| Appendix A - Logs | 552
Message ID
01301
01601
02001
02002
03001
04001
05001
05051
05101
05151
05201
05301
05401
Message
Fragmented traffic denied
Invalid fragmented traffic denied
Local ACL traffic allowed
Local ACL traffic denied
DoS attack dropped
ICMP-redirected packet dropped
Source-routed packet dropped
Foreign host denied
IPMAC pair denied
IP Spoof denied
SSL VPN resource access denied
ARP Flood traffic denied
Traffic for virtual host <virtualhostname> is denied. No
Internal server is available to process the traffic.
Sample Logs:
device="SFW" date=2017-01-31 time=14:16:19 timezone="IST" device_name="CR750iNG-XP" device_id=C44310050024-P29PUA log_id=010101600001 log_type="Firewall" log_component="Firewall
Rule" log_subtype="Allowed" status="Allow" priority=Information duration=30 fw_rule_id=2 policy_type=2 user_name="jsmith" user_gp="Open Group" iap=1 ips_policy_id=0 appfilter_policy_id=1 application="Youtube
Video Streaming" application_risk=3 application_technology="Browser Based" application_category="Streaming
Media" in_interface="PortA" out_interface="PortB" src_mac=00: 0:00: 0:00: 0 src_ip=10.198.47.71
src_country_code=R1 dst_ip=4.2.2.2 dst_country_code=USA protocol="UDP" src_port=59859 dst_port=53 sent_pkts=1 recv_pkts=1 sent_bytes=77 recv_bytes=105 tran_src_ip=125.18.184.56 tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="LAN" srczone="LAN" dstzonetype="WAN" dstzone="WAN" dir_disp="" connevent="Stop" connid="185246656" vconnid="" hb_health="No Heartbeat"
Module-specific Fields
Data Fields
status duration fw_rule_id user_name user_group iap ips_policy_id appfilter_policy_id application
Type
string integer integer string string integer integer
Integer string
Description
Ultimate status of traffic – Allowed or Denied
Durability of traffic (seconds)
Firewall Rule ID which is applied on the traffic
User name
Group name to which the user belongs
Internet Access policy ID applied on the traffic
IPS policy ID applied on the traffic
Application Filter policy applied on the traffic
Application name
Data Fields
application_risk application_technology
Type
integer string application_category in_interface out_interface src_ip src_mac src_country_code dst_ip dst_country_code protocol src_port dst_port icmp_type icmp_code sent_pkts received_pkts sent_bytes recv_bytes trans_src_ ip integer integer integer integer integer integer integer integer integer integer string string string string string string string string
| Appendix A - Logs | 553
Description
Risk level assigned to the application
Possible values:
1 - VERY LOW
2 - LOW
3 - MEDIUM
4 - HIGH
5 - VERY HIGH
Technology of the application
Possible values:
Browser Based
Client Server
Network Protocol
P2P
Name of the category under which application falls
Interface for incoming traffic, e.g., Port A
Interface for outgoing traffic, e.g., Port B
Original source IP address of traffic
Original source MAC address of traffic
Code of the country to which the source IP belongs
Original destination IP address of traffic
Code of the country to which the destination IP belongs
Protocol number of traffic
Original source port of TCP and UDP traffic
Original destination port of TCP and UDP traffic
ICMP type of ICMP traffic
ICMP code of ICMP traffic
Total number of packets sent
Total number of packets received
Total number of bytes sent
Total number of bytes received
Translated source IP address for outgoing traffic. It is applicable only in route mode.
Possible values
"" - When appliance is deployed in Bridge mode or source IP translation is not done.
IP Address - IP address with which the original source IP is translated.