ALERT: Datto Drive Cloud service is no longer available. For more information, see our end-of-life article. If you'd like to migrate your data to Datto Workplace, see our migration guide.

Datto Networking Appliance (DNA): Recent Events (Logs)

Follow

Topic

This article describes the Recent Events card of the Datto Networking Appliance's (DNA) GUI. 

Environment

  • Datto Networking Appliance (DNA)

Description

The Recent Events card shows recent system events, Intrusion Detection and Prevention (IDP), and web filter activity on your Datto appliance.

To access the Recent Events card, log into the DNA web interface, and click Status, as shown in Figure 1.

Figure 1: The DNA menu (click to enlarge)

You will see the Recent Events card displayed at the bottom of the page. The card contains two tabs:

System

The System tab captures system events, such as the WAN and LTE interfaces going up and down, the appliance's firmware status, and the system boot time.

Screen_Shot_2019-06-03_at_11.25.22_AM.jpgFigure 2: Recent Events - System tab (click to enlarge)

IDP

The IDP tab displays a history of your Datto appliance's Snort Network Intrusion Detection & Prevention deep packet inspection log activity. As packets enter the network, the DNA inspects each of them for potentially malicious activity and filters them if it detects that they may be harmful.

Screen_Shot_2019-05-28_at_4.05.36_PM.jpg Figure 3: Recent Events - IDP tab (click to enlarge)

IDP event logs display under the following format for each entry:

  • Action: shows what action was taken by IDP:
    • Warn: IDP detected the suspicious packets.
    • Drop: IDP prevented suspicious activity by dropping the connection.
  • Event Time: This column shows the timestamp of the IDP event.
  • Type: This column displays the SNORT ID (SID) of the event; click the SID to go to SNORT's documentation detailing the event.
  • Rule Description: This column shows a brief description of the rule triggered by the event.
  • Classification: This column displays the event's classification. For example, SNORT classifying an event as potentially bad traffic, or as an attempted information leak.
  • Source: This column displays the source IP address of the event.
  • Destination: This column displays the destination IP address of the event.

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Community Forum or get live help.