WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies WSM Reference Guide - WatchGuard Technologies
Well-Known Services ListService Name Port # Protocol Descriptionwebster 765 TCP/UDP Network dictionaryphonebook 767 TCP/UDP Phonesocks 1080 TCP/UDP Sockshermes 1248 TCP/UDP Hermeslotusnote 1352 TCP/UDP Lotus Notesnetware-csp 1366 TCP/UDP Novell NetWare Comm Service Platformnovell-lu6.2 1416 TCP/UDP Novell LU6.2netopia 1419 UDPNetopia Virtual Office8000 TCPms-sql-s 1433 TCP/UDP Microsoft-SQL-Serverms-sql-m 1434 TCP/UDP Microsoft-SQL-Monitorwinframe 1494 TCP WinFramewatcom-sql 1498 TCP/UDP Watcom-SQLingreslock 1524 TCP/UDP Ingresgroupwise 1677 TCP GroupWisenfs 2049 TCP/UDP Network File Serverwww-dev 2784 TCP/UDP World Wide Web - developmentSquid 3128 TCP/UDP Web proxy/caching service -- frequently scanned forvulnerabilitiesccmail 3264 TCP/UDP Cc:mail/lotusICQ 21094000Firstclass 300030004TCPUDPTCPUsed for chatFirstClass (ftp channel on 510 TCP)compuserve 4144 TCP CompuServe Onlinerfe 5002 TCP/UDP Radio free ethernetaol 5190 TCP America Onlinex11 6000 TCP/UDP X Window System (through 6063)font-service 7100 TCP/UDP X Font Servicenas 8000 TCP/UDP NCD Network Audio Serveriphone 6670 TCP for connecting to the phone serveriphone 22555 UDP for audioiphone 25793 TCP for the address server, in 4.x and 5.0iphone 1490 TCP for the conference engine in 4.x and 5.026 WatchGuard System Manager
CHAPTER 4Log MessagesUnderstanding the log messages the Firebox sends to the log file is a critical function for a Fireboxadministrator. The log messages give you important information about the flow of traffic through yournetwork. The log messages are also a key component in troubleshooting problems that occur in yournetwork.This chapter explains the types of log messages the Firebox generates. It gives examples of traffic andalarm log messages and a list of available event logs for Fireboxes using Fireware appliance software.You can get access to the Fireware XML log DTD and schema using through the FAQs available atwww.watchguard.com/support.Introduction to LoggingThe WatchGuard Firebox X Core and Firebox X Peak send log messages to a WatchGuard log server. Theycan also send log messages to a syslog server or keep logs locally on the Firebox. It is your decision tosend logs to any or all of these locations.You can see log messages in real time using the WatchGuard System Manager Traffic Monitor. You canalso show the logs in the LogViewer. The log messages are kept in an XML file with a .wgl.xml extensionin the WatchGuard directory on the log server. If it becomes necessary, you can open this file using anyXML tool to see log messages.The Firebox sends four types of log messages:• Traffic logs• Alarm logs• Event logs• Diagnostic logsTraffic logsThe Firebox sends traffic logs as it applies packet filter and proxy rules to traffic passing through the Firebox.Reference Guide 27
- Page 1 and 2: WatchGuard ® System ManagerReferen
- Page 3 and 4: ContentsCHAPTER 1 Internet Protocol
- Page 5 and 6: CHAPTER 1Internet Protocol Referenc
- Page 7 and 8: Internet Protocol HeaderKeyword Num
- Page 9 and 10: Transfer ProtocolsSource RoutingThe
- Page 11 and 12: CHAPTER 2MIME Content TypesSoftware
- Page 13 and 14: Type Subtype Reference (where avail
- Page 15 and 16: Type Subtype Reference (where avail
- Page 17 and 18: Type Subtype Reference (where avail
- Page 19 and 20: Type Subtype Reference (where avail
- Page 21 and 22: Type Subtype Reference (where avail
- Page 23 and 24: CHAPTER 3Services and PortsWell-kno
- Page 25 and 26: Well-Known Services ListPort(s) Pro
- Page 27 and 28: Well-Known Services ListService Nam
- Page 29: Well-Known Services ListService Nam
- Page 33 and 34: Traffic LogsFWAllowEach packet filt
- Page 35 and 36: Traffic Logsdst_ip="66.35.250.151"
- Page 37 and 38: Traffic LogsDNS Proxy Traffic Log M
- Page 39 and 40: Traffic LogsHTTP Proxy Traffic Log
- Page 41 and 42: Alarm LogsPolicy AlarmsDefaultNameP
- Page 43 and 44: Alarm LogsDenial of Servce (DoS) Al
- Page 45 and 46: Event LogsGateway AntiVirus Service
- Page 47 and 48: Event LogsDescription of Log Module
- Page 49 and 50: Event LogsEvent Log Message Catalog
- Page 51 and 52: Event LogsEvent Log Message Catalog
- Page 53 and 54: Event LogsEvent Log Message Catalog
- Page 55 and 56: Event LogsEvent Log Message Catalog
- Page 57 and 58: Event LogsEvent Log Message Catalog
- Page 59 and 60: Firebox Log File XML DTD and Schema
- Page 61 and 62: Firebox® X Edge Log MessagesModule
- Page 63 and 64: Firebox® X Edge Log MessagesModule
- Page 65 and 66: Firebox® X Edge Log MessagesModule
- Page 67 and 68: Firebox® X Edge Log MessagesModule
- Page 69 and 70: Firebox® X Edge Log MessagesModule
- Page 71 and 72: Firebox® X Edge Log MessagesModule
- Page 73 and 74: CHAPTER 5WebBlocker ContentWatchGua
- Page 75 and 76: WebBlocker CategoriesCategoryDrugs,
- Page 77 and 78: WebBlocker CategoriesCategoryJob Se
- Page 79 and 80: CHAPTER 6ResourcesThere are many re
CHAPTER 4Log MessagesUnderstanding the log messages the Firebox sends to the log file is a critical function for a Fireboxadministrator. The log messages give you important information about the flow of traffic through yournetwork. The log messages are also a key component in troubleshooting problems that occur in yournetwork.This chapter explains the types of log messages the Firebox generates. It gives examples of traffic andalarm log messages and a list of available event logs for Fireboxes using Fireware appliance software.You can get access to the Fireware XML log DTD and schema using through the FAQs available atwww.watchguard.com/support.Introduction to LoggingThe <strong>WatchGuard</strong> Firebox X Core and Firebox X Peak send log messages to a <strong>WatchGuard</strong> log server. Theycan also send log messages to a syslog server or keep logs locally on the Firebox. It is your decision tosend logs to any or all of these locations.You can see log messages in real time using the <strong>WatchGuard</strong> System Manager Traffic Monitor. You canalso show the logs in the LogViewer. The log messages are kept in an XML file with a .wgl.xml extensionin the <strong>WatchGuard</strong> directory on the log server. If it becomes necessary, you can open this file using anyXML tool to see log messages.The Firebox sends four types of log messages:• Traffic logs• Alarm logs• Event logs• Diagnostic logsTraffic logsThe Firebox sends traffic logs as it applies packet filter and proxy rules to traffic passing through the Firebox.<strong>Reference</strong> <strong>Guide</strong> 27