Available Log Files and Structure
The CloudGen Firewall creates log files for system processes, box services, and configured services such as Forwarding Firewall, HTTP Proxy, VPN, etc. Logging is processed according to system and service settings.
Box
Service | Log File | Description |
|---|---|---|
Auth | Box\Auth\access | Provides informational log files about login and access attempts to the CloudGen Firewall, displaying access source, and opening and closing of sessions. |
Box\Auth\activation | Displays log files concerning process activation and provide information about message board configuration and details. | |
Azure | Box\Azure\events | Contains events for Azure Event Hub connections. |
Cloud | Box\Cloud\control | Provides logs files for the Azure and AWS cloud integration features. |
Config | Box\Config\MC-update | Provides informational log files about PAR file processing, updates, and process activation on managed firewalls. |
Box\Config\HA-update | Displays notification logs about HA startup/shutdown and provides information about HA operations, such as configuration, updates, and changes. | |
Box\Config\admin | Contains log files about login, authentication, and connection status of administrative sessions by displaying IP address and port, and shows the operative processes initiated by the administrative instance. | |
Box\Config\changes | Displays informational logs about processes concerning configuration changes such as adding or removing services and activation processes. | |
Box\Config\conftool | Display informational logs about processes concerning internal activation and database processes. | |
Box\Config\daemon | Contains log files about processes initiated by the configuration daemon such as loading processes, configuration checks, cache generation, and session termination. | |
Box\Config\daemon_download | Contains log files about downloading processes initiated by the configuration daemon, providing information concerning progress, changes, and signatures. | |
Box\Config\provision | Contains log files concerning Azure Cloud provisioning, if configured. | |
Box\Config\shell | Displays notification logs about shell operations, providing information concerning admin permissions and account settings. | |
Box\Config\sync | Displays log files concerning synchronization processes, showing connection details, update status, and progress. | |
Control | Box\Control\AuthService | Contains log files for administration, authentication processes, and access information concerning user groups, access interfaces, and domains of external authentication services. |
Box\Control\AuthService_dcclient | Contains log files for administration, authentication processes, access information concerning user groups, access interfaces, and domains of the Barracuda DC Client. | |
Box\Control\Telemetry | Displays the performance and usage data sent to the Barracuda telemetry servers. | |
Box\Control\admin | Displays informational logs about connection processes such as login, source address, and box service processes. | |
Box\Control\daemon | Contains log files about security status checks initiated by the control daemon and displays controld processes. | |
Event | Box\Event\apns | Displays process logs concerning the Apple Push Certificate provider for mobile devices (APNS). |
Box\Event\eventS | Contains log files generated by security events. For more information, see https://documentation.campus.barracuda.com/wiki/spaces/CGFv90/pages/9571082. | |
Box\Event\operative | Contains log files generated by operational events. For more information, see https://documentation.campus.barracuda.com/wiki/spaces/CGFv90/pages/9571091. | |
Firewall | Box\Firewall | Displays log files concerning general firewall configuration changes, ruleset updates, including operation details and time settings. |
Firewall | Box\Firewall\Activity | Displays firewall log files providing in-depth information about firewall rule processing. All entries of this log file are pipe separated information. Depending on the configured setting, they are in the format ...|key=value|key=value|... or ...|value|value|... format. For information how to alter between both formats, see https://documentation.campus.barracuda.com/wiki/spaces/CGFv90/pages/9569775.
Due to its protocol level, ICMP does not support using port numbers. Instead, ICMP ECHO sessions carry an ICMP identifier for matching requests and responses. This ICMP identifier is logged as the source (srcPort) and destination port (dstPort). |
Box\Firewall\IPSDownload | Contains log files generated by the Intrusion Prevention System, showing database file download status and information. | |
Box\Firewall\Rule-<no-match> | Displays firewall log files providing information about firewall rule processing of traffic not applicable to firewall policies. | |
Box\Firewall\appid_stat | Contains log files generated by Application Control, showing system processes related to applications, including configuration and download information. | |
Box\Firewall\appid_urlcat | Contains log files generated by Application Control's URL Filter, showing system processes related to Application Control's URL Filter processes, including configuration and download information. | |
Box\Firewall\auth | Displays informational log files about processes initiated by the fwauth daemon, providing information concerning authentication, such as listening IP address and port. | |
Box\Firewall\sync | Displays log files concerning firewall HA synchronization processes, showing connection details, update status, and progress. | |
Box\Firewall\threat | Displays log files generated by ATP, IPS, and DNS Sinkhole. | |
Logs | Box\Logs\bsyslog | Contains box log files created by bsyslog. |
Box\Logs\logd | Contains box log files created by logd. | |
Box\Logs\logstor | Contains box log files created by logstor. | |
Box\Logs\logwrapd | Contains box log files created by logwrapd. | |
Box\Logs\psyslog | Contains box log files created by psyslog. | |
Network | Box\Network\QoS | Provides network-related log files about processes such as Quality of Service configuration and traffic shaping. |
Box\Network\activation | Provides log files related to network activation and changes, displaying internal processes such as routing table, cache and interface status and details. | |
Box\Network\dhcp | Displays network-related log files created by the dhcp service, such as link detection and worker-related processes. | |
Box\Network\dhcpd | Displays log files about the dhcp configuration and provides information about broadcasts and the status and progress of dhcp request. | |
Box\Network\shaping | Provides informational log files about processes related to VPN traffic shaping status and processes. | |
Box\Network\pppd | Displays network-related log files created by the xDSL service, such as link detection and worker-related processes. | |
Box\Network\umts | Displays network-related log files created by the Wireless WAN service, such as link detection and worker-related processes. | |
REST
| Box\REST\control | REST calls to the control daemon. |
Box\REST\firewall | REST calls to the firewall service. | |
Box\REST\restd | Log files for the REST daemon. | |
RESTd | Box\RESTd | REST calls to box level services and queries. |
Release | Box\Release\UpdateServer | Contains log files about processes related to Barracuda security subscriptions and Barracuda Networks update server reachability. |
Box\Release\update | Contains log files about processes related to release updates. | |
Box\Release\update_hotfix | Displays informational log files about processes related to release updates including hotfixes. | |
Box\Release\check | Displays informational log files about processes related to release checks. | |
SSH | Box\SSH\config | Displays log files about internal processes that are generated by the box ssh daemon, such as startup, read and write operations, etc. |
Box\SSH\sshd | Displays log files about internal processes that are generated by the box ssh daemon, such as connection details, data transfer, and session behavior. | |
Settings | Box\Settings | Displays log files concerning the box settings configuration, and displays information and error logs in case of box configuration failures. |
Settings | Box\Settings\DNS | Displays informational log files about the box DNS settings configuration and notifies about DNS operations such as address assignment and zone-related processes. |
Box\Settings\time | Contains log files related to NTP, displaying information about time server configuration, connection status, and synchronization processes. | |
Box\Settings\activation | Provides log files related to box settings configuration activation and changes, displaying the process details. | |
Snmp | Box\Settings\Snmp | Provides informational log files about startup and working status of the box snmp service and shows the details (pid, etc.). |
Statistics | Box\Statistics\cstatd | Displays log files related to cstatd including information about statistics files collection processes created by cstatd. |
Box\Statistics\distd | Displays log files related to distatd including login information, connection details, and processes created by distatd. | |
Box\Statistics\qstatd | Displays log files related to qstatd, showing information about Control Center statistics querying processes. | |
System | Box\System\boot | Contains log files related to boot processes including release consistency checks. |
Box\System\bootloader | Contains informational log files related to boot loader operations such as system startup processes and configuration checks. | |
Box\System\cron | Displays informational log files created by the cron daemon and notifies about executed services and commands. | |
Box\System\klogd | Contains system related log files created by clogd. | |
Box\System\messages | Contains system log files related to messages. | |
Box\System\mgmaccess | Contains system log files related to management access. | |
Box\System\phionrc | Contains system-related log files created by phionrc. | |
Box\System\powersupply | Contains system log files related to power supply. | |
Box\System\syslog | Contains system-related log files created by the syslog daemon. | |
Box\System\tuning | Contains system log files related to system tuning. | |
Watchdog | Box\Watchdog\config | Contains log files created by Watchdog providing general information about the Watchdog configuration. |
Box\Watchdog\monitor | Contains log files created by Watchdog providing monitoring details. | |
Box\Watchdog\repair | Contains log files created by Watchdog providing information about repair processes. | |
Box\Watchdog\smartd | Contains log files created by Watchdog providing information about smartd processes. |
Reports
These logs are documented with the Reports_ prefix. They include entries that are carried out in continuous intervals, such as cronjobs.
Service | Log File | Description |
|---|---|---|
Network | Reports\Network\check | Contains reporting log files related to network activity providing information about network checks. |
Statistics | Reports\Network\Statistics\statcook | Contains reporting log files related to statistics cooking. |
procpar | Reports\procpar | Contains reporting log files created by procpar. |
changes | Reports\changes | Contains reporting log files related to configuration changes. |
treemigration | Reports\treemigration | Contains log files including entries that are carried out in continuous intervals, such as cronjobs. |
Fatal Errors
All fatal errors that can occur on a CloudGen Firewall are, in addition to the original log file, collected in the Fatal section. The original log file is added in the fatal log message text as a prefix.
Assigned Services
The Assigned Services node contains the following log files if the services are present:
Service | Log File | Description |
|---|---|---|
Firewall | <FW>\FW | Displays notification logs about Forwarding Firewall startup/shutdown with the location path and provides information about firewall operations, such as configuration loading, updates, and changes. Further logs in this section provide information on installation of updated settings and firewall rules. |
<FW>\Content | Provides informational log files about the loading process of the Forwarding Firewall ruleset. | |
<FW>\CustomExternalImport | Log files containing information about importing and setting the custom external network objects. On cloud firewalls these imports are handled automatically by the cloud-initstart process. | |
<FW>\SSL | Displays log files concerning SSL Inspection, notifies about the SSL Inspection progress and working state, and displays information and error logs in case of detections, errors, or certificate failures. | |
<FW>\auth | Contains log files about opening, connection status, and closing of firewall sessions, displaying IP address and port of the connected clients and peers. Information is displayed in case of login failures, file requests, and transactions concerning fwauth, errors or SSL certificate failures. | |
<FW>\sipproxy | Provides log files concerning startup, activation of child processes, and socket opening of the SIP Proxy, and displays informational log files in case of network interface changes. | |
HTTP Proxy | <HTTP>\access | Contains log files created by the HTTP Proxy service, providing information about access paths of destinations. |
<HTTP>\cache | Displays log files about the proxy cache and informs about caching processes, such as cache initialization, starting the Squid cache, adding domain and name server, creating sockets and directories, connecting to access cache workers, memory, scanning, etc. | |
<HTTP>\controlSquid | Informs about the Squid cache version at startup, displays parent and child processes with process ID and path, and shows log files about Squid cache operations. | |
<HTTP>\gui | Provides informational log files about proxy GUI worker startup and shows the maximum fail cache age. | |
Anti Virus | <VIR>\AV | Contains log files created by AVIRA antivirus, providing engine and VDF version, and displays information about virus scanning, threat detections, and actions. |
URL Filter | <URL>\Cofsd | Provides log files about the Web Filter service, showing information about licensing, and URL filtering processes and actions. |
OSPF-RIP-BGP | <DYNBO2>\access | Contains log files created by dynamic routing protocols such as OSPF, RIP, or BGP. |
VPN | <VPN>\VPN | Provides informational log files about the status of VPN sessions, showing tunnel transport, keying, and updates, and displays notifications in case of tunnel and transport failure. |
<VPN>\ikev2 | Contains notification log files created by the VPN service, providing debugging information related to IPsec if debugging mode for IKEv2 is enabled in the VPN settings. | |
<VPN>\ike | Contains notification log files created by the VPN service, providing debugging information related to IPsec if debugging mode for IKE is enabled in the VPN settings. | |
Contact Us
Barracuda Campus
Barracuda Support