Viewing the firewall audit log

Kaspersky IoT Secure Gateway 1000 logs firewall audit events, such as those registered by the Kaspersky IoT Secure Gateway Network Protector application.

When a critical event occurs, an exclamation mark alarm icon is displayed next to the Events menu section on the left. In that event, contact the employee responsible for information security in your organization.

To view the firewall audit log:

1. In the menu in the left part of the web interface page, select the Events section.

   This opens the Events page, which contains a table of all registered firewall audit events. Events in the table are refreshed every 30 seconds. New events are displayed at the top. The table can display up to 1024 of the last registered events. If the number of events is exceeded, the log is overwritten starting with the oldest entries.

   If the audit event language in the table does not match the system language, select the relevant web interface language in the menu and refresh the page to apply the changes.

   The following information is displayed for each log entry:

   • Date and time – date and time when the event was registered.
   • Event name: name of the registered event.
   • Event text: detailed information about the registered event, such as modification of firewall settings.
   • Subject ID: source of the registered event:
     • Administrator: the event was triggered by an administrator action in the system.
     • User: the event was triggered by a user action in the system.
     • System: the event was triggered by a system action. For each event, the log displays the name of the subsystem where the event occurred.
   • Severity: the severity level of the registered event.

     Events are categorized by the following severity levels:

     •  – Informational. Informational events contain reference information. These events usually do not require an immediate response.
     •  – Warning. Warning events contain information that requires attention. These events may require a response.
     •  – Critical. Critical events contain information that may have a critical impact on the security of the network in which Kaspersky IoT Secure Gateway 1000 resides. These events require an immediate response. Critical events in the table are highlighted in red.
2. To view events for a specific date or period, click in the Date field, select a specific date or start and end dates for the period, and click Apply.

   The table will display events for the selected date or period.

3. To view events that have a specific severity, select the relevant severity level from the Severity drop-down list in the upper part of the table and click Apply. You can select one or multiple values. Events with all severity levels are displayed by default.

   The table will display events with the selected severity level.

4. To view events that came from specific sources, select the relevant subject from the Subject ID drop-down list in the upper part of the table and click Apply. You can select one or multiple values. All registered events are displayed by default.

   The table will display events from the selected sources.

5. If you need to clear all the set filters for displaying events in the table, click Reset all.

   All registered events will be displayed in the table.

6. To display older events, click Load more under the table.

   The Load more button is always available, even if there are no earlier events.