...
Sample Events
Dec 31 23:20:34 [192.168.0.1.9.32] Taipan: NetScreen device_id=Taipan system-notification-00257(traffic): start_time="2007-12-31 22:20:11" duration=0 policy_id=22 service=tcp/port:54775 proto=6 direction=incoming action=Deny sent=0 rcvd=0 src=193.226.18.131 dst=172.186.32.103 src_port=6627 dst_port=54775Jun 1 22:02:12 [192.168.0.1.9.32] Taipan: NetScreen device_id=Taipan [Root]system-notification-00002: Admin user "myadmin" logged in for Web(http) management (port 8080) from 10.2.3.4:2150 (2007-06-01 22:09:40)Dec 31 23:20:24 [192.168.0.1.9.32] Taipan: NetScreen device_id=Taipan system-notification-00257(traffic): start_time="2007-12-31 22:20:01" duration=0 policy_id=22 service=icmp proto=1 direction=incoming action=Deny sent=0 rcvd=0 src=208.5.183.250 dst=172.168.11.29 icmp type=8Dec 31 23:20:20 [192.168.0.1.9.32] Taipan: NetScreen device_id=Taipan system-alert-00008: IP Spoof, From 172.188.0.2/138 to 172.188.0.255/138, using protocol UDP. (on interface untrust) occurred 2 times (2007-12-31 22:19:56)
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE |
NetScreenFirewall | |
ACTION | Disposition of the network event (eg: Deny) |
PROTO | Protocol |
SRCADDR | Source IP address |
SRCPORT | Source port |
DSTADDR | Destination IP address |
DSTPORT | Destination port |
DURATION | Connection duration |
SENT | Bytes sent |
RECEIVED | Bytes received |
DIRECTION | Incoming or Outgoing |
DETAILS | Components of the event not included in the other fields |
Notes
-