Firewall
BAT54-Rail/F..
Release
7.54
06/08
8.3
The BAT Firewall
275
U SYSLOG notifications
If the Firewall drops an appropriate packet, a SYSLOG notification is created
(see ’Setting up the SYSLOG module’ → page 484) as follows:
PACKET_ALERT: Dst: 192.168.200.10:80 {}, Src: 10.0.0.37:4353 {} (TCP):
port filter
Ports are printed only for port-based protocols. Station names are printed, if
the BAT can resolve them directly (without external DNS request).
If the SYSLOG flag is set for a filter entry (%s action), then this notification
becomes more detailed. Then the filter name, the exceeded limit and the filter
action carried out are printed also. For the example above this should read
as:
PACKET_ALERT: Dst: 192.168.200.10:80 {}, Src: 10.0.0.37:4353 {} (TCP):
port filter
PACKET_INFO:
matched filter: BLOCKHTTP
exceeded limit: more than 0 packets transmitted or received on a con-
nection
actions: drop; block source address for 1 minutes; send syslog message;
U Notification by email
If the email system of the BAT is activated, then you can use the comfortable
notification by email. The device sends an email to the administrator as soon
as the firewall executes the appropriate action:
FROM: BAT_Firewall@MyCompany.com
TO: Administrator@MyCompany.com
SUBJECT: packet filtered
Date: 9/24/2002 15:06:46
The packet below
Src: 10.0.0.37:4353 {cs2} Dst: 192.168.200.10:80 {ntserver} (TCP)
45 00 00 2c ed 50 40 00 80 06 7a a3 0a 00 00 25 | E..,.P@. ..z....%
c0 a8 c8 0a 11 01 00 50 00 77 5e d4 00 00 00 00 | .......P .w^.....
60 02 20 00 74 b2 00 00 02 04 05 b4 | `. .t... ....
matched this filter rule: BLOCKHTTP
and exceeded this limit: more than 0 packets transmitted or received on
a connection
because of this the actions below were performed:
drop
block source address for 1 minutes
send syslog message
send SNMP trap
send email to administrator
To Next Page
Loading...
Need help?
General
