WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Alarm Logs<br />
Policy Alarms<br />
Default<br />
Name<br />
Policy<br />
Message Format Example Message Caused By<br />
alarm_name=”WGRD_PM_BP_Alar<br />
m, alarm id, timestamp, message,<br />
policy name, source IP, destination<br />
IP, protocol, source port,<br />
destination port, source interface,<br />
destination interface,<br />
log_type=”al”<br />
alarm_name="WGRD_PM_BP_Alar<br />
m" alarm_id="4001" time="Wed<br />
Mar 2 07:41:21 2005 (PST)"<br />
msg="Block"<br />
policy="WGRD_PM_BP_Policy"<br />
src_ip="24.56.20.79"<br />
dst_ip="192.168.30.164" pr="tcp/<br />
sun-rpc" src_port="1727"<br />
dst_port="111" src_intf="0-<br />
External" dst_intf="2-Optional-1"<br />
log_type="al"/<br />
These alarms are caused<br />
by events associated with<br />
each policy.<br />
Proxy Alarms<br />
Default<br />
Name<br />
Proxy<br />
Message Format Example Message Caused By<br />
alarm_name=”Proxy”, alarm_id,<br />
time, message, source IP,<br />
destination IP, protocol, source<br />
port, destination port, source<br />
interface destination interface,<br />
log_type=”al”<br />
alarm_name="Proxy"<br />
alarm_id="6001" time="Tue Aug 3<br />
00:49:35 2004 (PST)"<br />
msg="ProxyAllow/HTTP Request<br />
method match"<br />
src_ip="192.168.1.102"<br />
dst_ip="16.0.0.107" pr="tcp/smtp"<br />
src_port="1384" dst_port="25"<br />
src_intf="PPTP" dst_intf="1-<br />
Trusted" log_type="al"/<br />
These alarms are caused<br />
by events associated with<br />
each proxy action.<br />
System Alarms<br />
Default<br />
Name<br />
System<br />
Message Format Example Message Caused By<br />
alarm _name detected,<br />
message_string.<br />
System detected. [1401-0512@H]<br />
user abc failed to log in from<br />
192.168.228.226.<br />
System detected. [1401-0202@H]<br />
Number of IPSec tunnels 2500<br />
reaches max IPSec tunnels allowed.<br />
These alarms are<br />
triggered by system<br />
events.<br />
<strong>Reference</strong> <strong>Guide</strong> 37