Viewing Security Logs

The Logs & Monitoring > Logs > Security Logs page shows the last 100 log records.

To load more records, continue scrolling down the page. The log table is automatically refreshed.

To search for a security log:

Enter your query in the Enter search query box. You can only search one field at a time (the logical operators "AND" and "OR" are not supported).

Use one of these syntaxes:

  • <IP_address>

  • <Column_Name>:<Value>

Examples:

  • 203.0.113.64

  • action:drop

  • source port:22

For more details, click Query Syntax in the table header.

To see the security log record:

  1. Select a log entry from the list.

  2. Click View Details or double-click the entry.

    The log record opens.

To refresh the security log data:

Click the Refresh icon .

To stop local logging:

When necessary, you can stop local logging for better performance. This removes the overhead of creating and maintaining logs. No new logs are generated until you set the resume option.

  1. Select Options > Stop local logging.

  2. To resume, select Options > Resume local logging.

Storing Logs

Logs can be stored locally on the appliance's non-persistent memory or on an external SD card (persistent). Logs can also be sent to an externally managed log server (see Log Servers page).

When you insert an SD card, it mounts automatically and then local logs are saved to it. Before you eject an SD card, make sure to unmount it. Select Options > Eject SD card safely.

Note - In firmware versions R77.20.85 and higher, SD cards are formatted with the ext4 file system. In older firmware versions, SD cards are formatted with the FAT32 file system. If you upgrade to a version R77.20.85 or higher, the file system on the SD card remains FAT32 for backward compatibility.

To delete logs from local log storage:

  1. In Logs & Monitoring > Logs > Security Logs page, click Clear logs.

    A confirmation window opens.

  2. Click Yes to delete logs.

    The logs are deleted, and the logs grid reloads automatically.

Note - Logs are deleted from the external SD card (if inserted) or from the local logs storage. Logs are not deleted from the remote logs server.

The logs are deleted, and the logs grid reloads automatically.