Welcome to ISAserver.org

How can I check what IP generated this alert

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> How can I check what IP generated this alert

Page: [1]

Message

<< Older Topic Newer Topic >>

How can I check what IP generated this alert - 4.Dec.2013 7:10:32 AM

ice.rapoarte

Posts: 8
Joined: 4.Dec.2013
Status: offline

I received this alert

The Malware Inspection Filter detected malware and either removed it or blocked the message. See the Web Proxy log for details.

How can I see what IP was involved.

Tnx in advance for your support

Post #: 1

Featured Links*

RE: How can I check what IP generated this alert - 4.Dec.2013 11:00:59 AM

elmajdal

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

quote:

ORIGINAL: ice.rapoarte

See the Web Proxy log for details.

Go to the Logging & Reports node in the TMG firewall console and click the Logging tab. set the Log Time and configure the Malware Inspection field for Blocked.

< Message edited by elmajdal -- 4.Dec.2013 11:02:16 AM >

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to ice.rapoarte)

Post #: 2

RE: How can I check what IP generated this alert - 4.Dec.2013 11:02:53 AM

ice.rapoarte

Posts: 8
Joined: 4.Dec.2013
Status: offline

I have searched there, but when I select that filter nothing appears. I used Malware Inspection Action filter.
Loging is enabled.

Ps: I am new with tmg:)

< Message edited by ice.rapoarte -- 4.Dec.2013 11:16:24 AM >

(in reply to elmajdal)

Post #: 3

RE: How can I check what IP generated this alert - 4.Dec.2013 11:34:32 AM

elmajdal

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline

check the timing filter.

if you selected a timing that didnt have any blocked traffic, then nothing will be displayed.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to ice.rapoarte)

Post #: 4

RE: How can I check what IP generated this alert - 4.Dec.2013 11:37:07 AM

ice.rapoarte

Posts: 8
Joined: 4.Dec.2013
Status: offline

I selected last 24 hours. That alert was generated this morning. Any other advice?

(in reply to elmajdal)

Post #: 5

RE: How can I check what IP generated this alert - 6.Dec.2013 1:44:25 AM

PatrickM

Posts: 112
Joined: 23.May2001
From: Skutsk�r, Sweden
Status: offline

Is logging set to database MSDE (default) or Text LOG file?
This might be relevant since text file logging does not enable you to travel back in the logs using the GUI, if that is the case go directly to the log files specifically.

-PatrickM-

_____________________________

Patrick.M
MCP on Microsoft Proxy 2.0

(in reply to ice.rapoarte)

Post #: 6

RE: How can I check what IP generated this alert - 6.Dec.2013 1:59:53 AM

ice.rapoarte

Posts: 8
Joined: 4.Dec.2013
Status: offline

It's set to MSDE.

(in reply to PatrickM)

Post #: 7

RE: How can I check what IP generated this alert - 11.Dec.2013 1:11:25 AM

PatrickM

Posts: 112
Joined: 23.May2001
From: Skutsk�r, Sweden
Status: offline

does the log work for other individual searches?
* All hits..
* IP
* Malware Inspection

running out of ideas...

_____________________________

Patrick.M
MCP on Microsoft Proxy 2.0

(in reply to ice.rapoarte)

Post #: 8

RE: How can I check what IP generated this alert - 9.May2014 8:20:30 AM