Viewing Firewall Logs

The Security Agent generates logs after detecting firewall violations and then sends the logs to the server.

  1. Go to one of the following:
    • Logs > Agents > Security Risks

    • Agents > Agent Management

  2. In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
  3. Go to the Firewall Log Criteria screen:
    • From the Security Risk Logs screen, click View Logs > Firewall Logs.

    • From the Agent Management screen, click Logs > Firewall Logs.

  4. To ensure that the most up-to-date logs are available, click Notify Agents. Allow some time for agents to send firewall logs before proceeding to the next step.
  5. Specify the log criteria and then click Display Logs.
  6. View logs. Logs contain the following information:




    The time the detection occurred


    The endpoint on which the detection occurred


    The domain on which the detection occurred

    Remote Host

    The IP address of the remote host

    Local Host

    The IP address of the local host


    The protocol used


    The port number


    • Receive: Indicates that the traffic was inbound

    • Send: Indicates that the traffic was outbound


    The executable program or service running on the endpoint that triggered the firewall violation


    Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation

  7. To save logs to a comma-separated value (CSV) file, click Export All to CSV. Open the file or save it to a specific location.