Appendix C Log Formats and System Messages

Firewall Block Log Format

An example of a comma-delimited Firewall Block Log entry follows:

6,2006-10-05 17:12:31,INFO,BLK,"Block v4 2 [c52e3da9-23e0-11db-9cdd- 00132055ccd2] 1 [00000001-0001-0001-0001-000000007400] firewall 17 UDP 152.67.137.49:137 152.67.140.3:137 1 0 0 [e3d4586b-67a6-4662-bc17- 560455bedf54] LAN [08585a5d-23e1-11db-9cdd-00132055ccd2] MGMT 1160086351 0587833079 1 1 0 pt0 0 0 0 0344"

The following table describes the downloadable format of the Firewall Block Log:

Table C–3: Firewall Block Log Format

Field Name

Sub-Field Name

Description

 

 

 

 

 

 

Seq

 

Unique sequence number for this log file.

 

 

 

Entry_time

 

Date and time of event. YYYY-MM-DD 24H:MI:SS

 

 

 

Sev

 

Severity of the alert, from least to most severe:

 

 

INFO = for information only

 

 

WARN = warning

 

 

ERR= error

 

 

CRIT = critical

 

 

 

Comp

 

Software component that generated the message.

 

 

Example: BLK.

Message

Action

 

(Contained

 

 

within

 

 

quotes.)

 

 

 

 

 

 

Version

 

 

 

 

 

AlertType

 

 

 

 

 

Policy UUID

The UUID of the Firewall Rule that matched.

 

 

 

 

Severity

Not used.

 

 

 

 

Signature UUID

Not used.

 

 

 

 

Protocol Type String

String name of the Protocol field (e.g “tcp”).

 

 

 

 

Protocol Number

The IP protocol number used for the session by the

 

 

starter.

 

 

 

 

Protocol Name

String name of the Protocol (e.g. “http”)

 

 

 

 

Source IP

The source IP address and port for the session. This

 

 

represents the “starter” of the session. Format is

 

 

ddd.ddd.ddd.ddd:port.

 

 

 

296 X Family LSM User’s Guide V 2.5.1