Working with Logs and Events

1. From the left navigation toolbar, click Logs & Events.

2. From the top menu bar, click the applicable tab.

   Tab descriptions:

   Tab	Description
   Gateway Logs	Shows the traffic logs.
   Events	Shows various gateway events. Note - Supported for Security Gateways running R81.10.10 and higher versions.
   Infected Hosts	Shows the logs about infected hosts on internal networks.
   Prevented Attacks	Shows the logs about prevented attacks (based on the configured security settings).
   Detected Attacks	Shows the logs about detected attacks (based on the configured security settings).
   Access View	Shows various statistic counters.
   Traffic Monitor	Shows various traffic statistic counters.
   Internet Monitoring	Monitors the internet status per link or Gateway over time.. Note - Supported for Gateways running R81.10.10 and higher. Aggregated and Gateway-specific dashboards are available under Logs & Events -> Internet Monitoring. Important - You must enable the probing feature on the Gateway in order to report this information to Quantum Spark Management. Go to the local WebUI of the Gateway and navigate to Device -> Internet -> Edit internet connection -> Connection monitoring -> Monitor connection state by sending packets… These are the available statuses for each Gateway: Excellent – All links are up and in the predefined threshold. Good – At least one link is in the predefined threshold. Poor – All links exceed the thresholds. Down / Unknown – The gateway has reported a down status on all links, or has stopped reporting its internet status for at least one hour. There are three separate new dashboards: Aggregated Internet Monitoring View: Current status of Gateways Top unstable Gateways by internet connection Top unstable links Overall SLA Number of SD-WAN link swaps Top Gateways by traffic Gateway Internet Monitoring View: Accessible when selecting a specific Gateway in internet monitoring, or by drill down on the internet status for a specific Gateway Easily switch Gateways at the top left Jitter, latency and packet loss graphs over time Throughput, connections, and packet rate Link status heatmap over time SD-WAN steering objects status (scroll down to view this section) Links Drill Down View: Accessible from the aggregated Internet Monitoring View when you drill down on a specific link Contains all of the Gateways' reporting data on WAN link, internet connection name. and status Unstable internet connection by sum of duration across all Gateways Overall SLA filtered by specific link
   Assets	Gateways report the connected assets, including IoT assets.. Note - Supported for Gateways running R81.10.10 and higher. The reporting is based on the list present on the Gateway WebUI and is decided based on an updated recognition flow. The data consists of assets that have been connected to the Gateway in the last 24 hours. The data of the connected assets is refreshed from the Gateway every 15 minutes. There are two main views available to presents the assets: Assets Overview Located in Logs & Events -> Assets Shows an overview of all assets from all Gateways in this account Each status is available for a drill down to view more information about the assets. The same view is available for all Gateways, or for a single Gateway, decided by the top left Gatewayselector. Distinction between IoT, non-IoT, and unrecognized devices. Counters for assets with the following statuses: Manually blocked – Number of assets that were manually blocked from outgoing access on the local WebUI Infected assets – Number of infected assets, assets that have reported Anti-Bot activity in the last 30 days Assets attempted to access an unauthorized domain. This is relevant for IoT devices only. The IoT device, managed by the IoT blade, has attempted to access a domain outside its updated practices for the specific asset type and vendor. Not under IoT policy – Relevant for IoT devices only. The number of devices that are not protected under the IoT policy. Standard blades still apply. This may occur for several reasons: Low confidence recognition – In this case, it is recommended to manually confirm or override the recognition to include it in the IoT policy. No practices for this asset type and vendor – This may occur for unrecognized vendors or asset types. The IoT device is excluded from the IoT policy – Some asset types / functions are excluded from IoT policy by default because their traffic cannot be categorized (for example, Smart TV). Assets Details View Drill down on most of the elements from the assets overview page: click on the number of assets, show more for a specific asset type, and more. Provides more detailed information on the assets, quick filters and statistics on the left bar, and additional search capabilities The assets shown in the list are assets that were last seen by a Gateway reporting to the cloud within the last 24 hours. Click on each row for additional information on the specific asset, with additional actions like: View unauthorized access Search for asset in logs
   VPN Monitoring	Shows VPN site-to-site status of managed gateways. Note - Supported for Gateways running R81.10.10 and higher. The available views: Gateway VPN Monitoring View Current status of the VPN tunnels Status of the tunnesl over time: shows the worst status during the applicable time frame (for example, the VPN tunnel was down for two minutes between 10:00-11:0; the entire hour is referred to as down). VPN- related events for this Gateway, ordered by time Total uptime of the VPN tunnels in the given time frame Aggregated VPN Monitoring View Shows the VPN overview across all Gateways in this account. Navigate to Logs & Events -> VPN Monitoring to see the following data: The current VPN status summary of the Gateways Top Gateways with unstable VPN tunnels, sorted by the duration of the down status Top VPN-related events. Status of the Gateways over time Number of events over time aggregated by severity
   System Monitoring	Monitors the Gateway's resources for comprehensive system health insights. Note - Supported for Gateways running R81.10.10 and higher. Gateways with supported firmware report their system resources to Quantum Spark Management, sampling every minute. The metrics used for this view are: CPU Memory Disk space Temperature Additional system-related events are available on the Events page, and are also used as part of the System Monitoring dashboards (for example: Unexpected reboot, Flash lifespan alert, and more). Two dashboards represent System Monitoring: Aggregated System Monitoring View Located in Logs & Events -> System Monitoring, this view contains a summary of system resources for all Gateways under this account. System Status: Shows the current system status, regardless of the time frame of the view: Within thresholds: All metrics are within thresholds within the last 24 hours Exceeding thresholds: Gateways have exceeded thresholds on some metrics (average) for over 15 minutes within the last 24 hours. Critical: Critical issue or event detected in the last 24 hours (for example: Temperature exceeds the threshold or CPU > 99% for over 15 minutes and more. Top Gateways with System Issues : Shows top Gateways by duration of time for each status Filter by all metrics, or choose a specific metric from the drop-down menu. Show only Gateways with issues Click on the bar for additional drill-down. Top Gateways by CPU / Memory usage: Shows the top Gateways sorted by CPU / Memory usage. The top is based on the 99 percentiles. Click on a Gateway name for additional drill down. Gateways With Issues Over Time: shows the number of Gateways by system status over time. System Events By Severity: Shows the number of system-related events by severity Click on the severity in the pie chart to drill down to the events. Gateway System Monitoring View Gateway details strip: Gateway status in the last 24 hours Hover to show more information if there is an issue Firmware version Gateway type Uptime Appliance capabilities (WIFI, WIFI6, SSD, LTE, 5G) Current CPU and memory usage CPU utilization over time: Overall – shows the CPU utilization across all cores, separated by user, system, and IO wait. Performance – dhows the minimum, maximum, and average CPU by core. The data shows the average for 15 minutes. For example, if the CPU shows 95%, it is the average of the CPU usage for 15 minutes, which may impact the performance of the Gateway. The threshold line represents the threshold for CPU usage. Memory utilization over time Throughout overtime Disk usage (top 3 partitions) Events

3. Examine the logs and events for the connected Quantum Spark Appliances.

4. To export the applicable records, click the 3-dot icon in the top-right corner.