A critical function of any security product is the ability to record events at all times in a sufficiently detailed fashion. WinRoute offers six different logs that encompass error reporting, debugging, user defined, status, mail transactions, web browsing and so on. A description of each log is shown in the following table:
HTTP Log |
Displays only HTTP data passing through the WinRoute Proxy server; includes source IP address and username, time stamp, and HTTP queries and responses |
Mail Log |
|
Security Log |
Shows all activities defined as "Log to window/file" in packet filter rules (see below for detailed description of items recorded) |
Dial Log |
Records usage information for dial-up interfaces monitored by WinRoute |
Debug Log |
|
Error Log |
Displays all unsuccessful operations occurring in any running WinRoute module |
Logging can be displayed to the console of the WinRoute Administrator, or written to a file, or both. The log files are stored in \%installroot%\Logs, which is only accessible to the NT/2000 accounts within Administrators, Server Operators, SYSTEM, and the CREATOR OWNER who installed WinRoute.
The log information recorded by WinRoute’s Security Log is robust, including all necessary information to initiate a proper investigation into potentially malicious activities:
Testing under adverse high-traffic conditions does not affect the WinRoute logging capability. This is critical to avoid loss of valuable forensic data as well as to alleviate potential denial-of-service situation where firewall functionality shuts down if the logging system is overwhelmed.