Logs

Searching a Log

Some logs provide a search function to help locate specific entries. This feature is available on the Alert, Audit, IPS Block Log, Firewall Block Log. To locate an entry within a log file, use the Search function available on each log page. You can search for entries by specifying one or more of the following criteria:

Date Range — Search all log entries or specify a date range. You can also enter a time range.

Severity — The severity includes low, minor, major, and critical events. You can select any severity you want to search.

Filter Name — You can search for logged entries based on the filter that triggered them.

Protocol —You can search by name of the protocol that the action affects.

Source Address — You can search for a source address of the triggering traffic.

Destination Address — You can search for a destination address of the triggering traffic.

Search a Log

STEP 1

STEP 2

Open the log view. Then, in the Log Functions section, click Search.

On the Search System Log page, specify the search criteria For the Log Entry Time, choose a search option:

• Choose All to search all log entries.

OR

Enter a date range for log entries. You can enter a date and time for the range, using the formats Year-Month-Date (YYYY-MM-DD) [required] and hours minutes seconds (HH:MM:SS) [optional].

STEP 3 Check the box next to each Severity of the alerts you wish to retrieve [optional].

STEP 4 Enter the name of the Filter Name whose alerts you would like to find [optional].

STEP 5 Enter the name of the Protocol whose alerts you would like to find [optional].

STEP 6 Enter the Source Address for alerts you would like to find. [optional].

STEP 7 Enter the Destination Address for the alerts you would like to find [optional].

STEP 8 Choose the # of Results to Display from the drop-down box [optional].

STEP 9 Click Search.

TIP In Step 4 through Step 7, you can enter the first part of the item you want to search for. For example you can enter the first few letters or numbers in a filter name, or the first few numbers of an IP address.

X Family LSM User’s Guide V 2.5.1

109