Using Logs

Event correlation (Active mode)

 

 

5Select Apply.

Event correlation (Active mode)

Event correlation is a data mining feature that provides a way of reviewing attacks on multiple devices in one location. The FortiLog unit collates attack events from all submitted logs and displays the information in a table. With even Correlation you can view:

all attacks on your network.

attacks targeted to specific devices.

the target and source of the attack.

when the attack occurred.

details on the type of attack.

To run an event correlation:

1Go to File Browse > Event Correlation.

2Select an attack type from the list

3Select Next.

4From the drop list, select to view the attacks from the same source IP or targets of the same attack.

5Select Show me.

Figure 48: Event Correlation results

Page

Use the page arrows or enter the page number to move to a different page

 

of the event correlation results.

Sort list

Select an attack sort for viewing the results. You can choose from Attacks

 

from the same source or other targets of the same attack.

FortiLog Administration Guide

05-16000-0082-20050115

79

Page 79
Image 79
Fortinet FortiLog-800, FortiLog-100, FortiLog-400 manual Event correlation Active mode, Sort list