How to report traffic logs for a specific rule ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to report traffic logs for a specific rule ?

L3 Networker

Hello,

I have defined several specific policies to allow traffic through my PA device.

I have also created a rule that allow any traffic (at the end) to not impact current traffic.

My idea is to be able to identify all traffic that flows through my device through this "allow any" rule and then create specific rules for legitimate traffic.

I have a lot of traffic passing through my "allow any" rule. It is pretty unfriendly to go to the monitor tab and load the filter for this rule and then analyze logged traffic.

Also my question is : how to create a scheduled report for all the traffic flowing through my "allow any" rule (there are dozen of pages ?

And in a general manner : how to create custum scheduled report for any specific rule ?

I have tried to achieve this using the custom report section by defining filter on a specific rule, but unfortunatly it only allows to display top 10, top 100 ..reports.

Regards,

Laurent

5 REPLIES 5

@Laurent:

I would advise having a daily report for the top 25 applications that match your any-any-allow rule. Each day review this report and create specifc allow/deny rules for the applications based upon the desired behavior in your network.

-Benjamin

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!