Chapter 42 System Information & Diagnosis

5Firewall log

Firewall Log Message Format

SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf);

buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx prot rule action]

Src: Source Address

spo: Source port (empty means no source port information)

 

Dst: Destination Address

 

dpo: Destination port (empty means no destination port information)

 

prot: Protocol ("TCP","UDP","ICMP", "IGMP", "GRE", "ESP")

 

rule: <a,b> where a means "set" number; b means "rule" number.

 

Action: nothing(N) block (B) forward (F)

 

08-01-200011:48:41Local1.Notice192.168.10.10RAS: FW 172.16.1.80

:137 ->172.16.1.80

:137 UDPdefault permit:<2,0>B

 

08-01-200011:48:41Local1.Notice192.168.10.10RAS: FW 192.168.77.88

:520 ->192.168.77.88

:520 UDPdefault permit:<2,0>B

 

08-01-200011:48:39Local1.Notice192.168.10.10RAS: FW 172.16.1.50

->172.16.1.50

IGMP<2>default permit:<2,0>B

 

08-01-200011:48:39Local1.Notice192.168.10.10RAS: FW 172.16.1.25

->172.16.1.25

IGMP<2>default permit:<2,0>B

 

42.4.3 Call-Triggering Packet

Call-Triggering Packet displays information about the packet that triggered a dial-out call in an easy readable format. Equivalent information is available in menu 24.1 in hex format. An example is shown next.

 

643

ZyWALL 2WG User’s Guide