DMZ Gateway Logging

The following events are logging to the Windows Event log:

A log file, DMZActivity.log, is created in the installation root directory for the current DMZ Gateway session. The log file records the DMZ Gateway service starting and stopping time (the time on EFT Server computer) and EFT Server connection requests.

The DMZ Gateway <-> EFT Server connection activity can be logged in the log file if the registry entry of DMZ_ROOT/Settings/Use activity log exists with a value of yes. This registry setting can be changed in the DMZ Gateway Administrator interface by selecting the Enable DMZ Gateway <-> EFT Server debug logging.

You can also configure the registry setting manually by running the scripts DMZActivityLogSetting_ON.reg or DMZActivityLogSetting_OFF.reg, found in the installation directory:

By default, each log file has maximum size of 1024*1024, and 10 rotation files are used for archiving. The rotation files are named DMZActivity.log_# where # is the number of the archive, 1 through 10. After the 10th log file reaches its maximum size, numbering starts again with number 1. If you want to create EFT Server Rules to clean up the archives, be sure you specify the cleanup by date and use a wildcard for the number. (For example, DMZActivity.log_*) You can edit the log file name and location, maximum file size, number of files to be used for archiving, and so on in the logging configuration file, logging.cfg in the installation directory. The log content is compliant with W3C convention. See the Log Example, below.

The log period is specified in milliseconds, with a default of 300000 (5 minutes).

To log connection activity to the file

  1. Open the DMZ Gateway Administrator interface.

  2. In the Profile list, click All Profiles. The Server Status appears in the right pane.

  3. Select the Enable verbose logging check box.

  4. Click Apply to save the changes.

  5. Stop the DMZ Gateway service, then restart it to verify that the log is created.

Log Example

The following is a capture of DMZ Gateway session. The number in front of each line is not part the of log, but is for commenting purposes. See the description of each line below the log.

The fields displayed in the log (as shown in line 3 of the log) are:

---------------------------------------- Start --------------------------------------

1:  #Version: 1.0

2:  #Date: 15-Dec-2008

3:  #Fields: time status rs-ip rs-comment s-ip s-comment c-ip c-comment

4:  2008-12-15 15:19:22 1     -              -              10.0.0.159:44500               Listener+started              -              -

5:  2008-12-15 15:19:22 1     -              -              10.0.0.138:44501               Listener+started              -              -

6:  2008-12-15 15:19:22 1     10.0.0.159:0   MySite@gs0022+Connected   10.0.0.159:44500  Connected       10.0.0.138:8080 Assigned

7:  2008-12-15 15:19:23 1     10.0.1.5:0     MySite@XPP-EFT6+Connected 10.0.0.138:44501   Connected      10.0.0.159:21   Assigned

8:  2008-12-15 15:19:23 1     10.0.1.5:0     MySite@XPP-EFT6+Connected 10.0.0.138:44501  Connected       10.0.0.159:80   Assigned

9:  2008-12-15 15:19:23 1     10.0.1.5:0     MySite@XPP-EFT6+Connected 10.0.0.138:44501   Connected      10.0.0.159:443  Assigned

10: 2008-12-15 15:21:02 1     10.0.0.174:0   MySite@rename             10.0.0.159:44500    Outbound-only+proxy  -                -

11: 2008-12-15 15:21:41 1     10.0.0.174:0   MySite@rename+Outbound-only+connection+deleted  10.0.0.159:44500   Connection+deleted   -       -

12: 2008-12-15 15:22:15 1     10.0.0.174:0   MySite@rename             10.0.0.159:44500      Outbound-only+proxy  -                -

13: 2008-12-15 15:23:51 0     10.0.1.5:0     Test@XPP-EFT6             10.0.0.138:44501  -   10.0.0.159:21     Port+in+use

14: 2008-12-15 15:23:51 0     10.0.1.5:0     Test@XPP-EFT6             10.0.0.138:44501  -   10.0.0.159:80     Port+in+use

15: 2008-12-15 15:26:04 1     10.0.0.174:0   MySite@rename+Outbound-only+connection+deleted  10.0.0.159:44500  Connection+deleted      -      -

16: 2008-12-15 15:34:55 0     10.0.0.174:0   Request+from+site+MySite-SMB+on+computer+rename+is+denied!+Baseline+EFT+Server+tried+to+connect+to+Enterprise+DMZ.  10.0.0.159:44500               Failed    -          -

17: 2008-12-15 15:36:08 1     10.0.0.159:0   MySite@gs0022+Deleted   10.0.0.159:44500  Connection+deleted      10.0.0.138:8080 Deleted

18: 2008-12-15 15:36:08 1     10.0.1.5:0     MySite@XPP+Deleted  10.0.0.138:44501      Connection+deleted      10.0.0.159:21      Deleted

19: 2008-12-15 15:36:08 1     10.0.1.5:0     MySite@XPP+Deleted  10.0.0.138:44501      Connection+deleted      10.0.0.159:80      Deleted

20: 2008-12-15 15:36:08 1     10.0.1.5:0     MySite@XPP+Deleted  10.0.0.138:44501      Connection+deleted      10.0.0.159:443   Deleted

21: 2008-12-15 15:36:08 1     -              -              -              DMZ+Gateway+Server+Closed.                -         -

22: 2008-12-15 15:36:08 1     -              -              -              DMZ+Gateway+Shutdown.        -            -

23:     

24:      

25: 2008-12-15 15:36:12 1     -              -              10.0.0.159:44500               Listener+started              -          -

26: 2008-12-15 15:36:12 1     -              -              10.0.0.138:44501               Listener+started              -          -

27: 2008-12-15 15:36:12 1     10.0.1.5:0     MySite@XPP-EFT6+Connected 10.0.0.138:44501    Connected                10.0.0.159:21      Assigned

28: 2008-12-15 15:36:12 1     10.0.1.5:0     MySite@XPP-EFT6+Connected 10.0.0.138:44501    Connected                10.0.0.159:80      Assigned

29: 2008-12-15 15:36:12 1     10.0.1.5:0     MySite@XPP-EFT6+Connected 10.0.0.138:44501    Connected                10.0.0.159:443   Assigned

30: 2008-12-15 15:36:12 0     10.0.1.5:0     Test@XPP-EFT6    10.0.0.138:44501       -     10.0.0.159:21             Port+in+use

31: 2008-12-15 15:36:12 0     10.0.1.5:0     Test@XPP-EFT6    10.0.0.138:44501     -       10.0.0.159:80             Port+in+use

32: 2008-12-15 15:36:13 1     10.0.0.159:0   MySite@gs0022+Connected      10.0.0.159:44500  Connected                10.0.0.138:8080 Assigned

----------------------------------------------END---------------------------------

 

Line 1-3: The header that only appears once in the log file

Line 4-5: DMZ Gateway listener (for EFT, PNC) starts. Two listeners from two configurations in this example

Line 6: EFT Server on GS0022 connected properly; Only one site and one protocol in this example

Line 7-9: EFT Server on XPP-EFT6 connected properly; One site and three protocols in this example

Line 10: EFT Server on rename connected; No port is requested and so DMZ Gateway acts as outbound-only proxy

Line 11: EFT Server on rename disconnected

Line 12: EFT Server on rename re-connected again

Line 13-14: A 2nd site (Test) in XPP-EFT6 tried to connect, but both ports have been occupied [Site "MySite" from the same EFT Server]

Line 15: EFT Server on rename disconnected again

Line 16: EFT Server (non-Enterprise version) on 10.0.0.174 tried to connect and is denied by DMZ Gateway Enterprise.

Line 17: EFT Server on GS0022 disconnected

Line 18-20: MySite from EFT Server on 10.0.1.5 disconnected

Line 21-22: DMZ Gateway shutdown

Line 23-24: When EFT Server restarts, it checks the existence and the size of the log file. If the file exists and has content, the header will NOT be repeated, but prints a blank line instead.

Line 25-32: The restarted DMZ Gateway connects to EFT Servers.

(For detailed information about W3C Extended Log File Format, refer to http://www.w3.org/TR/WD-logfile.)