Query of IPS logs on the USG6000 series

1

By checking threat logs, you can view detection and defense records for network threats such as viruses, learn historical and ongoing threat events, and adjust security policies or implement active defense in a timely manner.
You can view IPS logs only when the current device model supports hard disks and has hard disks installed.
For the USG6000 series, you can view IPS log details on the web UI.
1. Choose Monitor > Log > Threat Log to view threat logs such as IPS logs.
2. Choose Customize and select/deselect conditions for threat log display. The following items can be customized: time, threat type, threat ID, threat name, source zone, destination zone, attacker, target, source address:source port, destination address:destination port, application, protocol, action, security policy, profile, source region, destination region, and virtual system.

Other related questions:
Query of operation logs on the USG6000 series
By checking operation logs, you can view records for operations such as login, logout, and device configuration, learn the device management history, and improve device security. Context Only the USG6000 supports operation logs, and such logs can be displayed only when a hard disk is installed. Note: For the USG6650/6660/6670/6680, the operation log page is displayed no matter whether hard disks are installed. The firewall is deployed between the Internet and the network to be protected. When the IP address or login mode is configured for an administrator to log in to the firewall or the administrator performs any operation after login, operation logs are generated. Procedure 1. Choose Monitor > Log > Operation Log to view operation logs. 2. Choose Customize and select/deselect conditions for threat log display. 3. (Optional) Click Export to export operation logs in CSV format to the management PC.

Query of antivirus logs on the USG6000 series
By checking threat logs, you can view detection and defense records for network threats such as viruses, learn historical and ongoing threat events, and adjust security policies or implement active defense in a timely manner. You can view threat logs only when the current device model supports hard disks and has hard disks installed. For the USG6000 series, you can view antivirus log details on the web UI. 1. Choose Monitor > Log > Threat Log to view threat logs such as antivirus logs. 2. Choose Customize and select/deselect conditions for threat log display. The following items can be customized: time, threat type, threat ID, threat name, source zone, destination zone, attacker, target, source address:source port, destination address:destination port, application, protocol, action, security policy, profile, source region, destination region, and virtual system.

Query of policy matching logs on the USG6000 series
By checking policy matching logs, you can learn traffic matching policies and determine whether security policies are correctly configured or achieve expected effects, to facilitate fault locating. Context Only the USG6000 supports policy matching logs, and such logs can be displayed only when a hard disk is installed. For the USG6650/6660/6670/6680, the policy matching log page is displayed no matter whether hard disks are installed. The firewall is deployed between the Internet and the network to be protected. If traffic matches a security policy, a policy matching log is generated. Before querying policy matching logs, run the log type policy enable command on the firewall to enable the policy matching log function. Choose Monitor > Log > Policy Matching Log to view information about policy matching logs. Choose Customize and select/deselect conditions for the display of policy matching logs. Click Export to export policy matching logs in CSV format to the management PC.

Query of the attack source IP address on the USG6000 series
Run the display anti-ddos source-ip [ ipv4 ip-address [ vpn-instance vpn-instance-name ] | ipv6 ipv6-address ] command on the USG6000 to view the DDoS traffic source IP address monitoring table.

Difference in log and report data queried in the same time range on the USG6000 series
As the firewall supports multiple types of reports, it takes some time for the system to aggregate log data into a report. This may result in a little consistency between log and report data, which is acceptable.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top