Configuring security Firewall
Digi TransPort® Routers User Guide
795
Log firewall events
When the log option is specified within a firewall script rule, an entry is created in the fwlog.txt
pseudo-file each time an IP packet matches the rule. Each log entry contains the following
information:
Parameter Description
Timestamp The time when the log entry is created.
Short Description Usually FW LOG but could be FW DEBUG for packets that hit rules
with the debug action set.
Dir Either IN or OUT. Indicates the direction the packet is traveling.
Line The line number of the rule that cause the packet to be logged.
Hits The number of matches for the rule that caused this packet to be
logged.
Iface The Interface the packet was to be transmitted/received on.
Source IP The source IP address in the IP packet.
Dest. IP The destination IP address in the IP packet.
ID The value of the ID field in the IP packet.
TTL The value of the TTL field in the IP packet.
PROTO The value of the protocol field in the IP packet. This will be expanded
to text as well for the well-known protocols.
Src Port The value of the source port field in the TCP/UDP header.
Dst Port The value of the source port field in the TCP/UDP header.
Rule Text The rule that caused the packet to be logged is also entered into the
log file.
In addition, port numbers are expanded to text predefined port numbers.
Example log file entries
Log entry without the body option
- - - - - 15- 8- 2002 16: 25: 50 - - - - - -
FW LOG Di r : I N Li ne: 11 Hi t s: 1 I FACE: ETH 0
Sour ce I P: 100. 100. 100. 25 Dest I P: 100. 100. 100. 50 I D: 39311 TTL: 128
PROTO: TCP ( 6)
Sr c Por t : 4232 Dst Por t : WEB ( 80)
pass i n l og br eak end on et h 0 pr ot o t cp f r om 100. 100. 100. 25 t o addr - et h 0
f l ags S/ SA i nspect - st at e
- - - - - - - - - -
To Next Page
Loading...
