Accepted Connections Reports
To search for and generate a report on IP connections that were accepted by selected firewall log sources during a specified time interval, use the Accepted Connections Real-Time Report.
Note:
- Accepted Connections data is summarized in 10 minutes and 1 hour. If the report time interval is less than 2 hours, the time range is cut to 10 minutes, and if it is more than 2 hours, it is cut to 1 hour.
- To view the detail report, you must enable the option. This might require additional time and storage in downloading this report.
Menu path:
In addition to setting the common report options in Preparing a Real-time Report, you can select optional filter operators in the generated report.
Optional filter operators can be sorted in ascending or descending order. Choose sort order using the drop-down menu. The default is to display all the following options:
Option | Description |
---|---|
Source Device | Description of the device that sent these log messages |
Translated IP | IP address as translated by the device* |
Source IP | IP address of the source host (non-PIX devices only) |
Destination IP | IP address of the destination host device (non-PIX devices only) |
Port | Port number (service) of the destination host |
Protocol | Protocol of the destination host |
Description | Description of the port (service) |
Messages | Number of log messages received representing this connection |
In Bytes | Number of incoming bytes (Check Point Interface, Cisco PIX, and Juniper Firewall only) |
Out Bytes | Number of outgoing bytes (Check Point Interface, Cisco PIX, and Juniper Firewall only) |
Action | Accept or encrypt - Identifies if the connection was accepted or accepted with encryption (Check Point Interface only) |
Note: * Under certain conditions Network Address Translation (NAT) addresses can show up as 0.0.0.0 in real time reports such as Accepted Connections Reports. This is not a bug since System Alert messages of a certain type (e.g., FWSM-4-106100 in Cisco Catalyst 6500 Series Switches) do not have a translated (mapped) address present in the logs. Therefore, zero is correct because there is no relevant IP address in the parsed logs for FWSM-4-106100.
For information on saving the generated report, see Formats for Saving a Generated Report.
Related reference
Copyright © Cloud Software Group, Inc. All rights reserved.