Monitoring Operations

Concept

If we have an external log server, we can point our Security Management Server logs to that server so it's saved there too.

This can be used to research alerts, rejected connections, failed authentication attempts, analyze traffic patterns, and meet compliance requirements (government)

Export

The logs on the Security Gateway can also be exported and then imported into a SIEM or a dedicated log server

Track Options

Alert Options

• Per Connection

  • Every single conversation / connection

  • More logs

• Per Session

  • Puts a bunch of connections into one object

  • Less logs

Log

Queries

The SmartConsole usually displays the first top 50 queries in the default log menu. Predefined queries exist however, custom queries can be made

Practice Questions