beautypg.com

Event correlation (active mode) – Fortinet FortiLog-400 User Manual

Page 79

background image

Using Logs

Event correlation (Active mode)

FortiLog Administration Guide

05-16000-0082-20050115

79

5

Select Apply.

Event correlation (Active mode)

Event correlation is a data mining feature that provides a way of reviewing attacks on
multiple devices in one location. The FortiLog unit collates attack events from all
submitted logs and displays the information in a table. With even Correlation you can
view:

• all attacks on your network.
• attacks targeted to specific devices.
• the target and source of the attack.
• when the attack occurred.
• details on the type of attack.

To run an event correlation:

1

Go to File Browse > Event Correlation.

2

Select an attack type from the list

3

Select Next.

4

From the drop list, select to view the attacks from the same source IP or targets of the
same attack.

5

Select Show me.

Figure 48: Event Correlation results

Page

Use the page arrows or enter the page number to move to a different page

of the event correlation results.

Sort list

Select an attack sort for viewing the results. You can choose from Attacks

from the same source or other targets of the same attack.

This manual is related to the following products: