Log and Alert
1. When does the Prestige 324 generate the firewall log?
The Prestige 324 generates the log immediately when DOS attack is detected.
2. What is contained in Prestige 324 firewall log ?
By default, prestige 324 pre-configures 4 ACLs, 1)LAN-to-WAN (SET1) 2)WAN-to-LAN (SET2) 3) LAN-to-LAN/P324 (SET7) 4) WAN-to-WAN/P324(SET8). Default policy of set 1 is "forward" and default policy of set 2 is "block". There are four types including No Log, Log Forward, Log Block and Log All options which users can choose which packets to log via WEB Configurator. Both set 7 & 8 are invisible to the users. Default policy of set 7 is "forward" and default policy of set 8 is "block". The log mechanism of set 8 will follow the same configuration as that of set 2.
3. How do I view the firewall log?
The log keeps 128 entries, the new entries will overwrite the old entries when the log has over 128 entries. The firewall log can be viewed via Web Configurator.
All logs generated in Prestige 324, including firewall logs and system logs are migrated to centralized logs. So you can view firewall logs in Centralized logs.
Before you can view firewall logs there are two steps you need to do,
1. Enable log function in Centralized logs setup via either one of the following methods,
2. Enable log function in firewall default policy or in firewall rules.
After the above two steps, you can view firewall logs via
You can also view Centralized logs via mail or syslog, please configure mail server or Unix Syslog server in Advanced/Logs/Log Settings.
4. When does the Prestige generate the firewall alert?
The Prestige generates the alert when an attack is detected by the firewall and sends it via Email. So, to send the alert you must configure the mail server and Email address using Web Configurator. You can also specify how frequently you want to receive the alert via Web Configurator.
5. What does the alert show to us?
The alert shown in the Email is actually the evens of the attack. So, the Reason column shows Attack and the attack type. Please see the example shown below.
# Time Packet
Information
Reason
Action 127|Mar 15 0 |From:192.168.1.1
To:192.168.1.1 |attack |block |
6. What is the difference between the log and alert?
A log entry is just added to the log inside the Prestige 324 and e-mailed together with all other log entries at the scheduled time as configured. An alert is e-mailed immediately after an attacked is detected.
All contents copyright (c) 2000 ZyXEL Communications Corporation.