cancel
Showing results for 
Search instead for 
Did you mean: 
chitti
Level 7

HIPS logging in activity logs

Jump to solution

Though log all traffic is unchecked in the HIPS console Activity logs, allowed traffic is displayed. wanted to know the reason for it?

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: HIPS logging in activity logs

Jump to solution

Your Firewall rules have LOG MATCHING TRAFFIC enabled.

5 Replies
McAfee Employee

Re: HIPS logging in activity logs

Jump to solution

Your Firewall rules have LOG MATCHING TRAFFIC enabled.

chitti
Level 7

Re: HIPS logging in activity logs

Jump to solution

Hi Kary,

Thanks for the quick response. Can you please let me know where we can find "Log Matching Traffic" and also what is the purpose of it?

Thanks in advance

Chitti

0 Kudos
McAfee Employee

Re: HIPS logging in activity logs

Jump to solution

Edit your firewall rules (the rule name is in the Activity log; last column) in your Firewall Rules policy.  The setting is on the Description page.


Log matching traffic indicates that a record of matching traffic is preserved in the Host IPS Activity Log (event.log) on the client.       


2016-05-24 15_20_09-ePolicy Orchestrator 5.1.2 (Build_ 348).jpg

chitti
Level 7

Re: HIPS logging in activity logs

Jump to solution

Thank you very much for explaining with the screenshots. If I understand correctly, Log all matching traffic means. For example, if a rule is set to allow the traffic A and it is placed at top in the Firewall rules and a different rule is set to block the traffic A and it is placed below. Allow will take precedence and it will be logged in the Activity log. Please correct me if I am wrong.

0 Kudos
McAfee Employee

Re: HIPS logging in activity logs

Jump to solution

Log matching traffic simply means that if network traffic matches that particular rule, it will log to the Activity log file, regardless of the LOG ALL BLOCKED or LOG ALL ALLOWED traffic options.

0 Kudos