Appendix C Log Formats and System Messages

Table C–3: Firewall Block Log Format (Continued)

Field Name

Sub-Field Name

Description

 

 

 

 

 

 

Message

Packet trace seq begin

Packet trace not supported by Firewall.

(cont.)

 

 

 

 

 

 

Packet trace seq end

Packet trace not supported by Firewall.

 

 

 

The fields in this table are populated depending on the event being logged:

Block event:

This event represents a firewall block. The Category, URL, Session Start and Bytes fields will be blank. The Firewall Rule field should be a hyperlink to the Firewall Rule edit page.

Web Filter Block Event:

This event is generated for a Web request that is blocked by the box. All specified fields are provided. The category field will be populated if the Web request was blocked by the Web Filter Subscription service (not for a manual URL block).

Firewall Session Log Format

An example of a comma-delimited Firewall Session Log entry follows:

87148 2006-10-23 20:26:07 INFO TNT 75.121.191.83:4672 190.206.247.84:4672 17 UDP(17) e3d4586b-67a6-4662-bc17-560455bedf54 LAN 0dc7c57b-4ff9-467f-8ef6-d5069850a1c6 WAN 100

Regular Session Start

The following table describes the downloadable format of the Firewall Session Log:

Table C–4: Firewall Session Log Format

Field Name

Description

 

 

 

 

Seq

Unique sequence number for this log file.

 

 

Entry_time

Date and time of event. YYYY-MM-DD 24H:MI:SS

 

 

Sev

Severity of the alert, from least to most severe:

 

INFO = for information only

 

WARN = warning

 

ERR= error

 

CRIT = critical

 

 

Comp

Software component that generated the message.

 

Examples: GEN, TNT

SrcIP

The source IP address and port for the session. This represents the

 

“starter’ of the session. Format is ddd.ddd.ddd.ddd:port.

 

 

298 X Family LSM User’s Guide V 2.5.1