C613-22104-00 REV B Firewall Connection Logging | Page 72
Logging Advanced Network Protection
antivirus: Unable to scan <url> to <client-ip>: <reason>
antivirus: Unable to allocate memory to scan <url> to <client-ip>
antivirus: Max scan depth exceeded for <url> to <client-ip>
All the above Anti-virus log messages have severity level ‘warning’ (4).
Firewall Connection Logging
This feature is supported from AlliedWare Plus version 5.4.7-1.
Firewall connection logging can be enabled to provide additional logs that show the start and end of
connections passing through the firewall. These messages are assigned facility local5. They have
severity ‘info’ (6).
To enable logging of new connections, closed connections, or both passing through the firewall, use
the commands:
awplus# configure terminal
awplus(config)# connection-log events {new|end|all}
To show the configuration of firewall connection logging, use the following command:
awplus# show connection-log events
Table 11: Elements in Anti-virus log messages
Message element Description
<virus>
The name of the virus detected.
<url>
The requested URL.
<client-ip>
The IP address of the requester.
<reason>
Reason for failure to scan.
Output 15: Example Anti-virus log message
2016 Nov 25 10:15:51 local5.warning awplus UTM[802]: antivirus: Virus EICAR-
Test-File[certain] detected in http://www.example.com/data/infected/sample.txt
to 192.168.1.1
Output 16: Example output from show connection-log events
awplus#show connection-log events
Log new connection events: Disabled
Log connection end events: Enabled
To Next Page
Loading...