Chapter 9. Configuring Firewall/NAT Settings

RX3141 User’s Manual

Figure 9.11 Sample Firewall Log9.7.1Log Format

Two types of log are supported by the RX3141 – system security log and firewall access control log. They are designated by the two keywords, sys and fw respectively. The log format is best explained by examples:System Security Log Example:

Jan 1 00:01:22 2000 klogd: sys: TCP XMAS/NULL packet from 192.168.1.100.

Explanation: Jan 1 00:01:22 2000 indicates the time of the attack; klogd: sys, this attack is detected by the system security model; TCP XMAS/NULL, the type of attack detected; 192.168.1.100, source of the attack.

Firewall Access Control Log Example:

Jan 1 00:03:11 2000 klogd: fw: OUTBOUND rule=1 allow icmp from 192.168.1.100 to 211.1.1.1 type=8

code=0 id=512Explanation: Jan 1 00:03:11 2000 indicates the time of the access; klogd: fw, indicates the log is related to firewall access control; OUTBOUND, the direction of the traffic; rule=1, the rule that matches the IP information of the traffic; allow, action taken by the firewall; icmp, protocol type of the traffic; 192.168.1.100, source of the traffic; 211.1.1.1, destination of the traffic; type=8, ICMP message type; code=0, ICMP message code; id=512, ICMP message ID.

62