| Logs |
Table | |
|
|
Column | Description |
|
|
|
|
Component | The area in which the user perform an action (LOGIN, LOGOUT and Launch Bar |
| Tabs) |
|
|
Result | The action performed or the result of a LOGIN or LOGOUT attempt |
|
|
Action | The action performed as a result. For example, Log Files Reset. |
|
|
IPS Block Log
The IPS Block log contains information about packets that have triggered an IPS filter configured with a Block + Notify action set.
To maintain a complete history of entries and provide a backup, you can configure the X family device to send IPS Block Log entries to a remote syslog server from the Notification Contacts page. For details, see the “Notification Contacts” on page 52.
An IPS Block log entry contains the following fields:
Table
Column | Description |
|
|
|
|
Log ID | A |
|
|
Date/Time | A date and time stamp in the format |
Severity | Indicates the severity of the triggered filter. Possible values include: |
| Low = 1 |
| Minor = 2 |
| Major=3 |
| Critical=4 |
| Note When the log is downloaded, the Severity value is reported |
| using the numerical value. |
|
|
Filter Name | The name of the filter that was triggered |
|
|
Protocol | The name of the protocol that the action affects |
|
|
Security Zone | The Security Zone pair where the alert occurred (LAN to WAN, for example) |
(pair) |
|
|
|
Source Address | The source address of the triggering traffic |
|
|
Dest Address | The destination address of the triggering traffic |
|
|
Packet Trace | Details if a packet trace is available |
|
|
Hit Count | Details how many packets have been detected |
|
|
X Family LSM User’s Guide V 2.5.1 | 101 |
|
|