1.2. Context Parameters - D-Link DFL-260E Reference Manual
Network security firewall netdefendos version 2.40.00
Hide thumbs
Also See for DFL-260E:
- Reference manual (948 pages) ,
- Log reference manual (652 pages) ,
- User manual (589 pages)
Table of Contents
Advertisement
1.2. Context Parameters
1.2. Context Parameters
In many cases, information regarding a certain object is featured in the log message. This can be
information about, for example, a connection. In this case, the log message should, besides all the
normal log message attributes, also include information about which protocol is used, source and
destination IP addresses and ports (if applicable), and so on.
As the same information will be included in many log messages, these are referenced as a Context
Parameter. So whenever a log message includes information about a connection, it will feature the
CONN parameter in the Context Parameter list. This means that additional information about the
connection will also be included in the log message.
A description of all available context parameters follows with an explanation of all the additional
parameters. The names of the additional parameters are specified using the Syslog format.
ALG Module Name
An ALG is always of a certain type, for example FTP, H323 or HTTP. This parameter specifies the
name of the ALG sub-module, in order to quickly distinguish which type of ALG this is.
algmod
ALG Session ID
Each ALG session has its own session ID, which uniquely identifies an ALG session. This is useful,
for example, when matching the opening of an ALG session with the closure of the same ALG
session.
algsesid
Packet Buffer
Information about the packet buffer, which in turn contains a large number of additional objects.
Certain parameters may or may not be included, depending on the type of packet buffer. For
example, the TCP flags are only included if the buffer contains a TCP protocol, and the
ICMP-specific parameters are only included if the buffer contains a ICMP protocol.
recvif
[hwsender]
[hwdest]
[arp]
[srcip]
[destip]
iphdrlen
[fragoffs]
[fragid]
The name of the ALG sub-module.
The session ID of an ALG session.
The name of the receiving interface.
The sender hardware address. Valid if the protocol is ARP.
The destination hardware address. Valid if the protocol is ARP.
The ARP state. Valid if the protocol is ARP. Possible values: request|reply.
The source IP Address. Valid if the protocol is not ARP.
The destination IP Address. Valid if the protocol is not ARP.
The IP header length.
Fragmentation offset. Valid if the IP packet is fragmented.
Fragmentation ID. Valid if the IP packet is fragmented.
31
Chapter 1. Introduction
Advertisement
Table of Contents
