Login
- Table of Contents
-
- 03-Monitor
- 01-Application analysis center
- 02-Blacklist logs
- 03-Single-packet attack logs
- 04-Scanning attack logs
- 05-Flood attack logs
- 06-Threat logs
- 07-Reputation logs
- 08-URL filtering logs
- 09-File filtering logs
- 10-Data filtering logs
- 11-Security policy logs
- 12-IPCAR logs
- 13-Sandbox logs
- 14-NAT logs
- 15-SSL VPN user access logs
- 16-SSL VPN access resource logs
- 17-Terminal status
- 18-DLP logs
- 19-Zero trust policy logs
- 20-Application audit logs
- 21-System logs
- 22-Configuration logs
- 23-Traffic logs
- 24-Load balancing logs
- 25-TopN traffic
- 26-Security policy hit analysis
- 27-TopN threats
- 28-TopN URL filtering statistics
- 29-TopN file filtering statistics
- 30-Attack defense statistics
- 31-Server load balancing statistics
- 32-Outbound link load balancing statistics
- 33-Transparent DNS proxy statistics
- 34-Connection rate ranking
- 35-DLP statistics
- 36-TopN traffic trends
- 37-Security policy hit trend analysis
- 38-TopN threat trends
- 39-TopN URL filtering trends
- 40-TopN file filtering trends
- 41-Link trend
- 42-Routing policy trends
- 43-Virtual server trend
- 44-Server farm trends
- 45-Real server trend
- 46-Domain Requested Times Trend
- 47-TopN file filtering trends
- 48-Online SSL VPN users trend
- 49-Botnet analysis
- 50-Asset security
- 51-Threat case management
- 52-Report settings
- 53-Session list
- 54-LB session information
- 55-DNS cache information
- 56-User information center
- 57-IPv4 online users
- 58-IPv6 online users
- 59-MAC authentication online users
- 60-Terminal status
- 61-Asset scan
- 62-Ping
- 63-Tracert
- 64-Packet capture
- 65-Webpage Diagnosis
- 66-Diagnostic Info
- 67-Packet trace
- 68-Load balancing test
- 69-IPsec diagnosis
- 70-Risk analysis
- 71-Content moderation logs
- 72-Content security top
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-Threat logs | 41.93 KB |
Threat logs
This help contains the following topics:
Introduction
The Threat Log List page displays the logs generated by the IPS module and the anti-virus module. These logs help administrators customize IPS profiles and anti-virus profiles to improve network security.
When configuring an IPS profile or anti-virus profile, you can enable the logging function. The IPS module and anti-virus module can then generate logs for matching packets.
Restrictions and guidelines
· Only one log operation (import, export, or delete) is allowed at a time.
· Only one user can perform a log operation at a time. When you import, export, or delete logs, make sure no one else is performing a log operation.
· When querying logs of a time range, this page displays the logs of the first day by default. You can click Previous Day or Next Day to view the logs of a specific date.
Manage threat logs
Viewing threat log details
To view details of a log, click the Details icon 
in the Details column.
In the Threat Log Details window, the threat name in the Threat information area and the
fields in the Packet Details area may be incompletely displayed. To view the complete content,
you can use the following methods:
· Hover over the content.
· Click Copy. On the window that opens, obtain the complete content.
Downloading capture files
After the intrusion prevention system executes the packet capture action, the device generates logs. With hard disks or USB disks installed, you can click Download of a log to obtain the captured file for threat analysis.
Adding to whitelist
If false alarms exist in the threat logs,
you can click the Add to whitelist icon 
of a log to add the
detected IPS signature ID and URL to the whitelist. The whitelist feature
permits packets matching the whitelist to pass through, reducing false alarms.
Import logs
1. Click the Monitor tab.
2. In the navigation pane, select Security Logs > Threat Logs.
3. Click Import.
4. In the dialog box that opens, click Yes.
5. Select a log file, and enter the password for the log file. The password was set when the file was exported.
Export logs
1. Click the Monitor tab.
2. In the navigation pane, select Security Logs > Threat Logs.
3. Click Advanced search.
4. On the page that opens, specify the search criteria to display the logs to be exported.
5. Click Export.
6. On the page that opens, configure the log export settings.
Table 1 Log export configuration items
|
Item |
Description |
|
Set password |
Enter a password for encrypting the log files. This password is required when you view or import the exported log files. |
|
Log range |
Specify the range of logs to be exported. Options are: · All results—Exports all logs that satisfy the search criteria. The page displays the total number of logs to be exported. · Day on the current page—Exports logs of the day indicated by the Time field on the current page. You can define the ending page to decrease the number of logs to be exported. |
7. Select one of the following export methods.
¡ Export to one file—Exports logs to one file. When a small number of logs are to be exported, select this method.
¡ Export to files—Exports logs to multiple files. If more than 65000 logs are to be exported, select this method.
8. Perform one of the following tasks as required:
¡ If you have selected Export to one file, click OK in the dialog box that opens.
¡ If you have selected Export to files, specify the number of logs to be exported to each file and click OK in the dialog box that opens.
When a log export to one file is complete, a dialog box opens, asking you whether to continue exporting the remaining logs to a new file.
- To continue the export, click Yes.
- To stop the export process, click No.
Aggregate logs
Perform this task to enable log aggregation. Log aggregation reduces the log volume and facilitates you to view the logs. With log aggregation enabled, the device aggregates service logs that meet the same aggregation criteria at configured intervals. The log aggregation criteria include source IP address, destination IP address, application, source port, destination port, threat ID, threat name, and threat type.
Procedure
1. Click the Monitor tab.
2. In the navigation pane, select Security Logs > Threat Logs.
3. Click Log aggregation settings.
4. On the page that opens, select the check box next to Enable and configure the aggregation interval.
5. Click OK.
