User's Manual
Table Of Contents
- ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
- Contents
- About This Manual
- Chapter 1 Introduction
- Chapter 2 Using the Setup Wizard to Provision the STM in Your Network
- Choosing a Deployment Scenario
- Understanding the Steps for Initial Connection
- Logging In to the STM
- Using the Setup Wizard to Perform the Initial Configuration
- Setup Wizard Step 1 of 10: Introduction
- Setup Wizard Step 2 of 11: Networking Settings
- Setup Wizard Step 3 of 11: Time Zone
- Setup Wizard Step 4 of 11: Email Security
- Setup Wizard Step 5 of 11: Web Security
- Setup Wizard Step 6 of 11: Email Notification Server Settings
- Setup Wizard Step 7 of 11: Update Settings
- Setup Wizard Step 8 of 11: HTTP Proxy Settings
- Setup Wizard Step 9 of 11: Web Categories
- Setup Wizard Step 10 of 11: Configuration Summary
- Setup Wizard Step 11 of 11: Restarting the System
- Verifying Proper Installation
- Registering the STM with NETGEAR
- What to Do Next
- Chapter 3 Performing Network and System Management
- Configuring Network Settings
- Configuring Session Limits and Timeouts
- Configuring the HTTP Proxy Settings
- About Users with Administrative and Guest Privileges
- Configuring Remote Management Access
- Using an SNMP Manager
- Managing the Configuration File
- Updating the Software
- Configuring Date and Time Service
- Managing Digital Certificates
- Managing the Quarantine Settings
- Performance Management
- Chapter 4 Content Filtering and Optimizing Scans
- About Content Filtering and Scans
- Configuring E-mail Protection
- Configuring Web and Services Protection
- Configuring Application Control
- Setting Scanning Exclusions and Web Access Exceptions
- Chapter 5 Managing Users, Groups, and Authentication
- About Users, Groups, and Domains
- Configuring Groups
- Configuring User Accounts
- Configuring Authentication
- Global User Settings
- Viewing and Logging Out Active Users
- Chapter 6 Monitoring System Access and Performance
- Chapter 7 Troubleshooting and Using Online Support
- Appendix A Default Settings and Technical Specifications
- Appendix B Related Documents
- Index
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
6-28 Monitoring System Access and Performance
v1.0, September 2009
To identify infected clients that are sending spyware or a virus in outbound traffic, query the STM
spyware and virus logs and see if any of your internal IP addresses are the source of spyware or a
virus:
1. On the Log Query screen (see Figure 6-11 on page 6-24), select Traffic as the log type.
2. Select the start date and time from the pull-down menus.
3. Select the end date and time from the pull-down menus.
4. Next to Protocols, select the HTTP checkbox.
5. Click Search. After a while, the log appears on screen.
6. Check if there are clients that are sending out suspicious volumes of data, especially to the
same destination IP address, on a regular basis.
If you find a client exhibiting this behavior, you can run a query on that client’s HTTP traffic
activities to get more information. Do so by running the same HTTP traffic query and entering the
client IP address in the Client IP field.
Log Management
Generated logs take up space and resources on the STM internal disk. To ensure that there is
always sufficient space to save newer logs, the STM automatically deletes older logs whenever the
total log size reaches 50% of the allocated file size for each log type.
Automated log purging means that you do not need to constantly manage the size of the STM logs
and ensures that the latest malware incidents and traffic activities are always recorded.
To manually purge selected logs, see “Clearing Logs” on page 6-7.
Scheduling and Generating Reports
The STM lets you schedule and generate four types of reports:
• Email Reports. For each protocol (SMTP, POP3, and IMAP), the report shows, the following
information per day, both in in tables and graphics:
– Number of connections
– Traffic amount in MB
Note: The STM saves its logs every 5 minutes. If a power failure affects the STM, logs
that where created within the 5-minute period before the power failure occurred
are lost. Therefore, NETGEAR recommends that you connect the STM to a
syslog server to save the logs externally.