2.17.7. intrusion_detected (ID:
01300007)
Context Parameters
2.17.7. intrusion_detected (ID: 01300007)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
2.17.8. virus_detected (ID: 01300008)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
srcport
destip
destport
Rule Name
Deep Inspection
NOTICE
Intrusion detected: <description>, Signature ID=<signatureid>. ID
Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
An attack signature matched the traffic.
None
Research the advisory (searchable by the unique ID).
1
description
signatureid
idrule
ipproto
srcip
srcport
destip
destport
Rule Name
Deep Inspection
NOTICE
Virus/Worm detected: <description>, Signature ID=<signatureid>. ID
Rule: <idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
A virus signature matched the traffic.
None
Research the advisory (searchable by the unique ID).
1
description
signatureid
idrule
ipproto
srcip
srcport
destip
233
Chapter 2. Log Message Reference