Sep11 External Logging
Updated: 20 Sep 2010 | 2 comments
We use an external logging appliance to correlate logs across our many security devices. I am having trouble mapping and understanding which logs are available at the client level, the server reporting level and the external logging level. Specifically I am interested in the IDS logs that are located at the server reporting level and labeled "Network Threat Protection" but I would like them to be sent to my external logging solution but I am not seeing them. PLEASE provide an understanding of this!
At the client level I have:
Scan Log
Risk Log
System Log (A/V and Anti-Spyware)
Threat Log
System Log (Proactive Threat Protection)
Traffic Log
Packet Log
At the server reporting level I have:
At the external logging level I have:
discussion Filed Under:
Comments
hi
it wil be under network threat protection log
sepm
monitors - logs - Network threat protection
type: attacks
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
how about external logging?
Can you speak to whether these attacks are sent through the external logging facility? Because I am not seeing them. I see firewall logs, virus logs and some of the others, but not intrusion logs from an external logging perspective.
Would you like to reply?
Login or Register to post your comment.