includes the following fields:
Timestamp – the date and time the row was generated
Profile – the Profile to which the row of statistical data pertains
Server – the Peer Server (e.g. EFT) to which the row of statistical data pertains
Client Received (B) – the total number of bytes received from clients for the specified Profile/Server.
Client Sent (B) – the total number of bytes sent to clients for the specified Profile/Server.
Server Received (B) – the total number of bytes received from the Server for the specified Profile/Server.
Server Sent (B) – the total number of bytes sent to the Server for the specified Profile/Server.
Client Receive Rate (Bps) – the number of bytes per second received from clients for the specified Profile/Server.
Client Send Rate (Bps) – the number of bytes per second sent to clients for the specified Profile/Server.
Server Receive Rate (Bps) – the number of bytes per second received from the Server for the specified Profile/Server.
Server Send Rate (Bps) – the number of bytes per second sent to the Server for the specified Profile/Server.
Connections Accepted – the total number of connections allowed for the specified Profile/Server.
Connections Refused – the total number of connections refused for the specified Profile/Server.
The log is appended during each run of the DMZ Gateway service. The log file automatically archives itself when reaching 10 MB in size and maintains the last 10 log files in the form DMZGatewayServerService.log.<X> where X is a number from 1 to 10, with 1 being the most recently archived log file and 10 being the oldest.
On Windows operating systems, DMZ Gateway records significant events to the Windows Event Log. Events originating from the DMZ Gateway are recorded in the Application Event Log and by default include the following types of events:
DMZ Gateway Service start
DMZ Gateway Service stop
DMZ Gateway Service restart
DMZ Gateway Service startup failures
All FATAL and ERROR level diagnostic log messages recorded in the DMZ Gateway Server Diagnostics Log
Additionally, the startup and shutdown activities originating from the Windows Service Control Manager are recorded in the System Event Log.
On Solaris and Linux-based operating systems, DMZ Gateway can record significant events in the local Syslog. By default, messages will be logged with an indent of “DMZ Gateway Server” to the LOG_USER facility and include the LOG_PID option. (Refer to http://www.kernel.org/doc/man-pages/online/pages/man3/syslog.3.html for information on the syslog functionality or type “man syslog” in a terminal window.)
On Solaris systems, it may be necessary to configure the syslog daemon to include logging of the LOG_USER facility. Typically, you can edit the /etc/syslog.conffile as root and add a line such as:
user.info <tab> /var/admin/message
Replace <tab> with an actual TAB character. This will instruct the syslog daemon to log LOG_USER facility messages to the /var/admin/message log file. After saving your changes, you will need to restart the syslog daemon as root with a command such as:
svcadm restart system-log
The following log files are created and populated during the operation of the DMZ Gateway administration interface:
The DMZ Gateway administration diagnostics logging provides diagnostic-level messages for the operation of the DMZ Gateway administration interface. This diagnostic information may be used to identify errors or warnings that occur during the operation of the administration interface.
By default this functionality records to the file:
<installation directory>\logs\DMZGatewayAdmin.log
The log is appended during each run of the DMZ Gateway administration interface. The log file automatically archives itself when reaching 10 MB in size and maintains the last 10 log files in the form DMZGatewayAdmin.<X> where X is a number from 1 to 10, with 1 being the most recently archived log file and 10 being the oldest.
This logging records diagnostic information generated by the DMZ Gateway Admin Launcher executable, <installation directory>\bin\DMZGatewayAdminLauncher(.exe). This executable is responsible for starting the Java Virtual Machine and launching the DMZ Gateway administration interface. The diagnostic information may be used to identify errors or warnings that occur during startup of the administration application. By default this functionality logs to the file <installation directory>\logs\DMZGatewayAdminLauncher.log. This file is overwritten during every execution of the utility.