Log Types: NetgearFirewallLog
Overview
Netgear FVS318 ProSafe VPN Firewall is a stateful packet filtering firewall and VPN.
Collection
The Snare Central server can receive events from the FVS318 via syslog.
Sample Events
FVS318 IPsec[37247]:event after this is EVENT_SA_EXPIRE in 1472 seconds
FVS318 IKE[37253]:[Melbourne] TX >> QM_I1 : 210.9.74.178
FVS318 [15459]:DNS(53) Dest IP :192.175.48.1, Src IP :10.0.0.4
FVS318 [15463]:TCP(16582) Dest IP :203.222.83.90, Src IP :192.175.48.1
FVS318 Hacker Log[15565]:PROTO_TCP, SIP:211.224.224.50: 3145, DIP:203.222.83.90: 901, Suspicious TCP Data
FVS318 [16056]:FTP(20,21) Dest IP :203.222.83.90, Src IP :211.90.198.21
Fields
Field | Description |
---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | NetgearFirewallLog |
ACTION | Actions such as drop |
MODULE | Modules such as TCP / IPSec / Hacker Log / IKE |
SRCADDR | Source IP address |
SRCPORT | Source port |
DSTADDR | Destination IP address |
DSTPORT | Destination port |
PROTO | Protocol |
MESSAGE | The remainder of the log message |
Notes
Â
Â