How to enable / access USG 110 detailed logs

MilosMilos Member Posts: 20  Freshman Member
edited March 22, 2018 8:16PM in ZyWALL USG Series
We're using an USG 110 as main router and firewall. On the Traffic Statistics page, I can se one external IP address with Tx to of 65 GB. We would like to investigate more what kind of file transfer was done with this address. Where can we access those logs?

In the Log menu, we can only see 1024 log lines, and they are all from today.

Looking forward to hearing from you. Thank you!
«1

Comments

  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 256  mod

    @Milos

    Exactly, the log page only keep 1024. For this issue, we can monitor the session on "Monitor > System > Session Monitor". we can see the connection IP and service port.

    If you would like to know the traffic content, we can investigate more information by packets capture. Go to "Maintenance > Diagnostics > Packets capture",  set the fitter to capture packets for analysis.

    eg. host ip = external IP address with Tx to of 65 GB .

  • MilosMilos Member Posts: 20  Freshman Member
    Thank you Zyxel_Cooldia, appreciate!

    Just one question about the packets capture, it only captures the packets once launched. For example, if this Rx was one time, I cannot analyze the backlogs?
  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 256  mod

    @Milos

    It only can analysis current traffic by packets capture. we are unable to know the past traffic.

  • MilosMilos Member Posts: 20  Freshman Member
    Roger that, thank you!
  • Ian31Ian31 Member Posts: 84  Ally Member
    You can send traffic log to external syslog server for tracking.

    The log information is like this,
    src="192.168.111.37:52136" dst="178.32.169.230:80" msg="Traffic Log" note="Traffic Log" user="unknown" devID="cc5d4e5159cf" cat="Traffic Log" duration=5 sent=398 rcvd=1042 dir="lan1:wan1" protoID=6 proto="http" client_mac="00:30:18:C5:1C:6C"

    You can got the sent/rcvd Bytes count of each session.
    Be aware, enable traffic log might consume some CPU power depend on how many traffic volumes pass through your USG.
  • MilosMilos Member Posts: 20  Freshman Member
    Thank you @Ian31 , how about matching traffic logs with actual websites? For example, let's assume someone exchanged a lot with dropbox, how to associate the traffic to dropbox?
  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 289  mod
    edited October 2, 2018 1:54PM

    Hi @Milos

    Current design the traffic statistics function shows information separately.

    e.g. User upload/download usage. or How many times the WebSite been hit .

     

    So I would like to add it into idea to combining all of these information together.

    -> User accesses to Dropbox and Tx/Rx Bytes.


  • MilosMilos Member Posts: 20  Freshman Member
    -> User accesses to Dropbox and Tx/Rx Bytes.
    Thank you, but how to connect those two, by matching the log time?
  • Zyxel_StanleyZyxel_Stanley Zyxel Official Agent Posts: 289  mod

    Hi @Milos  

    I have add idea to combining all of information in traffic statistics:

    --> User name, TxRx, timestamp.


  • MilosMilos Member Posts: 20  Freshman Member
    edited October 3, 2018 5:59PM
    Hi @Zyxel_Stanley , I do not understant your comment / the new topic you have added.
    Shall I follow up on this? What's the usage of creating the idea topic?

    As Zyxel USG is producing a lot of logs, I'm sure we can analyze those and get a detailed report. My question is: how to match accessed websites and traffic logs so that we can export statistics about:

    User X accessed Y times the website Z and had a traffic of A Tx and B Rx.

«1
Sign In to comment.