Logging
IP Reputation Log Messages
IP Reputation log messages have severity 'info' (6). The message includes information in the
following format:
<action> IPREP: <alert-msg> (URL:<url>) <protocol> <source-ip>:<source-
port> -> <dest-ip>:<dest-port>
Table 6: Elements in IP Reputation log messages
Message element
<action>
<alert-msg>
<url>
<protocol>
<source-ip>:<source-port>
<dest-ip>:<dest-port>
Output 8: Example IP Reputation log messages
2016 Nov 17 02:48:01 local5.info awplus IPS[2014]: [Drop] IPREP: DDoSAttacker:
IPREP DDoS Source [icmp] 172.16.92.2 -> 172.16.92.1
2016 Nov 17 02:48:19 local5.info awplus IPS[2015]: [Alert] IPREP: DDoSAttacker:
IPREP DDoS Source [icmp] 172.16.92.2 -> 172.16.92.1
Malware Protection Log Messages
Malware protection log messages have severity info (6). The message part includes information in
the following format:
<action> MALWARE: <alert-msg> [URL:<url>] <protocol> <source-ip>:<source-
port> -> <dest-ip>:<dest-port>
Table 7: Elements in Malware Protection log messages
Message element
<action>
<alert-msg>
<url>
<protocol>
<source-ip>:<source-port>
<dest-ip>:<dest-port>
C613-22104-00 REV B
Description
The action applied by the IP reputation feature; [ALERT] or [DROP].
The rule specific message.
The requested URL if the flow is HTTP.
The protocol e.g., SMTP, HTTP, TCP, ICMP
The source IP address and source port for the packet.
The destination IP address and source port for the packet.
Description
The action applied by malware protection; [ALERT] or [DROP]
The rule specific message.
The requested URL if the flow is HTTP.
The protocol e.g., SMTP, HTTP, TCP, ICMP
The source IP address and source port for the packet.
The destination IP address and source port for the packet.]
Advanced Network Protection
IP Reputation Log Messages
|
Page 68