Gateway Logging (Windows Embedded CE 6.0)

1/6/2010

Windows CE 5.0 includes the Gateway Logging Catalog item, which you can optionally add to the Gateway design template. Gateway Logging writes various system events to a log file on the Gateway device. These events include the following :

  • Potential attacks by client computers over the Internet
  • The initiation and status of Point-to-Point Protocol over Ethernet (PPPoE) connections
  • The public Gateway interface requesting, receiving, and releasing its Dynamic Host Configuration Protocol (DHCP) address
  • The Simple Network Time Protocol (SNTP) service retrieving the current time from a time server

You can use the sample remote user interface included in Windows Embedded CE to view the event logs generated by the Gateway Logging engine.

Gateway Logging consists of the gateway logger, which is implemented in the RGLogEventMon.dll Dynamic-Link Library (DLL). The sample code for the gateway logger is included in the %_WINCEROOT%\public\servers\oak\samples\logging\logger directory.

Gateway Logging exposes a set of functions that the firewall, autodial, and PPPoE modules can call into during system events. Gateway Logging automatically writes all autodial and PPPoE-related events to the log. The firewall alerts Gateway Logging on each packet that it receives. Gateway Logging scans these packets and tries to determine if an attack, such as a port scan, has been initiated against the device. In the case of an attack, Gateway Logging records a message in the log file. To avoid generating an excessive amount of log data, Gateway Logging does not record every packet the firewall blocks.

The default maximum size for a log is 32 KB. A log will require at most twice the maximum log size amount of space on the file system for both the log file and the old log file. You can use the registry to change the maximum size of the log file. To change the maximum log file size, you need to specify the maximum size, in bytes, for the MaxSize registry value of type DWORD under the [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\EventLog\<LogName>] registry key. For more information, see Gateway Logging Registry Settings.

If the current log file (<Name of log file>.xml) reaches the maximum size, it is moved to a log file that is designated to contain data from the previous log file (<Name of log file>.xml.old). If a <Name of log file>.xml.old file already exists on the device, it will be deleted.

See Also

Concepts

Gateway Logging Registry Settings

Other Resources

ICS Application Development
Internet Connection Sharing
Customizing a Gateway