Firewall_Logs

Firewall Logs

Firewall logs available on the server are sent by clients with the privilege to send firewall logs. Grant specific clients this privilege to monitor and analyze traffic on the client computers that the OfficeScan firewall is blocking.

For information about firewall privileges, see OfficeScan Firewall Privileges.

To keep the size of logs from occupying too much space on the hard disk, manually delete logs or configure a log deletion schedule. For more information about managing logs, see Managing Logs.

To view firewall logs: >>>

• Logs > Networked Computer Logs > Security Risks > View Logs > Firewall Logs
  
  Networked Computers > Client Management > Logs > Firewall Logs

1. To ensure that the most up-to-date logs are available to you, click Notify Clients. Allow some time for clients to send firewall logs before proceeding to the next step.

2. Specify log criteria and click Display Logs.

3. View logs. Logs contain the following information:

• Date and time of firewall violation detection

• Computer where firewall violation occurred

• Computer domain where firewall violation occurred

• Remote host IP address

• Local host IP address

• Protocol

• Port number

• Direction: If inbound (Receive) or outbound (Send) traffic violated a firewall policy

• Process: The executable program or service running on the computer that caused the firewall violation

• Description: Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation

4. To save the log to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location. A CSV file usually opens with a spreadsheet application such as Microsoft Excel.

See also:

• About the OfficeScan Firewall

• Firewall Policies and Profiles