Chapter 5 Events: Logs, Traffic Streams, Reports

Table 5–1: Alert Log Field Descriptions (Continued)

Column

Description

 

 

 

 

Source Address

The source address of the triggering traffic

 

 

Dest Address

The destination address of the triggering traffic

 

 

Packet Trace

Details if a packet trace is available

 

 

Hit Count

Details how many packets have been detected

 

 

Audit Log

The audit log tracks user activity that may have security implications, including user attempts (successful and unsuccessful) to do the following:

Change user information

Change IPS, firewall, routing or network configuration

Gain access to controlled areas (including the audit log)

Update system software and attack protection filter packages

Change filter settings

Note Only users with Super-user access level can view, print, reset, and download the audit log.

To maintain a complete history of entries and provide a backup, you can configure the X family device to send Audit Block Log entries to a remote syslog server from the Syslog Servers page. For details, see the “Syslog Servers” on page 242.

An Audit log entry contains the following fields:

Table 5–2: Audit Log Field Descriptions

Column

Description

 

 

 

 

Log ID

A system-assigned Log ID number

 

 

Date and Time

A date and time stamp in the format year-month-date hour:minute:second

 

 

Username

The login name of the user performing the action. The user listed for an event

 

may include SMS, SYS, and CLI. These entries are automatically generated when

 

one of these applications performs an action.

 

 

Access Level

The access-level of the user performing the action

 

 

IP Address

The IP address from which the user connected to perform the action

 

 

Interface

The interface with which the user logged in (either WEB for the LSM or CLI for

 

the Command Line Interface)

 

 

100X Family LSM User’s Guide V 2.5.1