HP T5700 HP Sygate Security Agent User Guide - Page 37

Ch. 5: Monitoring and Logging, Types of Logs

Get HP T5700 - Compaq Thin Client PDF manuals and user guides View all HP T5700 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 37 highlights

Chapter 5. Monitoring and Logging This chapter describes how you can monitor your system by using the logs that are present in the Agent. It begins with an overview of logs, their types, and the tasks you can do with logs, such as back tracing logged events. The Agent's logs are an important method for tracking your device's activity and interaction with other devices and networks. The logs record information about the Agent's status and about traffic attempting to enter or exit your device through your network connection. There are four separate logs that monitor different aspects of your network connection. These logs tell you when your device has been blocked from the network and to some extent why. They are particularly useful in detecting potentially threatening activity, such as port scanning, that is aimed at your device. They also help you troubleshoot connectivity problems or possible network attacks. The Agent's logs can also do back tracing, which enables you to use ICMP to determine all the hops between your device and an intruder on another computer. Types of Logs On the Agent, you can view four types of logs: • Security-Records potentially threatening activity directed towards your device, DoS attacks, port scans, executable file alterations, and Trojan horse attacks. • Traffic-Records every connection your device makes through the network. • Packet-Captures every packet of data that enters or leaves a port on your device. • System-Records all operational changes for the Agent, such as the starting and stopping of services, detection of network applications, software configuration modifications, and software execution errors. 27

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
Chapter 5. Monitoring and Logging
This chapter describes how you can monitor your system by using the logs that are present
in the Agent. It begins with an overview of logs, their types, and the tasks you can do with
logs, such as back tracing logged events.
The Agent’s
logs
are an important method for tracking your device’s activity and interaction
with other devices and networks. The logs record information about the Agent’s status and
about traffic attempting to enter or exit your device through your network connection.
There are four separate logs that monitor different aspects of your network connection.
These logs tell you when your device has been blocked from the network and to some extent
why. They are particularly useful in detecting potentially threatening activity, such as port
scanning, that is aimed at your device. They also help you troubleshoot connectivity
problems or possible network attacks.
The Agent’s logs can also do back tracing, which enables you to use ICMP to determine all
the hops between your device and an intruder on another computer.
Types of Logs
On the Agent, you can view four types of logs:
Security
—Records potentially threatening activity directed towards your device,
DoS attacks, port scans, executable file alterations, and Trojan horse attacks.
Traffic
—Records every connection your device makes through the network.
Packet
—Captures every packet of data that enters or leaves a port on your device.
System
—Records all operational changes for the Agent, such as the starting and
stopping of services, detection of network applications, software configuration
modifications, and software execution errors.
27