C613-22104-00 REV B UTM Offload Logging | Page 74
Logging Advanced Network Protection
UTM Offload Logging
The following UTM Offload items are logged:
Change in state of the offload device.
Communication failure between the AR4050S and the offload device.
Existing UTM feature log messages appear in the AR4050S log transparently.
Other general log messages generated by the offload device appear in the AR4050S log
transparently.
Messages from the offload device appearing in the AR4050S log have the offload device's IP
address, the timestamp for when the message was generated and the string "offload" inserted.
When the AR4050S detects the offload device is no longer present it will:
output a log message
stop sending packets to the offload device for processing
install a rule to block traffic from being forwarded across the forwarding device (this allows
management of the forwarding device to continue, but continues to protect the user)
Output 17: Example connection log messages for TCP connection
NEW proto=TCP orig_src=192.168.1.100 orig_dst=192.168.1.1 orig_sport=55532
orig_dport=80 reply_src=192.168.1.1 reply_dst=192.168.1.100 reply_sport=80
reply_dport=55532
END proto=TCP orig_src=192.168.1.100 orig_dst=192.168.1.1 orig_sport=55532
orig_dport=80 orig_pkts=7 orig_bytes=522 reply_src=192.168.1.1
reply_dst=192.168.1.100 reply_sport=80 reply_dport=55532 reply_pkts=4
reply_bytes=811
Output 18: Example connection log messages for ICMP connection
NEW proto=ICMP orig_src=192.168.1.1 orig_dst=192.168.1.100
reply_src=192.168.1.100 reply_dst=192.168.1.1
END proto=ICMP orig_src=192.168.1.1 orig_dst=192.168.1.100 orig_pkts=2
orig_bytes=168 reply_src=192.168.1.100 reply_dst=192.168.1.1 reply_pkts=2
reply_bytes=168
To Next Page
Loading...