NETGEAR STM150EW3-100NAS Switch User Manual


 
ProSecure Web/Email Security Threat Management Appliance STM150 Reference Manual
5-10 Monitoring System Performance
v1.1, March 2009
5. In Select logs to send, select the check boxes for the log types that you want the STM150 to
send via email.
6. In Format, click either Plain Text or CSV. If you want the STM150 to compress the log file
before sending, select the Zip the logs to save space check box.
7. In Size, select the Split log size to: box and enter a file size (in Megabytes) to split the logs
into fragments of the file size entered.
8. Click Apply.
The STM150 will email the selected logs based on the schedule you specified. If you want the
STM150 to email available logs immediately, click the Send Now button (located next to the
Send to text box).
Using Logs to Identify Infected Clients
In addition to identifying malware that has been detected on the network, you can also use the
STM150 logs to help identify potentially infected clients on the network. Clients that are sending
out abnormally high volumes of HTTP traffic, for example, indicate possible spyware infection.
To identify infected clients that are sending spyware in the outbound traffic, query the STM150
malware logs and see if any of your internal IP addresses are the source of spyware detected at the
Internet gateway. Clients generating abnormally high amounts of HTTP traffic may also be
infected by spyware or other malware.
To query log data that will show this information.
1. On the Log Query page, select Traffic as the log type.
2. Check the HTTP check box, and then run the query.
3. On the traffic logs result page, click the Size (Byte) column heading to sort the results in a
descending order.
4. Check if there are clients that are sending out suspicious volumes of data, especially to the
same destination IP address, on a regular basis.
If you find a client exhibiting this behavior, you can run a query on that client’s HTTP traffic
activities to get more information. Do this by running the same HTTP traffic query and entering
the client IP address in the Source IP text box.
Log Management
Generated logs take up space and resources on the STM150 disk. To ensure that there is always
sufficient space to save newer logs, the STM150 automatically deletes older logs whenever the
total log size reaches 50% of the allocated file size for each log type.