Event correlation (active mode) – Fortinet FortiLog-400 User Manual
Page 79
Using Logs
Event correlation (Active mode)
FortiLog Administration Guide
05-16000-0082-20050115
79
5
Select Apply.
Event correlation (Active mode)
Event correlation is a data mining feature that provides a way of reviewing attacks on
multiple devices in one location. The FortiLog unit collates attack events from all
submitted logs and displays the information in a table. With even Correlation you can
view:
• all attacks on your network.
• attacks targeted to specific devices.
• the target and source of the attack.
• when the attack occurred.
• details on the type of attack.
To run an event correlation:
1
Go to File Browse > Event Correlation.
2
Select an attack type from the list
3
Select Next.
4
From the drop list, select to view the attacks from the same source IP or targets of the
same attack.
5
Select Show me.
Figure 48: Event Correlation results
Page
Use the page arrows or enter the page number to move to a different page
of the event correlation results.
Sort list
Select an attack sort for viewing the results. You can choose from Attacks
from the same source or other targets of the same attack.