Log and Debug
Syslog and statistics
Log header |
|
---|---|
date |
The year, month and day of when the event occurred in yyyy-mm-dd format |
time=(12:55:06) |
The hour, minute and second of when the event occurred in the format hh:mm:ss. |
log_id |
A five or ten-digit unique identification number |
type |
Attack for IPS |
subtype |
The subtype category of the log message(IPS) |
level |
The priority level of the event. |
vd |
The name of the virtual domain where the action/event occurred in. |
Log body fields
Log body |
|
---|---|
source |
Source IP address |
dstination |
Destination IP address |
proto |
Protocol |
policy |
Virtual server name |
service |
Service |
action |
Policy action |
sigid |
Attack signature ID |
srccountry |
Location of the source IP address |
dstcountry |
Location of the destination IP address |
msg |
Security profile name, category, subcategory, and description of the attack. |
count |
Rule match count |
Browsing Log over GUI
- Go to Log Report > Log Browsing.
- Select the Security Log and then click IPS.
- All the traffic triggered IPS will be listed.
- Click the Detail icon; the details of the traffic are according to the format provided above.
Debug
#diagnose debug module ips-engine
Option |
Content |
---|---|
show |
show ips engine debug status |
packet |
ips engine packet debug info |
packet-detail |
ips engine packet detail debug info |
timeout |
ips engine timeout debug info |
cfg |
ips engine config debug info |
cfg-delay |
ips engine config delay debug info |
|
|
#diagnose ips session
Option |
Content |
---|---|
clear |
clear all sessions in ips engine |
content |
show ips session content statistics |
list |
list all sessions in ips engine |
performance |
show ips session performance statistics |
status |
show ips session status |