Appendix B – System Log
272
Appendix B – System Log
Access Logging
It is possible to log any traffic that arrives at or traverses the CyberGuard SG appliance.
The only logging that is enabled by default is to take note of packets that were dropped.
While it is possible to specifically log exactly which rule led to such a drop, this is not
configured by default. All rules in the default security policy drop packets. They never
reject them. That is, the packets are simply ignored, and have no responses at all
returned to the sender. It is possible to configure reject rules if so desired.
All traffic logging performed on the CyberGuard SG appliance creates entries in the
syslog (/var/log/messages or external syslog server) of the following format:
<Date/Time>
klogd: <pref
ix> IN=<incomi
ng interface>
OUT=<outgoing interface> MAC=<dst/src MAC addresses>
SRC=<source IP> DST=<destination IP> SPT=<source port>
DPT=<destination port> <additional packet info>
Where:
<prefix> if non-empty, hints at cause for log entry
<incoming interface> empty, or one of eth0, eth1 or similar
<outgoing interface> as per incoming interface
<dst/src MAC addresses> MAC addresses associated with the packet
<source IP> packet claims it came from this IP address
<destination IP> packet claims it should go to this IP address
<source port> packet claims it came from this TCP port
<destination port> packet wants to go to this TCP port
Depending on the type of packet and logging performed some of the fields may not
appear.
To Next Page
Loading...
Need help?
General
