beautypg.com

4 ppp log 5 firewall log – ZyXEL Communications 5 Series User Manual

Page 658

background image

ZyWALL 5/35/70 Series User’s Guide

658

Chapter 46 System Information & Diagnosis

4 PPP log

5 Firewall log

Filter log Message Format

SdcmdSyslogSend(SYSLOG_FILLOG, SYSLOG_NOTICE, String );

String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD

IP[…] is the packet header and S04>R01mD means filter set 4 (S) and rule 1 (R),
match (m) drop (D).

Src: Source Address

Dst: Destination Address

prot: Protocol ("TCP","UDP","ICMP")

spo: Source port

dpo: Destination portMar 03 10:39:43 202.132.155.97 ZyXEL:
GEN[fffffffffffnordff0080] }S05>R01mF

Mar 03 10:41:29 202.132.155.97 ZyXEL:

GEN[00a0c5f502fnord010080] }S05>R01mF

Mar 03 10:41:34 202.132.155.97 ZyXEL:

IP[Src=192.168.2.33 Dst=202.132.155.93 ICMP]}S04>R01mF

Mar 03 11:59:20 202.132.155.97 ZyXEL:

GEN[00a0c5f502fnord010080] }S05>R01mF

Mar 03 12:00:52 202.132.155.97 ZyXEL:

GEN[ffffffffffff0080] }S05>R01mF

Mar 03 12:00:57 202.132.155.97 ZyXEL:

GEN[00a0c5f502010080] }S05>R01mF

Mar 03 12:01:06 202.132.155.97 ZyXEL:

IP[Src=192.168.2.33 Dst=202.132.155.93 TCP spo=01170 dpo=00021]}S04>R01mF

PPP Log Message Format

SdcmdSyslogSend( SYSLOG_PPPLOG, SYSLOG_NOTICE, String );

String = ppp:Proto Starting / ppp:Proto Opening / ppp:Proto Closing / ppp:Proto
Shutdown

Proto = LCP / ATCP / BACP / BCP / CBCP / CCP / CHAP/ PAP / IPCP /

IPXCP

Jul 19 11:42:44 192.168.102.2 ZyXEL: ppp:LCP Closing

Jul 19 11:42:49 192.168.102.2 ZyXEL: ppp:IPCP Closing

Jul 19 11:42:54 192.168.102.2 ZyXEL: ppp:CCP Closing

Firewall Log Message Format

SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf);

buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | prot | rule |
action]

Src: Source Address

spo: Source port (empty means no source port information)

Dst: Destination Address

dpo: Destination port (empty means no destination port information)

prot: Protocol ("TCP","UDP","ICMP", "IGMP", "GRE", "ESP")

rule: where a means "set" number; b means "rule" number.

Action: nothing(N) block (B) forward (F)

08-01-200011:48:41Local1.Notice192.168.10.10RAS: FW 172.21.1.80 :137 -
>172.21.1.80 :137 |UDP|default permit:<2,0>|B

08-01-200011:48:41Local1.Notice192.168.10.10RAS: FW 192.168.77.88 :520 -
>192.168.77.88 :520 |UDP|default permit:<2,0>|B

08-01-200011:48:39Local1.Notice192.168.10.10RAS: FW 172.21.1.50 ->172.21.1.50
|IGMP<2>|default permit:<2,0>|B

08-01-200011:48:39Local1.Notice192.168.10.10RAS: FW 172.21.1.25 ->172.21.1.25
|IGMP<2>|default permit:<2,0>|B

See also other documents in the category ZyXEL Communications Hardware: