- Table of Contents
-
- 03-Monitor
- 01-Blacklist logs
- 02-Single-packet attack logs
- 03-Scanning attack logs
- 04-Flood attack logs
- 05-Threat logs
- 06-URL filtering logs
- 07-File filtering logs
- 08-Security policy log
- 09-Application audit logs
- 10-System logs
- 11-Operation logs
- 12-Traffic logs
- 13-TopN traffic
- 14-TopN threats
- 15-TopN URL filtering statistics
- 16-TopN file filtering statistics
- 17-Attack defense statistics
- 18-Server load balancing statistics
- 19-Link load balancing statistics
- 20-Transparent DNS proxy statistics
- 21-TopN traffic trends
- 22-TopN threat trends
- 23-TopN URL filtering trends
- 24-TopN file filtering trends
- 25-URL visit trends
- 26-Report settings
- 27-Session list
- 28-LB session information
- 29-User information center
- 30-DNS cache information
- 31-IPv4 online users
- 32-IPv6 online users
- 33-MAC authentication online users
- 34-Load balancing logging
- Related Documents
-
Title | Size | Download |
---|---|---|
05-Threat logs | 31.78 KB |
This help contains the following topics:
Introduction
The Threat Log List page displays the logs generated by the IPS module and the anti-virus module. These logs help administrators customize IPS profiles and anti-virus profiles to improve network security.
When configuring an IPS profile or anti-virus profile, you can enable the logging function. The IPS module and anti-virus module can then generate logs for matching packets.
Configuration guidelines
Exporting threat logs
To export threat logs on the current page, click Export to Excel.
Viewing threat log details
To view details of a log, click the Details icon in the Details column. In the Threat Log Details window, the threat name in the Threat information area and the fields in the Packet Details area may display incompletely. To view the complete content, you can use the following methods:
· Hover over the content.
· Copy the complete content.
¡ If the browser supports the copy function, click Copy and paste the complete content to the clipboard directly.
¡ If the browser does not support the copy function, click Copy and then obtain the complete content on the window that opens.
Downloading capture files
The device generates a capture file after the IPS module executes the capture action. With a hard disk installed in the device, the Download column appears, allowing you to download the capture file for threat analysis. To enable the device to cache capture file, you also need to execute the ips capture-cache number command in system view at the CLI. This command enables the device to cache the IPS captured packets.