Datto Networking Appliance (DNA): Recent Events (Logs)

Follow

Topic

This article describes the Recent Events card of the Datto Networking Appliance's (DNA) GUI, including System events and Intrusion Detection and Prevention (IDP) events.

Environment

  • Datto Networking Appliance (DNA)

Description

The Recent Events card shows recent system events, Intrusion Detection, and Prevention (IDP), and web filter activity on your Datto appliance.

To access the Recent Events card, log into the DNA web interface and click Status.

mceclip0.pngFigure 1: The DNA menu (click to enlarge)

The Recent Events card is displayed at the bottom of the page. The card contains two tabs:

System

The System tab captures system events, such as the WAN and LTE interface status, the appliance's firmware status, and the system boot time.

mceclip0.pngFigure 2: Recent Events - System tab (click to enlarge)

IDP

The IDP tab displays a history of your Datto appliance's Network Intrusion Detection & Prevention deep packet inspection log activity. As packets enter the network, the DNA inspects each of them for potentially malicious activity and filters them if it detects that they may be harmful.

mceclip1.png Figure 3: Recent Events - IDP tab (click to enlarge)

IDP event logs display under the following format for each entry:

  • Action: shows what action was taken by IDP:
    • Warn: IDP detected the suspicious packets.
    • Drop: IDP prevented suspicious activity by dropping the connection.
  • Event Time: This column shows the timestamp of the IDP event.
  • Type: This column displays the SNORT ID (SID) of the event; click the SID to go to SNORT's documentation detailing the event.
  • Rule Description: This column shows a brief description of the rule triggered by the event.
  • Classification: This column displays the event's classification. For example, SNORT classifying an event as potentially bad traffic, or as an attempted information leak.
  • Source: This column displays the source IP address of the event.
  • Destination: This column displays the destination IP address of the event.

Enhancements to IDP

  • Beginning with DNA firmware version 1.18.1, IDP is more aggressive. After upgrading, it may block sites that were not blocked in the past.
  • Enhanced IDP can cause a reduction in performance that is most noticeable in single-stream transmissions.

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Community Forum or get live help.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Datto Homepage