Query of antivirus logs on the USG6000 series

15

By checking threat logs, you can view detection and defense records for network threats such as viruses, learn historical and ongoing threat events, and adjust security policies or implement active defense in a timely manner.
You can view threat logs only when the current device model supports hard disks and has hard disks installed.
For the USG6000 series, you can view antivirus log details on the web UI.
1. Choose Monitor > Log > Threat Log to view threat logs such as antivirus logs.
2. Choose Customize and select/deselect conditions for threat log display. The following items can be customized: time, threat type, threat ID, threat name, source zone, destination zone, attacker, target, source address:source port, destination address:destination port, application, protocol, action, security policy, profile, source region, destination region, and virtual system.

Other related questions:
Query of operation logs on the USG6000 series
By checking operation logs, you can view records for operations such as login, logout, and device configuration, learn the device management history, and improve device security. Context Only the USG6000 supports operation logs, and such logs can be displayed only when a hard disk is installed. Note: For the USG6650/6660/6670/6680, the operation log page is displayed no matter whether hard disks are installed. The firewall is deployed between the Internet and the network to be protected. When the IP address or login mode is configured for an administrator to log in to the firewall or the administrator performs any operation after login, operation logs are generated. Procedure 1. Choose Monitor > Log > Operation Log to view operation logs. 2. Choose Customize and select/deselect conditions for threat log display. 3. (Optional) Click Export to export operation logs in CSV format to the management PC.

Query of IPS logs on the USG6000 series
By checking threat logs, you can view detection and defense records for network threats such as viruses, learn historical and ongoing threat events, and adjust security policies or implement active defense in a timely manner. You can view IPS logs only when the current device model supports hard disks and has hard disks installed. For the USG6000 series, you can view IPS log details on the web UI. 1. Choose Monitor > Log > Threat Log to view threat logs such as IPS logs. 2. Choose Customize and select/deselect conditions for threat log display. The following items can be customized: time, threat type, threat ID, threat name, source zone, destination zone, attacker, target, source address:source port, destination address:destination port, application, protocol, action, security policy, profile, source region, destination region, and virtual system.

Antivirus detection on the USG6000
The antivirus function detects and processes virus files by using a professional intelligent detection engine based on a virus signature database that is updated constantly. Virus detection and processing are described as follows: 1. Virus detection Virus detection is performed by the intelligent detection engine. After traffic flows into the intelligent detection engine, the engine: (1) Performs in-depth analysis on the traffic and identifies the protocol type of the traffic and the file transmission direction. (2) Determines whether virus detection is supported for the file transmission protocol and the file transmission direction. The USG6000 supports virus detection for files transmitted through the following protocols: FTP, HTTP, POP3, SMTP, IMAP, NFS, and SMB. The USG6000 supports virus detection for files transmitted in different directions. a. Upload: The client sends files to the server. b. Download: The server sends files to the client. (3) Virus detection The intelligent detection engine extracts the signature of a file meeting virus detection conditions, and matches the extracted signature with the signatures in the virus signature database. If the signature is matched, this file is a virus file and is processed based on the configuration file. If the signature is not matched, the file is transmitted. The virus signature database contains common virus signatures collected by Huawei. The virus signature database defines common virus signatures and assigns a unique virus ID to each virus signature. After the virus signature database is loaded to the device, viruses defined in the signature database can be identified. The virus signature database must be updated from the security center (sec.huawei.com) constantly to ensure that latest viruses are identified in a timely manner. 2. Antivirus processing When a virus file is detected: (1) The intelligent detection engine determines whether the virus file is a virus exception. If so, the file is transmitted. (2) If the virus file is not a virus exception, the intelligent detection engine determines whether the virus file is an application exception. If so, the specified action (transmitting the file, raising an alarm, or blocking the file) is taken. (3) If the virus file is not a virus exception or an application exception, the action specified in the configuration file is taken.

Whether the USG6000 supports the antivirus function
The antivirus function can be used only after a license is purchased and activated. The whole USG6000 series devices support the antivirus function.

Query of policy matching logs on the USG6000 series
By checking policy matching logs, you can learn traffic matching policies and determine whether security policies are correctly configured or achieve expected effects, to facilitate fault locating. Context Only the USG6000 supports policy matching logs, and such logs can be displayed only when a hard disk is installed. For the USG6650/6660/6670/6680, the policy matching log page is displayed no matter whether hard disks are installed. The firewall is deployed between the Internet and the network to be protected. If traffic matches a security policy, a policy matching log is generated. Before querying policy matching logs, run the log type policy enable command on the firewall to enable the policy matching log function. Choose Monitor > Log > Policy Matching Log to view information about policy matching logs. Choose Customize and select/deselect conditions for the display of policy matching logs. Click Export to export policy matching logs in CSV format to the management PC.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top