cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 6

HIPS logging in activity logs

Jump to solution

Though log all traffic is unchecked in the HIPS console Activity logs, allowed traffic is displayed. wanted to know the reason for it?

1 Solution

Accepted Solutions
ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: HIPS logging in activity logs

Jump to solution

Your Firewall rules have LOG MATCHING TRAFFIC enabled.

View solution in original post

5 Replies
ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: HIPS logging in activity logs

Jump to solution

Your Firewall rules have LOG MATCHING TRAFFIC enabled.

View solution in original post

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 6

Re: HIPS logging in activity logs

Jump to solution

Hi Kary,

Thanks for the quick response. Can you please let me know where we can find "Log Matching Traffic" and also what is the purpose of it?

Thanks in advance

Chitti

ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: HIPS logging in activity logs

Jump to solution

Edit your firewall rules (the rule name is in the Activity log; last column) in your Firewall Rules policy.  The setting is on the Description page.


Log matching traffic indicates that a record of matching traffic is preserved in the Host IPS Activity Log (event.log) on the client.       


2016-05-24 15_20_09-ePolicy Orchestrator 5.1.2 (Build_ 348).jpg

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 6

Re: HIPS logging in activity logs

Jump to solution

Thank you very much for explaining with the screenshots. If I understand correctly, Log all matching traffic means. For example, if a rule is set to allow the traffic A and it is placed at top in the Firewall rules and a different rule is set to block the traffic A and it is placed below. Allow will take precedence and it will be logged in the Activity log. Please correct me if I am wrong.

ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: HIPS logging in activity logs

Jump to solution

Log matching traffic simply means that if network traffic matches that particular rule, it will log to the Activity log file, regardless of the LOG ALL BLOCKED or LOG ALL ALLOWED traffic options.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community