Function
The anomaly/attack details records basic information about all anomalies and attacks, and you can locate anomaly or attack events.
Parameter
| Parameter | Description |
|---|---|
| Device | Select an Device from the drop-down list. |
| Zone | Click  ,
select a Zone on the Zone page that is displayed,
and then click OK. |
| Service | Select a service or service group
from the drop-down list. For details about service configuration, see (Optional) Creating a Service and a Defense Policy. |
| IP Address | Enter the destination IP address. Both IPv4 and IPv6 addresses are applicable. The anomaly/attack datails of traffic destined for the IP address is queried. |
| Time | Click  to select
the start time and end time of statistics. Or you can change the time
values in corresponding text boxes.The end time should be later than the start time and the interval cannot be longer than one year. |
| Type | Select a log type. The type can be Total, Abnormal, or Attack. |
| Minimum Number of Attack Traffic | After you set the minimum attack traffic volume, only the attack traffic whose volume is greater than the value is displayed in the report. This parameter can be set when only the cleaning device is selected. |
| Unit | Select a traffic measurement unit. The unit can be pps or kbps. The default unit is pps. |
Example
Anomaly/attack details that meet the query conditions are displayed, as shown in Figure 1.
Procedure
- Choose .
- Click the Anomaly/Attack Details tab.
- Set query parameters.
- Click Search.
- On the Anomaly/Attack Details page,
click
to view details
on anomaly/attack logs.
Click
to view
packet capture files associated with anomaly or attack events.You can trace attack sources, resolve packets based on the packet capture files, and download the files to obtain the details on and features of the attacker. In this way, you can work out proper defense policies. For details, see Tracing Attack Sources Through a Packet Capture File, Parsing Packets in a Packet Capture File, and Downloading a Packet Capture File.
You cannot view the packet capture files associated with certain anomaly or attack events.
Click
to view details on an attack.
- Optional: Open or
save the query results as files, or send queried reports to the specified
email address.
- Click
to open or
save the query results as PDF files. A maximum of 10,000 entries can
be displayed. - Click
to open or
save the query results as EXCEL files. A maximum of 10,000 entries
can be displayed. - Click
to open or
save the query results as CSV files. All data except figures can be
displayed. - Click
to enter
a recipient mail address and select an attachment format. Then click OK.
- Click