Viewing Firewall Logs Parent topic

Procedure

  1. Navigate to LogsNetworked Computer LogsSecurity Risks or Networked ComputersClient Management.
  2. In the client tree, click the root domain icon (icon_root-27.bmp) to include all clients or select specific domains or clients.
  3. Click LogsFirewall Logs or View LogsFirewall Logs.
  4. To ensure that the most up-to-date logs are available to you, click Notify Clients. Allow some time for clients to send firewall logs before proceeding to the next step.
  5. Specify the log criteria and then click Display Logs.
  6. View logs. Logs contain the following information:
    • Date and time of the firewall violation detection
    • Computer where the firewall violation occurred
    • Computer domain where the firewall violation occurred
    • Remote host IP address
    • Local host IP address
    • Protocol
    • Port number
    • Direction: If inbound (Receive) or outbound (Send) traffic violated a firewall policy
    • Process: The executable program or service running on the computer that caused the firewall violation
    • Description: Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation
  7. To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.