Appendix C Log Formats and System Messages
Table
Field | Description |
|
|
|
|
10 | Policy Name |
|
|
11 | Signature Name |
|
|
12 | Protocol name (“icmp”, “udp”, “tcp”, or “unknown”) |
|
|
13 | Firewall IP Protocol Numeric and String. Format is <uint>(<string>). |
| Only used in Firewall Block Logs for the X family device. In all other logs, this |
| field will be 0. |
|
|
14 | Source address and port, colon delimited |
|
|
15 | Destination address and port, colon delimited |
|
|
16 | ISO 8601 |
|
|
17 | Number of events since start of aggregation period |
|
|
18 | Traffic Threshold message parameters |
|
|
19 | Traffic capture available on device (available = 1; none = 0) |
|
|
20 | Slot and segment of event |
|
|
High Availability Log Messages
The High Availability mechanism logs the following messages to the System Log. For details on the System Log, see “System Log Format” on page 300.
Table
Message | Type | Description |
|
|
|
|
|
|
Changed to HA active state | Informational | Standby device has determined that |
|
| active device is not responding to HA |
|
| polling or has been manually forced to |
|
| active state |
|
|
|
Changed to HA standby state | Informational | Active device has determined that it |
|
| should return to standby state or has |
|
| been manually forced to standby state |
|
|
|
Active HA device | Informational | Standby device has detected one of the |
detected |
| HA management IP addresses of the |
|
| active device. This should be logged |
|
| for each of the IP interfaces that is |
|
| configured with an HA management |
|
| IP address. |
|
|
|
302 X Family LSM User’s Guide V 2.5.1