Print Download PDF Send Feedback

Previous

Next

Viewing Rule Logs

You can search for the logs that are generated by a specific rule, from the Security Policy or from the Logs & Monitor > Logs tab.

To see logs generated by a rule (from the Security Policy):

  1. In SmartConsole, go to the Security Policies view.
  2. In the Access Control Policy or Threat Prevention Policy, select a rule.
  3. In the bottom pane, click one of these tabs to see:
    • Logs - By default, shows the logs for the Current Rule. You can filter them by Source, Destination, Blade, Action, Service, Port, Source Port, Rule (Current rule is the default), Origin, User, or Other Fields.
    • History (Access Control Policy only) - List of rule operations (Audit logs) related to the rule in chronological order, with the information about the rule type and the administrator that made the change.

To see logs generated by a rule (by Searching the Logs):

  1. In SmartConsole, go to the Security Policies view.
  2. In the Access Control Policy or Threat Prevention Policy, select a rule.
  3. Right-click the rule number and select Copy Rule UID.
  4. In the Logs & Monitor > Logs tab, search for the logs in one of these ways:
    • Paste the Rule UID into the query search bar and press Enter.
    • For faster results, use this syntax in the query search bar:

      layer_uuid_rule_uuid:*_<UID>

      For example, paste this into the query search bar and press Enter:

      layer_uuid_rule_uuid:*_46f0ee3b-026d-45b0-b7f0-5d71f6d8eb10

Policy Installation History

In the Installation History you can choose a Gateway, a date and time when the Policy was installed, and:

To work with the Policy installation history:

  1. In SmartConsole, go to Security Policies.
  2. From the Access Tools or the Threat Prevention Tools, select Installation History.
  3. In the Gateways section, select a Gateway.
  4. In the Policy Installation History section, select an installation date.
  5. To see the revisions that were installed and who made them:

    Click View installed changes.

    To see the changes that were installed and who made them :

    Click View.

    To revert to a specific version of the Policy:

    Click Install specific version.