Cisco Systems RV016, RV042G manual Log Setting

Log Setting

Choose the events to report in the logs:

•Alert Log: These events include common types of attacks as well as unauthorized login attempts. Check each type of attack to include in the alert log. Uncheck each event to omit from the alert log.

-Syn Flooding: An attacker sends a succession of SYN packets, causing the router to open so many sessions that it is overwhelmed and denies service to legitimate traffic.

-IP Spoofing: An attacker sends packets with a forged source IP address to disguise an attack as legitimate traffic.

-Win Nuke: An attacker sends an Out-of-Band message to a Windows machine with the purpose of causing the target computer to crash.

-Ping of Death: An attacker sends a very large IP packet with the purpose of causing the target computer to crash.

-Unauthorized Login Attempt: Someone tried to log in to the router configuration utility without providing the correct username or password.

-Output Blocking Event: There was an event in ProtectLink web reputation or URL filtering.

•General Log: These events include actions that are performed to enforce configured policies as well as routine events such as authorized logins and configuration changes. Check each type of event to include in the general log. Uncheck each event to omit from the general log.

-System Error Messages: All system error messages.

-Deny Policies: Instances when the router denied access based on your Access Rules.

-Allow Policies: Instances when the router allowed access based on your firewall access rules. Note that events for specific access rules can be included in the log or excluded based on the Log setting in the access rule configuration. For more information, see Configuring Firewall Access Rules, page 103.

-Configuration Changes: Instances when someone saved changes in the configuration.