You are here: Webhelp > Monitor > Logging


Logging is a feature that records various kinds of system logs, including device log, threat log, session log, NAT log,File filter log, Network Behavior Record logshare access logs, and URL logs.

  • Device log
    • Event - includes 8 severity levels: debugging, information, notification, warning, error, critical, alert, emergency.
    • Network - logs about network services, like PPPoE and DDNS.
    • Configuration - logs about configuration on command line interface, e.g. interface IP address setting.
  • Share Access Logs - logs about share access rule.
  • Threat - logs related to behaviors threatening the protected system, e.g. attack defense and application security.
  • Session - Session logs, e.g. session protocols, source and destination IP addresses and ports.
  • NAT - NAT logs, including NAT type, source and destination IP addresses and ports.
  • EPP - logs related with end point protection function.

The system logs the running status of the device, thus providing information for analysis and evidence.

Log Severity

Event logs are categorized into eight severity levels.

Severity Level Description Log Definition
Emergencies 0 Identifies illegitimate system events. LOG_EMERG
Alerts 1 Identifies problems which need immediate attention such as device is being attacked. LOG_ALERT
Critical 2 Identifies urgent problems, such as hardware failure. LOG_CRIT
Errors 3 Generates messages for system errors. LOG_ERR
Warnings 4 Generates messages for warning. LOG_WARNING
Notifications 5 Generates messages for notice and special attention. LOG_NOTICE
Informational 6 Generates informational messages. LOG_INFO
Debugging 7 Generates all debugging messages, including daily operation messages. LOG_DEBUG

Destination of Exported Logs

Log messages can be sent to the following destinations:

  • Console - The default output destination. You can close this destination via CLI.
  • Remote - Includes Telnet and SSH.
  • Buffer - Memory buffer.
  • File - By default, the logs are sent to the specified USB destination in form of a file.
  • Syslog Server - Sends logs to UNIX or Windows Syslog Server.
  • Email - Sends logs to a specified email account.
  • Local database - Sends logs to the local database of the device.

Log Format

To facilitate the access and analysis of the system logs, StoneOS logs follow a fixed pattern of information layout, i.e. date/time, severity level@module: descriptions.See the example below:

2000-02-05 01:51:21, WARNING@LOGIN: Admin user "admin" logged in through console from localhost.