Gfi software Help

Download 11,64 Mb.

Pdf ko'rish

bet	181/481
Sana	31.12.2021
Hajmi	11,64 Mb.
	#229824

1 ... 177 178 179 180 181 182 183 184 ... 481

Bog'liq
kerio-control-adminguide

Logs > Debug/Filter . 2. In the context menu, click Format of logged packets

Packet Dump To File
.
3.
Type an expression.
4.
To create the packet dump and start logging, click
Start
.
5.
Do you have enough information? Click
Stop
.
6.
Click
Download
and save the file to your computer.
3.8.14 Log packet formatting
Log packet formatting in the debug and filter logs allows further customization of the output to make the logs easier for
you to read. This article explains these customization options and how to use them.
1.
In the administration interface, go to
Logs > Debug/Filter
.
2.
In the context menu, click
Format of logged packets
.
3.
Type an expression.
4.
Click OK.
Creating expressions
Format of logged packets is defined by special expressions (a template). You can edit this template to get transparent
and relevant information.
Default template
The default template for packet logging follows this pattern:
%DIRECTION%, %IF%, proto:%PROTO%, len:%PKTLEN%,
%SRC% - %DST%, %PAYLOAD%
Expressions introduced with
%
are variables. Other characters and symbols represent static text as printed in the log.
Variables
The following variables can be used in packet logging templates:
%DIRECTION%
— traffic direction in respect of the particular network interface of the firewall (incoming / out-
going)
%IF%
— interface name
%PROTO%
— protocol type (TCP, UDP, etc.)
%PKTLEN%
— packet size
%SRC%
— source IP address and port (depending on the protocol attribute
Raw
)
%DST%
— destination IP address and port (depending on the protocol attribute
Raw
)
%SRCMAC%
— source MAC address

www.gfi.com
3 Using
|
152
%DSTMAC%
— destination MAC address
%PAYLOAD%
— size of the data part of the packet with details provided (depending on the protocol and
attribute
Raw
)
%PAYLOADLEN%
— size of the data part of the packet
%DSCP%
— DSCP value in the IP header
If you wanted to track the direction on an interface, the source and destination and size of the packet:
%DIRECTION% %IF%, %SRC% >> %DST%, length %PKTLEN%
Which would result in the following:
[08/Sep/2012 11:47:39] PERMIT "Firewall traffic" packet from WAN,
192.168.52.2:53 >> 192.168.52.128:1035, length 96
[08/Sep/2012 11:47:39] PERMIT "Firewall traffic" packet to WAN,
192.168.52.128:1035 >> 192.168.52.2:53, length 63
If you wanted to also show the protocol that was being used the following would display this:
%DIRECTION% %IF% %PROTO% (%SRC% >> %DST%)
Which would result in the following:
[08/Sep/2012 16:12:33] PERMIT "Firewall traffic" packet to WAN UDP
(192.168.52.128:1121 >> 192.168.52.2:53)
[08/Sep/2012 16:12:33] PERMIT "Firewall traffic" packet from WAN
UDP (192.168.52.2:53 >> 192.168.52.128:1121)
NOTE
After this change has been applied the logs will update with the new view. This change is not retroactive and will
not alter the previous format of your log data. This change will be applied to both the

Download 11,64 Mb.

Do'stlaringiz bilan baham:

1 ... 177 178 179 180 181 182 183 184 ... 481