Using Logs | Event correlation (Active mode) |
|
|
5Select Apply.
Event correlation (Active mode)
Event correlation is a data mining feature that provides a way of reviewing attacks on multiple devices in one location. The FortiLog unit collates attack events from all submitted logs and displays the information in a table. With even Correlation you can view:
•all attacks on your network.
•attacks targeted to specific devices.
•the target and source of the attack.
•when the attack occurred.
•details on the type of attack.
To run an event correlation:
1Go to File Browse > Event Correlation.
2Select an attack type from the list
3Select Next.
4From the drop list, select to view the attacks from the same source IP or targets of the same attack.
5Select Show me.
Figure 48: Event Correlation results
Page | Use the page arrows or enter the page number to move to a different page |
| of the event correlation results. |
Sort list | Select an attack sort for viewing the results. You can choose from Attacks |
| from the same source or other targets of the same attack. |
FortiLog Administration Guide | 79 |