Mettle Knowledge
Search:     Advanced search
Browse by category:

Firewall Event Logs

Views: 1397
Votes: 0
Posted: 19 Jun, 2012
by: Knowledge M.
Updated: 12 Nov, 2012
by: Knowledge M.

A firewall log entry is made for each rule that is set to log and for the default deny rule.

To view the parsed logs you have to go to Monitoring >> Logs >> Firewall

Parsed logs are displayed in 6 columns: Action - Time - Interface - Source - Destination - Protocol. Action tells what happened to the packet which generated the log entry - its either Pass, Block, or Reject. Time tells the time when the packet has arrived. Interface is the interface through which the packet entered Mettle SE. Source is the source IP address and the port the packet originated from, Destination is the destination IP address and port of the packet. Protocol is the protocol of the packet.

The 'Action' icon displayed in the logs is a link, clicking it will lookup and display the rule which caused the log entry.

If the Protocol is TCP, you will see extra fields that represent TCP flags present in the packet. These flags indicate various connection states or packet attributes, some common flags are:

  • S (Syn) - Synchronise sequence numbers. Indicates a new connection attempt when only SYN is set.
  • A (Ack) - Acknowledgemet to the data received.
  • F (Fin) - Indicates there is no more data from the sender, connection closing.
  • R (Rst) - Connection reset
There are several other flags and their meaning is outlined in articles related to TCP protocols
http://en.wikipedia.org/wiki/Transmission_Control_Protocol
Others in this Category
document Adding Firewall Rules
document Mettle SE Aliases Feature
document Cloning (Duplicating) Firewall Rules
document Schedule Based Firewall Rules



RSS