Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
61626364656667686970
Dynamic Connection Allocation
DCA Keywords
Chapter 350
• Summary Log records—created when a limit entry ceases to exist
after all the connections for that limit entry have been closed. This
log record summarizes the connection activity of a particular IP
address.
The format of an alert log record is:
Date and time stamp, Interface packet is on, Source IP, Source
port, Destination IP, Destination Port, protocol, TCP flags
keep limit, Limit type, Configured Limit, Current # of
connections, # times limit exceeded, Log freq, Packet Direction
The format of a summary log record is:
Date and time stamp, Source IP, Source port, Destination IP,
Destination Port, protocol, TCP flags keep limit, Limit type,
Configured Limit, Current # of connections, # times limit
exceeded, Rule #, Time limit the entry was created
Summary Logs and Cumulative Limits
The summary logs for cumulative limits can be printed using the ipmon
-r option. When ipmon -r is invoked, the summary log record is written
and the connection exceeded counter for each cumulative limit is set to
zero.
NOTE Unlike non-cumulative limits, cumulative summary logs are not printed
when all the connections under a cumulative limit are closed.
The following is an example cumulative summary log:
06/02/2004 19:32:39.370000 LIMIT LOG 19.13.15.65-19.13.15.85,*
-> 0.0.0.0,23 PR ip Type 4 Cur Lim 1 Exceeded 1 @0:1 First Time
19:32:35.800000
The example log record was written for the following IP address range
cumulative rule:
pass in log limit freq 1 quick proto tcp from
19.13.15.65-19.13.15.85 to any port = 23 keep limit 1
cumulative