The VBR supports pass-through VPN connections, and can handle multiple sessions for PPTP, IPsec, and L2TP protocols. Mapping of LAN based VPN servers for all three VPN protocols is handled, too, as long as you establish the proper Inbound services and rules.
The VBR's logging features are unfortunately, not among its better features.
Figure 7: Status
(click on the image for a full-sized view)
The cramped, unsizable Security Log window is your only view into what the VBR is logging. But as I reported in the Firewall section, my test port scans never registered in the log, nor did they cause email alerts to be sent. I asked SMC about this, thinking that maybe I missed an enable setting somewhere. SMC replied that what I was seeing was by design, i.e. the VBR does not log or email alerts when probed (port scanned), but only when "serious attacks" (snork, smurf, etc.) are attempted. Their reasoning is that port scans are so common that logging them or emailing an alert creates a "cry wolf" type of situation, masking the times when a "real" attack is detected. They also said they plan to add syslog capability in a future firmware update, and will enable port scan logging at that point.
This choice is certainly SMC's to make, but I'd like to see this clarified in the User documentation. Right now the User Guide says that the Status screen shows "illegal attempts to access your network", and the Admin interface title over the Security Log box says "View any attempts that have been made to gain access to your network".
For the items that are logged (mostly router admin events) you can clear, refresh, and save the log to a local file. Although it might be obvious, I'll point out that the VBR doesn't log traffic (website visits) either.