Log Formats
Table
Field Name | Description | |
|
|
|
|
|
|
Comp |
| Software component that generated the message: |
|
| • ALT = Alert Log |
|
| • BLK = IPS Block Log |
|
|
|
Message | Alert Action | • Alert = for Alert Log |
(Contained |
| • Block = for IPS Block Log |
within |
| |
|
| |
quotes.) |
|
|
|
|
|
| Policy Log Version | v4 |
|
|
|
| Alert Type | A bit field that identifies a message as traffic threshold, |
|
| invalid, etc. |
|
|
|
| Policy UUID | ID for the policy, enclosed within brackets ([]). |
|
| Default policies begin with |
| Message Severity | 1= low |
|
| 2 = minor |
|
| 3 = major |
|
| 4 = critical |
| Signature UUID | Signature ID from the DV, enclosed within brackets |
|
| ([]). Can you have multiple policies per signature. |
|
| Default signatures begin with |
|
|
|
| Protocol | Protocol of the alert. |
|
| Examples: HTTP, IP, TCP, IDP, and ICMP. |
| IP Protocol Numeric | Layer 2 protocol (uint). Only used in Firewall Block |
|
| Logs for the X family device. In all other logs, this field |
|
| will be 0. |
|
|
|
| IP Protocol String | Layer 2 protocol (string). Only used in Firewall Block |
|
| Logs for the X family device. In all other logs, this field |
|
| will be blank. |
|
|
|
| Source IP Address and | Packet’s source IP address and port. |
| Port | Format is <address>:<port> |
|
|
|
| Destination IP Address | Packet’s destination IP address and port. |
| and Port | Format is <address>:<port> |
|
|
|
Message | Hit Count | The aggregated number of messages received. |
(continued) |
|
|
|
|
|
| In MPHY | Physical port number in which the packet arrived. |
|
|
|
| VLAN | (int) |
|
|
|
| In Security Zone UUID | (uuid) |
|
|
|
X Family LSM User’s Guide V 2.5.1 | 293 |
|
|