1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. P-660R-F1
    5. /
  5. 40
Page 196 / 268 Scroll up to view Page 191 - 195
Chapter 16 Logs
P-660R-F1 Series User’s Guide
196
"End of Log" message shows that a complete log has been sent.
Figure 125
E-mail Log Example
Subject:
Firewall Alert From
Date:
Fri, 07 Apr 2000 10:05:42
From:
To:
1|Apr
7 00 |From:192.168.1.1
To:192.168.1.255
|default policy
|forward
| 09:54:03 |UDP
src port:00520 dest port:00520
|<1,00>
|
2|Apr
7 00 |From:192.168.1.131
To:192.168.1.255
|default policy
|forward
| 09:54:17 |UDP
src port:00520 dest port:00520
|<1,00>
|
3|Apr
7 00 |From:192.168.1.6
To:10.10.10.10 |match
|forward
| 09:54:19 |UDP
src port:03516 dest port:00053
|<1,01>
|
……………………………..{snip}…………………………………..
……………………………..{snip}…………………………………..
126|Apr
7 00 |From:192.168.1.1
To:192.168.1.255
|match
|forward
| 10:05:00 |UDP
src port:00520 dest port:00520
|<1,02>
|
127|Apr
7 00 |From:192.168.1.131
To:192.168.1.255
|match
|forward
| 10:05:17 |UDP
src port:00520 dest port:00520
|<1,02>
|
128|Apr
7 00 |From:192.168.1.1
To:192.168.1.255
|match
|forward
| 10:05:30 |UDP
src port:00520 dest port:00520
|<1,02>
|
End of Firewall Log
Page 197 / 268
Chapter 16 Logs
P-660R-F1 Series User’s Guide
197
16.5
Log Descriptions
This section provides descriptions of example log messages.
Table 74
System Maintenance Logs
LOG MESSAGE
DESCRIPTION
Time calibration is
successful
The router has adjusted its time based on information from
the time server.
Time calibration failed
The router failed to get information from the time server.
WAN interface gets IP: %s
A WAN interface got a new IP address from the DHCP,
PPPoE, or dial-up server.
DHCP client IP expired
A DHCP client's IP address has expired.
DHCP server assigns %s
The DHCP server assigned an IP address to a client.
Successful WEB login
Someone has logged on to the router's web configurator
interface.
WEB login failed
Someone has failed to log on to the router's web
configurator interface.
Successful TELNET login
Someone has logged on to the router via telnet.
TELNET login failed
Someone has failed to log on to the router via telnet.
Successful FTP login
Someone has logged on to the router via ftp.
FTP login failed
Someone has failed to log on to the router via ftp.
NAT Session Table is Full!
The maximum number of NAT session table entries has been
exceeded and the table is full.
Starting Connectivity
Monitor
Starting Connectivity Monitor.
Time initialized by Daytime
Server
The router got the time and date from the Daytime server.
Time initialized by Time
server
The router got the time and date from the time server.
Time initialized by NTP
server
The router got the time and date from the NTP server.
Connect to Daytime server
fail
The router was not able to connect to the Daytime server.
Connect to Time server fail
The router was not able to connect to the Time server.
Connect to NTP server fail
The router was not able to connect to the NTP server.
Too large ICMP packet has
been dropped
The router dropped an ICMP packet that was too large.
Configuration Change: PC =
0x%x, Task ID = 0x%x
The router is saving configuration changes.
Successful SSH login
Someone has logged on to the router’s SSH server.
SSH login failed
Someone has failed to log on to the router’s SSH server.
Successful HTTPS login
Someone has logged on to the router's web configurator
interface using HTTPS protocol.
HTTPS login failed
Someone has failed to log on to the router's web
configurator interface using HTTPS protocol.
Page 198 / 268
Chapter 16 Logs
P-660R-F1 Series User’s Guide
198
Table 75
System Error Logs
Table 76
Access Control Logs
Table 77
TCP Reset Logs
LOG MESSAGE
DESCRIPTION
%s exceeds the max.
number of session per
host!
This attempt to create a NAT session exceeds the maximum
number of NAT session table entries allowed to be created per
host.
setNetBIOSFilter: calloc
error
The router failed to allocate memory for the NetBIOS filter
settings.
readNetBIOSFilter: calloc
error
The router failed to allocate memory for the NetBIOS filter
settings.
WAN connection is down.
A WAN connection is down. You cannot access the network
through this interface.
LOG MESSAGE
DESCRIPTION
Firewall default policy: [ TCP |
UDP | IGMP | ESP | GRE | OSPF ]
<Packet Direction>
Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access
matched the default policy and was blocked or
forwarded according to the default policy’s setting.
Firewall rule [NOT] match:[ TCP
| UDP | IGMP | ESP | GRE | OSPF
] <Packet Direction>, <rule:%d>
Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access
matched (or did not match) a configured firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule.
Triangle route packet forwarded:
[ TCP | UDP | IGMP | ESP | GRE |
OSPF ]
The firewall allowed a triangle route session to pass
through.
Packet without a NAT table entry
blocked: [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]
The router blocked a packet that didn't have a
corresponding NAT table entry.
Router sent blocked web site
message: TCP
The router sent a message to notify a user that the
router blocked access to a web site that the user
requested.
LOG MESSAGE
DESCRIPTION
Under SYN flood attack,
sent TCP RST
The router sent a TCP reset packet when a host was under a SYN
flood attack (the TCP incomplete count is per destination host.)
Exceed TCP MAX
incomplete, sent TCP RST
The router sent a TCP reset packet when the number of TCP
incomplete connections exceeded the user configured threshold.
(the TCP incomplete count is per destination host.) Note: Refer
to
TCP Maximum Incomplete
in the
Firewall Attack Alerts
screen.
Peer TCP state out of
order, sent TCP RST
The router sent a TCP reset packet when a TCP connection state
was out of order.Note: The firewall refers to RFC793 Figure 6 to
check the TCP state.
Firewall session time
out, sent TCP RST
The router sent a TCP reset packet when a dynamic firewall
session timed out.Default timeout values:ICMP idle timeout (s):
60UDP idle timeout (s): 60TCP connection (three way
handshaking) timeout (s): 30TCP FIN-wait timeout (s): 60TCP
idle (established) timeout (s): 3600
Page 199 / 268
Chapter 16 Logs
P-660R-F1 Series User’s Guide
199
Table 78
Packet Filter Logs
Table 79
ICMP Logs
Table 80
CDR Logs
Exceed MAX incomplete,
sent TCP RST
The router sent a TCP reset packet when the number of
incomplete connections (TCP and UDP) exceeded the user-
configured threshold. (Incomplete count is for all TCP and UDP
connections through the firewall.)Note: When the number of
incomplete connections (TCP + UDP) > “Maximum Incomplete
High”, the router sends TCP RST packets for TCP connections and
destroys TOS (firewall dynamic sessions) until incomplete
connections < “Maximum Incomplete Low”.
Access block, sent TCP
RST
The router sends a TCP RST packet and generates this log if you
turn on the firewall TCP reset mechanism (via CI command: "sys
firewall tcprst").
LOG MESSAGE
DESCRIPTION
[ TCP | UDP | ICMP | IGMP |
Generic ] packet filter
matched (set: %d, rule: %d)
Attempted access matched a configured filter rule (denoted
by its set and rule number) and was blocked or forwarded
according to the rule.
LOG MESSAGE
DESCRIPTION
Firewall default policy: ICMP
<Packet Direction>, <type:%d>,
<code:%d>
ICMP access matched the default policy and was
blocked or forwarded according to the user's setting.
Firewall rule [NOT] match: ICMP
<Packet Direction>, <rule:%d>,
<type:%d>, <code:%d>
ICMP access matched (or didn’t match) a firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule.
Triangle route packet forwarded:
ICMP
The firewall allowed a triangle route session to pass
through.
Packet without a NAT table entry
blocked: ICMP
The router blocked a packet that didn’t have a
corresponding NAT table entry.
Unsupported/out-of-order ICMP:
ICMP
The firewall does not support this kind of ICMP packets
or the ICMP packets are out of order.
Router reply ICMP packet: ICMP
The router sent an ICMP reply packet to the sender.
LOG MESSAGE
DESCRIPTION
Firewall default policy: ICMP
<Packet Direction>, <type:%d>,
<code:%d>
ICMP access matched the default policy and was
blocked or forwarded according to the user's setting.
Firewall rule [NOT] match: ICMP
<Packet Direction>, <rule:%d>,
<type:%d>, <code:%d>
ICMP access matched (or didn’t match) a firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule.
Triangle route packet forwarded:
ICMP
The firewall allowed a triangle route session to pass
through.
Packet without a NAT table entry
blocked: ICMP
The router blocked a packet that didn’t have a
corresponding NAT table entry.
LOG MESSAGE
DESCRIPTION
Page 200 / 268
Chapter 16 Logs
P-660R-F1 Series User’s Guide
200
Table 81
PPP Logs
Table 82
UPnP Logs
Table 83
Content Filtering Logs
Table 84
Attack Logs
Unsupported/out-of-order ICMP:
ICMP
The firewall does not support this kind of ICMP packets
or the ICMP packets are out of order.
Router reply ICMP packet: ICMP
The router sent an ICMP reply packet to the sender.
LOG MESSAGE
DESCRIPTION
ppp:LCP Starting
The PPP connection’s Link Control Protocol stage has started.
ppp:LCP Opening
The PPP connection’s Link Control Protocol stage is opening.
ppp:CHAP Opening
The PPP connection’s Challenge Handshake Authentication Protocol stage is
opening.
ppp:IPCP
Starting
The PPP connection’s Internet Protocol Control Protocol stage is starting.
ppp:IPCP Opening
The PPP connection’s Internet Protocol Control Protocol stage is opening.
ppp:LCP Closing
The PPP connection’s Link Control Protocol stage is closing.
ppp:IPCP Closing
The PPP connection’s Internet Protocol Control Protocol stage is closing.
LOG MESSAGE
DESCRIPTION
UPnP pass through Firewall
UPnP packets can pass through the firewall.
LOG MESSAGE
DESCRIPTION
%s: block keyword
The content of a requested web page matched a user defined
keyword.
%s
The system forwarded web content.
LOG MESSAGE
DESCRIPTION
attack [ TCP | UDP | IGMP
| ESP | GRE | OSPF ]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack.
attack ICMP (type:%d,
code:%d)
The firewall detected an ICMP attack.
land [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land
attack.
land ICMP (type:%d,
code:%d)
The firewall detected an ICMP land attack.
ip spoofing - WAN [ TCP |
UDP | IGMP | ESP | GRE |
OSPF ]
The firewall detected an IP spoofing attack on the WAN port.
ip spoofing - WAN ICMP
(type:%d, code:%d)
The firewall detected an ICMP IP spoofing attack on the WAN
port.
icmp echo : ICMP
(type:%d, code:%d)
The firewall detected an ICMP echo attack.
syn flood TCP
The firewall detected a TCP syn flood attack.
LOG MESSAGE
DESCRIPTION

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top