I recently started supporting a law firm. Normally, I tend to avoid supporting servers because they're not in my wheelhouse, but this firm has one and I'm helping them with it.
One of the only issues I haven't been able to figure out is one that'll probably be immediately obvious to you wise folk. One of the primary users on the network (one of the two attorneys in the firm) receives regular notices in Outlook in the form of "NetScreen Traffic Logs."
First, are these firewall reports? I can't really see any firewall software or hardware installed in the network. Should I be regularly checking these?
The main issue is that the user would like to stop receiving these, but I can't tell how they're being delivered to him. Here is an example of one of the lines from one of these reports, if it's at all helpful:
[00017] 2012-06-23 16:09:27 [Root]system-notification-00257(traffic): start_time="2012-06-23 16:09:27" duration=0 policy_id=320001 service=proto:2/port:0 proto=2 src zone=Null dst zone=Null action=Deny sent=0 rcvd=40 src=192.168.101.11 dst=224.0.0.22
So what do I do here?
Previous Topic
Index
