Table of Contents
Advertisement
Access Logging
It is possible to log any traffic that arrives at or traverses the SG unit. The only logging
that is enabled by default is to take note of packets that were dropped. While it is
possible to specifically log exactly which rule led to such a drop, this is not configured by
default. All rules in the default security policy drop packets. They never reject them.
That is, the packets are simply ignored, and have no responses at all returned to the
sender. It is possible to configure reject rules if so desired.
All traffic logging performed on the SG unit creates entries in the syslog
(/var/log/messages or external syslog server) of the following format:
<Date/Time> klogd: <prefix> IN=<incoming interface>
OUT=<outgoing interface> MAC=<dst/src MAC addresses>
SRC=<source IP> DST=<destination IP> SPT=<source port>
DPT=<destination port> <additional packet info>
Where:
<prefix>
<incoming interface>
<outgoing interface>
<dst/src MAC addresses> MAC addresses associated with the packet
<source IP>
<destination IP>
<source port>
<destination port>
Depending on the type of packet and logging performed some of the fields may not
appear.
Appendix B – System Log
Appendix B – System Log
if non-empty, hints at cause for log entry
empty, or one of eth0, eth1 or similar
as per incoming interface
packet claims it came from this IP address
packet claims it should go to this IP address
packet claims it came from this TCP port
packet wants to go to this TCP port
281
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
