Scribd
Upload
78 views6 pages

Monitoring and Logging: Monitoring Important Events With Smartevent

This document discusses the monitoring capabilities of SmartEvent and SmartLog. SmartEvent allows administrators to monitor and consolidate security events from various software blades. It enables identifying important security events and creating reports. SmartLog is a log management tool that indexes logs from all software blades to allow quick searching and monitoring of logs and connections in real-time. Sample procedures demonstrate analyzing events using SmartEvent and logs of dropped connections using SmartLog.

Uploaded by

One Hour
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
78 views6 pages

Monitoring and Logging: Monitoring Important Events With Smartevent

This document discusses the monitoring capabilities of SmartEvent and SmartLog. SmartEvent allows administrators to monitor and consolidate security events from various software blades. It enables identifying important security events and creating reports. SmartLog is a log management tool that indexes logs from all software blades to allow quick searching and monitoring of logs and connections in real-time. Sample procedures demonstrate analyzing events using SmartEvent and logs of dropped connections using SmartLog.

Uploaded by

One Hour
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Monitoring and Logging

Monitoring Important Events with SmartEvent


Monitoring Traffic and Connections with SmartLog

Monitoring Important Events with SmartEvent


The SmartEvent Software Blade is a unified security event management and analysis solution that
delivers real-time, graphical threat management information. SmartEvent consolidates and shows all
security events that are generated by these Software Blades:
 Firewall
 Identity Awareness, and URL Filtering
 IPS
 Application Control
 Anti-Bot, Threat Emulation, and Anti-Virus
 DLP

Administrators can quickly identify very important security events and do the necessary actions to
prevent more attacks.
For more information about using SmartEvent, see the R77 SmartEvent  Administration Guide.

Enabling SmartEvent
To enable SmartEvent on the Security Management Server:
1. In SmartDashboard from the Network Objects navigation tree, double-click the Security
Management Server or Domain Log Server.

The General Properties window opens.

2. In the Management tab, select these Software Blades:


o Logging & Status
o SmartEvent Server
o SmartEvent Correlation Unit

3. Click OK.

4. From the menu bar, select Policy > Install Database.

5. From the menu bar, select SmartConsole > SmartEvent.

The SmartEvent console opens.

Creating Reports
SmartEvent lets you create reports that summarize events for the supported Software Blades. These
reports can help you identify attack trends and the effectiveness of the Firewall Rule Base and the
security policy. The reports can be automatically sent as emails and PDF files at regular intervals.

To create a SmartEvent report:


1. In SmartEvent, click the Reports tab.

2. From the navigation tree, click All or a Software Blade.

3. Select the report.


A sample report is shown in the window.
4. Click Generate.

The report is generated and shown in a new window.

5. To create a PDF file, click  .

The report is saved to a PDF.

Sample Application Control and URL Filtering Event


Analysis
This is a sample procedure that shows how to use SmartEvent to do an analysis of Internet browsing
events from the Application Control and URL Filtering Software Blade.

To show an Internet browsing event:


1. From SmartEvent Overview tab, in the View section, click the Application Control and URL
Filtering icon .

The Application Control and URL Filtering Overview page opens.

2. In Timeline View, click the High Risk events for a day.


The High Risk window opens.

This is some of the information about the event:


 Five users tried to access the VTunnel web proxy
 VTunnel is classified as a High security risk and is a Web proxy site that lets users go to
websites anonymously
 The names of the 5 users that tried to go to the VTunnel website are shown

Monitoring Traffic and Connections with SmartLog


The SmartLog Software Blade is a log management tool that reads logs from all Software Blades on
Security Management Servers and Security Gateways. SmartLog works with the SmartLog Index
Server that gets log files from different log servers and indexes them. SmartLog supplies these
monitoring features:
 Quickly search through billions of logs with simple search strings
 Select from many default search queries to find the applicable logs
 Monitor logs from administrator activity and connections in real-time
For more about using SmartLog, see the R77 SmartLog Administration Guide.

Enabling SmartLog
The SmartLog Index Server contains a central index of log entries from all SmartLog enabled Security
Management Server and Log Servers.

To enable SmartLog:
1. Open SmartDashboard.

2. From the Network Objects tree, double-click the Security Management Server or Domain


Log Server.

The General Properties window opens.

3. In the Management tab, select Logging & Status.

4. From the navigation tree, click Logs.

5. Select Enable SmartLog and then click OK.

6. From the menu bar, select Policy > Install Database.

The SmartLog Index Server is installed on the Security Management Server.


7. From the menu bar, select SmartConsole > SmartLog.

The SmartLog console opens.

Sample Log Analysis


This is a sample procedure that shows how to use SmartLog to do an analysis of a log of a dropped
connection.

To show a log of a dropped connection:


1. From SmartLog, in the Query Top Results pane select Top Actions > Drop.

The Results pane shows the logs for dropped connections.

2. Double-click a log.

The Log Details window opens.

This is some of the information about the dropped connection in the log:
o A telnet connection from 10.6.20.54 to 10.17.45.125 was dropped
o The connection matched rule number 2 (Telnet not allowed) in the Firewall Rule Base
 

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy