Filter log, Ppp log – ZyXEL Communications ZyXEL ZyWALL 2WE User Manual

Page 241

background image

ZyWALL 2 and ZyWALL 2WE

System Information and Diagnosis

21-9

2. Packet triggered

Packet triggered Message Format
SdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String );

String = Packet trigger: Protocol=xx Data=xxxxxxxxxx…..x

Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG)

Data: We will send forty-eight Hex characters to the server

Jul 19 11:28:39 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1,

Data=4500003c100100001f010004c0a86614ca849a7b08004a5c020001006162636465666768696a6b6c6d6e6f707172

7374

Jul 19 11:28:56 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1,
Data=4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd40000020405b4

Jul 19 11:29:06 192.168.102.2 ZyXEL: Packet Trigger: Protocol=1,

Data=45000028240140001f06ac12c0a86614ca849a7b0427001700195b451d1430135004000077600000

3. Filter log

Filter log Message Format

SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String );

String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD

IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R), match (m) drop

(D).

Src: Source Address

Dst: Destination Address

prot: Protocol (“TCP”,”UDP”,”ICMP”)

spo: Source port

dpo: Destination port

Mar 03 10:39:43 202.132.155.97 ZyXEL:
GEN[fffffffffffnordff0080] }S05>R01mF

Mar 03 10:41:29 202.132.155.97 ZyXEL:

GEN[00a0c5f502fnord010080] }S05>R01mF

Mar 03 10:41:34 202.132.155.97 ZyXEL:

IP[Src=192.168.2.33 Dst=202.132.155.93 ICMP]}S04>R01mF

Mar 03 11:59:20 202.132.155.97 ZyXEL:

GEN[00a0c5f502fnord010080] }S05>R01mF
Mar 03 12:00:52 202.132.155.97 ZyXEL:

GEN[ffffffffffff0080] }S05>R01mF

Mar 03 12:00:57 202.132.155.97 ZyXEL:

GEN[00a0c5f502010080] }S05>R01mF

Mar 03 12:01:06 202.132.155.97 ZyXEL:

IP[Src=192.168.2.33 Dst=202.132.155.93 TCP spo=01170 dpo=00021]}S04>R01mF

4. PPP log

PPP Log Message Format
SdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String );

String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto Shutdown
Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP /

IPXCP

Jul 19 11:42:44 192.168.102.2 ZyXEL: ppp:LCP Closing
Jul 19 11:42:49 192.168.102.2 ZyXEL: ppp:IPCP Closing

Jul 19 11:42:54 192.168.102.2 ZyXEL: ppp:CCP Closing