Table of Contents
Advertisement
Appendix C ZyNOS Log Descriptions
13.1 Syslog Logs
There are two types of syslog: event logs and traffic logs. The device generates an event log
when a system event occurs, for example, when a user logs in or the device is under attack.
The device generates a traffic log when a "session" is terminated. A traffic log summarizes the
session's type, when it started and stopped the amount of traffic that was sent and received and
so on. An external log analyzer can reconstruct and analyze the traffic flowing through the
device after collecting the traffic logs.
Table 191 Syslog Logs
LOG MESSAGE
Event Log: <Facility*8 +
Severity>Mon dd hr:mm:ss
hostname src="<srcIP:srcPort>"
dst="<dstIP:dstPort>"
msg="<msg>" note="<note>"
devID="<mac address>"
cat="<category>"
Traffic Log: <Facility*8 +
Severity>Mon dd hr:mm:ss
hostname src="<srcIP:srcPort>"
dst="<dstIP:dstPort>"
msg="Traffic Log"
note="Traffic Log" devID="<mac
address>" cat="Traffic Log"
duration=seconds
sent=sentBytes
rcvd=receiveBytes
dir="<from:to>"
protoID=IPProtocolID
proto="serviceName"
trans="IPSec/Normal"
Event Log: <Facility*8 +
Severity>Mon dd hr:mm:ss
hostname src="<srcIP:srcPort>"
dst="<dstIP:dstPort>"
ob="<0|1>" ob_mac="<mac
address>" msg="<msg>"
note="<note>" devID="<mac
address>" cat="<category>"
Event Log: <Facility*8 +
Severity>Mon dd hr:mm:ss
hostname src="<srcIP:srcPort>"
dst="<dstIP:dstPort>"
ob="0|1" ob_mac="<mac
address>" msg="<msg>"
note="<note>" devID="<mac
address>" cat="Anti Virus"
encode="< uu | b64 >"
372
DESCRIPTION
This message is sent by the system ("RAS" displays as the
system name if you haven't configured one) when the router
generates a syslog. The facility is defined in the web MAIN
MENU, LOGS, Log Settings page. The severity is the log's
syslog class. The definition of messages and notes are
defined in the other log tables. The "devID" is the MAC
address of the router's LAN port. The "cat" is the same as
the category in the router's logs.
This message is sent by the device when the connection
(session) is closed. The facility is defined in the Log
Settings screen. The severity is the traffic log type. The
message and note always display "Traffic Log". The "proto"
field lists the service name. The "dir" field lists the incoming
and outgoing interfaces ("LAN:LAN", "LAN:WAN",
"LAN:DMZ", "LAN:DEV" for example).
This message is sent by the device ("RAS" displays as the
system name if you haven't configured one) at the time
when this syslog is generated. The facility is defined in the
web MAIN MENU, LOGS, Log Settings page. The severity
is the log's syslog class. The definition of messages and
notes are defined in the other log tables. OB is the Out
Break flag and the mac address of the Out Break PC.
This message is sent by the device ("RAS" displays as the
system name if you haven't configured one) at the time
when this syslog is generated. The facility is defined in the
web MAIN MENU, LOGS, Log Settings page. The severity
is the log's syslog class. The "encode" message indicates
the mail attachments encoding method. The definition of
messages and notes are defined in the Anti-Virus log
descriptions.
Vantage Report User's Guide
Advertisement
Table of Contents
Troubleshooting
