Back tracing logged events – HP t5740 Thin Client User Manual
Page 26
Back tracing logged events
Back tracing enables you to pinpoint the source of data from a logged event. Back tracing shows the
exact steps, or hops, that incoming traffic has made before reaching your endpoint. A hop is a transition
point, usually a router, which a packet of information travels through on a public network. Back tracing
follows a data packet backwards; discovering which routers the data took to reach your endpoint.
Figure 5-1 Back tracing a packet on page 20
shows how the agent back traces a packet.
Figure 5-1
Back tracing a packet
For each log entry, you can trace a data packet that was used in an attack attempt. Each router that a
data packet passes through has an IP address. You can view the IP address and other details. The
information that appears does not guarantee that you have discovered who the hacker is. The final hop’s
IP address lists the owner of the router that the hackers connected through, and not necessarily the
hackers themselves.
You can back trace a logged event in the Security, Traffic, and System logs
To back trace a logged event
1.
Open the log file and click an event so that the entire row is selected.
The agent begins back tracing the event.
2.
Do one of the following:
●
Right-click and click BackTrace.
●
Click Action > BackTrace.
3.
In the Back Trace Information dialog box, click Whois to view detailed information on each hop.
A drop panel displays detailed information about the owner of the IP address from which the traffic
event originated. You can cut and paste the information in the Detail information panel. Press
Ctrl
+
C
to copy the information into the Clipboard. Then press (
Ctrl
+
V
) to paste it into an e-mail
message to your system administrator.
4.
Click Whois again to hide the information.
5.
Click OK.
6.
Click OK.
20
Chapter 5 Monitoring and logging