All log event messages generated by cOS Core are stored for a limited period in local memory. This is known as Memlog logging in cOS Core. The InControl client can display the log messages being written to a firewall's Memlog database in real-time and this is referred to as Quick Real-Time Monitoring. A tab for this display in the client interface is labeled RTLog.

To display the RTLog for a firewall, first select the firewall so its Firewalls tab is displayed, the press the Log Forensics button and select the Quick Real-time option from the menu choices, as shown below.

A tab is then opened with the same name as the firewall and the Memlog log messages are displayed in real-time as they are stored in memory on the device. An example of this is shown below:

Changing Formatting Options

By right-clicking anywhere in the Real-time Log, a menu is displayed that provides an option for wrapping lines so that all information appears in the windows without needing to scroll and another option for showing the timestamp for messages. By default, both of these options are disabled.

Message Timestamping

If the timestamp option is enabled in the above menu, a timestamp appears at the beginning of each message line. This is not the time the message was generated by cOS Core. The timestamp indicates the time when the message was received by the InControl client and is followed by the local time offset so that UTC can be calculated if required.

And example of how a log message is displayed with both word wrap and timestamp enabled is shown below.

Searching Messages

The messages are stored temporarily by the InControl client in raw form and a filtering capability is provided using basic text searching criteria.

For a more sophisticated logging tool, using a InControl Logging Agent (ILA) is recommended and this is described in the next section.