Справочник Пользователя для ASUS RX3141
Chapter 9. Configuring Firewall/NAT Settings
RX3141 User’s Manual
62
Figure 9.11 Sample Firewall Log
9.7.1 Log
Format
Two types of log are supported by the RX3141 – system security log and firewall access control log. They are
designated by the two keywords, sys and fw respectively. The log format is best explained by
examples:System Security Log Example:
designated by the two keywords, sys and fw respectively. The log format is best explained by
examples:System Security Log Example:
Jan 1 00:01:22 2000 klogd: sys: TCP XMAS/NULL packet from 192.168.1.100.
Explanation: Jan 1 00:01:22 2000 indicates the time of the attack; klogd: sys, this attack is detected by the
system security model; TCP XMAS/NULL, the type of attack detected; 192.168.1.100, source of the attack.
system security model; TCP XMAS/NULL, the type of attack detected; 192.168.1.100, source of the attack.
Firewall Access Control Log Example:
Jan 1 00:03:11 2000 klogd: fw: OUTBOUND rule=1 allow icmp from 192.168.1.100 to 211.1.1.1 type=8
code=0 id=512Explanation: Jan 1 00:03:11 2000 indicates the time of the access; klogd: fw, indicates the log
is related to firewall access control; OUTBOUND, the direction of the traffic; rule=1, the rule that matches the
IP information of the traffic; allow, action taken by the firewall; icmp, protocol type of the traffic; 192.168.1.100,
source of the traffic; 211.1.1.1, destination of the traffic; type=8, ICMP message type; code=0, ICMP message
code; id=512, ICMP message ID.
code=0 id=512Explanation: Jan 1 00:03:11 2000 indicates the time of the access; klogd: fw, indicates the log
is related to firewall access control; OUTBOUND, the direction of the traffic; rule=1, the rule that matches the
IP information of the traffic; allow, action taken by the firewall; icmp, protocol type of the traffic; 192.168.1.100,
source of the traffic; 211.1.1.1, destination of the traffic; type=8, ICMP message type; code=0, ICMP message
code; id=512, ICMP message ID.