Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X1000
211212213214215216217218219220
Chapter 14: Reviewing and Working with Log Files
196 WatchGuard Firebox System
Time
The time the record entered the log file. Default = Show
The Firebox receives the time from the log host. If the time noted
in the log seems later or earlier than it should be, it is usually
because the time zone is not set properly on either the log host or
the Firebox. Because some installations contain Fireboxes in
multiple time zones with a single log host, the Firebox uses
Greenwich Mean time received from the log host by way of the
logging channel (controld). The local time for the log files is then
computed on the log host based on the Firebox’s time zone
setting. To change the Firebox time zone, see “Setting the Time
Zone” on page 49.
The rest of the columns vary according to the type of event displayed. The
events of most frequency and interest, however, are packet events, which
display data as shown below:
deny in eth0 339 udp 20 128 192.168.49.40
255.255.255.255 67 68 (bootpc)
The packet event fields are described here in order, from left to right.
Disposition
Default = Show. The disposition can be as follows:
- Allow – Packet was permitted by the current set of filter rules.
- Deny – Packet was dropped by the current set of filter rules.
Direction
Determines whether the packet was logged when it was received
by the interface (“in”) or when it was about to be transmitted by
the Firebox (“out”). Default = Hide
Interface
The name of the network interface associated with the packet.
Default = Show
Total packet length
The total length of the packet in octets. Default = Hide
Protocol
Protocol name, or a number from 0 to 255. Default = Show