Reviewing firewall logs

Use Firewall Logs page for the Network IPS appliance to filter and search the appliance firewall logs to display and research events.

About this task

Navigating in the Network IPS Local Management Interface: Review Analysis and Diagnostics > Logs > Firewall

Use stream live data to view log files immediately and in a constant scrolling list; however, using this feature might affect bandwidth and performance.

To tune firewall logging for your appliance, specify values such as the number of firewall logs or the maximum log size in tuning parameters. For information about how to configure tuning parameters, see Configuring tuning parameters. The firewall log tuning parameters are default parameters and are listed on the Tuning Parameters page.

Procedure

  1. In the Firewall Logs Filter area, expand the area to display Filter criteria settings and the Manage views area.
  2. Click Filter time range to focus the search on a specific time period.
  3. In the Search text field, type keywords to filter the event lists.
    Notes:

    For system and firewall logs, the appliance searches files by using approximate string matching. Use this syntax when you type text in the Search text field. For security alerts, the appliance searches files by using approximate string matching for only the Event Name option. You must use exact matches for all other Search text options.

    You can search for more than one keyword by clicking the Plus icon or you can delete keyword searches by clicking the Minus icon.

  4. If you want to save searches, click Save Filter.
  5. In the Manage views area, type a name for the search in the Filter tag field and click Save. You can Load or Delete searches based on your needs.
  6. Use Oldest, Older, Newer, and Newest to browse through lists of log files.