Security log, 11 security log – Kerio Tech Firewall6 User Manual
Page 306
Chapter 22
Logs
306
•
DIRECT
— the WWW server access method (WinRoute always uses DIRECT access)
•
206.168.0.9
— IP address of the WWW server
22.11 Security Log
A log for security-related messages. Records of the following types may appear in the log:
1.
Anti-spoofing log records
Messages about packets that where captured by the Anti-spoofing module (packets with
invalid source IP address — see section
for details)
Example
[17/Jul/2008 11:46:38] Anti-Spoofing:
Packet from LAN, proto:TCP, len:48,
ip/port:61.173.81.166:1864 -> 195.39.55.10:445,
flags:
SYN, seq:3819654104 ack:0, win:16384, tcplen:0
•
packet from
— packet direction (either from, i.e. sent via the interface, or to, i.e.
received via the interface)
•
LAN
— interface name (see chapter
for details)
•
proto:
— transport protocol (TCP, UDP, etc.)
•
len:
— packet size in bytes (including the headers) in bytes
•
ip/port:
— source IP address, source port, destination IP address and destina-
tion port
•
flags:
— TCP flags
•
seq:
— sequence number of the packet (TCP only)
•
ack:
— acknowledgement sequence number (TCP only)
•
win:
— size of the receive window in bytes (it is used for data flow control — TCP
only)
•
tcplen:
— TCP payload size (i.e. size of the data part of the packet) in bytes (TCP
only)
2.
FTP protocol parser log records