Domain User’s domain name
Location The Location (Normal or Block All) that was in effect at the time
of the attack
Occurrences Number of packets each piece of traffic sends between the
beginning and ending time
Begin Time Time traffic starts matching the rule
End Time Time traffic stops matching the rule
Rule Name The rule that determined the passing or blockage of this traffic
About the Packet log
The Packet log captures every packet of data that enters or leaves a port on your endpoint. The Packet
log is disabled by default in the agent because of its potentially large size. You must enable the Packet
log before you can use it.
The Packet log uses the following icons to categorize data packets:
Full data packet captured
The Packet log records the following information about each data packet:
Time The exact date and time that the packet was logged
Remote Host Name of the remote endpoint (only appears in Local View - this is the default)
Remote Port Port on the remote host that sent/received the traffic (only appears in Local View - this is the default)
Local Host IP Address of the local endpoint (only appears in Local View - this is the default)
Local Port Port used on the endpoint for this packet (only appears in Local View - this is the default)
Source Host Name of the source endpoint (only appears in Source View)
Source Port Port on the source host that sent/received the traffic (only appears in Source View)
Destination Host IP Address of the destination endpoint (only appears in Source View)
Destination Port Port used on the destination endpoint for this packet (only appears in Source View)
Direction Direction that the traffic was traveling in (incoming or outgoing)
Action Action taken by the agent: Blocked or Allowed
Application Name Name of the application that is associated with the packet
Below the Log Viewer are two additional data fields that provide further detail regarding the selected
event. The left field provides data on the type of packet logged. The right field displays the actual data
packet.
18 Chapter 5 Monitoring and logging
