Table 12-1 Log Screen - ZyXEL Communications ZyXEL ZyWALL 50 User Manual

ZyWALL 50 Internet Security Gateway
FIELD
No. This is the index number of the firewall log. 128
entries are available numbered from 0 to 127.
Once they are all used, the log will wrap around
and the old logs will be lost.
Time This is the time the log was recorded in this
format. You must configure menu 24.10 for real-
time; otherwise the time shown in these examples
is displayed.
Packet This field lists packet information such as:
Information
Reason This field states the reason for the log; i.e., was
the rule matched, not matched, or was there an
attack. The set and rule coordinates (<X, Y>
where X=1,2; Y=00~10) follow with a simple
explanation. There are two policy sets; set 1 (X =
1) is for LAN to WAN rules and set 2 (X = 2) for
WAN to LAN rules. Y represents the rule in the
set. You can configure up to 10 rules in any set (Y
= 01 to 10). Rule number 00 is the default rule.
This is a log for a DoS attack
Action This field displays whether the packet was
blocked (i.e., silently discarded), forwarded or
neither (Block, Forward or None). "None" means
that no action is dictated by this rule.
Click Previous Page or Next Page to view other pages in your log. Click Refresh to renew the log
screen or Clear to clear all the logs. Click Help for online HTML help on fields in this screen.
When you have finished viewing this screen, click another link to exit.
12-2

Table 12-1 Log Screen

DESCRIPTION EXAMPLES
dd:mm:yy e.g., Jan 1 0
hh:mm:ss e.g., 00:00:00
From and To IP addresses
protocol and port numbers.
not match
<1,01> dest IP
This means this packet
does not match the
destination IP address in
set 1, rule 1. Other reasons
(instead of dest IP) are src
IP, dest port, src port and
protocol.
attack
land, ip spoofing, icmp
echo, icmp vulnerability,
NetBIOS, smtp illegal
command, traceroute,
teardrop, or syn flood.
Chapter 7 has more
detailed discussion of what
these attacks mean.
Block, Forward
or None
Logs