Firewall log

The ESET Endpoint Security Firewall saves all important events in a log file, which can be viewed directly from the main menu. Click Tools > Log files, and then select Network protection from the Log drop-down menu. To enable firewall logging, navigate to Advanced setup > Tools > Log files and set the minimum logging verbosity to Diagnosic. All denied connections will be recorded.

Log files can be used to detect errors and reveal intrusions on your system. The ESET Firewall logs contain the following data:

Time – Date and time of event.

Event – Name of event.

Source – Source network address.

Target – Target network address.

Protocol – Network communication protocol.

Rule/worm name – Rule applied, or name of worm, if identified.

Application – Application involved.

User –  Name of the user logged in at the time the infiltration was detected.

A thorough analysis of this data can help detect attempts to compromise system security. Many other factors indicate potential security risks and allow you to minimize their impact. Some examples of potential threat indicators include frequent connections from unknown locations, multiple attempts to establish connections and unknown applications communicating or unusual port numbers being used.


note

The message of security vulnerability exploitation is logged even if the particular vulnerability is already patched since the exploitation attempt is detected and blocked on the network level before actual exploitation could happen.