1. Manuals
  2. Brands
  3. Infinity Manuals
  4. Network Hardware
  5. CHECK POINT 1100
  6. Administration manual

Configuring External Log Servers; Managing Active Computers; Viewing Infected Hosts - Infinity CHECK POINT 1100 Administration Manual

Appliances centrally managed
Hide thumbs Also See for CHECK POINT 1100:
Table of Contents

Advertisement

Configuring External Log Servers

The Logs & Monitoring > Log Servers page lets you configure external log servers for system logs
when necessary for additional logging storage.
You can configure a gateway to send logs to multiple external syslog servers.
To configure an external syslog server:
1. Under Syslog Servers, click Configure.
The External Syslog Server window opens.
2. Enter Name.
3. Enter the IP address.
4. Enter the Port.
5. Click Enable log server.
6. Click Apply.

Managing Active Computers

See Managing Active Computers (on page 48).

Viewing Infected Hosts

In the Infected Hosts page you can see information about infected hosts and servers in the
internal networks. You can also directly create an exception rule for a specified protection related
to an infected or possibly infected host or server.
The Infected Hosts table shows this information for each entry:
Icon - Shows icons for the different classifications of infected hosts and servers:
Description
Infected host or server - When the Anti-Bot blade detects suspicious
communication between the host or server and an external Command
& Control center due to a specified triggered protection.
Possibly infected host or server - When the Anti-Virus blade detects
may
an activity that
When you browse to an infected or a potentially unsafe Internet
site, there is a possibility that malware was installed.
When you download an infected file, there is a possibility that the
file was opened or triggered and infected the host or server.
Object name - Shows the object name if the host or server was configured as a network object.
IP/MAC address
Device/User Name - Shows a device or user name if the information is available to the Check
Point Appliance through DHCP or User Awareness.
Incident type - Shows the detected incident type:
Found bot activity
Downloaded a malware
Accessed a site known to contain malware
Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70
result in host or server infection. For example:
Appliance Configuration
Host Icon
Server Icon
|
108

Advertisement

Table of Contents
loading

Related Manuals for Infinity CHECK POINT 1100

Related Content for Infinity CHECK POINT 1100

This manual is also suitable for:

Check point 1200rCheck point 1400L-50L-50dL-50wL-50wd ... Show all

Table of Contents