Netgear STM300 ProSecure Web and Email Threat Management Appliance Reference Manual

Querying Logs

The extensive log querying functions of the STM can help you to monitor the protection of the 
network and fine-tune the performance of the STM.

The STM generates logs that provide detailed information about malware threats and traffic 
activities on the network. You can search and view these logs through the Web Management 
Interface or save the log records in CSV or HTML format and download them to a computer 
(the downloading option is not available for all logs). You can also specify how many entries 
are displayed per page (the default setting is 15 entries).

The STM provides nine types of logs:

Email traffic. All scanned incoming and outgoing email traffic.

Web traffic. All scanned incoming and outgoing Web traffic.

Virus. All intercepted viruses.

Spyware. All intercepted spyware.

Spam. All intercepted spam, including spam that was detected through the blacklist, 

real-time blacklist, and distributed spam analysis.

Email filters. All emails that are intercepted because of keyword, file type, file name, 

password, or size limit violations.

Content filters. All websites, URLs, and FTP sites that are intercepted because of Web 

category, blacklist, file type, or size limit violations.

System. The system event logs that include all system errors, informational messages, 

configuration changes, and system software updates.

Application. All intercepted application access violations.

You can query and generate each type of log separately and filter the information based on a 
number of criteria. For example, you can filter the virus logs using the following criteria (other 
log types have similar filtering criteria):

Start date and time

End date and time

Protocols (HTTP, HTTPS, FTP, SMTP, POP3, and IMAP)

Virus name

Action (delete, quarantine, quarantine email, block email, and log)

Domain name

User name

Client IP address

Server IP address