beautypg.com

Zgate logging, Logging to the file system – Zilog EZ80F91GA User Manual

Page 38

background image

ZGATE Logging

UM024502-1012

26

ZGATE Embedded Security Development Kit
User Manual

ZGATE Logging

When ZGATE detects an inbound packet that violates one of its filtering rules (static, SPI
or threshold) the packet is discarded and, if logging is enabled, information about the
breach is logged to the ZTP console and/or to log files in the Zilog File System (ZFS).
Logging to the console and to the file system are controlled independently; either or both
options may be enabled or disabled at the same time.

Please be aware that depending on the ZGATE configuration settings and the environment
in which the ZGATE device operates, logging can generate a lot of information that must
be displayed in a human readable format. Consequently, enabling logging (especially log-
ging to the file system) can impact system performance.

Logging to the File System

When logging to the file system is enabled, ZGATE maintains up to six log files
(described below); all log files reside in the root folder of the file system. If the ZTP appli-
cation does not include ZFS support, ZGATE will not be able to log information to the file
system.

zgate.log

Records information each time an inbound packet is blocked
because it violates one of ZGATE’s static or SPI filtering rules.

zgate_lg.old

Archive of the last

zgate.log

file. When the size of the

zgate.log

file exceeds the archiving threshold, the

zgate_lg.old

file is erased, the current

zgate.log

file is

renamed

zgate_lg.old

, and a new

zgate.log

file is created.

zg_stats.txt

Contains a running count of the number of packets received/fil-
tered at each of the Ethernet, IP, UDP and TCP layers. This file is
regenerated every 1000 packets.

If the ZGATE device includes support for filtering, the following log files are also used:

zg_thl.log

A log entry is created when ZGATE’s threshold-filtering logic
blocks/reenables packet processing from a particular IP address.

zg_thl.old

Archive of the last

zg_thl.log

file. When the size of the

zg_thl.log

file exceeds the archiving threshold (the

zg_thl.old

file is erased, the current

zg_thl.log

file is

renamed

zg_thl.old

and a new

zg_thl.log

file is created.

zg_ts.txt

Contains a running count of the number of packets processed by
ZGATE’s threshold-filtering module and the number of those
packets that were filtered. This file is regenerated every threshold

See also other documents in the category Zilog Sensors: