====== Logging ====== The Logging Page contains two sections. The Syslog section has settings to enable and configure settings for Syslog, the main function that logs system events. Web Monitoring contains settings to enable/configure the function to let you monitor log/monitor web searches and which domains have been visited. ===== Syslog ===== **Log Internally: **enables FreshTomato logging. By default, FreshTomato saves logs to the router's internal memory, where they may be extracted or viewed directly on the [[status-log|Logs]] page. The logs consume router memory, but may be viewed directly on the router itself. (Default: Enabled). \\ **Max size before rotate: **// //specifies the maximum space log files can occupy before they are rotated, (in Kb). //Log rotation// creates new log files and archives & removes old ones to save drive space. The number entered here \\ \\ {{::administration-logging-syslog-2024.1.png?696}} ** ** \\ **Number of rotated logs to keep:** specifies how many rotated log files will be maintained in the rotated logs archive. \\ **Custom Log File Path: **lets you set a custom log file path. A displayed tip reminds you to check the path exists and is writable. (Default path: /var/log/messages). \\ **Log To Remote System: **provides network support to the syslogd facility. This means messages can be forwarded from one node running syslogd to another node running syslogd, where they'll be logged to a disk file. (( [[https://linux.die.net/man/8/syslogd|https://linux.die.net/man/8/syslogd]] )) \\ **IP Address / Port:** the IP address of the host to receive syslog data, and the port on they are sent. \\ **Generate Marker:** makes log files easier to read. Checking this causes "——MARK—–" to be inserted into the log\\ at the specified interval. \\ * Disabled * Every 30 Minutes * Every 1 hour * Every 2 hours \\ **Events Logged:** \\ * Access Restriction - causes Access Restriction events to be logged. * Cron - causes Cron events to be logged. * DHCP Client - causes DHCP IP addressing events to be logged. * NTP - causes Network Time Protocol events to be logged. * Scheduler - causes events set in the Scheduler menu to be logged. \\ **Minimum Log Level:** selects the minimum level of messages to be logged. "Minimum" means whichever option you select, that level's messages and all those above it in the list will be logged. \\ * Emergency - only Emergency-level messages will be logged. * Alert - messages categorized as Alert and higher will be logged. * Critical - messages categorized as Critical and higher will be logged. * Error - messages of Error level or higher will be logged. * Warning - messages of Warning level or higher will be logged. * Notice - messages of Notice level or higher will be logged. * Info - messages of Information level or higher will be logged. * Debug - debug-level information, all other levels will be logged. \\ **Connection Logging:** \\ * Inbound * Disabled - disables logging of incoming connections. * If Blocked by Firewall - logs incoming connection attempts blocked by the firewall. * If Allowed by Firewall - logs incoming connection attempts allowed by the firewall. * Both - logs all incoming connection attempts. * Outbound * Disabled - disables logging of outgoing connections. * If Blocked by Firewall - logs outgoing connection attempts blocked by the firewall. * If Allowed by Firewall - logs outgoing connection attempts allowed by the firewall. * Both - logs all outgoing connection attempts. * Limit - the maximum messages per minute to be logged in the system log. \\ Enter "0" for unlimited. (Default: 60). ===== Web Monitor ===== **Enable >>** takes you to the //Administration///[[admin-log|Logging]] menu (and Syslog settings). \\ **Monitor Web Usage:** enables/disables Web Monitoring. (Default: Disabled). \\ **Monitor**: select the Device/s you wish to monitor. \\ * All Computers /Devices * - monitors all devices (Default). * The following - monitors only devices entered here. * All except - monitors all devices except those entered here. \\ [[https://wiki.freshtomato.org/lib/exe/detail.php?id=web_usage&media=pasted:20200521-200701.png|{{:pasted:20200521-200701.png?687}}]] \\ \\ **Number of Entries to remember**: the number of //Domains// visited and number of //Searches// to record in the log. Entering: "0" makes the number unlimited (and therefore) allows an unlimited log size. Check you have the storage space. \\ **Daily Backup**: enables backup of Web Monitor logs to the default backup directory. (Default: Disabled). \\ **Clear Data After Backup**: empties the log file after a backup is performed. (Default: Disabled) \\ **Backup Directory**: specifies where backup files will be stored. (Default: /tmp). \\ NOTE: The default (\tmp) folder contents are emptied on reboot. Consider using USB/CIFS/JFFS as permanent storage. ===== Web Usage/Web Monitor Notes ===== Web usage **won't work properly** if the FreshTomato client monitored is running a direct TOR or VPN Internet connection. FreshTomato cannot monitor such connections since they are already encrypted. This can also include some IPv6 tunneling protocols, such as 6in4 Static tunnel. \\ \\