The Config log stores a complete communication history between Administration Console and the WinRoute Firewall Engine — the log allows you to find out what administration actions were performed by which user, and when.
The Config window contains three log types:
Information about user logins/logouts to/from the WinRoute's administration
[18/Apr/2008 10:25:02] james - session opened for host 192.168.32.100
[18/Apr/2008 10:32:56] james - session closed for host 192.168.32.100
[18/Apr/2008 10:25:02]
— date and time when the record was written to the log
jsmith
— the login name of the user logged in the WinRoute administration
session opened for host 192.168.32.100
— information about the beginning of the communication and the IP address of the computer from which the user connected
session closed for host 192.168.32.100
— information about the end of the communication with the particular computer (user logout or Administration Console closed)
Configuration database changes
Changes performed in the Administration Console. A simplified form of the SQL language is used when communicating with the database.
[18/Apr/2008 10:27:46] james - insert StaticRoutes set Enabled='1', Description='VPN', Net='192.168.76.0', Mask='255.255.255.0', Gateway='192.168.1.16', Interface='LAN', Metric='1'
[18/Apr/2008 10:27:46]
— date and time when the record was written
jsmith
— the login name of the user logged in the WinRoute administration
insert StaticRoutes ...
— the particular command used to modify the WinRoute's configuration database (in this case, a static route was added to the routing table)
Other changes in configuration
A typical example of this record type is the change of traffic rules. When the user hits Configuration → Traffic policy, a complete list of current traffic rules is written to the Config log.
in[18/Apr/2008 12:06:03] Admin - New traffic policy set:
[18/Apr/2008 12:06:03] Admin - 1: name=(ICMP traffic) src=(any) dst=(any) service=("Ping") snat=(any) dnat=(any) action=(Permit) time_range=(always) inspector=(default)
[18/Apr/2003 12:06:03]
— date and time of the change
Admin
— login name of the user who did the change
1:
— traffic rule number (rules are numbered top to bottom according to their position in the table, the numbering starts from 1
)
name=(ICMP Traffic) ...
— traffic rule definition (name, source, destination, service etc.)
Note: The default rule (see chapter 7.1 Network Rules Wizard) is marked with default
instead of the positional number.