Querying the Violation Log Parent topic

Procedure

  1. Go to Logs and ReportsLog Query.
  2. Click Violation Log.
  3. Select a Time Period or Custom Range by which to filter the log.
  4. Specify the log query parameters.
    Option Description
    Source address
    Specify the IP address that is the source of the violation.
    Note
    Note
    Only Source address can use an IP address segment for queries. If no IP address is specified, all IP addresses are queried. If a full IP address is specified, only violations from this source IP are queried. If an IP address segment is used ("1.1.1"), Deep Edge treats it as an IP address prefix ( "1.1.1.1~1.1.1.254" will match).
    Destination address Specify the IP address that is the destination of the violation.
    Violation Type Select Any or one of the following:
    • Firewall
    • IPS
    • Anti-malware
    • WRS
    • Anti-spam
    • URL Blacklist
    • Botnet
    • File Extension Blacklist
    • Anti-DoS
    • HTTPS Cert Error
    • Client Cert Block
    Source User Select a user name or group name.
    Application Select Any or a specific application name to track that application.
    Action Select Any, or select Allow, Block, Monitor, Tag, or Quarantine to track a specific action.
    Policy Select Any, Default, or a specific policy name to track that policy.
    Mail Sender Specify the email address of a mail sender
    Mail Recipient Specify the email address of a mail recipient
  5. Click Query, Print, or Export to CSV.