WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Alarm Logs<br />
HTTP Proxy Traffic Log Messages<br />
Text in Message Field<br />
Associated Fields<br />
HTTP REQ<br />
op<br />
dstname<br />
arg<br />
HTTP HEADER IPS MATCH<br />
ips_msg<br />
signature_id<br />
HTTP BODY IPS MATCH<br />
ips_msg<br />
signature_id<br />
HTTP BYTECOUNT UPDATE<br />
Message Meaning<br />
Value that appears in associated field(s)<br />
Auditing information about an HTTP request.<br />
HTTP request method<br />
hostname from requested URL<br />
path and query-string from requested URL<br />
The HTTP header matches an IPS signagure.<br />
description of the signature that matched<br />
the signature ID of the rule that matched<br />
The HTTP body matches an IPS signature.<br />
description of the signature that matched<br />
the signature ID of the rule that matched<br />
Auditing information for an HTTP request that has a very large<br />
response.<br />
TCP Proxy Traffic Log Messages<br />
Text in Message Field<br />
Associated Fields<br />
Message Meaning<br />
Value that appears in associated field(s)<br />
TCP REQ<br />
outgoing_msg the mode the handler is in.<br />
TCP IPS MATCH<br />
ips_msg<br />
signature_id<br />
TCP proxy found an IPS signature match.<br />
description of the signature that matched<br />
the signature ID of the rule that matched<br />
Alarm Logs<br />
Alarm logs are sent when an alarm condition is met. The Firebox sends the alarm log to the Traffic Monitor<br />
and Log Server and triggers the specified action.<br />
Some alarms are set in your Firebox configuration. For example, you can use Policy Manager to configure<br />
an alarm to occur when a certain threshold is met. Other alarms are set by default. The Firebox sends<br />
an alarm log when a network connection on one of the Firebox interfaces fails. This cannot be changed<br />
in your configuration. The Firebox never sends more than 10 alarms in 15 minutes for the same set of<br />
conditions.<br />
There are eight categories of alarm logs: System, IPS, AV, Policy, Proxy, Probe, Denial of service, and Traffic.<br />
There is a table below for each category of alarms, showing the format of the alarm log messages in<br />
each category.<br />
36 <strong>WatchGuard</strong> System Manager