Chapter 5 Events: Logs, Traffic Streams, Reports

Overview

The Events menu pages of the LSM allow you to monitor system performance and review traffic-related events. The menu provides the following options:

Logs — View information on system events and traffic-related events triggered by firewall, IPS, and traffic threshold security policies.

Managed Streams — Review and manage traffic streams that have been blocked, rate-limited, or quarantined by IPS policies. You can also manually quarantine or release a quarantined IP address.

Health — Review the current status and network performance of the X family device. Information includes memory and disk usage statistics, status of the Threat Suppression Engine and the Ethernet ports, and throughput performance.

Reports —View graphs showing information on traffic flow, traffic-related events, and statistics on firewall top sites, top services, top clients, rule hit counts, and triggered filters (attack, rate limit, traffic threshold, quarantine, and adaptive filter).

For details, see the following sections:

“Logs” on page 98

“Managed Streams” on page 110

“Health” on page 116

“Reports” on page 121

Logs

The Logs menu pages provide information on system events and traffic-related events triggered by firewall, IPS, and traffic threshold security policies. Each menu page also provides functions to manage the log files.

When you review logs, you may also see the following type of administrator user levels. These users denote the type of account according to the interface they used in the device:

SMS — Indicates the administrator used the SMS when the messages saved to the logs

LSM — Indicates the administrator used the LSM when the messages saved to the logs

CLI — Indicates the administrator used the CLI when the messages saved to the logs

Note Users with any access level can view and print the system log, but only

Administrator and Super-user level users can reset this log.

98X Family LSM User’s Guide V 2.5.1