The Security Agent generates logs after detecting firewall violations and then sends the logs to the server.
-
Go to one of the following:
-
Logs > Agents > Security Risks
-
Agents > Agent Management
-
-
In the agent tree, click the root domain icon (
) to
include all agents or select specific domains or agents.
-
Go to the Firewall Log Criteria screen:
-
From the Security Risk Logs screen, click View Logs > Firewall Logs.
-
From the Agent Management screen, click Logs > Firewall Logs.
-
- To ensure that the most up-to-date logs are available, click Notify Agents. Allow some time for agents to send firewall logs before proceeding to the next step.
- Specify the log criteria and then click Display Logs.
-
View logs. Logs contain the following information:
Item
Description
Date/Time
The time the detection occurred
Endpoint
The endpoint on which the detection occurred
Domain
The domain on which the detection occurred
Remote Host
The IP address of the remote host
Local Host
The IP address of the local host
Protocol
The protocol used
Port
The port number
Direction
-
Receive: Indicates that the traffic was inbound
-
Send: Indicates that the traffic was outbound
Process
The executable program or service running on the endpoint that triggered the firewall violation
Description
Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation
-
- To save logs to a comma-separated value (CSV) file, click Export All to CSV. Open the file or save it to a specific location.