Reading Log Messages; Firewall Log Messages - Allied Telesis AR Series Technical Manual
Feature overview and configuration guide advanced network protection
Hide thumbs
Also See for AR Series:
- Configuration (43 pages) ,
- Hardware reference manual (100 pages) ,
- Hardware reference manual (111 pages)
Table of Contents
Advertisement
Logging
Reading Log Messages
Log messages generated by AlliedWare Plus show information in the following format:
<date> <time> <facility>.<severity> <hostname> <program>[<pid>]: <message>
Table 3: Elements in log messages
ELEMENT
<date> <time>
<facility>
<severity>
<hostname>
<program>
<pid>
<message>
Firewall Log Messages
Firewall log messages are logged with facility 'kern', and have severity level 'info' (6). The message
part includes information in the following format:
Firewall [rule <rule>]: <action> IN=<input-interface> OUT=<output-
interface> SRC=<source-ip> DST=<dest-ip> MARK=<mark> ...
Table 4: Elements in firewall log messages
Message element
<rule>
<action>
<input-interface>
<output-interface>
<source-ip>
<dest-ip>
<mark>
...
C613-22104-00 REV B
DESCRIPTION
The date and time when the log message was generated, according to the device's clock.
The facility assigned for the message.
The severity level of the message, indicating its importance.
The device's hostname, as configured by the hostname command (default: awplus).
Within the modular operating system, the particular program that generated the message.
Some programs correspond to particular features (e.g., MSTP, EPSR), while others
correspond to internal functions in the operating system (e.g. kernel).
The process ID (PID) of the current instance of the software program that generated the
message. A particular process ID does not always correspond to the same program.
Some log messages, such as kernel messages, may not include a process ID.
The specific content of the log message. This may include some variable elements, such
as interface names, and some strings that are fixed.
Description
The number of the firewall rule applied. If a packet is dropped by the default deny
policy, there is no rule number.
The action applied to the packet or flow by the firewall; one of DENY, LOG,
PERMIT or REJECT.
The interface via which the traffic was received by the firewall.
The interface via which the traffic was to be transmitted by the firewall.
The source IP address of the packet.
The destination IP address of the packet.
The DPI mark—the last 3 digits are the DPI application index in hexadecimal.
Any other packet details available.
Advanced Network Protection
|
Reading Log Messages
Page 65
Hide quick links:
Advertisement
Table of Contents
