Cipafilter Support:
Support@Cipafilter.com
800.243.3729 ext 300
Mon - Fri 7 AM - 6 PM CT
Knowledgebase:
Cipafilter log files overview
Posted by Nick Oakman, Last modified by Logan Kates on 06 March 2018 10:30 AM

This will be a basic introduction to the log files in the /data/log directory.  Some will have their own article to explain in more detail if necessary.

 

auth.log

This is where you'll see information regarding logins to the filter's terminal, and privilege escalations.  Any SSH logins or login attempts will show up here, as well as any time a user issues the sudo command.  This log is also helpful to look at from the web interface if you are unable to SSH to the filter.  It may indicate errors with creating the SSH user accounts, or other problems.

 

auth-helper.log

This file will normally not have any data in it.  You must enable auth-helper debugging manually by entering the command: sudo debug auth-helper

Once that has been done, the file will contain output from the auth-helper command.  auth-helper is used to determine whether an authentication attempt to the filter is successful, including making sure the username exists, validating the password if a password is required, and determining which filtering group the user is a member of.  This log is helpful when troubleshooting authentication or group placement problems, however the log will grow very quickly, which is why it isn't enabled by default.  After you get the needed information, the auth-helper debug should be turned off using the command sudo debug --clear

 

bandwidthd.log

The bandwidthd process outputs to this file when it commits bandwidth usage information to the database.  Useful to make sure that bandwidthd is functioning.  Also upon startup, it outputs information about which interfaces and subnets it is currently monitoring.

 

blacklist-update.log

There shouldn't be anything here unless there was an error running the blacklist-update process, which is used to update the category blacklists as well as the automatic super whitelist, and Chromebook compatibility list.

 

boot.log

This log contains the same information that is displayed on the screen when connecting a monitor to the Cipafilter device.  It is mostly output from the startup rc scripts in /usr/cipafilter/init.d

 

cipafilter.error

Links to contentfilter.log

 

cipatunnel.log

Contains information about connection attempts to cipatunnel.cipafilter.com which is used for emergency tunnels

 

clamav.log

Messages from clamd (antivirus software) and freshclam (updates virus definitions)

 

clienttools.log

Normally nothing here unless client tools debugging is turned on by entering sudo debug clienttools.php

If debugging is on, this will have data for every time the Windows, macOS, or Chrome client checks in.  If the check-in was unsuccessful, error messages are shown.

 

contentfilter.log

Main log file for contentfilter.  See separate article for interpreting this data

 

contentfilter-test.log

This log contains abort notices if it became necessary for the contentfilter-test process to force contentfilter to restart.  Ideally this file should be empty.

 

contentfilter-watchdog.log

contentfilter-watchdog is the process that starts contentfilter, and restarts it if it dies for some reason.  So this log will mostly contain any stdout output from the contentfilter process.

 

daemon

Messages from various daemons running on the filter, such as ntpd, snmpd, lldpd

 

dbmaint.log

Contains information regarding the last database backup, including creation of the backup, purging of old data, vacuuming, and pushing the backup to a remote share.  If there are any warning messages on the filter about the database backup failing, this log should contain more information about what went wrong.  Otherwise, it normally will end stating that the backup/purge was successful.

 

dirsync.log

Log for the dirsync process which periodically caches data from the customer's LDAP server for authentication

 

dnsmasq.log

Log for the dnsmasq process which caches DNS responses to improve performance.  This log will indicate the current size of the cache, and whether there have been any lookup failures for the primary or secondary DNS server

 

fail2ban.log

Shows activity from the fail2ban process which blocks the IP of devices that appear to be malicious

 

freeradius.log

Shows data regarding radius authentication.  

 

gateway.log

If multi gateway routing is in use, this file will contain data about when each ISP connection is brought up or down

 

hotspare.log

Shows data about the hotspare status if it is enabled.  

 

ipsec.log

Information about filter-to-filter VPN tunnels and L2TP over IPsec.  In older firmware where L2TP isn't an option, this file links to racoon.log.

 

kern.log

Contains a log of kernel messages.  This is basically the same as the output you get from running the dmesg command.

 

lastlog

Holds data that is used by the lastlog command.  This file is binary and not human-readable.

 

mail.err

Shows errors reported by sendmail or mimedefang

 

mail.log

Detailed log of e-mail that is sent, received, or relayed by the Cipafilter.  Including instant notifications, reports, and e-mails received for spam filtering and archiving.

 

mail.warn

Shows warnings reported by sendmail or mimedefang

 

milter-watchdog.log

Similar to contentfilter-watchdog.log, except for the e-mail filter.  Should contain stdout output from cf-milter if e-mail spam filtering is in use.

 

postgres.log

Log file for postgresql, which is the database used for storing web reporting, email archiving, and dirsync data.

 

ppp.log

Information and errors related to PPTP VPN tunnels from a remote user to the Cipafilter

 

racoon.log

Shows information and errors for the racoon process, which is the key exchange program used for filter-to-filter IPsec VPN tunnels.  Starting in 9.2 racoon will no longer be used in favour of charon.

 

rc.manual.log

Contains output from processes started via the override console

 

syslog

A general system log containing messages and errors from cron jobs as well as various daemons.  Also will indicate system messages such as if the power button was pressed.

 

user_update.log

Usually blank unless there are any errors during the user_update process.   This process is used for synchronising ssh keys between Enterprise and the Cipafilter.

 

vmstat.log

Output from vmstat program.  Updated once per hour.

(0 vote(s))
Helpful
Not helpful

Comments (0)
©Cipafilter 2017. All Rights Reserved.