Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
DPI Events<br />
By default, the IDF Server Plug-in collects <strong>Firewall</strong> and DPI Event logs from the IDF Client Plug-ins at<br />
every heartbeat. (This can be turned off from the <strong>Firewall</strong> and DPI tab on the System > System<br />
Settings screen.) The data from the logs is used to populate the various reports, graphs, and charts in<br />
the IDF Server Plug-in.<br />
Once collected by the IDF Server Plug-in, Event logs are kept for a period of time which can be set from<br />
System tab on the System > System Settings screen. The default setting is one week.<br />
From the main screen you can:<br />
View ( ) the properties of a particular event<br />
Filter the list: Use the Period and Computer toolbars to filter the list of events<br />
Export ( ) the event log data to a CSV file<br />
Search ( ) for a particular event<br />
Additionally, right-clicking a log entry gives you the option to:<br />
Computer Details: View the Details screen of the Computer that generated the log entry<br />
DPI Rule Properties: View the all the properties of a particular log entry on open Properties<br />
window<br />
Whois Source IP: Perform a whois on the source IP<br />
Whois Destination IP: Perform a whois on the destination IP<br />
Columns for the DPI Events display:<br />
Time: Time the event took place on the Computer.<br />
Computer: The Computer on which this event was logged. (If the Computer has been removed,<br />
this entry will read "Unknown Computer".)<br />
Reason: The DPI Rule associated with this event.<br />
Application Type: The Application Type associated with the the DPI Rule which caused this<br />
event."<br />
Action: What action the DPI Rule took (Allow, Deny, Force Allow, Log Only, or Detect Only (if the<br />
rule is in Detect Only mode)).<br />
Rank: The Ranking system provides a way to quantify the importance of DPI and <strong>Firewall</strong> Events.<br />
By assigning "asset values" to Computers, and assigning "severity values" to DPI Rules and<br />
<strong>Firewall</strong> Rules, the importance ("Rank") of an Event is calculated by multiplying the two values<br />
together. This allows you to sort Events by Rank when viewing DPI or <strong>Firewall</strong> Events.<br />
Direction: The direction of the packet (incoming or outgoing)<br />
Interface: The MAC address of the interface through which the packet was passing.<br />
Protocol: Possible values are "ICMP", "IGMP", "GGP", "TCP", "PUP", "UDP", "IDP", "ND", "RAW",<br />
"TCP+UDP", AND "Other: nnn" where nnn represents a three digit decimal value.<br />
Flags: Flags set in the packet.<br />
Source IP: The packet's source IP.<br />
Source MAC: The packet's source MAC address.<br />
Source Port: The packet's source port.<br />
Destination IP: The packet's destination IP address.<br />
Destination MAC: The packet's destination MAC address.<br />
Destination Port: The packet's destination port.<br />
Packet Size: The size of the packet in bytes.<br />
© Copyright 2010 <strong>Trend</strong> <strong>Micro</strong> Inc. www.trendmicro.com<br />
All rights reserved. - 39 -