Recent Events (Logs)

Topic

This article describes the Recent Events card of the Datto Networking Appliance's (DNA) GUI, including System events and Intrusion Detection and Prevention (IDP) events.

Environment

  • Datto Networking Appliance (DNA)

Description

The Recent Events card shows recent system events, Intrusion Detection, and Prevention (IDP), and web filter activity on your Datto appliance.

To access the Recent Events card, log into the DNA web interface and click Status.

mceclip0.png
Figure 1:
The DNA menu

The Recent Events card is displayed at the bottom of the page. The card contains two tabs:

System

The System tab captures system events, such as the WAN and LTE interface status, the appliance's firmware status, and the system boot time.

mceclip0.png
Figure 2:
Recent Events - System tab

IDP

The IDP tab displays a history of your Datto appliance's Network Intrusion Detection & Prevention deep packet inspection log activity. As packets enter the network, the DNA inspects each of them for potentially malicious activity and filters them if it detects that they may be harmful.

mceclip1.png Figure 3: Recent Events - IDP tab

IDP event logs display under the following format for each entry:

  • Action: shows what action was taken by IDP:
    • Warn: IDP detected the suspicious packets.
    • Drop: IDP prevented suspicious activity by dropping the connection.
  • Event Time: This column shows the timestamp of the IDP event.
  • Type: This column displays the SNORT ID (SID) of the event; click the SID to go to SNORT's documentation detailing the event.
  • Rule Description: This column shows a brief description of the rule triggered by the event.
  • Classification: This column displays the event's classification. For example, SNORT classifying an event as potentially bad traffic, or as an attempted information leak.
  • Source: This column displays the source IP address of the event.
  • Destination: This column displays the destination IP address of the event.

Enhancements to IDP

  • Beginning with DNA firmware version 1.18.1, IDP is more aggressive. After upgrading, it may block sites that were not blocked in the past.
  • Enhanced IDP can cause a reduction in performance that is most noticeable in single-stream transmissions.