Westermo MR Series User Manual

407

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Log File Examples

15.9.1

Example: log entry without the body option:

----- 15-8-2002 16:25:50 -----

FW LOG Dir: IN Line: 11 Hits: 1 IFACE: ETH 0

Source IP: 100.100.100.25 Dest IP: 100.100.100.50 ID: 39311 TTL:

128

PROTO: TCP (6)

Src Port: 4232 Dst Port: WEB (80)

pass in log break end on eth 0 proto tcp from 100.100.100.25 to

addr-eth0

flags S/SA inspect-state

------------

Example: Log entry with the body option:

----- 15-8-2002 16:27:56 -----
FW LOG Dir: IN Line: 7 Hits: 1 IFACE: ETH 0
Source IP: 100.100.100.25 Dest IP: 100.100.100.50 ID: 40140 TTL:

128

PROTO: ICMP (1)

block return-icmp echorep log body break end proto icmp icmp-type

echo

From REM TO LOCIFACE: ETH 0

45

IP Ver:

4

Hdr Len:

20

00

TOS:

Routine

Delay:

Normal

Throughput:

Normal

Reliability:

Normal

00 3C

Length:

60

9C CC

ID:

40140

00 00

Frag Offset: 0

Congestion:

Normal May FragmentLast Fragment

80

TTL:

128

01

Proto:

ICMP

0C E1

Checksum:

3297

64 64 64 19

Src IP:

100.100.100.25

64 64 64 32

Dst IP:

100.100.100.50

ICMP:

08

Type:

ECHO REQ

00

Code:

0

04

5C Checksum: 1116

Example: Text included in the EVENTLOG.TXT pseudo-file when the event sub-option is specified:

16:26:32, 15 Aug 2002,Firewall Log Event: Line: 10, Hits: 3

Example: Syslog message where the body option is not specified:

2002-09-04 16:30:06User.Info100.100.100.50Aug 15 16:31:59 arm.1140
IP Filter -

Filter Rule: block return-icmp unreach host-unr in log syslog

breakend on eth 0 proto tcp from any to 100.100.100.50 port=telnet

Line: 10

Hits: 4

Example: Syslog message with the body option is specified:

2002-08-30 16:19:59User.Info100.100.100.50Aug 10 16:21:56 arm.1140

IP Filter - Filter Rule: block return-icmp unreach port-unr in log-

body syslog break end on eth 0 proto tcp from any to 100.100.100.50

port=telnet

Line: 9

Hits: 3

PKT: