Accepted Connections Reports
To search for and generate a report on IP connections that were accepted by selected firewall log sources during a specified time interval, use the Accepted Connections Real-Time Report.
Note:
- Accepted Connections data is summarized in ten minutes and one hour. If the report time interval is less than two hours, the time range is cut to ten minutes, and if it is more than two hours, it is cut to one hour.
- To view the detail report, you must enable the option. This may require additional time and storage in downloading this report.
Menu path:
In addition to setting the common report options in Preparing a Real-time Report, you can select optional filter operators in the generated report.
Optional filter operators can be sorted in ascending or descending order. Choose sort order using the drop-down menu. The default is to display all the following options:
Option | Description |
---|---|
Source Device | Description of the device that sent these log messages |
Translated IP | IP address as translated by the device* |
Source IP | IP address of the source host (non-PIX devices only) |
Destination IP | IP address of the destination host device (non-PIX devices only) |
Port | Port number (service) of the destination host |
Protocol | Protocol of the destination host |
Description | Description of the port (service) |
Messages | Number of log messages received representing this connection |
In Bytes | Number of incoming bytes (Check Point Interface, Cisco PIX, and Juniper Firewall only) |
Out Bytes | Number of outgoing bytes (Check Point Interface, Cisco PIX, and Juniper Firewall only) |
Action | Accept or encrypt - Identifies if the connection was accepted or accepted with encryption (Check Point Interface only) |
Note: * Under certain conditions Network Address Translation (NAT) addresses can show up as 0.0.0.0 in real time reports such as Accepted Connections Reports. This is not a bug since System Alert messages of a certain type (e.g., FWSM-4-106100 in Cisco Catalyst 6500 Series Switches) do not have a translated (mapped) address present in the logs. Therefore, zero is correct because there is no relevant IP address in the parsed logs for FWSM-4-106100.
For information on saving the generated report, see Formats for Saving a Generated Report.
Related reference
Copyright © Cloud Software Group, Inc. All rights reserved.