Académique Documents
Professionnel Documents
Culture Documents
Contents
Introduction ........................................................................................................................................... 2
Prerequisite ............................................................................................................................................ 2
Web Usage Logs ..................................................................................................................................... 4
Blocked Web Attempts Logs................................................................................................................ 10
Application Logs ................................................................................................................................... 15
Block Application Logs ......................................................................................................................... 19
Firewall Rule Based Usage ................................................................................................................... 24
Mail Usage Logs ................................................................................................................................... 28
Spam Logs ............................................................................................................................................ 32
Attacks Logs ......................................................................................................................................... 35
IM Usage Logs ...................................................................................................................................... 38
Block IM Attempts Logs ....................................................................................................................... 45
Search Engine Logs............................................................................................................................... 54
FTP Logs ................................................................................................................................................ 59
Virus Logs ............................................................................................................................................. 62
WAF Logs .............................................................................................................................................. 74
SSL VPN Logs ........................................................................................................................................ 79
Denied SSL VPN Logs............................................................................................................................ 93
VPN Logs............................................................................................................................................. 107
Internet Usage Logs ........................................................................................................................... 135
Introduction
This document describes the method of generating logs in Open iView for
different modules of Cyberoam UTM. This document describe step by step
configuration of Cyberoam UTM for each modules to generate the logs of the
same modules in Open iView.
Prerequisite
Below Mention Configuration is required in Cyberoam side.
1) Firewall:
Two default rules are available in Cyberoam. There is no need to configure anything.
1.1. Make sure that Log Firewall Traffic Button is enable in Firewall Rule .Edit Firewall Rule
and Check for it.
2.2. Now, Go to Log Setting and Tick Mark on Log type which you want in Open iView.
3. Gateway
Make your Cyberoam UTM as your System Gateway.
4. All Subscriptions and License should Up to Date.
3. Now, Apply this Web Filter Policy in Lan to Wan Firewall Rule.
Go to Firewall Rule>>Edit the Rule >>Security Policies>>Select Your Custom Web Filter
Policy in Web Filter tab.
4. Now, Do Web Surfing from your Host Machine. Open some website from your browser
like www.gmail.com, www.facebook.com, etc.
You can find Web Filter log from LOG Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for Web Filter.
2. After making Custom Policy, Add Web Filter Policy Rule just below it. In Web Filter
Policy rule, you need to select Category Type as Web Category, Select category
which you want to block and must define HTTP and HTTPS action as Deny. You can
also assign schedule to this rule. By default it marks as All the time.
10
3. Now, Apply this Web Filter Policy in Lan to Wan Firewall Rule.
Go to Firewall Rule>>Edit the Rule >>Security Policies>>Select Your Custom Web Filter
Policy in Web Filter tab.
11
4. Now, Do Web Surfing from your Host Machine. You can find Web Filter log from Log
Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for Web Filter.
12
13
14
Application Logs
To generate Application logs in Open iView we need to configure Application Filter
Policy in Cyberoam UTM. Below are the steps of Application Filter Module configuration
for Application logs generation in Open iView.
1. First of all make one custom Application Filter Policy from Application
Filter>>>Policy>>Add>>Write Name and Click OK button.
2. After making Custom Policy, Add Application Filter Policy Rule from just below it. In
Application Filter Policy rule, Select Category, Risk, Characteristics and Technology form
Application Filter Criteria and always select action as "Allow. You can also assign
schedule to this rule. By default it marks as All the time.
15
16
4. Now, Pass Traffic using application from your host like Yahoo Messenger,
Skype,Gtalk,etc.
5. Allow Application logs automatically display Under Application Widget in Open
iView.
17
18
2. After making Custom Policy, Add Application Filter Policy Rule just below it. In
Application Filter Policy rule, Select Category, Risk, Characteristics and Technology form
Application Filter Criteria and always select action as "Deny. You can also assign
schedule to this rule. By default it marks as All the time.
19
3. Now, Apply this Application Filter Policy in Lan to Wan Firewall Rule.
Go to Firewall Rule>>Edit the Rule >>Security Policies>>Select Your Custom Application
Filter Policy in Application Filter tab.
20
4. Now, Pass Traffic using application from your host like Yahoo Messenger, Skype,
Gtalk,etc. .You can find Application Filter log from LOG Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for Application Filter.
21
22
23
24
3. Now, Just do web surfing and pass traffic via some application. Deny logs
automatically display under Top Deny Rule, Top Deny Rules - Application Category
Wise, Top Deny Rules - Host Wise, Top Deny Rules - Destination Wise.
25
26
27
2. Now, Open Your Mail Client like Thunder Bird. Now, Do send/Receive Mail.
28
29
30
31
Spam Logs
1.To Generate Spam logs, We need to make one firewall Rule and make a tick mark on
SMTP,POP3 and IMAP under AV & AS Scanning tab at Security Policies.
32
3. Now, Send mail via Mail client with Subject RPD Spam Test: Spam. We also find
Spam log at Log Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for AntiSpam.
33
34
35
Attacks Logs
1. To Generate Attacks logs, we need to make one firewall Rule and Select IPS as
lantown_Strictpolicy at Security Policies.
36
37
38
IM Usage Logs
1. To Generate IM Usage logs, we need to Edit firewall Rule and Enable IM Scanning
from Security Policies.
39
B. Edit conversationrule1 and select Allow for One-to-One Conversation and Group
Conversation tab. Also, Enable Content Filter and Logging tab. Select Full Data for
Logging Level Tab.
40
C. Edit filetransferrule2 and select action as Allow. Also, Enable Virus Scanning and
Logging tab.
41
D. Now, Edit webcamrule3 and select Action as Allow. Also, Enable logging tab.
42
3. Now, Open yahoo application in your system and pass traffic via that application.
Send some messages, Files and Web Cam request via Yahoo application.
4. We also find IM logs at Log Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for IM.
43
44
45
46
B. Now, Open Yahoo Messenger Application and try to login. Doing this exercise we are
able to generate Login Denied log.
47
C. For Login in to Yahoo Messenger Application, Edit imloginrule1 for Yahoo Contacts
and make sure action for login rule is Allow. Please tick mark on Privacy Disclaimer
and Logging tab in that rule.
48
D. Edit conversationrule1 and select Deny for One-to-One Conversation and Group
Conversation tab. Also, Enable Logging tab. Select Full Data for Logging Level Tab.
49
50
F. Now, Edit webcamrule3 and select Action as Deny. Also, Enable logging tab.
51
3. Now, Open yahoo application in your system and pass traffic via that application.
Send some messages, Files and Web Cam request via Yahoo application.
4. We also find Block IM logs at Log Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for IM.
52
53
54
55
2.There are 6 types of Search Engine logs display by Open iView i.e. Google Search, Yahoo
Search, Bing Search, Wikipedia Search, Rediff Search and eBay Search.
For generating Search Engine Logs open below links & Search appropriate words.
1) www.google.com
2) http://search.yahoo.com
3) http://www.bing.com
4) http://www.wikipedia.org
5) http://search.rediff.com
6) http://www.ebay.com
56
You can find Cyberoam UTM Yahoo Search Logs in Open iView at
Report>>>Search Engine>>>Yahoo Search
57
You can find Cyberoam UTM Wikipedia Search Logs in Open iView at
Report>>>Search Engine>>>Wikipedia Search
58
You can find Cyberoam UTM eBay Search Logs in Open iView at
Report>>>Search Engine>>>eBay Search
59
FTP Logs
1.To Generate FTP logs, we need to make one firewall Rule and apply tick mark on FTP
at AV & AS Scanning in Security Policies.
Firewall>>>Edit Lan to Wan Rule.
2. Now, Access FTP server which deploy on WAN side. Here, We use local FTP server
ftp://172.16.5.222.
60
61
62
Virus Logs
In Open iView, we Support Web Virus Log, FTP Virus Log and Mail Virus Log.
A. Web Virus Log:
1.To Generate Web Virus logs, we need to make one firewall Rule and apply tick mark
on HTTP and HTTPS at AV & AS Scanning in Security Policies.
63
3. When you try to download virus from that website, you can see Virus detection
Message on your Screen.
64
65
66
B.FTP Virus:
1. To Generate FTP Virus logs, we need to make one firewall Rule and apply tick mark
on FTP at AV & AS Scanning in Security Policies.
2. Now, Download Virus from FTP Server. Here, We use local FTP server Ftp://172.16.5.222
67
68
69
70
71
2. Now, Send mail which contain Virus attachment via your mail client.
3. We also find Web Virus logs at Log Viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for Anti-Virus.
72
73
WAF Logs
1.To generate WAF log need to configure Webserver at WAF>>>WEB SERVER.
Follow below steps to configure web server:
A.Define Web Server Name.(For example, Cyberoam)
B.Select Zone as Wan.
C.Select PublicIP/FQDN for Web Server Hosted on.
D.Add FQDN host in Public IP/FQDN.
D.1.Click on tab Add FQDN Host.
D.2. Write down any name at Name tab.
D.3.Apply any website address at FQDN tab.(Here, I use www.cyberoam.com)
74
2. Now, Make one Lan to Wan firewall rule and do below changes.
A. Name: Apply Name whatever u like (Here, I use WAF.)
B. Description: Write down Description if you want.(Here, I left this field blank.)
C. Select Source Zone as LAN and Destination Zone as WAN.
D. Make a tick mark on Attach Identity tab.
75
76
77
78
79
80
81
82
6. Now, Open SSL VPN portal via using WAN interface with port 8443.(Here, I use
https://172.16.6.9:8443)
83
84
85
86
2. Now, Open SSL VPN portal via using WAN interface with port 8443.(Here, I use
https://172.16.6.9:8443)
3. Login in to this portal with user Cyber which we created earlier and down load SSL
VPN Client for Windows and Configuration for SSL VPN Client .
4. Now, Install that client in another Windows machine which gateway is not your
cyberoam and Import Client configuration.
87
88
89
90
6. Now,Open SSL VPN Client and Login with user Cyber which we created earlier.
91
92
93
94
95
96
6. Now, Open SSL VPN portal via using WAN interface with port 8443.(Here, I use
https://172.16.6.9:8443)
97
98
99
2. Now, Open SSL VPN portal via using WAN interface with port 8443.(Here, I use
https://172.16.6.9:8443)
3. Login in to this portal with User Cyber which we created earlier and download SSL
VPN Client for Windows and Configuration for SSL VPN Client .
100
4. Now, Install that client in another Windows machine which gateway is not your
cyberoam and Import Client configuration.
101
102
103
104
6. Now ,Open SSL VPN Client and Login with user Cyber which we created earlier.
105
106
You can find Cyberoam UTM Denied SSL VPN Attempts Logs in Open iView at
Report>>>Denied SSL VPN Attempts
107
VPN Logs
There are three types of logs in VPN Module.
A.PPTP
B.L2TP
C. IPSec Connection
A.PPTP:
1. Make one VPN to WAN Rule.
A. Go to Firewall>>>Rule>>>Add.
B. Apply Rule name.(Here, I use name VPN to WAN)
C. Add Description if you want or leave it as it is.
D. Select Source Zone as VPN and Destination Zone as WAN.
E. Do not make a tick mark on Attach Identity.
F. Do not change default configuration of Identity, Network/Host, Services and
Schedule.
G. Select Action as Accept.
H. Make a tick mark on Apply NAT and Select MASQ.
I. Do not change default configuration of Application Filter, Web filter, IPS, IM Scanning,
WAF and AV & AS Scanning.
J. Enable Log Firewall Traffic tab and Clock on OK button.
108
109
110
111
112
113
E. Now, Write Down IP Address of WAN Interface of your Cyberoam UTM and Click on
Next Button.
114
115
116
117
5 .After connecting via PPTP protocol from your system, Do web Surfing.
6. You can find Tunnel Traffic using PPTP protocol log at log viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for Firewall.
118
119
120
121
122
123
124
125
126
E. Now, Write Down IP Address of WAN Interface of your Cyberoam UTM and Click on
Next Button.
127
128
J. Now, Click on Security Tab and Select Type of VPN as L2TP/IPSEC,Data Encryption
as Optional Encryption (Connect Even if no Encryption.).
K. Select Unencrypted Password (PAP) for Allow these Protocols at Authentication field.
129
L. Now, Click on Advance Setting Just below Type Of VPN tab and again make a tick
mark at Use Preshared Key for Authentication.
M. Apply Same Preshared key in field which we apply while We Creating L2TP
connection in Cyberoam UTM.
130
131
7. Do Some Web Surfing and You can find Tunnel Traffic using L2TP protocol log at log
viewer.
Logs & Reports>>>Log Viewer>>>Select View Logs for Firewall.
132
C.IPSEC
When we Connect client via L2TP connection and Do Some Web Surfing, IPSEC log
automatically displayed in Open iView under IPSEC Widget.
133
134
135
136
4. Now, Do Web Surfing from your Machine and You can find Authentication Page from
Cyberoam UTM.
137
138
139
END
140