Viewing Logs

Use the Log tab to view logged packets. You can configure policies in the packet filtering rules so that a packet is logged when it matches, or does not match, a particular policy rule criterion. For a complete description of logs, filtering, and retrieval settings, see "Logging" in SunScreen 3.2 Administrator's Overview.

To Set the Retrieval Mode

You can view packet activity logs in two modes: real time and historical (for a specified time period).

1. Click the Information button in the SunScreen banner.

2. Click the Log tab in the Information page.

   The Log page displays.

   

3. Click the Retrieval Settings tab at the bottom of the log.

   • Real time mode displays the information as the packets pass through the Screen.

   • Historical mode enables you to examine a particular segment for specified time.

     ---

     Note -

     If you are using historical mode, you must use four digits to specify the year, for example, 2001.

     ---

To Set a Log Viewing Filter

1. Click the Information button in the SunScreen banner.

2. Click the Log tab in the Information page.

3. Select or type a Boolean operator (AND, OR, or NOT) in the Operator Filter Keywords fields.

   

4. Either type the entire filter directly into the Current Filter field or perform the following steps:

   1. Select or type a filtering term in the Events Filter Keywords field.

   2. Select or type a filtering term in the Terms Filter Keywords field.

   3. Type the operand value in the Text Filter Keywords field.

   4. Click Add to Current Filter to add the items to the Current Filter field at the cursor insertion point.

   5. Click Apply to activate the filter.

   ---

   Note -

   For listings of the terms and values permitted in the four Filter Keywords fields, see the SunScreen 3.2 Administrator's Overview.

   ---

   For example, you can type host in the Term field and your machine name in the Text field to only see records that apply to your machine.