22.4  Config Log

The Config log stores a complete communication history between Administration Console and the WinRoute Firewall Engine — the log allows you to find out what administration actions were performed by which user, and when.

The Config window contains three log types:

  1. Information about user logins/logouts to/from the WinRoute's administration

    Example

    [18/Apr/2008 10:25:02] james - session opened for host 192.168.32.100

    [18/Apr/2008 10:32:56] james - session closed for host 192.168.32.100

    • [18/Apr/2008 10:25:02] — date and time when the record was written to the log

    • jsmith — the login name of the user logged in the WinRoute administration

    • session opened for host 192.168.32.100 — information about the beginning of the communication and the IP address of the computer from which the user connected

    • session closed for host 192.168.32.100 — information about the end of the communication with the particular computer (user logout or Administration Console closed)

  2. Configuration database changes

    Changes performed in the Administration Console. A simplified form of the SQL language is used when communicating with the database.

    Example

    [18/Apr/2008 10:27:46] james - insert StaticRoutes set Enabled='1', Description='VPN', Net='192.168.76.0', Mask='255.255.255.0', Gateway='192.168.1.16', Interface='LAN', Metric='1'

    • [18/Apr/2008 10:27:46] — date and time when the record was written

    • jsmith — the login name of the user logged in the WinRoute administration

    • insert StaticRoutes ... — the particular command used to modify the WinRoute's configuration database (in this case, a static route was added to the routing table)

  3. Other changes in configuration

    A typical example of this record type is the change of traffic rules. When the user hits Apply in Configuration → Traffic policy, a complete list of current traffic rules is written to the Config log.

    Example

    [18/Apr/2008 12:06:03] Admin - New traffic policy set:

    [18/Apr/2008 12:06:03] Admin - 1: name=(ICMP traffic) src=(any) dst=(any) service=("Ping") snat=(any) dnat=(any) action=(Permit) time_range=(always) inspector=(default)

    • [18/Apr/2003 12:06:03] — date and time of the change

    • Admin — login name of the user who did the change

    • 1: — traffic rule number (rules are numbered top to bottom according to their position in the table, the numbering starts from 1)

    • name=(ICMP Traffic) ... — traffic rule definition (name, source, destination, service etc.)

    Note: The default rule (see chapter 7.1  Network Rules Wizard) is marked with default instead of the positional number.