Events - D-Link DFL-1600 User Manual

26
discontinuity of services. By reviewing the output of logging, there is a
good chance that the administrator will be able to figure out the
problematic events, and take necessary actions to correct the problems.
Once the problem is resolved, the correct content can be found in the new
logging information to verify that proper changes have been done.
Logging can also be used in Intrusion Detection System (IDS). The suspect
traffic and attempted, failed, or successful attacks against the firewall and
the network can be record, with notifications sent to alert administrators.
These logging information is very useful for administrators to determine
how an intrusion might have occurred and what counter-attack method can
be added to improve the firewall's implementation.
As soon as log-required events are taking place, the firewall generates
responses based on those events, and the responses are output into log files
of one form or another to one or more log receivers.
5.1.2

Events

There are a number of different situations that will cause D-Link firewalls
to generate and deliver log data. Each such occasion is referred to as an
event.
Some events, for instance, the firewall's startup and shutdown, will always
generate log entries. Others, for instance, to log if a specified rule is being
matched, are configurable. The most obvious and straight-forward reason
for event generating is, of course, when logging is configured in the firewall's
rules, such as IP rules, User Authentication rules, Threshold rules, and so
on.
Events of interest for capturing generally fall into three broad categories:
Firewall System Issues, Security Policy, and Network Connection Status.
System Issues
This category of events logs the firewall system's status and hardware
changes, for instance:
BUFFERS– events regarding buffer usage.
TIMESYNC– firewall time synchronization events.
HWM– hardware monitor events.
SYSTEM– startup & shutdown
D-Link Firewalls User's Guide
Chapter 5. Logging