How to enable / access USG 110 detailed logs

Milos
Milos Posts: 20  Freshman Member
First Comment Friend Collector
edited April 2021 in Security
We're using an USG 110 as main router and firewall. On the Traffic Statistics page, I can se one external IP address with Tx to of 65 GB. We would like to investigate more what kind of file transfer was done with this address. Where can we access those logs?

In the Log menu, we can only see 1024 log lines, and they are all from today.

Looking forward to hearing from you. Thank you!
«1

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    @Milos

    Exactly, the log page only keep 1024. For this issue, we can monitor the session on "Monitor > System > Session Monitor". we can see the connection IP and service port.

    If you would like to know the traffic content, we can investigate more information by packets capture. Go to "Maintenance > Diagnostics > Packets capture",  set the fitter to capture packets for analysis.

    eg. host ip = external IP address with Tx to of 65 GB .

  • Milos
    Milos Posts: 20  Freshman Member
    First Comment Friend Collector
    Thank you Zyxel_Cooldia, appreciate!

    Just one question about the packets capture, it only captures the packets once launched. For example, if this Rx was one time, I cannot analyze the backlogs?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    @Milos

    It only can analysis current traffic by packets capture. we are unable to know the past traffic.

  • Milos
    Milos Posts: 20  Freshman Member
    First Comment Friend Collector
    Roger that, thank you!
  • Ian31
    Ian31 Posts: 174  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    You can send traffic log to external syslog server for tracking.

    The log information is like this,
    src="192.168.111.37:52136" dst="178.32.169.230:80" msg="Traffic Log" note="Traffic Log" user="unknown" devID="cc5d4e5159cf" cat="Traffic Log" duration=5 sent=398 rcvd=1042 dir="lan1:wan1" protoID=6 proto="http" client_mac="00:30:18:C5:1C:6C"

    You can got the sent/rcvd Bytes count of each session.
    Be aware, enable traffic log might consume some CPU power depend on how many traffic volumes pass through your USG.
  • Milos
    Milos Posts: 20  Freshman Member
    First Comment Friend Collector
    Thank you @Ian31 , how about matching traffic logs with actual websites? For example, let's assume someone exchanged a lot with dropbox, how to associate the traffic to dropbox?
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    edited October 2018

    Hi @Milos

    Current design the traffic statistics function shows information separately.

    e.g. User upload/download usage. or How many times the WebSite been hit .

     

    So I would like to add it into idea to combining all of these information together.

    -> User accesses to Dropbox and Tx/Rx Bytes.


  • Milos
    Milos Posts: 20  Freshman Member
    First Comment Friend Collector
    -> User accesses to Dropbox and Tx/Rx Bytes.
    Thank you, but how to connect those two, by matching the log time?
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @Milos  

    I have add idea to combining all of information in traffic statistics:

    --> User name, TxRx, timestamp.


  • Milos
    Milos Posts: 20  Freshman Member
    First Comment Friend Collector
    edited October 2018
    Hi @Zyxel_Stanley , I do not understant your comment / the new topic you have added.
    Shall I follow up on this? What's the usage of creating the idea topic?

    As Zyxel USG is producing a lot of logs, I'm sure we can analyze those and get a detailed report. My question is: how to match accessed websites and traffic logs so that we can export statistics about:

    User X accessed Y times the website Z and had a traffic of A Tx and B Rx.

Security Highlight