Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

About the Traffic Logs Page

 

To access this page, click Monitor > Traffic Logs.

You can use the Traffic Logs page to view the details of the traffic logs that are generated by managed devices. You can view the traffic logs that are generated in the past 24 hours. These traffic logs are used to debug certain events such as, session create, session delete, and session update and so on. You can view the traffic logs for SD-WAN and Next-Generation firewall deployments.

Tasks You Can Perform

You can perform the following tasks from this page:

  • View a graphical representation of Traffic logs in a specified time range (Time Range widget).

    The x-axis represents the defined time and the y-axis represents number of traffic logs.

    Use the slider to decrease or increase the time range within which you want to view the traffic logs. You can also select from pre-defined time ranges such as 5m, 10m, 20m, 30m, 1h, 2h, 4h, 8h, 16h, 24h, or Custom.

    If you select Custom, you must specify the dates and times (in MM/DD/YYYY and HH:MM:SS 24-hour or AM/PM formats) from when and up to when you want the traffic logs displayed.

  • View information related to traffic logs; see Table 1.

  • View similar traffic logs. Select a traffic log and Click Show exact match to view similar log.

  • Group the traffic logs based on the options available in the Group by field. For example, you can group the traffic logs based on destination country, destination IP, and so.

  • Show or hide the columns displayed on the page—Click the Show Hide Columns icon at the top right corner of the page and select the columns that you want displayed in the grid.

  • View the traffic logs in non tabular format or raw text by clicking the More > Show raw log option.

  • Create an alert for a specific traffic by clicking the More > Create Alert option.

  • Create a report for a specific traffic by clicking the More > Create Report option.

  • Export a traffic log to a comma-separated values (CSV) file by clicking the More >Export to CSV option.

Table 1 provides information related to traffic logs.

Table 1: Columns on the Traffic Logs Page

Fields

Description

Log Generated Time

View the time when the traffic log was generated.

Log Received Time

View the time when the traffic log was received by CSO.

Site

View the site name when the traffic log was generated.

Event Name

View the event name of the traffic log.

Source Country

View the source country name from where the event originated.

Source IP

View the source IP address from where the event occurred (IPv4 or IPv6).

Destination Country

View the destination country name from where the event occurred.

Destination IP

View the destination IP address of the event (IPv4 or IPv6).

Source Port

View the source port of the event.

Destination Port

View the destination port of the event.

Description

View the description of the log.

Policy Name

View the name of the policy for which the traffic log was generated.

URL

View the accessed URL name that triggered the traffic log.

Event Category

View the event category of the traffic log (For example firewall or apptrack).

User Name

View the user name.

Action

View the action taken for the event: warning, allow, and block.

Host Name

View the hostname in the log.

Service Name

View the name of the Layer 4 service.

Nested Application

View the name of the Layer 7 application.

Source Zone

View the source zone of the site.

Destination zone

View the destination zone of the site.

Roles

View the role names associated with the event.

Reason

View the reason for the log generation. For example, unrestricted access.

NAT Source Port

View the source port of traffic after NAT.

NAT Destination Port

View the destination port of traffic after NAT.

NAT Source Rule Name

View the source NAT rule name.

NAT Destination Rule Name

View the destination NAT rule name.

NAT Source IP

View the source IP address after the IP address translation.

NAT Destination ID

View the destination IP address after the IP address translation.

Traffic Session ID

View the Session ID mapped by site to an event.

Path Name

View the path name of the log.

Logical System Name

View the logical system name.

Rule Name

View the rule name.

Profile Name

View the name of the Web filtering profile that triggered the log.