Log Types: NetgearFirewallLog

Overview

Netgear FVS318 ProSafe VPN Firewall is a stateful packet filtering firewall and VPN.

Collection

The Snare Central server can receive events from the FVS318 via syslog.

Sample Events

FVS318 IPsec[37247]:event after this is EVENT_SA_EXPIRE in 1472 seconds
FVS318 IKE[37253]:[Melbourne] TX >> QM_I1 : 210.9.74.178
FVS318 [15459]:DNS(53) Dest IP :192.175.48.1, Src IP :10.0.0.4
FVS318 [15463]:TCP(16582) Dest IP :203.222.83.90, Src IP :192.175.48.1
FVS318 Hacker Log[15565]:PROTO_TCP, SIP:211.224.224.50: 3145, DIP:203.222.83.90: 901, Suspicious TCP Data
FVS318 [16056]:FTP(20,21) Dest IP :203.222.83.90, Src IP :211.90.198.21

Fields

Field

Description

Field

Description

DATE

Event date, in the format YYYY-MM-DD

TIME

Event time, in the format HH:MM:SS

SYSTEM

The source system

TABLE

NetgearFirewallLog

ACTION

Actions such as drop

MODULE

Modules such as TCP / IPSec / Hacker Log / IKE

SRCADDR

Source IP address

SRCPORT

Source port

DSTADDR

Destination IP address

DSTPORT

Destination port

PROTO

Protocol

MESSAGE

The remainder of the log message

Notes

 

Â