Logging
antivirus: Unable to scan <url> to <client-ip>: <reason>
antivirus: Unable to allocate memory to scan <url> to <client-ip>
antivirus: Max scan depth exceeded for <url> to <client-ip>
All the above Anti-virus log messages have severity level 'warning' (4).
Table 11: Elements in Anti-virus log messages
Message element
<virus>
<url>
<client-ip>
<reason>
Output 15: Example Anti-virus log message
2016 Nov 25 10:15:51 local5.warning awplus UTM[802]: antivirus: Virus EICAR-
Test-File[certain] detected in http://www.example.com/data/infected/sample.txt
to 192.168.1.1
Firewall Connection Logging
This feature is supported from AlliedWare Plus version 5.4.7-1.
Firewall connection logging can be enabled to provide additional logs that show the start and end of
connections passing through the firewall. These messages are assigned facility local5. They have
severity 'info' (6).
To enable logging of new connections, closed connections, or both passing through the firewall, use
the commands:
awplus#
awplus(config)#
To show the configuration of firewall connection logging, use the following command:
awplus#
Output 16: Example output from show connection-log events
awplus#show connection-log events
Log new connection events:
Log connection end events:
C613-22104-00 REV B
Description
The name of the virus detected.
The requested URL.
The IP address of the requester.
Reason for failure to scan.
configure terminal
connection-log events {new|end|all}
show connection-log events
Disabled
Enabled
Advanced Network Protection
Firewall Connection Logging
|
Page 72