Using the Log View

In SmartConsole:

1. Go to Logs and Monitoring > View.
2. Click New, and select New View.
3. In the New View window, enter:
   • Name
   • Category – For example, select Access Control
   • Description (optional)
4. In the new window that opens, create a query. Click Options > View Filter and select blade and app control.
5. Click Add Widget to customize how you see the data that comes back from the query.

   Start with a Timeline of all events.

   In Table, you can create a table that contains multiple fields such as user, application name, and the amount of traffic. There are more widgets you can use: map, infographic, rich text, chart, and container (for multiple widgets).

   After you save the dashboard (done), you can schedule and get an automatic email at multiple intervals.

This is an example of the Log view.

Viewing Threat Prevention Rule Logs

To see logs generated by a specified rule:

1. In SmartConsole, go to the Security Policies view.
2. In the Threat Prevention Policy, select a rule.
3. In the bottom pane, click one of these tabs to see:
   • Summary - Rule name, rule action, rule creation information, and the hit count. Add custom information about the rule.
   • Logs - Log entries according to specified filter criteria - Source, Destination, Blade, Action, Service, Port, Source Port, Rule (Current rule is the default), Origin, User, or Other Fields.

Predefined Queries

The Logs & Monitor Logs tab provide a set of predefined queries, which are appropriate for many scenarios.

Queries are organized by combinations of event properties, for example:

• Threat Prevention > by Blades.
• More > such as by UA Server or UA WebAccess.
• Anti-Spam & Email Security Blade > such as by Blocklist Anti-Spam or IP Reputation Anti-Spam.