Chapter 5 Events: Logs, Traffic Streams, Reports
Firewall Block Log
The Firewall Block Log captures information about events that have triggered a firewall rule that blocks matching traffic and has logging enabled.
A log entry is generated for each of the following events.
•Block web request event: occurs when the X family device blocks a web request due to web filtering
•Block event: occurs when a firewall rule with Block action is triggered.
To maintain a complete history of entries and provide a backup, you can configure the X family device to send Firewall Block Log entries to a remote syslog server from the Notification Contacts page. For details, see “Notification Contacts” on page 52.
Each log entry is
A Firewall Block log entry contains the following fields:
Table
Column | Description |
|
|
|
|
Log ID | A |
|
|
Date/Time | A date and time stamp in the format |
Severity | Indicates the severity of the triggered filter. Possible values include: Critical, |
| Major, Minor, and Low |
|
|
Firewall Rule | The name of the firewall rule that was triggered. In the LSM, the firewall rule is |
| linked to allow you to edit/view the rule that triggered the event. |
|
|
Protocol | The name of the protocol that the action affects |
|
|
Source Zone | The security zone where the traffic originated |
|
|
Dst Zone | The security zone where traffic was sent |
|
|
SourceIP: Port | The source address and port where the triggering traffic originates |
Dest |
|
|
|
Dest IP: Port | The destination address and port of the triggering traffic |
|
|
Category | For web requests blocked by the Web Filter Service, this represents the filter |
| category triggered by the URL (examples: Gambling, Entertainment, or |
| Violence) |
|
|
URL | For web requests events only, the target URL. This field is populated regardless of |
| whether the request was filtered by the Web Filter Service |
|
|
102X Family LSM User’s Guide V 2.5.1