Utm Log Messages - Allied Telesis AR Series Technical Manual
Feature overview and configuration guide advanced network protection
Hide thumbs
Also See for AR Series:
- Configuration (43 pages) ,
- Hardware reference manual (100 pages) ,
- Hardware reference manual (111 pages)
Table of Contents
Advertisement
Logging
Output 6: Example firewall log messages
2016 Nov 28 23:26:34 kern.info awplus kernel: Firewall rule 10: PERMIT IN=
OUT=eth0 SRC=192.168.5.2 DST=192.168.5.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64
ID=7935 DF PROTO=ICMP TYPE=8 CODE=0 ID=2406 SEQ=1
2016 Nov 25 14:10:38 kern.info awplus kernel: Firewall: DENY probe FIN IN=vlan1
OUT=eth1 MAC=00:00:cd:38:00:bc:52:54:6b:6b:0f:1e:08:00 SRC=192.168.1.1
DST=172.16.1.2 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=54219 PROTO=TCP SPT=6000
DPT=21 WINDOW=512 RES=0x00 UG PSH FIN URGP=0
2016 Nov 25 18:38:36 kern.info awplus kernel: Firewall rule 20: PERMIT IN=eth1
OUT=vlan1 MAC=00:00:cd:38:00:96:52:54:78:36:8f:a6:08:00 SRC=172.16.1.2
DST=192.168.1.1 LEN=239 TOS=0x00 PREC=0x00 TTL=63 ID=20563 DF PROTO=TCP SPT=80
DPT=46254 WINDOW=905 RES=000 ACK PSH URGP=0 MARK=0x1053
UTM Log Messages
The log messages from various UTM security features may come from a variety of sources and it is
sometimes not obvious to users which program names they need to specify in order to get the logs
from different features.
Log messages related to the firewall UTM features are generated by different programs, but from
AlliedWare 5.4.7-1.x they are all now assigned the facility 'local5'. This means you can easily filter
log messages for all UTM messages via a single filter, for instance, to send all UTM log messages
from multiple devices to a single destination.
The UTM log messages are generated by these programs:
The program IPS generates messages for the Suricata stream-based security features Intrusion
Prevention System, IP Reputation, Malware Protection, URL Filtering.
The UTM program generates messages for the proxy-based features Web Control and Anti-virus.
Configuration example: logging UTM messages
To configure an AR-Series firewall to generate log messages for any UTM features in use and send
them to a syslog server at IP address 192.168.1.1, use the commands:
awplus#
awplus(config)#
To configure an AR-Series firewall to generate and send log messages for any UTM features in use
into the buffered log, use the commands:
awplus#
awplus(config)#
awplus(config)#
To selectively view only the log messages that have been sent to the buffered log that contain the
facility local5, use the command line interface:
awplus#
C613-22104-00 REV B
configure terminal
log host 192.168.1.1 facility local5
configure terminal
log buffered facility local5
exit
show log |grep local5
Advanced Network Protection
|
UTM Log Messages
Page 66
Hide quick links:
Advertisement
Table of Contents
