On This Page
Getting Logs for APG
There are two methods for getting logs:
- File: Manually upload existing logs from the monitored device to an APG job so that you can analyze past traffic. You will need to prepare the log files so that they are in the correct format for analysis.
- Device: Configure the APG job to use logs sent from the device to the TOS servers. Use this method, if you are analyzing future traffic. The device needs to be configured for real time monitoring.
For Check Point devices, see Getting Check Point Logs for Upload.
Prepare Log Files from Firewall Devices
- Collect the log files from the firewall for the desired time frame.
- Remove all logs not related to traffic.
- Remove drop logs (unless you are analyzing dropped traffic).
- Filter for other values, if necessary.
- Identify and extract the relevant fields (source; destination; port; IP-protocol) in the logs.
- Convert the field values to the standard format:
source destination port IP-protocolFor example:
10.0.0.1 192.168.1.2 22 632.1.33.2 192.168.1.2 53 17 - Store the results in a single file.
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague