About logs and analysis

A critical function of any security product is the ability to record events at all times in a sufficiently detailed fashion. WinRoute offers six different logs that encompass error reporting, debugging, user defined, status, mail transactions, web browsing and so on. A description of each log is shown in the following table:

HTTP Log

Displays only HTTP data passing through the WinRoute Proxy server; includes source IP address and username, time stamp, and HTTP queries and responses

Mail Log

Records all operations of the WinRoute’s built-in mail server; records SMTP an POP3 send/receive activities

Security Log

Shows all activities defined as "Log to window/file" in packet filter rules (see below for detailed description of items recorded)

Dial Log

Records usage information for dial-up interfaces monitored by WinRoute

Debug Log

A la carte settings to record all ARP, ICMP, UDP, TCP, and/or DNS packets that physically cross any interface of the WinRoute router; granular configuration available under Settings | Advanced | Debug Info, Debug tab.

Error Log

Displays all unsuccessful operations occurring in any running WinRoute module

Logging can be displayed to the console of the WinRoute Administrator, or written to a file, or both. The log files are stored in \%installroot%\Logs, which is only accessible to the NT/2000 accounts within Administrators, Server Operators, SYSTEM, and the CREATOR OWNER who installed WinRoute.

The log information recorded by WinRoute’s Security Log is robust, including all necessary information to initiate a proper investigation into potentially malicious activities:

Testing under adverse high-traffic conditions does not affect the WinRoute logging capability. This is critical to avoid loss of valuable forensic data as well as to alleviate potential denial-of-service situation where firewall functionality shuts down if the logging system is overwhelmed.