2.45. THRESHOLD
These log messages refer to the THRESHOLD (Threshold rule events) category.
2.45.1. conn_threshold_exceeded (ID: 05300100)
Default Severity
WARNING
Log Message
Connection threshold <description> exceeded <threshold>. Source IP:
<srcip>. Closing connection
Explanation
The source ip is opening up new connections too fast.
Gateway Action
closing_connection
Recommended Action
Investigate worms and DoS attacks.
Revision
1
Parameters
description
threshold
srcip
Context Parameters
Rule Name
2.45.2. reminder_conn_threshold (ID: 05300101)
Default Severity
INFORMATIONAL
Log Message
Reminder: Connection threshold <description> exceeded <threshold>.
Source IP: <srcip>.
Explanation
The source ip is still opening up new connections too fast.
Gateway Action
None
Recommended Action
Look through logs to see if the source ip has misbehaved in the past.
Revision
1
Parameters
description
threshold
srcip
Context Parameters
Rule Name
2.45.3. conn_threshold_exceeded (ID: 05300102)
Default Severity
NOTICE
Log Message
Connection threshold <description> exceeded <threshold>. Source IP:
<srcip>
Explanation
The source ip is opening up new connections too fast.
Gateway Action
None
2.45. THRESHOLD Chapter 2. Log Message Reference
449
To Next Page
Loading...
