Views:
The Security Agent generates logs after detecting firewall violations and then sends the logs to the server.

Procedure

  1. Go to one of the following:
    • LogsAgentsSecurity Risks
    • AgentsAgent Management
  2. In the agent tree, click the root domain icon (icon-root.jpg) to include all agents or select specific domains or agents.
  3. Go to the Firewall Log Criteria screen:
    • From the Security Risk Logs screen, click View LogsFirewall Logs.
    • From the Agent Management screen, click LogsFirewall Logs.
  4. To ensure that the most up-to-date logs are available, click Notify Agents. Allow some time for agents to send firewall logs before proceeding to the next step.
  5. Specify the log criteria and then click Display Logs.
  6. View logs. Logs contain the following information:
    Item
    Description
    Date/Time
    The time the detection occurred
    Endpoint
    The endpoint on which the detection occurred
    Domain
    The domain on which the detection occurred
    Remote Host
    The IP address of the remote host
    Local Host
    The IP address of the local host
    Protocol
    The protocol used
    Port
    The port number
    Direction
    • Receive: Indicates that the traffic was inbound
    • Send: Indicates that the traffic was outbound
    Process
    The executable program or service running on the endpoint that triggered the firewall violation
    Description
    Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation
  7. To save logs to a comma-separated value (CSV) file, click Export All to CSV. Open the file or save it to a specific location.
Keywords: firewall logs