Sep11 External Logging
Created: 19 Mar 2010 | Updated: 20 Sep 2010 | 2 comments
We use an external logging appliance to correlate logs across our many security devices. I am having trouble mapping and understanding which logs are available at the client level, the server reporting level and the external logging level. Specifically I am interested in the IDS logs that are located at the server reporting level and labeled "Network Threat Protection" but I would like them to be sent to my external logging solution but I am not seeing them. PLEASE provide an understanding of this!
At the client level I have:
Scan Log
Risk Log
System Log (A/V and Anti-Spyware)
Threat Log
System Log (Proactive Threat Protection)
Traffic Log
Packet Log
At the server reporting level I have:
At the external logging level I have:
Discussion Filed Under:
Comments 2 Comments • Jump to latest comment
it wil be under network threat protection log
sepm
monitors - logs - Network threat protection
type: attacks
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Can you speak to whether these attacks are sent through the external logging facility? Because I am not seeing them. I see firewall logs, virus logs and some of the others, but not intrusion logs from an external logging perspective.
Would you like to reply?
Login or Register to post your comment.