Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Monitor All Events

 

You are here: Monitor > Events > All Events.

Use this page to view the summary of all the events, threat severity, attacks, graphs, and grid elements for all types of events.

Using the time-range slider, you can quickly focus on the time and area of activity that you are most interested in. Once the time range is selected, all of the data presented in your view is refreshed automatically. You can also use the Custom button to set a custom time range.

You can select either the Grid View tab or the Chart View tab to view your data:

  • Grid View—View the comprehensive details of events in a tabular format that includes sortable columns. You can group the events using the Group By option. For example, you can group the events based on source country, Source IP etc. The table includes information such as the event name, Source country, source IP address, and so on. Table 1 describes the fields on the Grid View page.

  • Chart View—View a brief summary of all the events in your network. The top of the page has a swim lane graph of all the all events. You can use the widgets at the bottom of the page to view critical information such as, top sources, top source countries, top destinations, and top destination countries. Table 2 describes the widgets on the Chart View page.

Table 1: All Events—Fields on the Grid View Page

Field

Description

Grid View

Displays information in grids that are lazy loaded with infinite scrolling. You can narrow down your search to a particular event based on IP address, description, or attack name.

Filters

Displays the filters list that are displayed above the grids.

First filter list

Displays the options available in the first filter list are: Firewall, Webfilter, ContentFilter, Antispam, Antivirus, IPsec VPN, IPS, Screens, Security Intelligence, and ATP.

Select the event that you want to filter in the first filter list.

Second filter list

Displays the options available in the second filter list are: Event-name, Source-address, Destination-address, Source name, User, Role, Reason, Profile, Protocol, and Category.

Select the next criteria of the event on which you want to filter from the second filter list.

Text box

Displays the filter parameter that you selected from the second filter list.

Note: In the filter statement the following limitation exists:

  • You can use only one operator at a time.

  • You can use only one instance of the criteria or parameter in one filter statement.

For example, if you have used & operator and the parameter event-name once, I cannot use them again in the same filter statement

CORRECT USAGE : event name = rt_flow_session_close & application=TELNET

WRONG USAGE : event name=rt_flow_session_close & event-name = rt_flow_session_create

WRONG USAGE : event name = rt_flow_session_close & source-address=x.x.x.x & application=TELNET

Note: The filter statement is NOT case-sensitive.

Add the parameter for which you want to filter. For example, in the first filter list if you selected Firewall as the event filter and in the second filter list you selected event-name as the parameter, then the text box displays event-name =. If you add rt_flow_session_close to see only Firewall events then the text box displays event name = rt_flow_session_close.

Go

Executes the filter statement that is displayed in the text box.

Click Go.

X

Clears the filters.

Click X.

Show Hide Column Filter icon represented by three vertical dots

Enables you to show or hide a column in the grid.

Threat Severity

Displays the severity level of the threat.

Event Name

Displays the event name of the log.

Description

Displays the description of the log.

Attack Name

Displays the attack name of the log: Trojan, worm, virus, and so on.

UTM Category or Virus Name

Displays the UTM category of the log.

Event Category

Displays the event category of the log.

Source Country

Displays the source country of the event.

Source IP

Displays the source IP address from where the event occurred.

Source Port

Displays the source port of the event.

Destination Country

Displays the destination country of the event.

Destination IP

Displays the destination IP address of the event.

Destination Port

Displays the destination port of the event.

Application

Displays the application name from which the events or logs are generated.

Username

Displays the username from whom the log is generated.

Hostname

Displays the host name in the log.

Service Name

Displays the name of the application service. For example, FTP, HTTP, SSH, and so on.

Protocol ID

Displays the protocol ID in the log.

Policy Name

Displays the Policy name in the log.

Source Zone

Displays the User traffic received from the zone.

Destination Zone

Displays the destination zone of the log.

Nested Application

Displays the nested application in the log.

Roles

Displays the role names associated with the event.

Reason

Displays the reason for the log generation. For example, a connection tear down may have an associated reason such as authentication failed.

NAT Source Port

Displays the translated source port.

NAT Destination Port

Displays the translated destination port.

NAT Source Rule Name

Displays the NAT source rule name.

NAT Destination Rule Name

Displays the NAT destination rule name.

NAT Source IP

Displays the translated (or natted) source IP address. It can contain IPv4 or IPv6 addresses.

NAT Destination IP

Displays the translated (also called natted) destination IP address.

Traffic Session ID

Displays the traffic session ID of the log.

URL

Displays the accessed URL name that triggered the event.

Object Name

Displays the object name of the log.

Path Name

Displays the path name of the log.

Logical System Name

Displays the name of the logical system.

Rule Name

Displays the rule name of the log.

Action

Displays the action taken for the event: warning, allow, and block.

Time

Displays the time when the log was received.

Table 2: All Events—Widgets on the Chart View Page

Field

Description

Chart View

Displays the trend analysis, displayed in the Time Range graph, in numbers.

Total Events

Displays the total number of events that occurred in the specified time range.

Virus Instances

Displays the number of virus instances that occurred in the specified time range.

Attacks

Displays the number of IDP or IPS attacks that occurred in the specified time range.

Interface Down

Displays the total number of interfaces that are down.

Sessions

Displays the total number of firewall events or sessions that occurred during the time period specified in the Time Range graph.

Graphs

Firewall

Web Filtering

IPsec VPNs

Content Filtering

Antispam

Antivirus

IPS

Screen

Security Intelligence

ATP

The graphs display the trend analysis in swim lane chart for the time range that you specified in the Time Range graph.

Mouse over at any point in the swim lane chart to view further details at that point.

The legend in each graph shows the colors and its related interpretation.

For example, in the Firewall graph, blue color represents all firewall events and black represents blocked firewall events. Similarly, in the IPS graph, orange, amber, and yellow represent critical, high, and medium IPS attacks respectively.

Related Documentation