Endpoint Protection

 View Only

  • 1.  Difference between traffic and packet logs in SEP firewall

    Posted May 15, 2015 07:14 AM

    Hi,

     

    I would like to know what's the difference between traffic & packet logs in sep firewall?
    What information will I get if I select "Write to traffic log" or "Write to packet log"?

     

    Cheers!!!



  • 2.  RE: Difference between traffic and packet logs in SEP firewall
    Best Answer

    Posted May 15, 2015 07:23 AM

    Only enable packet logging when troubleshooting! It shows down to the byte level and can fill up space quickly. Packet logging is like what you see in wireshark...

    Traffic logging just shows the basics and is most common to use.



  • 3.  RE: Difference between traffic and packet logs in SEP firewall

    Posted May 15, 2015 07:42 AM

    Thanks for the info, Brian.

    I have another question...

    For eg:, if an application (executable file) triggers a traffic from internal host to an external (unknown) organization or vice versa, will the packet log show enough of details (like IP address, MAC address, application name, ports & protocols used, etc)?

     

    Cheers!!!



  • 4.  RE: Difference between traffic and packet logs in SEP firewall

    Posted May 15, 2015 07:47 AM

    Yes, assuming you have a rule to detect it.