Packet Logging - F-SECURE CLIENT SECURITY 8.00 Administrator's Manual

236
9.5.2

Packet Logging

1. Go to the Advanced Settings page and select General
Management.
2. Click Show Log File.
The packet log collects very detailed information of network traffic,
therefore it is by default switched off. If malicious network activity is
suspected, then the packet log can be turned to monitor network traffic. It
is done as follows:
1. Click Advanced.
2. On the Advanced Internet Shield Settings page, select Internet Shield
> Logging.
3. Click Start Logging.
On this page you can also define:
The logging duration (in seconds)
The maximum log file size.
The logging is stopped automatically after the defined period has
expired or if the maximum log file size is reached, or manually by
clicking Stop Logging. The packet logs are collected into 10 different
files, so that previous logs can be viewed while the new log is
generated. The log format is binary and is compatible with the
tcpdump format. It can be read either with the packet log viewer
provided by F-Secure or with a common packet logging application
like Wireshark.
4. To view the packetlog file, double click it in the window.
The packet logger will log all types of network traffic, including the
protocols needed by your LAN, like routing information, hardware address
resolution etc. This traffic is normally not very useful, and is not shown in
the built-in packet log viewer by default. If you want to see it, just unselect
the Filter non IP out check box.
It is possible to disable packet logging from the Policy Manager
Console.
Central