C613-22104-00 REV B IP Reputation Log Messages | Page 68
Logging Advanced Network Protection
IP Reputation Log Messages
IP Reputation log messages have severity ‘info’ (6). The message includes information in the
following format:
<action> IPREP: <alert-msg> (URL:<url>) <protocol> <source-ip>:<source-
port> -> <dest-ip>:<dest-port>
Malware Protection Log Messages
Malware protection log messages have severity info (6). The message part includes information in
the following format:
<action> MALWARE: <alert-msg> [URL:<url>] <protocol> <source-ip>:<source-
port> -> <dest-ip>:<dest-port>
Table 6: Elements in IP Reputation log messages
Message element Description
<action>
The action applied by the IP reputation feature; [ALERT] or [DROP].
<alert-msg>
The rule specific message.
<url>
The requested URL if the flow is HTTP.
<protocol>
The protocol e.g., SMTP, HTTP, TCP, ICMP
<source-ip>:<source-port>
The source IP address and source port for the packet.
<dest-ip>:<dest-port>
The destination IP address and source port for the packet.
Output 8: Example IP Reputation log messages
2016 Nov 17 02:48:01 local5.info awplus IPS[2014]: [Drop] IPREP: DDoSAttacker:
IPREP DDoS Source [icmp] 172.16.92.2 -> 172.16.92.1
2016 Nov 17 02:48:19 local5.info awplus IPS[2015]: [Alert] IPREP: DDoSAttacker:
IPREP DDoS Source [icmp] 172.16.92.2 -> 172.16.92.1
Table 7: Elements in Malware Protection log messages
Message element Description
<action>
The action applied by malware protection; [ALERT] or [DROP]
<alert-msg>
The rule specific message.
<url>
The requested URL if the flow is HTTP.
<protocol>
The protocol e.g., SMTP, HTTP, TCP, ICMP
<source-ip>:<source-port>
The source IP address and source port for the packet.
<dest-ip>:<dest-port>
The destination IP address and source port for the packet.]
To Next Page
Loading...