Firewall logs available on the server are sent by clients with the privilege to send firewall logs. Grant specific clients this privilege to monitor and analyze traffic on the client computers that the OfficeScan firewall is blocking.
For information about firewall privileges, see OfficeScan Firewall Privileges.
To keep the size of logs from occupying too much space on the hard disk, manually delete logs or configure a log deletion schedule. For more information about managing logs, see Managing Logs.
To view firewall logs:
Logs > Networked Computer Logs > Security Risks > View Logs > Firewall Logs
Networked Computers > Client Management > Logs > Firewall Logs
To ensure that the most up-to-date logs are available to you, click Notify Clients. Allow some time for clients to send firewall logs before proceeding to the next step.
Specify log criteria and click Display Logs.
View logs. Logs contain the following information:
Date and time of firewall violation detection
Computer where firewall violation occurred
Remote host IP address
Local host IP address
Protocol
Port number
Description: Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation
Direction: If inbound (Receive) or outbound (Send) traffic violated a firewall policy
Process: The executable program or service running on the computer that caused the firewall violation
To save the log to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location. A CSV file usually opens with a spreadsheet application such as Microsoft Excel.
See also: