We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Firewall Activity Log

  • Last updated on

Activity log entries are written to the file /phion0/logs/box_Firewall_Activity.log. The firewall writes output about its activity to the firewall activity log file, e.g.:

2018 01 30 13:12:21 Security +01:00 Block: type=FWD|proto=UDP|srcIF=eth0|srcIP=10.17.34.12|srcPort=54915|srcMAC=18:db:f2:13:ca:9c|dstIP=10.17.34.255|dstPort=54915|dstService=|dstIF=|rule=BLOCKALL|info=Block by Rule|srcNAT=0.0.0.0|dstNAT=0.0.0.0|duration=0|count=1|receivedBytes=0|sentBytes=0|receivedPackets=0|sentPackets=0|user=|protocol=|application=|target=|content=|urlcat=

Structure of Log Entry Components

A log entry of the firewall's activity log consists of several key-value pairs separated by a '|' character. A log entry starts with a timestamp followed by the following keys. As seen in the example above, the key-value pairs depend on the quality of information processed by the firewall:

Key Sub-key Description
Type    Information about the Type of log entry. E.g. Security or Info
Action   Information about the action taken according to the firewall ruleset configuration.
type can be any of...

...these
sub-keys...

Information about the origin type of traffic and ruleset used. Any value in the following rows with sub-key attribute can apply.
  LIN Local In. The incoming traffic on the host firewall.
  LOUT Local Out. The outgoing traffic from the host firewall.
  LB Loopback. The traffic via the loopback interface.
  FWD Forwarding. The outbound traffic via the forwarding firewall.
  IFWD Inbound Forwarding. The inbound traffic to the firewall.
  PXY Proxy. The outbound traffic via the proxy.
  IPXY Inbound Proxy. The inbound traffic via the proxy.
  TAP Transparent Application Proxying. The traffic via stream forwarding.
  LRD Local Redirect. Redirected traffic configured in forwarding ruleset.
proto   The protocol that was used. For example, TCP, UDP, or ICMP.
srcIF   The source network interface of the session.
srcIP   The source IP address of the session.
srcPort   The source port of the session.
srcMAC   The MAC address of the session's source network interface.
dstIP   The destination IP address of the session.
dstPort   The destination port of the session.
dstService   The destination service of the session.
dstIF   The destination network interface of the session.
rule   The name of the firewall rule processing the session.
Info   Operational information for the session.
srcNAT   Source NAT address of the session.
dstNAT   Destination NAT address of the session.
duration   Duration of the session.
count   Number of sessions processed.
receivedBytes   Received traffic of a session in bytes.
sentBytes   Sent traffic of a session in bytes.
receivedPackets   Received traffic of a session in packets.
sentPackets   Received traffic of a session in packets.
user   The name of the user, if the session was handled by a firewall rule that requires authentication.
protocol   The protocol of a session. For example, TCP, UDP, or ICMP.
application   The application context of a session.
target   The application target.
content   The application content.
urlcat   The URL category the session belongs to.

Data Types with Data Examples

The following tables show the Field identifier followed by the data Example. The row Format indicates the low-level data type used for processing the information. Note that in the final log entry, not all of the following keys have data assigned to them:

Field type proto srcIF srcIP srcPort srcMAC dstIP
Format String String String IPv4/IPv6
address
Number : separated
bytes

IPv4/IPv6
address

Example FWD UDP eth0

10.0.1.1

54915

18:db:f2:13:ca:9c

10.0.10.1

Field
(cont.)
dstPort dstService dstIF rule info srcNAT datNAT
Format Number String String String String

IPv4/IPv6
address

IPv4/IPv6
address

Example

54915

netbios-dgm eth2

BLOCKALL

Block by Rule

0.0.0.0

0.0.0.0

Field
(cont.)
duration count receivedBytes sentBytes receivedPackets sentPackets
Format Number Number Number Number Number Number
Example 0 0 0 0 0 0
Field
(cont.)
user protocol application target content urlcat
Format String String String String String String
Example user1234 HTTP Web Browsing 10.17.18.19 String Uncategorized
Last updated on