Viewing Firewall Logs
- Go to Logs > Agents > Security Risks or Agents > Agent Management.
- In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
- Click Logs > Firewall Logs or View Logs > Firewall Logs.
- To ensure that the most up-to-date logs are available to you, click Notify Agents. Allow some time for agents to send firewall logs before proceeding to the next step.
- Specify the log criteria and then click Display Logs.
- View logs. Logs contain the following information:
Date and time of the firewall violation detection
Endpoint where the firewall violation occurred
Endpoint domain where the firewall violation occurred
Remote host IP address
Local host IP address
Direction: If inbound (Receive) or outbound (Send) traffic violated a firewall policy
Process: The executable program or service running on the endpoint that caused the firewall violation
Description: Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation
- To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.