Using the security log
The Security Log table displays logs related to security features. By default, the log is filtered to display IP Reputation logs, and the table lists the most recent records first.
Figure 41 shows the security log table. By default, the log is filtered to display IP Reputation logs, and the table lists the most recent records first.
You can use the following category filters to review logs of interest:
• IP Reputation—Traffic logged by the IP Reputation feature
• DoS—Traffic logged by the SYN Flood feature
Within each category, you can use Filter Setting controls to filter the table based on the values of matching data:
• Date
• Time
• Src
• Dst
• Action
The last column in each table includes a link to log details.
Before you begin:
• You must have Read-Write permission for Log & Report settings.
To view and filter the log:
1. Go to Log & Report > Log Browsing.
2. Click the Security Logs tab to display the attack log.
3. Click Filter Settings to display the filter tools.
4. Use the tools to filter on key columns and values.
5. Click OK to apply the filter and redisplay the log.
Table 79 lists the log columns in the order in which they appear in the log.
Table 79: Security log
Column | Example | Description |
date | date=2014-12-02 | Log date. |
time | time=10:27:01 | Log time. |
log_id | log_id=0200004230 | Log ID. |
type | type=attack | Log type: attack. |
subtype | subtype=ip_reputation | Log subtype: ip_reputation or synflood. |
pri | pri=warning | Log level. |
vd | vd=root | Virtual domain. |
msg_id | msg_id=13065998 | Message ID. |
count | count=1 | For IP reputation, count=1. For DoS, number of timeouts sent per destination. |
severity | severity=high | IP reputation categorical severity or “high” for DoS. |
proto | proto=0 | Protocol. |
service | service=http | Service. |
src | src=173.177.99.94 | Source IP address. |
src_port | src_port=49301 | Source port. |
dst | dst=10.61.2.100 | Destination IP address. |
dst_port | dst_port=80 | Destination port. |
policy | policy=vs1 | For IP reputation, virtual server name. For Dos, policy=unknown. |
action | action=deny | Policy action. |
