Threat logs

This help contains the following topics:

·     Introduction

·     Configuration guidelines

¡     Exporting threat logs

¡     Viewing threat log details

¡     Downloading capture files

Introduction

The Threat Log List page displays the logs generated by the IPS module and the anti-virus module. These logs help administrators customize IPS profiles and anti-virus profiles to improve network security.

When configuring an IPS profile or anti-virus profile, you can enable the logging function. The IPS module and anti-virus module can then generate logs for matching packets.

Configuration guidelines

Exporting threat logs

To export threat logs on the current page, click Export to Excel.

Viewing threat log details

To view details of a log, click the Details icon  in the Details column. In the Threat Log Details window, the threat name in the Threat information area and the fields in the Packet Details area may display incompletely. To view the complete content, you can use the following methods:

·     Hover over the content.

·     Copy the complete content.

¡     If the browser supports the copy function, click Copy and paste the complete content to the clipboard directly.

¡     If the browser does not support the copy function, click Copy and then obtain the complete content on the window that opens.

Downloading capture files

The device generates a capture file after the IPS module executes the capture action. With a hard disk installed in the device, the Download column appears, allowing you to download the capture file for threat analysis.  To enable the device to cache capture file, you also need to execute the ips capture-cache number command in system view at the CLI. This command enables the device to cache the IPS captured packets.