Gaia Logging and Monitoring

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Intermediate
CEU/CPE
2
Video Transcription
00:00
>> [MUSIC] In this module,
00:00
we're going to cover Gaia Embedded
00:00
features for logging and monitoring.
00:00
Monitoring allows us to see what's happening on
00:00
the network in addition to just traffic monitoring.
00:00
We now also monitor VPN tunnels, active devices,
00:00
and connections, allowing you to get
00:00
more insights into what's actually happening.
00:00
If you take a look at this view here,
00:00
this is our current connections,
00:00
gives you a brief breakdown of
00:00
>> what those connections are
00:00
>> there types and the amount
00:00
of bandwidth they are consuming,
00:00
and then the amount of total traffic.
00:00
We've added audit logs.
00:00
This logs the administrators' activities
00:00
into the system logs.
00:00
If you take a look at this,
00:00
you'll see that through the web UI,
00:00
the user admin logged in from a specific IP address,
00:00
the category of that user's credentials was super admin,
00:00
so that was the permission level that they had.
00:00
He chose also what they did while they were in there.
00:00
We've added some additional tools
00:00
for monitoring system resources,
00:00
being able to see the routing table, that type of thing.
00:00
System resources chart,
00:00
giving you a time overview of what occurred.
00:00
We've also added notifications for new device
00:00
alerts for when a new device enters the environment.
00:00
Also, if there is an infected device,
00:00
it gives you information about that and then you can
00:00
actually take a look at
00:00
the log entry for that infect the device,
00:00
as far as what potential malware
00:00
was infecting that client.
00:00
SNMP. To configure SNMP traps
00:00
and get all the best practices,
00:00
you should go ahead and check sk98552.
00:00
Go get all the information you need,
00:00
all the overview so you'll be able to configure
00:00
the SNMP by yourself.
00:00
We're now at the logs and monitoring
00:00
tab on the security log options.
00:00
Here we have everything that's happening
00:00
>> on the gateway.
00:00
>> Here's an accepted package.
00:00
If you just take a look at that,
00:00
you'll see that the action was allowed,
00:00
it was outbound,
00:00
what was the source IP,
00:00
the destination IP, and what service was used.
00:00
If we go to system logs,
00:00
we can see what's happening with the gateway.
00:00
You can clear out the logs,
00:00
you can download the logs,
00:00
you can do a refresh that will
00:00
give you the latest updates on that.
00:00
Also, we can go and take a look at
00:00
these individual entries as far as what was happening.
00:00
We have a lot of DHCP options because don't forget that
00:00
my device also acts as a DHCP server.
00:00
We also have external log servers.
00:00
If we had any Syslog servers,
00:00
for example, we want to configure that.
00:00
We'll just go ahead and select configure,
00:00
select a protocol that we're going to use, the name,
00:00
IP address, the port and
00:00
what do we want to send to this server.
00:00
We have the Notifications tab.
00:00
As far as informative events go here to settings,
00:00
this allows you to do
00:00
mobile notifications for any
00:00
of these activities taking place,
00:00
the user will get notified on the
00:00
>> Watch Tower mobile app.
00:00
>> We can go ahead and configure which
00:00
events you want to be notified about.
00:00
Going down to status,
00:00
this lists my active devices.
00:00
Right now, I have one Windows machine
00:00
connected to the device.
00:00
That's the name of the Windows machine,
00:00
>> the MAC address.
00:00
>> I can also see which interface it's
00:00
using to connect with my SMB device.
00:00
If I will go to paired mobile devices, at the moment,
00:00
I don't have any so this is empty.
00:00
Fortunately, no infected devices as well, so I'm good.
00:00
If I'll go to VPN tunnels,
00:00
I can see that this is empty as well because at
00:00
the moment I don't have any VPN tunnels configured.
00:00
The Connections tab giving you an idea of
00:00
what I have connections for my different sources.
00:00
This is my client's machine.
00:00
This is the gateway itself.
00:00
For example, down to monitoring,
00:00
this would give you what's happening
00:00
>> in the environment.
00:00
>> We can see that from the reboot that
00:00
>> I just recently did,
00:00
>> the website that I have got to is mostly
00:00
I have unknown traffic and I have Yahoo services,
00:00
Facebook, and some analytic staff.
00:00
You can get a lot of information here like
00:00
top bandwidth-consuming applications which
00:00
computers their sides and a lot of
00:00
insights about your environment
00:00
and all the traffic that's being sent away.
00:00
Now we can see the status of
00:00
infected devices as well right here at the bottom.
00:00
Any high-risk application,
00:00
system resources that are utilizing on the device,
00:00
pretty low at this point,
00:00
since I only have one client.
00:00
Going down to reports,
00:00
this allows me to generate
00:00
a report showing the current status of the gateway,
00:00
giving me an overview of network analysis,
00:00
infected devices, my network usage,
00:00
and the top applications on the device.
00:00
The top sites that were have gone to,
00:00
top sites by session,
00:00
the top categories by session,
00:00
so you can get all that information in the reports.
00:00
These are some of the diagnostic tools,
00:00
so we can create monitoring system resources,
00:00
we can click on that.
00:00
This will give you an overview of what's
00:00
happening with my system.
00:00
I can show the routing table on the device,
00:00
I can check connectivity to Cloud services,
00:00
I can generate the CPinfo File from here,
00:00
Ping, DNS Lookup,
00:00
Packet Capture a lot of diagnostic tools.
00:00
That is a quick overview of
00:00
the logs and monitoring on the left
00:00
and all of the different things we can
00:00
take a look at in relation to that.
00:00
This concludes this module.
00:00
[MUSIC]
Up Next