Dasboard - Threat vs Block

Follow
Patrick Wade

Hello,

 

 I have Zenarmor providing reporting data to an external source via Syslog.  The internal reporting(Mongo) has default report categories of Connection, Threat, Blocks, Web, DNS, and TLS.  

Is that category in the exported syslog data? I cant seem to find it.  Secondly how should I think about the differences between Threats and Blocks? Are they different? Would a threat ever not be blocked.

 

Thanks

0

Comments

1 comment

Date Votes
  • SVN Support Team

    Connections category data from files starting with "0_conn", DNS category data from files starting with "0_dns", Blocks category data from files starting with "0_alert", Web category data from files starting with "0_http", DNS category data from files starting with "0_dns", TLS category data is created from files starting with "0_tls". Threats category data is created from files with full "security_tag" value in Connections data.

    Threats is the section where the traffic belonging to the categories in the Security tab in the Policy is displayed.
    Blocks are traffic data blocked according to Zenarmor policies.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post
Powered by Zendesk