Monitoring and Logging
The Trace route field provides details, such as IP address, on each hop made by the data packet that was logged by the Agent. A hop is a transition point, usually a router, that a packet of information travels through at as it makes its way from one computer to another on a public network, such as the Internet.
4. To view detailed information on each hop, click the WhoIs>> button.
A drop panel displays detailed information about the owner of the IP address from which the traffic event originated. Note that the information displayed does not guarantee that you have discovered who the hacker actually is. The final hop’s IP address lists the owner of the router that the hackers connected through, and not necessarily the hackers themselves.
5. Click either Whois<< again to hide the information.
Note: You can cut and paste the information in the Detail information panel by pressing Ctrl+C to copy the information into the Clipboard.
It is not advisable to contact persons listed in the Detail information panel unless you are experiencing a high number of security logs in which the attacks originate from one particular IP address.
6. Click OK to return to the Log Viewer dialog box.
Saving LogsThe contents of the logs can be saved to different locations. You may want to do this to save space, but is it more likely that you do this for security review, or to import them into a tool such as Microsoft Excel.
To save a log file:
1.Open the log in the Log Viewer.
2.Click FileExport....
3.In the Save As dialog box, select the location for the log file.
4.Click OK.
Stopping an Active ResponseAny security attack that is detected on the Agent triggers an active response. The active response automatically blocks the IP address of a known intruder for a specific amount of time (the default is 10 minutes). If you don’t want to wait the default amount of time to unblock the IP address, you can stop the active response immediately.
You can stop active responses in the Security Log only.
37