A security administrator notices that a user's traffic is being blocked unexpectedly. The user's IP is 10.1.1.100, and the traffic is destined to a web server at 192.168.2.10. The administrator has already verified that there are no security rules explicitly denying the traffic. Which Log Viewer query should the administrator use to quickly identify the cause?
Trap 1: Search Threat logs for the destination IP
Threat logs only show blocked threats, not all dropped traffic.
Trap 2: Search Config logs for any rule changes
Config logs show configuration changes, not traffic handling.
Trap 3: Search System logs for the user's IP
System logs are for administrative events, not traffic flows.
- A
Search Traffic logs with filters for source 10.1.1.100 and destination 192.168.2.10
Traffic logs show the action (allow/deny/drop) for each session, and filtering by IPs narrows down the specific session.
- B
Search Threat logs for the destination IP
Why wrong: Threat logs only show blocked threats, not all dropped traffic.
- C
Search Config logs for any rule changes
Why wrong: Config logs show configuration changes, not traffic handling.
- D
Search System logs for the user's IP
Why wrong: System logs are for administrative events, not traffic flows.