Login
- Table of Contents
-
- 03-Monitor
- 01-Application analysis center
- 02-Blacklist logs
- 03-Single-packet attack logs
- 04-Scanning attack logs
- 05-Flood attack logs
- 06-WAF logs
- 07-Threat logs
- 08-Reputation logs
- 09-URL filtering logs
- 10-File filtering logs
- 11-Security policy logs
- 12-IPCAR logs
- 13-Sandbox logs
- 14-Terminal status
- 15-Application audit logs
- 16-System logs
- 17-Configuration logs
- 18-Traffic logs
- 19-TopN traffic
- 20-Security policy hit analysis
- 21-TopN threats
- 22-TopN URL filtering statistics
- 23-TopN file filtering statistics
- 24-Attack defense statistics
- 25-Connection rate ranking
- 26-TopN traffic trends
- 27-Security policy hit trend analysis
- 28-TopN threat trends
- 29-TopN URL filtering trends
- 30-TopN file filtering trends
- 31-Botnet analysis
- 32-Asset security
- 33-Threat case management
- 34-Report settings
- 35-Session list
- 36-User information center
- 37-IPv4 online users
- 38-IPv6 online users
- 39-MAC authentication online users
- 40-Terminal status
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Threat logs | 41.46 KB |
Threat logs
This help contains the following topics:
Introduction
The Threat Log List page displays the logs generated by the IPS module and the anti-virus module. These logs help administrators customize IPS profiles and anti-virus profiles to improve network security.
When configuring an IPS profile or anti-virus profile, you can enable the logging function. The IPS module and anti-virus module can then generate logs for matching packets.
Restrictions and guidelines
· Only one log operation (import, export, or delete) is allowed at a time.
· Only one user can perform a log operation at a time. When you import, export, or delete logs, make sure no one else is performing a log operation.
· When querying logs of a time range, this page displays the logs of the first day by default. You can click Previous Day or Next Day to view the logs of a specific date.
Configuration guidelines
Viewing threat log details
To view details of a log, click the Details icon 
in the Details column.
In the Threat Log Details window, the threat name in the Threat information area and the
fields in the Packet Details area may be incompletely displayed. To view the complete content,
you can use the following methods:
· Hover over the content.
· Click Copy. On the window that opens, obtain the complete content.
Downloading capture files
After the intrusion prevention system executes the packet capture action, the device generates logs. With hard disks installed, you can click Download of a log to obtain the captured file for threat analysis. To enable the device to cache IPS captured packets, execute the ips capture-cache number command in system view.
Adding to whitelist
If false alarms exist in the threat logs,
you can click the Add to whitelist icon 
of a log to add the
detected IPS signature ID and URL to the whitelist. The whitelist feature
permits packets matching the whitelist to pass through, reducing false alarms.
Import logs
1. Click the Monitor tab.
2. In the navigation pane, select Security Logs > Threat Logs.
3. Click Import.
4. In the dialog box that opens, click Yes.
5. Select a log file, and enter the password for the log file. The password was set when the file was exported.
Export logs
1. Click the Monitor tab.
2. In the navigation pane, select Security Logs > Threat Logs.
3. Click Advanced search.
4. On the page that opens, specify the search criteria to display the logs to be exported.
5. Click Export.
6. On the page that opens, configure the log export settings.
Table 1 Log export configuration items
|
Item |
Description |
|
Set password |
Enter a password for encrypting the log files. This password is required when you view or import the exported log files. |
|
Log range |
Specify the range of logs to be exported. Options are: · All results—Exports all logs that satisfy the search criteria. The page displays the total number of logs to be exported. · Day on the current page—Exports logs of the day indicated by the Time field on the current page. You can define the ending page to decrease the number of logs to be exported. |
7. Select one of the following export methods.
¡ Export to one file—Exports logs to one file. When a small number of logs are to be exported, select this method.
¡ Export to files—Exports logs to multiple files. If more than 65000 logs are to be exported, select this method.
8. Perform one of the following tasks as required:
¡ If you have selected Export to one file, click OK in the dialog box that opens.
¡ If you have selected Export to files, specify the number of logs to be exported to each file and click OK in the dialog box that opens.
When a log export to one file is complete, a dialog box opens, asking you whether to continue exporting the remaining logs to a new file.
- To continue the export, click Yes.
- To stop the export process, click No.
