Table of Contents
Advertisement
Chapter 19 The Logs Screens
can reconstruct and analyze the traffic flowing through the device after collecting
the traffic logs.
Table 91 Syslog Logs
LOG MESSAGE
Event Log: <Facility*8 +
Severity>Mon dd hr:mm:ss
hostname src="<srcIP:srcPort>"
dst="<dstIP:dstPort>"
msg="<msg>" note="<note>"
devID="<mac address>"
cat="<category>"
Traffic Log: <Facility*8 +
Severity>Mon dd hr:mm:ss
hostname src="<srcIP:srcPort>"
dst="<dstIP:dstPort>"
msg="Traffic Log"
note="Traffic Log" devID="<mac
address>" cat="Traffic Log"
duration=seconds
sent=sentBytes
rcvd=receiveBytes
dir="<from:to>"
protoID=IPProtocolID
proto="serviceName"
trans="IPSec/Normal"
The following table shows RFC-2408 ISAKMP payload types that the log displays.
Please refer to the RFC for detailed information on each type.
Table 92 RFC-2408 ISAKMP Payload Types
LOG DISPLAY
SA
PROP
TRANS
KE
ID
CER
CER_REQ
HASH
SIG
NONCE
NOTFY
DEL
VID
228
DESCRIPTION
This message is sent by the system ("RAS" displays
as the system name if you haven't configured one)
when the router generates a syslog. The facility is
defined in the Log Settings screen. The severity is
the log's syslog class. The definition of messages
and notes are defined in the various log charts
throughout this appendix. The "devID" is the MAC
address of the router's LAN port. The "cat" is the
same as the category in the router's logs.
This message is sent by the device when the
connection (session) is closed. The facility is defined
in the Log Settings screen. The severity is the traffic
log type. The message and note always display
"Traffic Log". The "proto" field lists the service
name. The "dir" field lists the incoming and
outgoing interfaces ("LAN:LAN", "LAN:WAN",
"LAN:DEV" for example).
PAYLOAD TYPE
Security Association
Proposal
Transform
Key Exchange
Identification
Certificate
Certificate Request
Hash
Signature
Nonce
Notification
Delete
Vendor ID
User's Guide
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
