NETGEAR UTM5EW-100NAS Router User Manual


 
System Logs and Error Messages
662
ProSecure Unified Threat Management (UTM) Appliance
IPS Logs
This section describes logs that are generated when traffic matches IPS rules.
Anomaly Behavior Logs
This section describes logs that are generated when ports are scanned or when distributed
DoS (DDoS) events occur.
Table 184. Content-filtering and security logs: IPS
Message 2008-12-31 23:59:37 drop TCP 192.168.1.2 3496 192.168.35.165 8081 WEB-CGI
Trend Micro OfficeScan CGI password decryption buffer overflow attempt
Explanation Logs that are generated when traffic matches IPS rules. The message shows the
date and time, the action that is taken, protocol, client IP address, client port
number, server IP address, server port number, IPS category, and reason for the
action.
Recommended Action None.
Table 185. Content-filtering and security logs: anomaly behavior
Message 2008-12-31 23:59:12 192.168.1.10 192.168.35.160 5 10 1 18:188 UDP Portscan
Explanation Logs that are generated when port scans are detected. The message shows the
date and time, client IP address, server IP address, connection number, IP number,
port number, port range, and details.
Recommended Action None.
Message 2012-09-25 14:53:16 allow 192.168.1.3 10.40.2.63 116 1 100 24:62078 TCP PORT
SYN SCAN
Explanation Logs that are generated when DDoS events are detected. The message shows the
date and time, action, client IP address, server IP address, connection number, IP
number, port number, port range, and details.
Recommended Action None.