Attack Logs

This section provides you with the tools to view and generate attack log reports. The NSM Attack logs are generated from analyzing Firewall System Logs, which primarily monitor events and incidents, including attacks, policy violations, and firewall actions. Unlike other reports in the NSM, the NSM Attack logs do not analyze session or connection-based metadata for network traffic that passes through a Firewall. Instead, System Logs are event-driven and generated whenever an attack or alert occurs.

 

• You need to have NSMAdvanced Reporting and Analyticslicense to view and manage Auditing Logs.
• Attack Logs are available for all GEN6, Gen7, and GEN8 firewalls.

You can view the Attack Logs in List and Log view.

In the List view, alerts are categorized and added under separate tabs, Targets, Initiators, Ports Information, Target Countries, Initiator Countries, Firewall Action. Click the respective tab to see the alerts under that particular category.

You can use the Search button to search the information in the table. You have a Time Range option that lets you customize the time duration of the report. You can see the alerts for last 30 days.

You can filter the information according to the IP version by selecting from IPv4, IPv6, or Both.

The Limit drop down is used to set the limit of the number of entries displayed. You can further filter the table according to a specific time by using the Time Slider which is present above the graph.

In the Log view, all the alerts are shown in a tabular format. You can use the Custom Filters in the Log view.