Monitoring and Logging
The
Trace route
field provides details, such as IP address, on each
hop
made by the
data packet that was logged by the Agent. A hop is a transition point, usually a router,
that a packet of information travels through at as it makes its way from one computer
to another on a public network, such as the Internet.
4.
To view detailed information on each hop, click the
WhoIs>>
button.
A drop panel displays detailed information about the owner of the IP address from
which the traffic event originated. Note that the information displayed does not
guarantee that you have discovered who the hacker actually is. The final hop’s IP
address lists the owner of the router that the hackers connected through, and not
necessarily the hackers themselves.
5.
Click either
Whois<<
again to hide the information.
Note:
You can cut and paste the information in the
Detail information
panel by
pressing
Ctrl+C
to copy the information into the Clipboard.
It is not advisable to contact persons listed in the
Detail information
panel unless
you are experiencing a high number of security logs in which the attacks originate
from one particular IP address.
6.
Click
OK
to return to the Log Viewer dialog box.
Saving Logs
The contents of the logs can be saved to different locations. You may want to do this to save
space, but is it more likely that you do this for security review, or to import them into a tool
such as Microsoft Excel.
To save a log file:
1.
Open the log in the Log Viewer.
2.
Click
File|Export...
.
3.
In the
Save As
dialog box, select the location for the log file.
4.
Click
OK
.
Stopping an Active Response
Any security attack that is detected on the Agent triggers an active response. The active
response automatically blocks the IP address of a known intruder for a specific amount of
time (the default is 10 minutes). If you don’t want to wait the default amount of time to
unblock the IP address, you can stop the active response immediately.
You can stop active responses in the Security Log only.
37