beautypg.com

6 syslog logs, Table 176 syslog logs – ZyXEL Communications ZyXEL ZyWALL 2WG User Manual

Page 448

background image

Chapter 25 Logs Screens

ZyWALL 2WG User’s Guide

448

25.6 Syslog Logs

There are two types of syslog: event logs and traffic logs. The device generates an event log
when a system event occurs, for example, when a user logs in or the device is under attack.
The device generates a traffic log when a "session" is terminated. A traffic log summarizes the
session's type, when it started and stopped the amount of traffic that was sent and received and
so on. An external log analyzer can reconstruct and analyze the traffic flowing through the
device after collecting the traffic logs.

0

Time to live exceeded in transit

1

Fragment reassembly time exceeded

12

Parameter Problem

0

Pointer indicates the error

13

Timestamp

0

Timestamp request message

14

Timestamp Reply

0

Timestamp reply message

15

Information Request

0

Information request message

16

Information Reply

0

Information reply message

Table 175 ICMP Notes (continued)

TYPE

CODE

DESCRIPTION

Table 176 Syslog Logs

LOG MESSAGE

DESCRIPTION

Event Log: Severity>Mon dd hr:mm:ss
hostname src=""
dst=""
msg="" note=""
devID=""
cat=""

This message is sent by the system ("RAS" displays as the

system name if you haven’t configured one) when the

router generates a syslog. The facility is defined in the web

MAIN MENU, LOGS, Log Settings page. The severity is

the log’s syslog class. The definition of messages and

notes are defined in the other log tables. The “devID” is the

MAC address of the router’s LAN port. The “cat” is the

same as the category in the router’s logs.

Traffic Log: Severity>Mon dd hr:mm:ss
hostname src=""
dst=""
msg="Traffic Log"
note="Traffic Log" devID="address>" cat="Traffic Log"
duration=seconds
sent=sentBytes
rcvd=receiveBytes
dir=""
protoID=IPProtocolID
proto="serviceName"
trans="IPSec/Normal"

This message is sent by the device when the connection

(session) is closed. The facility is defined in the Log

Settings screen. The severity is the traffic log type. The

message and note always display "Traffic Log". The "proto"

field lists the service name. The "dir" field lists the incoming

and outgoing interfaces ("LAN:LAN", "LAN:WAN",

"LAN:DMZ", "LAN:DEV" for example).

See also other documents in the category ZyXEL Communications Hardware: