you can use the same tools for the Log files that MWG is writing to the disk. All logs go to /opt/mwg/log. The access.log should be the place to start at, it will be written to /opt/mwg/log/user-defined/access.log/access.log (current log file) or /opt/mwg/log/user-defined/access.log/access20111010.log (rotated log).
You can use "tail -f access.log", or "cat access.log | grep 192.168.0.1" to see what is happening. You will see all accesses made by clients. By default you may find out that not all information you are looking for is logged, but the log files can be modified to contain any available property to extend the logging, but maybe you want to start looking at what is existing first, and then we may discuss about adding more information to the logs or adding more user-defined logs.
Theroretically it is possible to dump all log files into syslog, but we have found out that this becomes a huge bottleneck when there is a log of traffic going through. Web Gateway starts waiting for syslog to send the lines, but syslog does not seem to be capable to send the huge amount of logs, which causes Web Gateway to slow down and/or become unresponsive. Therefore I recommend to not push all log lines to syslog. An example may be a seperate user-defined log in the log handler which only writes a line when MWG has blocked something - and send this through syslog (there is an Event which can do this). For archiving and later review Web Reporter may be helpful, or pushing the log files to an FTP server, to have them stored.
I hope this helps to get started.