Logging

SunScreen provides flexible logging of packets. This means that each primary and secondary Screen keeps a log of its traffic. Logs of the packets are kept on the Screen that passed or rejected the packets.

In an HA cluster only the active Screen logs network traffic. However, traffic destined for the active or passive HA machine itself may be logged according to the rule. This means that some passive Screens may log some traffic. This traffic is only the traffic to it, not the traffic that is going through it.

You can configure SunScreen to log a packet when it matches a rule or when it does not match any particular rule. Most frequently, packets matching DENY rules or packets that are dropped because they do not match any rule are logged. The action defined in a rule controls whether a packet is logged and what information about the packet is recorded.

Examining logged packets is useful when you are trying to identify the causes of problems during configuration or administration. You should also examine logs periodically for evidence of attempts to break into your network.

Each machine in an HA cluster logs what that system passed or rejected, as well as any locally processed nonpacket events.