Firewall Event Logs

A firewall log entry is made for each rule that is set to log and for the default deny rule.

To view the parsed logs you have to go to Monitoring >> Logs >> Firewall

Parsed logs are displayed in 6 columns: Action - Time - Interface - Source - Destination - Protocol. Action tells what happened to the packet which generated the log entry - its either Pass, Block, or Reject. Time tells the time when the packet has arrived. Interface is the interface through which the packet entered Mettle SE. Source is the source IP address and the port the packet originated from, Destination is the destination IP address and port of the packet. Protocol is the protocol of the packet.

The 'Action' icon displayed in the logs is a link, clicking it will lookup and display the rule which caused the log entry.

If the Protocol is TCP, you will see extra fields that represent TCP flags present in the packet. These flags indicate various connection states or packet attributes, some common flags are:

There are several other flags and their meaning is outlined in articles related to TCP protocols