ZyXEL Communications Internet Security Gateway ZyWALL 100 User Manual

ZyWALL 100 Internet Security Gateway

17-2 Logs

Table 17-1 Log Screen

FIELD

DESCRIPTION

EXAMPLES

No.

This is the index number of the firewall log. 128
entries are available numbered from 0 to 127.
Once they are all used, the log will wrap around
and the old logs will be lost.

dd:mm:yy e.g., Jan 1 0

Time

This is the time the log was recorded in this
format. You must configure menu 24.10 for real-
time; otherwise the time shown in these examples
is displayed.

hh:mm:ss e.g.,

00:00:00

From and To IP addresses

Packet
Information

This field lists packet information such as:

protocol and port numbers.

This field states the reason for the log; i.e., was
the rule matched, not matched, or was there an
attack. The set and rule coordinates (
where X=1,2; Y=00~10) follow with a simple
explanation. There are two policy sets; set 1 (X =
1) is for LAN to WAN rules and set 2 (X = 2) for
WAN to LAN rules. Y represents the rule in the
set. You can configure up to 10 rules in any set (Y
= 01 to 10). Rule number 00 is the default rule.

not match

<1,01> dest IP

This means this packet

does not match the

destination IP address in

set 1, rule 1. Other reasons

(instead of dest IP) are src

IP, dest port, src port and

protocol.

Reason

This is a log for a DoS attack

attack

land, ip spoofing, icmp

echo, icmp vulnerability,

NetBIOS, smtp illegal

command, traceroute,
teardrop, or syn flood.

Chapter 13 has more

detailed discussion of what

these attacks mean.

Action

This field displays whether the packet was
blocked (i.e., silently discarded), forwarded or
neither (Block, Forward or None). “None” means
that no action is dictated by this rule.

Block, Forward

or None

Click Previous Page or Next Page to view other pages in your log. Click Refresh Page to renew
the log screen or Clear to clear all the logs. Click Help for online HTML help on fields in this
screen. When you have finished viewing this screen, click another link to exit.