D-Link DFL-1000 [130/168] Log message formats

D-Link DFL-1000 [130/168] Log message formats
DFL-1000 User Manual
13
0
In the SMTP Server field, enter the name of the SMTP server to which the DFL-1000 should send
email.
The SMTP server can be located on any network connected to the DFL-1000.
In the SMTP User field, enter a valid email address in the format user@domain.com.
This address appears in the From heading of the alert email.
Enter up to three destination email addresses in the Email To fields.
These are the actual email addresses that the DFL-1000 sends alert email to.
Select Apply to save the alert email settings.
Testing alert emails
You can test your alert email settings by sending a test email.
Go to Log&Report > Alert Mail > Configuration.
Select Test to send test email messages from the DFL-1000 NPG to the Email To addresses that you
have configured.
Enabling alert emails
You can configure the DFL-1000 NPG to send alert email in response for firewall or VPN events. Use the
following procedure to enable alert emails. If you have configured logging to a local disk, you can enable
sending an alert email when the hard disk is almost full. Use the following procedure to enable alert
emails:
Go to Log&Report > Alert Mail > Categories .
Select Enable Alert Email for Critical Firewall/VPN events or violations to have the DFL-1000 send an
alert email when a critical firewall or VPN event occurs.
Critical firewall events include failed authentication attempts.
Critical VPN events include when replay detection detects a replay packet. Replay detection can be
configured for both manual key and AutoIKE Key VPN tunnels.
Select Send alert email when disk is full to have the DFL-1000 send an alert email when the hard disk
is almost full.
Select Apply.
Log message formats
The DFL-1000 traffic logs and event logs all have their own message format. All these message formats
are compatible with the WebTrends Enhanced Log Format (WELF).
Use the information in the following sections to interpret DFL-1000 log messages:
Traffic log message format
Event log message format
Traffic log message format
The DFL-1000 records traffic log messages when:
you configure logging to log all internal, external, or DMZ traffic to the firewall.
you select Log Traffic for a firewall policy.
Each traffic log message records the date and time at which the session was started, the source and
destination address of the session, and whether the session was accepted or denied by the firewall.
Traffic logs do not record individual packets.
A sample traffic log message contains the following information:

Содержание

Скачать