Analyzing Astaro log files with WebSpy
To anaylze and report on your Astaro log files with WebSpy you need to:
- Configure your Astaro Security Web Gateway
- Import your log files into a Vantage storage
- Analyze your storage
- Report on your storage
Configure your Astaro Security Web Gateway
This video (and subsequent step-by-step instructions) describes how to configure your Astaro Web Gateway device to create log files that you can import into WebSpy Vantage for analysis and reporting
1. Configure your Astaro Security Web Gateway to send log messages to a Syslog server
The best way to create and store Astaro log files is using Syslog. This involves installing a third party syslog server, such as Kiwi Syslog, on a separate machine (can be the same machine running WebSpy Vantage), then setting up the Astaro Gateway device to send syslog messages to it. The syslog server then creates a log file containing these messages that can be imported into WebSpy Vantage.
To configure your Astaro Security Web Gateway device to send Syslog messages:
- Login to the Astaro Security Web Gateway device using your admin credentials
- On the left hand side, select Logging | Settings
- Go to the Remote Syslog Server tab and click the Enable button if this section is disabled
- In the Syslog Servers section, click the plus button and add the Name or IP, and Port of your syslog server (see below).
- Click Apply in the Remote syslog settings section to save your syslog server configuration.
- Scroll down to the Remote syslog log selection section and check 'Content Filter (HTTP/S).
- Scroll to the bottom of the page and click Apply to save your settings.
2. Configure your Syslog server.
There are many commercial and open source syslog servers available, but on of the major (and free) ones is Kiwi Syslog. If using this product make sure you're using the Kiwi Syslog ISO yyyy-mm-dd (Tab Delimited) format.
Importing your logs into WebSpy Vantage
This video (and subsequent step-by-step instructions) demonstrates how to import your Astaro log files into WebSpy Vantage, and illustrates some analysis examples.
To import your Astaro log files into WebSpy Vantage:
- Go to the Storages screen and click Import Logs
- Create a new storage and click Next.
- Select Local or networked files and folders and click Next.
- Select the Astaro loader and click Next.
- Click Add | Folder, and navigate to the folder where your Astaro log files are kept. Avoid using mapped network drives here to allow imports to run when logged off (as a scheduled task). UNC paths such as \\servername\logs
- Click OK to start importing your log files.
Download Astaro Report templates and Aliases
Analyzing your Storage
Reporting on your Storage