WSM Reference Guide - WatchGuard Technologies

More documents

Recommendations

Info

Traffic Logsttl="63"The packet “time to live”, in seconds.log_type="tr"The type of log message. All traffic logs use the “tr” log type.Traffic logs showing NATA traffic log can also include fields that show how NAT (network address translation) was handled forthis packet. An example log showing the ports the Firebox used to apply NAT to a packet is:Proxy LogsWhen the Firebox processes an event that is handled by a proxy, it writes more than one log message.The first entry shows the same information as a packet filter log, but includes two more fields:proxy_actThe name of the proxy action handling this packet. A proxy action is a set of rules for a proxythat can be applied to more than one policy.rule_nameThe name of the specific proxy rule handling this packet.content_typeThe type of content in the packet that is filtered by the proxy rule.Other log messages that the Firebox writes when an event is handled by a proxy contain a variable numberof fields. Here is an example of a group of log messages created by a user request handled by aproxy:
Traffic Logsdst_ip="66.35.250.151" pr="tcp/http" src_port="4345" dst_port="80"src_intf="1-Trusted" dst_intf="0-External" src_ip_nat="250.168.43.6"src_port_nat="13419" rc="523" msg="Conn End" proxy_act="HTTP-Client.2"log_type="tr"/>Each proxy has its own set of messages. The tables here show the log messages each proxy can write tothe log file, and the secondary fields for each log message.SMTP Proxy Traffic Log MessagesText in Message FieldAssociated FieldsSMTP GREETINGhostnamerule_nameSMTP AUTHauthtyperule_nameSMTP HEADERheaderSMTP FROM ADDRESSaddresslengthresponsenew_addressheaderSMTP TO ADDRESSaddressnew_addresslengthresponseSMTP CONTENT TYPEcontent_typerule_namesenderrecipientSMTP CommandkeywordresponseSMTP FILENAMEfile_namerule_namesenderrecipientsSMTP TIMEOUTtimeoutSMTP AV VIRUSvirusfilenamecontent_typesenderrecipientSMTP AV TOO BIGfilenametypeMessage MeaningValue that appears in associated field(s)There is an invalid message in HELO statehostname sent in SMTP greetingname of rule matched in rulesetThe AUTH type used matces a configured proxy ruleAUTH type usedname of rule matched in rulesetThe SMTP header matches a configured proxy rule.header nameThe sender e-mail address matches a configured proxy rulethe sender e-mail address (from envelope)length in bytes of addressresponse code returned to clientnew address, if address rewrite usedif header rewrite feature is usedThe recipient e-mail address matches a configured proxy rulerecipient e-mail address (from envelope)new address, if address rewrite usedlength in bytes of addressresponse code returned to clientThe content type matches a configured proxy rulethe content type found by the SMTP proxyname of rule matched in rulesetsender e-mail address (from envelope)recipient e-mail addresses (from envelope)The full SMTP command as received from the SMTP clientvalues include EXPN, HELP, NOOP, etc.response code returned to clientThe filename matches a configured proxy rulethe file namename of rule matched in rulesetsender e-mail address (from envelope)recipient e-mail addresses (from envelope)The connection idle timeout was reachednumber of seconds configured to time-outThe SMTP proxy found a virusthe name of the virus foundthe filenamethe content type of the virus foundsender e-mail address (from envelope)recipient e-mail addresses (from envelope)An attachment was too big to scanthe filenamethe content type of the attachment<strong>Reference</strong> <strong>Guide</strong> 31
Page 1 and 2: WatchGuard ® System ManagerReferen
Page 3 and 4: ContentsCHAPTER 1 Internet Protocol
Page 5 and 6: CHAPTER 1Internet Protocol Referenc
Page 7 and 8: Internet Protocol HeaderKeyword Num
Page 9 and 10: Transfer ProtocolsSource RoutingThe
Page 11 and 12: CHAPTER 2MIME Content TypesSoftware
Page 13 and 14: Type Subtype Reference (where avail
Page 23 and 24: CHAPTER 3Services and PortsWell-kno
Page 25 and 26: Well-Known Services ListPort(s) Pro
Page 27 and 28: Well-Known Services ListService Nam
Page 29 and 30: Well-Known Services ListService Nam
Page 31 and 32: CHAPTER 4Log MessagesUnderstanding
Page 33: Traffic LogsFWAllowEach packet filt
Page 37 and 38: Traffic LogsDNS Proxy Traffic Log M
Page 39 and 40: Traffic LogsHTTP Proxy Traffic Log
Page 41 and 42: Alarm LogsPolicy AlarmsDefaultNameP
Page 43 and 44: Alarm LogsDenial of Servce (DoS) Al
Page 45 and 46: Event LogsGateway AntiVirus Service
Page 47 and 48: Event LogsDescription of Log Module
Page 49 and 50: Event LogsEvent Log Message Catalog
Page 59 and 60: Firebox Log File XML DTD and Schema
Page 61 and 62: Firebox® X Edge Log MessagesModule
Page 73 and 74: CHAPTER 5WebBlocker ContentWatchGua
Page 75 and 76: WebBlocker CategoriesCategoryDrugs,
Page 77 and 78: WebBlocker CategoriesCategoryJob Se
Page 79 and 80: CHAPTER 6ResourcesThere are many re
Page 81 and 82: Mailing ListsMailing Listswg-users@
Page 83 and 84: White Hat Web Sitesbeginners. Cons:
Page 85 and 86:
Other Web Sitesmaintains a list of
Page 87 and 88:
RSS Feedswww.sophos.com/virusinfo/i
Page 89 and 90:
IndexBblocked sites, searching for
show all

WSM Reference Guide - WatchGuard Technologies

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?