WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Event Logs<br />
Gateway AntiVirus Service Alarms<br />
Default<br />
Name<br />
AV<br />
Message Format Example Message Caused By<br />
alarm_name-”AV” alarm id,<br />
timestamp, message, source IP,<br />
destination IP, protocol, source<br />
port, destination port, source<br />
interface, destination interface,<br />
virus name, sender, log_type=”al”<br />
alarm_name="AV"<br />
alarm_id="6001" time="Mon Aug 2<br />
22:20:44 2004 (PST)" msg="SMTP<br />
Filename" src_ip="192.168.1.102"<br />
dst_ip="16.0.0.107" pr="tcp/smtp"<br />
src_port="1384" dst_port="25"<br />
src_intf="PPTP" dst_intf="1-<br />
Trusted" virus="Eicar-Test-<br />
Signature"<br />
sender="phillip@sjcqa.com"<br />
log_type="al"/<br />
These alarms are caused<br />
by events associated with<br />
each AV rule of the SMTP<br />
proxy action.<br />
Intrusion Prevention Service Alarms<br />
Default<br />
Name<br />
IPS<br />
Message Format Example Message Caused By<br />
alarm_name=”IPS”, alarm id,<br />
timestamp, message, source IP,<br />
destination IP, protocol, source<br />
port, destination port, source<br />
interface, destination interface, IPS<br />
message, signature category,<br />
signature ID, log_type=”al”<br />
alarm_name="IPS"<br />
alarm_id="3001" time="Wed Aug 4<br />
00:58:33 2004 (PST)" msg="IPS"<br />
src_ip="16.0.0.1"<br />
dst_ip="16.0.1.107" pr="tcp/http"<br />
src_port="4110" dst_port="80"<br />
src_intf="1-Trusted" dst_intf="0-<br />
External" ips_msg="WEB-ATTACKS<br />
kill command attempt"<br />
signature_cat="http-request"<br />
signature_id="1335"<br />
log_type="al"/<br />
These alarms are caused<br />
by different protocol<br />
types.<br />
Event Logs<br />
Event logs are created because of Firebox user activity. Events that cause event logs include:<br />
• Firebox start up/shut down<br />
• Firebox and VPN authentication<br />
• Process start up/shut down<br />
• Problems with the Firebox hardware components<br />
• Any task done by the Firebox administrator<br />
On a Firebox using Fireware appliance software, there are seven product components, including 27 different<br />
log modules, that create event and diagnostic log messages to send to the log server. The function<br />
of each log module is shown in the table that follows.<br />
<strong>Reference</strong> <strong>Guide</strong> 41