beautypg.com

3 configuring log settings, Table 128 example log description – ZyXEL Communications ZyXEL ZyWALL 5 User Manual

Page 366

background image

ZyWALL 5 User’s Guide

Chapter 23 Logs Screens

365

The following is an example of how a log displays in the command line interpreter and a
description of the sample log. Refer to the appendices for more log message descriptions and
details on using the command line interpreter to display logs.

# .time source destination
notes
message
5|06/08/2004 05:58:20 |172.21.4.187:137 |172.21.255.255:137
|ACCESS BLOCK
Firewall default policy: UDP (W to W/ZW)

23.3 Configuring Log Settings

To change your ZyWALL’s log settings, click LOGS, then the Log Settings tab. The screen
appears as shown.
Use the Log Settings screen to configure to where the ZyWALL is to send logs; the schedule
for when the ZyWALL is to send the logs and which logs and/or immediate alerts the
ZyWALL is to send.
An alert is a type of log that warrants more serious attention. They include system errors,
attacks (access control) and attempted access to blocked web sites or web sites with restricted
web features such as cookies, active X and so on. Some categories such as System Errors
consist of both logs and alerts. You may differentiate them by their color in the View Log
screen. Alerts display in red and logs display in black.

Note: Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as

the log is full (see Log Schedule). Selecting many alert and/or log categories
(especially Access Control) may result in many e-mails being sent.

Table 128 Example Log Description

LABEL

DESCRIPTION

#

This is log number five.

time

The log was generated on June 8, 2004 at 5:58 and 20 seconds AM.

source

The log was generated due to a NetBIOS packet sent from IP address 172.21.4.187 port

137.

destination The NetBIOS packet was sent to the 172.21.255.255 subnet port 137. This was a

NetBIOS UDP broadcast packet meant to discover devices on the network.

notes

The ZyWALL blocked the packet.

message

The ZyWALL blocked the packet in accordance with the firewall’s default policy of blocking

sessions that are initiated from the WAN. “UDP” means that this was a User Datagram

Protocol packet. “W to W/ZW” indicates that the packet was traveling from the WAN to the

WAN or the ZyWALL.

See also other documents in the category ZyXEL Communications Hardware: