Print Download PDF Send Feedback

Previous

Next

Monitoring Threat Prevention

In This Section:

Log Sessions

Using the Log View

Viewing Threat Prevention Rule Logs

Predefined Queries

Creating Custom Queries

Selecting Query Fields

Packet Capture

Advanced Forensics Details

Threat Analysis in the Logs & Monitor View

Log Sessions

Gateway traffic generates a large amount of activity. To make sure that the amount of logs is manageable, by default, logs are consolidated by session. A session is a period that starts when a user first accesses an application or site. During a session, the gateway records one log for each application or site that a user accesses. All activity that the user does within the session is included in the log.

To see the number of connections made during a session, see the Suppressed Logs field of the log in the Logs & Monitor view.

Session duration for all connections that are prevented or detected in the Rule Base, is by default 10 hours. You can change this in the Manage & Settings view in SmartConsole> Blades > Threat Prevention > Advanced Settings > General > Connection Unification.