Switching through protocols in a “Firewall events” window.
If i’m clicking on “Protocol” tab (to sort the events by proto.), the list is sorting
only in two ways: in my case (ICMP - first, UDP - last/UDP/ICMP - reversed).
It’s okay, but. I have TCP entries also. And to view such entries
i must scroll down to find them. And may be some other protocols listed down there…
Not very comfortable, isn’t it? When you have thousands entries.
Which version of CIS are you using? If it’s CIS 4 or greater then use CIS’s external log viewer & you can filter to logs to only view which protocol you want. The filters can be quite complex, depending on what you need and you can also select date periods (limiting the view further).
You can access CIS’s External Log Viewer either by using the “More” button from any of CIS’s internal event viewer screens or by running it directly from CIS’s installation directory (it’s called cfplogvw.exe). The filter is available from the menu (View - Advanced Filter).
Does that help any?
edit: missing bits
Thanks for reply. In this way everything works fine.
Using latest version.
I do not understand for what do we need “Firevall/Antivirus events” windows.
CIS must open External Log Viewer each time user wanna check out something.
I think the internal viewers are just for a quick glance at the latest entries if you happen to be using the front-end.