WSM Reference Guide - WatchGuard Technologies

Alarm Logs
Policy Alarms
Default
Name
Policy
Message Format Example Message Caused By
alarm_name=”WGRD_PM_BP_Alar
m, alarm id, timestamp, message,
policy name, source IP, destination
IP, protocol, source port,
destination port, source interface,
destination interface,
log_type=”al”
alarm_name="WGRD_PM_BP_Alar
m" alarm_id="4001" time="Wed
Mar 2 07:41:21 2005 (PST)"
msg="Block"
policy="WGRD_PM_BP_Policy"
src_ip="24.56.20.79"
dst_ip="192.168.30.164" pr="tcp/
sun-rpc" src_port="1727"
dst_port="111" src_intf="0-
External" dst_intf="2-Optional-1"
log_type="al"/
These alarms are caused
by events associated with
each policy.
Proxy Alarms
Default
Name
Proxy
Message Format Example Message Caused By
alarm_name=”Proxy”, alarm_id,
time, message, source IP,
destination IP, protocol, source
port, destination port, source
interface destination interface,
log_type=”al”
alarm_name="Proxy"
alarm_id="6001" time="Tue Aug 3
00:49:35 2004 (PST)"
msg="ProxyAllow/HTTP Request
method match"
src_ip="192.168.1.102"
dst_ip="16.0.0.107" pr="tcp/smtp"
src_port="1384" dst_port="25"
src_intf="PPTP" dst_intf="1-
Trusted" log_type="al"/
These alarms are caused
by events associated with
each proxy action.
System Alarms
Default
Name
System
Message Format Example Message Caused By
alarm _name detected,
message_string.
System detected. [1401-0512@H]
user abc failed to log in from
192.168.228.226.
System detected. [1401-0202@H]
Number of IPSec tunnels 2500
reaches max IPSec tunnels allowed.
These alarms are
triggered by system
events.
Reference Guide 37