Log Analysis
SmartConsole lets you transform log data into security intelligence. Search results are fast and immediately show the log records you need. The Security Gateways send logs to the Log Servers on the Security Management Server or on a dedicated server. Logs show on the SmartConsole tab. You can:
- Quickly search through logs with simple Google-like searches.
- Select from many predefined search queries to find the applicable logs.
- Create your own queries using a powerful query language.
- Monitor logs from administrator activity and connections in real-time.
Configuring Logging
To configure logging from a Security Gateway to a Security Management Server or a Log Server:
- Define one or more Log Servers (if necessary).
- Enable logging on the Security Management Server and the Log Servers.
- Configure the Security Gateways to send logs to the Log Servers.
- Install the Policy.
To enable logging on a server:
- In SmartConsole, go to and double-click the server object.
The properties window opens.
- Establish between the Security Management Server and the Log Server. Make the certificate state: Trust Established.
- In the tab, select .
- From the navigation tree, click .
This shows the Security Gateways that forward logs to this machine.
- Make sure that is selected. It is enabled by default optimizes the log search time.
- Click .
To configure a Security Gateway to send logs to log servers:
- In SmartConsole, go to and double-click the gateway object.
The gateway properties window opens.
- From the navigation tree, click .
- In the section, click the plus sign and select a server.
Make sure that in the column, is selected.
- Optional - In the , add backup servers.
To complete the configuration:
- Click .
- Install the Access Control Policy.
