The intrusion detection system log displays the triggered IPS signatures for which the logging or blocking action has been set. The following information is displayed:
-
Pcap files.
-
UserGate node where the event occurred.
-
Time.
-
Event details.
-
User.
-
Action.
-
Rule name.
-
Signature.
-
Application protocol.
-
Network protocol
-
IP source.
-
Source port.
-
Source MAC address.
-
Destination zone.
-
IP destination.
-
Destination port.
-
Destination MAC address.
Administrators can select to display only the columns they need. To do this, click any of the columns and set the check marks for the columns you want to display in the context menu that appears.
To assist in finding the events of interest, the records can be filtered by various criteria such as the protocol, date range, action, etc.
By clicking Export as CSV, the administrator can save the filtered log data in a .csv file for subsequent analysis.