Viewing Firewall Logs

The Security Agent generates logs after detecting firewall violations and then sends the logs to the server.

  1. Go to one of the following:

    • Logs > Agents > Security Risks

    • Agents > Agent Management

  2. In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
  3. Go to the Firewall Log Criteria screen:

    • From the Security Risk Logs screen, click View Logs > Firewall Logs.

    • From the Agent Management screen, click Logs > Firewall Logs.

  4. To ensure that the most up-to-date logs are available, click Notify Agents. Allow some time for agents to send firewall logs before proceeding to the next step.
  5. Specify the log criteria and then click Display Logs.
  6. View logs. Logs contain the following information:

    Item

    Description

    Date/Time

    The time the detection occurred

    Endpoint

    The endpoint on which the detection occurred

    Domain

    The domain on which the detection occurred

    Remote Host

    The IP address of the remote host

    Local Host

    The IP address of the local host

    Protocol

    The protocol used

    Port

    The port number

    Direction

    • Receive: Indicates that the traffic was inbound

    • Send: Indicates that the traffic was outbound

    Process

    The executable program or service running on the endpoint that triggered the firewall violation

    Description

    Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation
  7. To save logs to a comma-separated value (CSV) file, click Export All to CSV. Open the file or save it to a specific location.
Parent topic: Firewall Logs