D-Link DFL-260-IPS-12 Product Manual - Page 55
Events and Logging, 2.2.1. Overview, 2.2.2. Log Messages, Log Message Generation, Event Types
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 55 highlights
2.2. Events and Logging Chapter 2. Management and Maintenance 2.2. Events and Logging 2.2.1. Overview The ability to log and analyze system activities is an essential feature of NetDefendOS. Logging enables not only monitoring of system status and health, but also allows auditing of network usage and assists in trouble-shooting. Log Message Generation NetDefendOS defines a large number of different log event messages, which are generated as a result of corresponding system events. Examples of such events are the establishment and teardown of connections, receipt of malformed packets as well as the dropping of traffic according to filtering policies. Whenever an event message is generated, it can be filtered and distributed to all configured Event Receivers. Multiple event receivers can be configured by the administrator, with each event receiver having its own customizable event filter. 2.2.2. Log Messages Event Types NetDefendOS defines several hundred events for which log messages can be generated. The events range from high-level, customizable, user events down to low-level and mandatory system events. The conn_open event, for example, is a typical high-level event that generates an event message whenever a new connection is established, given that the matching security policy rule has defined that event messages should be generated for that connection. An example of a low-level event would be the startup_normal event, which generates a mandatory event message as soon as the system starts up. Message Format All event messages have a common format, with attributes that include category, severity and recommended actions. These attributes enable easy filtering of messages, either within NetDefendOS prior to sending to an event receiver, or as part of the analysis after logging and storing messages on an external log server. A list of all event messages can be found in the NetDefendOS Log Reference Guide. That guide also describes the design of event messages, the meaning of severity levels and the various attributes available. Event Severity The severity of each event is predefined and it can be, in order of severity, one of: Emergency Alert Critical Error Warning Notice Info Debug 55