Viewing Firewall Logs

  1. Go to Logs > Agents > Security Risks or Agents > Agent Management.
  2. In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
  3. Click Logs > Firewall Logs or View Logs > Firewall Logs.
  4. To ensure that the most up-to-date logs are available to you, click Notify Agents. Allow some time for agents to send firewall logs before proceeding to the next step.
  5. Specify the log criteria and then click Display Logs.
  6. View logs. Logs contain the following information:
    • Date and time of the firewall violation detection

    • Endpoint where the firewall violation occurred

    • Endpoint domain where the firewall violation occurred

    • Remote host IP address

    • Local host IP address

    • Protocol

    • Port number

    • Direction: If inbound (Receive) or outbound (Send) traffic violated a firewall policy

    • Process: The executable program or service running on the endpoint that caused the firewall violation

    • Description: Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation

  7. To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.