8.1 Firewall
The Firewall Forward Logs section provides a comprehensive view of all forwarded traffic and events that occur within the Toorce firewall. This log is essential for monitoring, troubleshooting, and analyzing network activity and security incidents.
- Seq: This column displays a sequential number for each log entry (e.g., 1, 2, 3, 4...), allowing for easy reference and organization of log entries.
- # (Session Details Button): Clicking this button reveals detailed information about the specific session associated with the log entry. This can be crucial for in-depth analysis.
- Time: Displays the timestamp of the log entry (e.g., 2024-10-07 05:42:43). This information is critical for understanding when specific events occurred.
- Rule Name: Indicates the name of the firewall rule that triggered the log entry (e.g., Implicit deny). This helps in identifying which rules are active and their effects on traffic.
- In Dev (Inbound Device): Shows the interface through which the traffic entered the firewall (e.g., enp3s0). This helps in tracking the path of incoming traffic.
- Out Dev (Outbound Device): Indicates the interface through which the traffic exited the firewall (e.g., enp2s0). This is useful for understanding where the traffic was directed.
- Source IP: Displays the originating IP address of the traffic (e.g., 10.10.10.2). Knowing the source IP is essential for identifying the origin of potential threats or legitimate requests.
- Service: Indicates the service and port number associated with the traffic (e.g., TCP/10051). This helps in understanding the type of traffic being handled.
- Action: Shows the action taken by the firewall on the traffic (e.g., Drop). This is vital for assessing how the firewall is managing network traffic.
- Destination IP: Displays the intended destination IP address of the traffic (e.g., 192.168.100.108). This information is crucial for determining where the traffic was headed.
8.2 Web Security
Details on Web Security Logs will be presented here.
8.3 Antivirus
Details on Antivirus Logs will be presented here.
8.4 Applications
Details on Application Logs will be presented here.
8.5 IPS
Details on IPS Logs will be presented here.
8.6 DHCP
The DHCP Lease Logs section provides detailed information about the leases granted to devices on the network. This log is essential for tracking IP address assignments, managing network resources, and troubleshooting connectivity issues.
- Display (…) Records Per Page: This feature allows administrators to view the logs in manageable batches of five records at a time.
- Search: A search field is available for quickly locating specific entries based on IP address, MAC address, hostname, or other criteria, enhancing efficiency in log management.
- IP Address: Displays the IP address assigned to the device (e.g., 10.10.10.2). This information is crucial for identifying the specific device within the network.
- MAC Address: Shows the Media Access Control (MAC) address of the device (e.g., 30:d0:42:35:38). The MAC address is unique to each network interface, helping to distinguish devices even if they share the same IP.
- Hostname: Indicates the hostname associated with the IP address (e.g., Ahmed). This makes it easier to identify the device and its user, especially in larger networks.
- Lease Start: Displays the timestamp for when the DHCP lease was granted (e.g., 2024/10/07 05:40:37). This is important for understanding the duration of the lease and when the device connected to the network.
- Lease End: Shows the timestamp for when the DHCP lease will expire (e.g., 2024/10/07 17:40:37). This information is vital for managing IP address availability and ensuring devices renew their leases in time.
8.7 SSL VPN
Details on SSL VPN Logs will be presented here.
8.8 Local Firewall Events
Details on Local Firewall Events Logs will be presented here.
8.9 Quarantine
Details on Quarantine Logs will be presented here.