Auditing operation logs – H3C Technologies H3C SecCenter UTM Manager User Manual

202

abnormal traffic, reason for giving the alarm, severity, and ratio of each protocol used by the abnormal

traffic.
Abnormal traffic log auditing allows you to query abnormal traffic logs by source IP, destination IP,
reason, severity level, time, and device group, helping you analyze traffic for abnormal behaviors.

Figure 194 Abnormal traffic log auditing

Auditing operation logs

From the navigation tree of the firewall management component, select Operation Logs under Event

Auditing to enter the operation log auditing page. This page lists the logs in order of time, with the most

recent log at the top. Each log records the operation’s time, username, IP address of the PC used to

access the system, operation performed, and alarm severity level.
Operation log auditing allows you to query operation logs by username, user IP, operation, severity level,

time, and device group, helping you know the information of login users and track the users’ operations.