Alert log

Navigate to Monitoring & Statistics > Logs > Alert Log to view the event logs for alerts and to set up display filters. In the Alert Log editing window, you can see what traffic is blocked by your LANCOM R&S®Unified Firewall or how traffic was transmitted through the firewall.

The column headers contain the following information:

Table 1. Filter types
Column Description
Time Timestamp of the log entry.
Category Event category, which can be one of the following:
  • Application filter
  • Connection blocked
  • Connection finished
  • IDPS
  • Mail malware
  • Spam
  • Web filter allowed
  • Web filter blocked
  • Web malware
Message The log message itself. If necessary. the on the right-hand side of a message performs actions directly. For example, in the category IDPS messages about blocked services are displayed. These messages are displayed along with the signature ID that would be required in a rule to stop blocking this service. Exceptions can therefore be added directly from the log.

Filtering

You can use More Filters on the input field with different search criteria and options to narrow down the results. These filters relate to the time interval that you set under Time.

Figure 1. Alert log with applied filter



Proceed as follows to create a filter:

  1. Click in the input field. The web client displays suggested filters.
    Note: The available filter types, input formats and default values can be found in the Filter types table.
  2. Select one of the suggested filters from the drop-down list, or enter any search text to receive further suggestions.
    Note: For each suggestion, you can specify whether to use this as an inclusion filter (  / AND) or exclusion filter (  / AND-NOT).
    After selection, the suggested filter is inserted into the input field as a search criterion. The list of log messages is adapted to the search query. Matching log entries are highlighted.

Repeat the above steps until you have added the desired filter criteria to your query.

Important: Only entries that match all filter criteria are displayed.

To delete a filter criterion in a search query, click on .

You can add multiple lines to your search by clicking on + OR next to the input field. You can choose to insert a new blank line or to copy the last created line. Each line is a separate search query, which is ORed with the other lines.

Figure 2. Combined filter query



Delete the line by clicking next to the line.

Filter types

Filter type Input format Default values Subtypes
Text Free text   Log entry Domain / URI (log entries from HTTP proxies, virus scanners and the URL / Content Filter)
Protocol Free text ICMP, TCP, UDP Transport protocols or protocols detected by the Application Filter  
Port Numbers from 0 to 65535   TCP / UDP source or destination port of IPDS or firewall messages
IPv4 Valid IP address or parts thereof   Source or destination IP address of mail proxy, IDPS, application filter, or firewall messages
Category Free text or selection from the More Filters drop-down list
  • Application filter
  • Connection blocked
  • Connection finished
  • IDPS
  • Mail malware
  • Spam
  • Web filter allowed
  • Web filter blocked
  • Web malware
 

Export

The log entries can be exported in PDF, HTML and CSV formats. The export takes into account the current filter settings.

www.lancom-systems.com

LANCOM Systems GmbH | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E-Mail info@lancom.de

LANCOM Logo