The CloudGen Firewall creates log files for system processes, box services, and configured services such as Forwarding Firewall, HTTP Proxy, VPN, etc. Logging is processed according to system and service settings.
Box
Service | Log File | Description |
---|---|---|
Auth | Box\Auth\access | Provides informational log files about login and access attempts to the CloudGen Firewall, displaying access source, and opening and closing of sessions. |
Box\Auth\activation | Displays log files concerning process activation and provide information about message board configuration and details. | |
Azure | Box\Azure\events | Contains events for Azure Event Hub connections. |
Cloud | Box\Cloud\control | Provides logs files for the Azure and AWS cloud integration features. |
Config | Box\Config\MC-update | Provides informational log files about PAR file processing, updates, and process activation on managed firewalls. |
Box\Config\HA-update | Displays notification logs about HA startup/shutdown and provides information about HA operations, such as configuration, updates, and changes. | |
Box\Config\admin | Contains log files about login, authentication, and connection status of administrative sessions by displaying IP address and port, and shows the operative processes initiated by the administrative instance. | |
Box\Config\changes | Displays informational logs about processes concerning configuration changes such as adding or removing services and activation processes. | |
Box\Config\conftool | Display informational logs about processes concerning internal activation and database processes. | |
Box\Config\daemon | Contains log files about processes initiated by the configuration daemon such as loading processes, configuration checks, cache generation, and session termination. | |
Box\Config\daemon_download | Contains log files about downloading processes initiated by the configuration daemon, providing information concerning progress, changes, and signatures. | |
Box\Config\provision | Contains log files concerning Azure Cloud provisioning, if configured. | |
Box\Config\shell | Displays notification logs about shell operations, providing information concerning admin permissions and account settings. | |
Box\Config\sync | Displays log files concerning synchronization processes, showing connection details, update status, and progress. | |
Control | Box\Control\AuthService | Contains log files for administration, authentication processes, and access information concerning user groups, access interfaces, and domains of external authentication services. |
Box\Control\AuthService_dcclient | Contains log files for administration, authentication processes, access information concerning user groups, access interfaces, and domains of the Barracuda DC Client. | |
Box\Control\Telemetry | Displays the performance and usage data sent to the Barracuda telemetry servers. | |
Box\Control\admin | Displays informational logs about connection processes such as login, source address, and box service processes. | |
Box\Control\daemon | Contains log files about security status checks initiated by the control daemon and displays controld processes. | |
Event | Box\Event\apns | Displays process logs concerning the Apple Push Certificate provider for mobile devices (APNS). |
Box\Event\eventS | Contains log files generated by security events. For more information, see Security Events. | |
Box\Event\operative | Contains log files generated by operational events. For more information, see Operational Events. | |
Firewall | Box\Firewall | Displays log files concerning general firewall configuration changes, ruleset updates, including operation details and time settings. |
Firewall | Box\Firewall\Activity | Displays firewall log files providing in-depth information about firewall rule processing. All entries of this log file are pipe separated information. Depending on the configured setting, they are in the format ...|key=value|key=value|... or ...|value|value|... format. For information how to alter between both formats, see General Firewall Configuration.
|
Box\Firewall\IPSDownload | Contains log files generated by the Intrusion Prevention System, showing database file download status and information. | |
Box\Firewall\Rule-<no-match> | Displays firewall log files providing information about firewall rule processing of traffic not applicable to firewall policies. | |
Box\Firewall\appid_stat | Contains log files generated by Application Control, showing system processes related to applications, including configuration and download information. | |
Box\Firewall\appid_urlcat | Contains log files generated by Application Control's URL Filter, showing system processes related to Application Control's URL Filter processes, including configuration and download information. | |
Box\Firewall\auth | Displays informational log files about processes initiated by the fwauth daemon, providing information concerning authentication, such as listening IP address and port. | |
Box\Firewall\sync | Displays log files concerning firewall HA synchronization processes, showing connection details, update status, and progress. | |
Box\Firewall\threat | Displays log files generated by ATP, IPS, and DNS Sinkhole. | |
Logs | Box\Logs\bsyslog | Contains box log files created by bsyslog. |
Box\Logs\logd | Contains box log files created by logd. | |
Box\Logs\logstor | Contains box log files created by logstor. | |
Box\Logs\logwrapd | Contains box log files created by logwrapd. | |
Box\Logs\psyslog | Contains box log files created by psyslog. | |
Network | Box\Network\QoS | Provides network-related log files about processes such as Quality of Service configuration and traffic shaping. |
Box\Network\activation | Provides log files related to network activation and changes, displaying internal processes such as routing table, cache and interface status and details. | |
Box\Network\dhcp | Displays network-related log files created by the dhcp service, such as link detection and worker-related processes. | |
Box\Network\dhcpd | Displays log files about the dhcp configuration and provides information about broadcasts and the status and progress of dhcp request. | |
Box\Network\shaping | Provides informational log files about processes related to VPN traffic shaping status and processes. | |
Box\Network\pppd | Displays network-related log files created by the xDSL service, such as link detection and worker-related processes. | |
Box\Network\umts | Displays network-related log files created by the Wireless WAN service, such as link detection and worker-related processes. | |
REST
| Box\REST\control | REST calls to the control daemon. |
Box\REST\firewall | REST calls to the firewall service. | |
Box\REST\restd | Log files for the REST daemon. | |
RESTd | Box\RESTd | REST calls to box level services and queries. |
Release | Box\Release\UpdateServer | Contains log files about processes related to Barracuda security subscriptions and Barracuda Networks update server reachability. |
Box\Release\update | Contains log files about processes related to release updates. | |
Box\Release\update_hotfix | Displays informational log files about processes related to release updates including hotfixes. | |
Box\Release\check | Displays informational log files about processes related to release checks. | |
SSH | Box\SSH\config | Displays log files about internal processes that are generated by the box ssh daemon, such as startup, read and write operations, etc. |
Box\SSH\sshd | Displays log files about internal processes that are generated by the box ssh daemon, such as connection details, data transfer, and session behavior. | |
Settings | Box\Settings | Displays log files concerning the box settings configuration, and displays information and error logs in case of box configuration failures. |
Settings | Box\Settings\DNS | Displays informational log files about the box DNS settings configuration and notifies about DNS operations such as address assignment and zone-related processes. |
Box\Settings\time | Contains log files related to NTP, displaying information about time server configuration, connection status, and synchronization processes. | |
Box\Settings\activation | Provides log files related to box settings configuration activation and changes, displaying the process details. | |
Snmp | Box\Settings\Snmp | Provides informational log files about startup and working status of the box snmp service and shows the details (pid, etc.). |
Statistics | Box\Statistics\cstatd | Displays log files related to cstatd including information about statistics files collection processes created by cstatd. |
Box\Statistics\distd | Displays log files related to distatd including login information, connection details, and processes created by distatd. | |
Box\Statistics\qstatd | Displays log files related to qstatd, showing information about Control Center statistics querying processes. | |
System | Box\System\boot | Contains log files related to boot processes including release consistency checks. |
Box\System\bootloader | Contains informational log files related to boot loader operations such as system startup processes and configuration checks. | |
Box\System\cron | Displays informational log files created by the cron daemon and notifies about executed services and commands. | |
Box\System\klogd | Contains system related log files created by clogd. | |
Box\System\messages | Contains system log files related to messages. | |
Box\System\mgmaccess | Contains system log files related to management access. | |
Box\System\phionrc | Contains system-related log files created by phionrc. | |
Box\System\powersupply | Contains system log files related to power supply. | |
Box\System\syslog | Contains system-related log files created by the syslog daemon. | |
Box\System\tuning | Contains system log files related to system tuning. | |
Watchdog | Box\Watchdog\config | Contains log files created by Watchdog providing general information about the Watchdog configuration. |
Box\Watchdog\monitor | Contains log files created by Watchdog providing monitoring details. | |
Box\Watchdog\repair | Contains log files created by Watchdog providing information about repair processes. | |
Box\Watchdog\smartd | Contains log files created by Watchdog providing information about smartd processes. |
Reports
These logs are documented with the Reports_ prefix. They include entries that are carried out in continuous intervals, such as cronjobs.
Service | Log File | Description |
---|---|---|
Network | Reports\Network\check | Contains reporting log files related to network activity providing information about network checks. |
Statistics | Reports\Network\Statistics\statcook | Contains reporting log files related to statistics cooking. |
procpar | Reports\procpar | Contains reporting log files created by procpar. |
changes | Reports\changes | Contains reporting log files related to configuration changes. |
treemigration | Reports\treemigration | Contains log files including entries that are carried out in continuous intervals, such as cronjobs. |
Fatal Errors
All fatal errors that can occur on a CloudGen Firewall are, in addition to the original log file, collected in the Fatal section. The original log file is added in the fatal log message text as a prefix.
Assigned Services
The Assigned Services node contains the following log files if the services are present:
Service | Log File | Description |
---|---|---|
Firewall | <FW>\FW | Displays notification logs about Forwarding Firewall startup/shutdown with the location path and provides information about firewall operations, such as configuration loading, updates, and changes. Further logs in this section provide information on installation of updated settings and firewall rules. |
<FW>\Content | Provides informational log files about the loading process of the Forwarding Firewall ruleset. | |
<FW>\CustomExternalImport | Log files containing information about importing and setting the custom external network objects. On cloud firewalls these imports are handled automatically by the cloud-initstart process. | |
<FW>\SSL | Displays log files concerning SSL Inspection, notifies about the SSL Inspection progress and working state, and displays information and error logs in case of detections, errors, or certificate failures. | |
<FW>\auth | Contains log files about opening, connection status, and closing of firewall sessions, displaying IP address and port of the connected clients and peers. Information is displayed in case of login failures, file requests, and transactions concerning fwauth, errors or SSL certificate failures. | |
<FW>\sipproxy | Provides log files concerning startup, activation of child processes, and socket opening of the SIP Proxy, and displays informational log files in case of network interface changes. | |
HTTP Proxy | <HTTP>\access | Contains log files created by the HTTP Proxy service, providing information about access paths of destinations. |
<HTTP>\cache | Displays log files about the proxy cache and informs about caching processes, such as cache initialization, starting the Squid cache, adding domain and name server, creating sockets and directories, connecting to access cache workers, memory, scanning, etc. | |
<HTTP>\controlSquid | Informs about the Squid cache version at startup, displays parent and child processes with process ID and path, and shows log files about Squid cache operations. | |
<HTTP>\gui | Provides informational log files about proxy GUI worker startup and shows the maximum fail cache age. | |
Anti Virus | <VIR>\AV | Contains log files created by AVIRA antivirus, providing engine and VDF version, and displays information about virus scanning, threat detections, and actions. |
URL Filter | <URL>\Cofsd | Provides log files about the Web Filter service, showing information about licensing, and URL filtering processes and actions. |
OSPF-RIP-BGP | <DYNBO2>\access | Contains log files created by dynamic routing protocols such as OSPF, RIP, or BGP. |
VPN | <VPN>\VPN | Provides informational log files about the status of VPN sessions, showing tunnel transport, keying, and updates, and displays notifications in case of tunnel and transport failure. |
<VPN>\ikev2 | Contains notification log files created by the VPN service, providing debugging information related to IPsec if debugging mode for IKEv2 is enabled in the VPN settings. | |
<VPN>\ike | Contains notification log files created by the VPN service, providing debugging information related to IPsec if debugging mode for IKE is enabled in the VPN settings. | |
<VPN>\pptpd | Contains notification log files created by the VPN service, providing information related to pptpd. | |
<VPN>\sslvpn | Contains log files created by SSLVPN, displaying configuration, tunnel transport, and keying details. | |
CloudGen Access Proxy | <CGAPRX> | Provides log files created by the CloudGen Access Proxy service and shows information related to access key checks, configuration, and starts and stops of the service. |
DHCP | <DHCP> | Provides log files created by the DHCP service and shows information about DHCP processes, requests, and IP address assignment. |
DHCP Relay | <DHCP-Relay> | Provides log files created by the DHCP Relay service, displaying processes and packet transmission details. |
DNS | <DNS> | Contains log files created by the DNS service providing information about DNS configuration, listening interfaces, and DNS zone activity and processes. |
Wi-Fi | <Wi-Fi> | Contains log files created by the Wi-Fi service providing information about Wi-Fi configuration including status, keying, and driver processes. |
SNMP | <SNMP> | Provides log files created by the SNMP service, displaying access control information details and system processes for attached devices. |
Secure Web Proxy | <S-PROXY> | Displays log files created by the Secure Web Proxy and informs about web filtering processes and actions such as allowing and denying URL requests if configured. |
Access Control Service | <Access Control>\<SSH> | Provides log files created by the Access Control service and shows information about access control policy processing and monitored actions and registry checks according to the configured log level. |
acs\acs | Provides log files created by the Access Control service and shows information about access control policy processing and monitored actions and registry checks according to the configured log level. | |
acs\gui | Displays informational log files about Access Control service eventing processes. | |
acs\matcher | Displays informational log files about access control policy changes. |
Assigned Services CC
The Assigned Services node on the Control Center contains the following log files if the services are present:
Service | Log File | Description |
---|---|---|
CC-Access-Control-Service | ACCESS | Contains information about access to the Control Center via several connection methods, e.g., login, file access, or GUI. |
CC-Audit-Service | AudLog | Container directory for logs that are created on managed boxes and transferred to the Control Center. |
AudLog\AudLog | Contains information from the worker process that handles auditing logs from boxes managed by the Control Center. | |
AudLog\admin | Contains information about administrative events relating to auditing tasks on CC level. | |
Firewall | CCFW | Displays notification logs about Forwarding Firewall startup/shutdown with the location path and provides information about firewall operations, such as configuration loading, updates, and changes. Further logs in this section provide information on installation of updated settings and firewall rules. |
CCFW\Content | Provides informational log files about the loading process of the Forwarding Firewall ruleset. | |
CCFW\SSL | Displays log files concerning SSL Inspection, notifies about the SSL Inspection progress and working state, and displays information and error logs in case of detections, errors, or certificate failures. | |
CCFW\auth | Contains log files about opening, connection status, and closing of firewall sessions, displaying IP address and port of the connected clients and peers. Information is displayed in case of login failures, file requests, and transactions concerning fwauth, errors, or SSL certificate failures. | |
CCFW\sipproxy | Provides log files concerning startup, activation of child processes, and socket opening of the SIP Proxy, and displays informational log files in case of network interface changes. | |
CC-VPN-Service | CCVPN | Container directory for VPN log files fed during VPN connections between the CC and the managed boxes. |
CCVPN\CCVPN | Provides informational log files about the status of VPN sessions, showing tunnel transport, keying, and updates, and displays notifications in case of tunnel and transport failure. | |
CCVPN\vpnstat | Contains information about the health state of open tunnels served by the tunnel server process. | |
CC-Configuration-Service | CONF | Container directory for logs that are created by processes part of the Control Center's configuration system for managed boxes. |
CONF\CONF | Contains information about configuration sessions that were initiated on the Control Center. | |
CONF\admin | Contains information about login, authentication, and connection status of administrative sessions, displaying IP address and port, and shows the operative processes initiated by the administrative instance. Information relates to CC level. | |
CONF\boxupdate | Contains information about update processes that were initiated on managed boxes from the Control Center. | |
CONF\c3d | Contains information about configuration updates, state, and delivery of firmware updates between the Control Center and SCAs. In case no SCAs are connected, this log file is empty. | |
CONF\changes | Contains information about changes made on the Control Center that affect configuration of managed firewalls. | |
CONF\download | Contains information about downloads that were initiated on the Control Center. | |
CONF\exec | Contains information about triggering the execution of external processes initiated by the Control Center. | |
CONF\licupdate | Contains information about license updates. | |
CONF\masterd | Contains information about the master daemon running on the Control Center. | |
CONF\softwarestatus | Contains information created by the software update daemon on the Control Center. | |
CONF\status | Contains status information about the managed boxes. | |
CONF\sync | Contains information about synchronization processes. | |
CC-Event-Service | EVENT | Container directory for logs that contain information about events. |
EVENT\eventS | Contains information about security events. For more information, see Security Events. | |
EVENT\operative | Contains information about operational events. For more information, see Operational Events. | |
CC-Statistic-Collector | STCOLL | Contains information created by the engine responsible for collecting statistical information. |
CC-Statistics-Viewer | STVIEW | Contains information created by the engine responsible for displaying statistical information. |
CC-Syslog-Service | Syslog | Container directory for logs that contain information about different processes and daemons that run with system privileges on CC level. |
Syslog\Syslog | Contains system-related log information created by the syslog daemon on CC level. | |
Syslog\csslsrv | Contains system-related log information created by the SSL service daemon on CC level. | |
dstats | Contains information collected from managed boxes by the daemon for statistics. | |
mdist2 | Contains information about authentication syncs, e.g., synchronization between Virus Scanner versions etc. |