The SmartView Tracker is your interface to the log data recorded by VPN-1/FW-1. Log data is created by the rule base, by firewall activities, by your own actions (accounting log), and by several other sources. Viewing this data regularly is a key to good security enforcement, and this GUI makes the task of observing the log data much more pleasant.
Upon startup, the SmartView Tracker begins display of the active security log. You can also use the GUI to view older logs, which may have been rotated out and placed into archive for later review. Note that the name of the log file being viewed is displayed in the upper-left portion of the window title bar, as shown in Figure 3.32. This is helpful in the aforementioned case where you are viewing archived data.
The SmartView Tracker has three modes of operation, which are accessed by the pull-down menu shown in the figure, or alternatively, via the Mode menu option. These modes are log, active, and audit. Active mode displays currently active connections being tracked by the firewall. The active mode is most often used when performing real time-monitoring of traffic, or when you wish to block a connection via SAM. (Block Intruder is discussed in Chapter 9.)
Audit mode is very handy for keeping track of who did what on your firewall. The who is your group of firewall administrators, and the what are administrative actions. Examples of these are logging in, creating or deleting objects, and so on. You can also view specific details for any log entry by right-clicking that entry and selecting Show Details . Note that the audit data is stored in a separate file, fw.adtlog which is stored in the $FWDIR/log directory of the firewall installation.
Log mode is the most common method of interacting with the log data, and is the most comprehensive way to view the security events. What events you actually see is entirely up to you, as FW-1 allows extensive customization of what is called Selection Criteria . This criterion defines what data is extracted from the log data and is displayed to you. You can save your favorite selections and reuse them frequently, or you may opt to use one of the built-in views. In Log mode, there is also an option to enable watching logs as they are generated in real-time. This can be enabled by selecting Query Autoscroll .
Active mode allows the information about connections currently traversing the gateways to be retrieved and viewed in real-time. This is available regardless of whether or not the connections are being logged.
The default views are available via the toolbar or via the View menu. These views select some of the more commonly accessed information for display. For example, there is a predefined selection for VPN-1 data, which shows you such entries as Key IDs, encryption method, VPN peer gateway, and so forth. But the real power of the SmartView Tracker is in its ability for customization. The SmartView Tracker GUI is shown in Figure 3.38.
To alter the data displayed click View Query Properties . You will be presented with the window shown in Figure 3.39. Using this window enables you to select or deselect any of the available data fields. You can also change the column width using this window. By pressing the Selection button, you have access to very granular methods of defining information. We highly recommend that you spend a few minutes looking into this feature on your firewall.
The SmartView Tracker is much like most common spreadsheet applications. You can resize columns not only from the options window, but also directly from the viewer main menu.
Right-clicking anywhere within the column you want to modify will bring up a context menu, which enables you to do things such as hide that column and resize the width. You can also resize the width by dragging the border of the title header. Once you have tailored the view to your liking, you can begin gathering the information.
The SmartView Tracker features a very handy search utility, accessed by selecting the Navigate menu and then Find . This enables you to specify the column or columns you want to search through, and the entry of the search criteria. You can also specify a search direction.