Scribd Logo
Carica

Benvenuto in Scribd!

  • Monitoring and Logging: Monitoring Important Events With Smartevent

    Caricato da

    One Hour
    28 visualizzazioni6 pagine

    Titolo originale

    11-SmartEvent-and-SmartLog-Monitoring-and-Logging

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    28 visualizzazioni6 pagine

    Monitoring and Logging: Monitoring Important Events With Smartevent

    Caricato da

    One Hour

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 6

    Monitoring and Logging

    Monitoring Important Events with SmartEvent


    Monitoring Traffic and Connections with SmartLog

    Monitoring Important Events with SmartEvent


    The SmartEvent Software Blade is a unified security event management and analysis solution that
    delivers real-time, graphical threat management information. SmartEvent consolidates and shows all
    security events that are generated by these Software Blades:
     Firewall
     Identity Awareness, and URL Filtering
     IPS
     Application Control
     Anti-Bot, Threat Emulation, and Anti-Virus
     DLP

    Administrators can quickly identify very important security events and do the necessary actions to
    prevent more attacks.
    For more information about using SmartEvent, see the R77 SmartEvent  Administration Guide.

    Enabling SmartEvent
    To enable SmartEvent on the Security Management Server:
    1. In SmartDashboard from the Network Objects navigation tree, double-click the Security
    Management Server or Domain Log Server.

    The General Properties window opens.

    2. In the Management tab, select these Software Blades:


    o Logging & Status
    o SmartEvent Server
    o SmartEvent Correlation Unit

    3. Click OK.

    4. From the menu bar, select Policy > Install Database.

    5. From the menu bar, select SmartConsole > SmartEvent.

    The SmartEvent console opens.

    Creating Reports
    SmartEvent lets you create reports that summarize events for the supported Software Blades. These
    reports can help you identify attack trends and the effectiveness of the Firewall Rule Base and the
    security policy. The reports can be automatically sent as emails and PDF files at regular intervals.

    To create a SmartEvent report:


    1. In SmartEvent, click the Reports tab.

    2. From the navigation tree, click All or a Software Blade.

    3. Select the report.


    A sample report is shown in the window.
    4. Click Generate.

    The report is generated and shown in a new window.

    5. To create a PDF file, click  .

    The report is saved to a PDF.

    Sample Application Control and URL Filtering Event


    Analysis
    This is a sample procedure that shows how to use SmartEvent to do an analysis of Internet browsing
    events from the Application Control and URL Filtering Software Blade.

    To show an Internet browsing event:


    1. From SmartEvent Overview tab, in the View section, click the Application Control and URL
    Filtering icon .

    The Application Control and URL Filtering Overview page opens.

    2. In Timeline View, click the High Risk events for a day.


    The High Risk window opens.

    This is some of the information about the event:


     Five users tried to access the VTunnel web proxy
     VTunnel is classified as a High security risk and is a Web proxy site that lets users go to
    websites anonymously
     The names of the 5 users that tried to go to the VTunnel website are shown

    Monitoring Traffic and Connections with SmartLog


    The SmartLog Software Blade is a log management tool that reads logs from all Software Blades on
    Security Management Servers and Security Gateways. SmartLog works with the SmartLog Index
    Server that gets log files from different log servers and indexes them. SmartLog supplies these
    monitoring features:
     Quickly search through billions of logs with simple search strings
     Select from many default search queries to find the applicable logs
     Monitor logs from administrator activity and connections in real-time
    For more about using SmartLog, see the R77 SmartLog Administration Guide.

    Enabling SmartLog
    The SmartLog Index Server contains a central index of log entries from all SmartLog enabled Security
    Management Server and Log Servers.

    To enable SmartLog:
    1. Open SmartDashboard.

    2. From the Network Objects tree, double-click the Security Management Server or Domain


    Log Server.

    The General Properties window opens.

    3. In the Management tab, select Logging & Status.

    4. From the navigation tree, click Logs.

    5. Select Enable SmartLog and then click OK.

    6. From the menu bar, select Policy > Install Database.

    The SmartLog Index Server is installed on the Security Management Server.


    7. From the menu bar, select SmartConsole > SmartLog.

    The SmartLog console opens.

    Sample Log Analysis


    This is a sample procedure that shows how to use SmartLog to do an analysis of a log of a dropped
    connection.

    To show a log of a dropped connection:


    1. From SmartLog, in the Query Top Results pane select Top Actions > Drop.

    The Results pane shows the logs for dropped connections.

    2. Double-click a log.

    The Log Details window opens.

    This is some of the information about the dropped connection in the log:
    o A telnet connection from 10.6.20.54 to 10.17.45.125 was dropped
    o The connection matched rule number 2 (Telnet not allowed) in the Firewall Rule Base
     

    Potrebbero piacerti anche