Threat Logs

The Threat Logs tab displays files containing app flow sessions marked with threats, viruses, instructions, spyware, and botnet activities. You can export these files in CSV format or download them as SQLite database files. To manage storage capacity, older files are rotated out when the disk is nearing full, ensuring space for new log entries. You can review the threat logs in Monitor > Logs > Threat Logs page.

To export the threat logs

1. Navigate to DEVICE | Settings > Storage > Files.
2. Click the Threat Logs tab.

3. Click the Download icon beside the selected threat log.

4. Select Export to CSV or Download File.

   

5. Click on Settings tab.

   Screen	Description
   	For NSa 4700 series and higher and all NSsp series appliances: Enable the Enable Logging to Storage for storing system logs, threat logs, audit logs, and AppFlow report data. Select Primary or Secondary from the Storage Device Type drop-down. Requires a reboot for the changing the storage device to take effect. The Firewall displays files and data only from the active storage.
   	For TZ and NSvseries appliances: Enable the Enable Logging to Storage for storing system logs, threat logs, audit logs, and AppFlow report data.

   Enabling Enable Logging to Storage requires a reboot for the changes to take effect.

   

6. Click OK.