fwlog

Firewall Logs

Firewall logs available on the server are sent by clients with the privilege to send firewall logs. Grant specific clients this privilege to monitor and analyze traffic on the client computers that the OfficeScan firewall is blocking.

For information about firewall privileges, see Firewall Privileges.

To keep the size of logs from occupying too much space on the hard disk, manually delete logs or configure a log deletion schedule. For more information about managing logs, see Managing Logs.

To view firewall logs:

• Logs > Networked Computer Logs > Security Risks
  
  Networked Computers > Client Management

1. In the client tree, click the root domain icon to include all clients or select specific domains or clients.

2. Click Logs > Firewall Logs or View Logs > Firewall Logs.

3. To ensure that the most up-to-date logs are available to you, click Notify Clients. Allow some time for clients to send firewall logs before proceeding to the next step.

4. Specify the log criteria and then click Display Logs.

5. View logs. Logs contain the following information:

• Date and time of firewall violation detection

• Computer where firewall violation occurred

• Computer domain where firewall violation occurred

• Remote host IP address

• Local host IP address

• Protocol

• Port number

• Direction: If inbound (Receive) or outbound (Send) traffic violated a firewall policy

• Process: The executable program or service running on the computer that caused the firewall violation

• Description: Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation

6. To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.

See also:

• About the OfficeScan Firewall

• Firewall Policies and Profiles