|
|
The SonicWALL maintains an Event log which displays potential security threats. This log can be viewed using the SonicWALL Web Management Interface, or it can be automatically sent to an e-mail address for convenience and archiving. The log is displayed in a table and is sortable. Clicking on the Time, Message, Source, Destination, Notes, or Rule column header sorts the table according to that criteria. The arrow next to the column header indicates the ascending or descending order of the sort.
The SonicWALL can alert you of important events, such as an attack to the SonicWALL. Alerts are immediately e-mailed, either to an e-mail address or to an e-mail pager. Each log entry contains the date and time of the event and a brief message describing the event.
Each log entry contains the date and time of the event and a brief message describing the event. It is also possible to copy the log entries from the management interface and paste into a report.
When IP packets are blocked by the SonicWALL, dropped TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address. Log messages usually include the name of the service in quotation marks.
When a computer attempts to connect to a SonicWALL Content Filtering Service (CFS) blocked site, an entry appears in the View Log as a Web site blocked link entry. The Source and Destination IP addresses are also displayed as well as the site URL and CFS category code in the Notes column. Clicking on the Web site blocked link displays the CFS categories and corresponding codes.
Note! The CFS
categories that can be blocked are configured in the
Filter>URL List page.
When a user attempts to access a Web site that is blocked by N2H2, an entry appears in the log. In additon to the IP address of the machine and usually the name of the blocked Web site. The netry contains the code P.
When ActiveX, Java or Web cookies are blocked, messages with the source and destination IP addresses of the connection attempt is displayed.
The IP address of the machine under attack and the source of the attack is displayed. In most attacks, the source address shown is fake and does not reflect the real source of the attack.
Tip!
Some network conditions can produce network traffic that appears to be an attack,
even when no one is deliberately attacking the LAN. To follow up on a possible
attack, contact your ISP to determine the source of the attack. Regardless of
the nature of the attack, your LAN is protected and no further steps are needed.