Event Logs
Event logs contain details of all traffic that flows through the Multicloud Defense Gateway.
After inspection, Multicloud Defense generates sessions and events that are based on what is in the packet and what is defined in the policy. The analysis, related details of events, and actions that are taken are all captured in the form of logs, available under . The system retains these logs for 30 days.
Event types that the logs capture:
|
Event Type |
Event Name |
Description |
|---|---|---|
|
FQDN FILTER |
Fully Qualified Domain Name (FQDN) Filtering |
The related logs generate with details of the FQDN, source, destination IP and so on. The FQDN filtering event only generates in case the policy has an FQDN filtering profile. |
|
SNI |
Server Name Indication (SNI) |
SNI allows multiple host names to be served over HTTPS. This generates when Multicloud Defense observes the SNI in the TLS handshake. |
|
APPID |
App ID (APPID) |
APPID analyzes the network traffic to determine the L7 application. APPID logs generate when the event matches known applications in the database. |
|
L4_FW |
L4 Firewall |
An L4 Firewall event generates when the event matches the policy in the ruleset. |
|
URL FILTER |
URL Filtering |
URL filtering is used to filter out network traffic based on the URL. This event log generates when it matches the URL filtering profile. |
|
IPS |
Intrusion Prevention System (IPS) |
An IPS event generates when the network traffic matches the IPS ruleset. |
|
DLP |
Data Loss Protection (DLP) |
A DLP event generates when the network traffic matches the DLP profile that is configured. The logs record these incidents, along with details of transmission such as endpoint, domain, username, rules, source, destination, action taken, and so on. |
|
WAF |
Web Application Firewall |
A WAF event generates when the network traffic matches the WAF profile that is configured. |
|
L7_DOS |
Layer 7 Denial of Service (DoS) |
A Layer 7 DoS event generates when the network traffic matches the L7 DoS profile that is configured. These logs contain event details, time of attack, requests, mitigations, and so on. |
|
AV |
Antivirus (AV) |
An AV event generates when the event matches an AV ruleset in the network traffic. |
|
DPI |
Deep Packet Inspection (DPI) |
A DPI event generates when the network traffic matches a rule that has an advanced security configured. |
|
MALICIOUS_SRC |
Malicious Source |
A Malicious Source generates when the network traffic matches a malicious IP. |
|
TLS_ERROR |
TLS Error |
A TLS error generates when there is an error during the TLS handshake. |
|
TLS_LOG |
TLS Log |
A TLS log generates when the network traffic uses TLS. This captures the TLS handshake information such as cipher suites and TLS version. |