Browse log data

Copies of the most recent log and alert entries are stored on the NGFW Engine.

Steps

  1. Browse to NGFW > Logs.
    Log events are shown in real time as they are created.
  2. To view earlier log events, scroll up in the table.

Example

Table 1. Log Events
Option Definition
Kind The type of policy that triggered the log event.
Creation Time Log entry creation time.
Component ID The identifier of the creator of the log entry.
Event ID Event identifier, unique within one sender.
Sender IP address of the NGFW Engine that sent the log entry.
Information Message A description of the log event that further explains the entry.
Facility The NGFW Engine subsystem that generated the log event.
Type Log entry severity type.
Action Action of the rule that triggered the log event. The action values are Allow, Discard, Refuse, Terminate, Wait for further actions, and Wait for authentication.
Rule Tag Rule tag of the rule that triggered the log event.
Src Addr Packet source IP address.
Dst Addr Packet destination IP address.
Src Port TCP or UDP source port in the packet header.
Dst Port TCP or UDP destination port in the packet header.
IP Protocol IP protocol of the traffic that generated the log event.
IP Version Version field value in the IP header.
Event The event that triggered the log creation, for example, New connection, Connection closed, Connection discarded.
Situation The identifier of the situation that triggered the log event.
Syslog Syslog is a system service used in some operating systems, for example, UNIX, and software packages. For more information about syslog and syslog types, see RFC 3164.
Daemon The name of the daemon that generated the log event.