Query of policy matching logs on the USG6000 series

34

By checking policy matching logs, you can learn traffic matching policies and determine whether security policies are correctly configured or achieve expected effects, to facilitate fault locating.

Context
Only the USG6000 supports policy matching logs, and such logs can be displayed only when a hard disk is installed.
For the USG6650/6660/6670/6680, the policy matching log page is displayed no matter whether hard disks are installed.
The firewall is deployed between the Internet and the network to be protected. If traffic matches a security policy, a policy matching log is generated.

Before querying policy matching logs, run the log type policy enable command on the firewall to enable the policy matching log function.
Choose Monitor > Log > Policy Matching Log to view information about policy matching logs.
Choose Customize and select/deselect conditions for the display of policy matching logs.
Click Export to export policy matching logs in CSV format to the management PC.

Other related questions:
Method used to export policy matching logs on the USG6000
The method used to export policy matching logs on the USG6000 is as follows: 1. Choose Monitor > Logs > Policy Matching Logs. 2. Select Column Customization and select or cancel various types of conditions displayed in policy matching logs. 3. Click Export to export policy matching logs in the CSV format to the administrator's PC.

Security policy matching order on the USG6000 series
When multiple security policies are to be matched, they are matched in a specific order. Therefore, you are advised to configure more fine-grained security policies first.

Security policy matching order on the USG6000
On the USG6000, the device preferentially executes security policies configured earlier. Therefore, you are advised to first configure security policies with smaller matching scopes and accurate matching conditions and then configure security policies with larger matching scopes and wider matching conditions.

Query of operation logs on the USG6000 series
By checking operation logs, you can view records for operations such as login, logout, and device configuration, learn the device management history, and improve device security. Context Only the USG6000 supports operation logs, and such logs can be displayed only when a hard disk is installed. Note: For the USG6650/6660/6670/6680, the operation log page is displayed no matter whether hard disks are installed. The firewall is deployed between the Internet and the network to be protected. When the IP address or login mode is configured for an administrator to log in to the firewall or the administrator performs any operation after login, operation logs are generated. Procedure 1. Choose Monitor > Log > Operation Log to view operation logs. 2. Choose Customize and select/deselect conditions for threat log display. 3. (Optional) Click Export to export operation logs in CSV format to the management PC.

Query of antivirus logs on the USG6000 series
By checking threat logs, you can view detection and defense records for network threats such as viruses, learn historical and ongoing threat events, and adjust security policies or implement active defense in a timely manner. You can view threat logs only when the current device model supports hard disks and has hard disks installed. For the USG6000 series, you can view antivirus log details on the web UI. 1. Choose Monitor > Log > Threat Log to view threat logs such as antivirus logs. 2. Choose Customize and select/deselect conditions for threat log display. The following items can be customized: time, threat type, threat ID, threat name, source zone, destination zone, attacker, target, source address:source port, destination address:destination port, application, protocol, action, security policy, profile, source region, destination region, and virtual system.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top