• May 05, 2025, 01:13:51 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Messages in log  (Read 4938 times)

rod.fuller

  • Level 1 Member
  • *
  • Posts: 7
Messages in log
« on: February 02, 2010, 09:03:00 AM »
We recently started having our firewalls sending log information to a Syslog server. I've noticed many of these types of IDS entries

02-02-2010   11:33:44   Local0.Warning   ###.###.##.###   EFW: IDS: prio=3 rule=SBS reason=intrusion_detected description="WEB-MISC WebDAV search access. Impact: Information disclosure" signature="7176:WEB-MISC WebDAV search access" idrule="SBS" srcip=67.223.67.86

02-02-2010   11:39:45   Local0.Warning   ##.###.###.###   EFW: IDS: prio=3 rule=Winserver reason=intrusion_detected description="Samba-Linux Trans2open request. Impact: Arbitrary code execution" signature="7783:Samba-Linux trans2open call" idrule="Winserver" srcip=66.231.204.155

Am I correct in assuming that these have been blocked? :o
Logged

chechito

  • Level 3 Member
  • ***
  • Posts: 193
Re: Messages in log
« Reply #1 on: February 03, 2010, 04:29:17 AM »
i think its not blocking, in  my logs about IDP i can se the "action=close" string.

Its a good practice test IDP rules in Audit mode to verify if the IDP rule was triggered by a false positive or a true attack, an then change the mode to Protect to block connections matching IDP rule
Logged

rod.fuller

  • Level 1 Member
  • *
  • Posts: 7
Re: Messages in log
« Reply #2 on: February 03, 2010, 11:18:21 AM »
Any idea where I can find a list of message types and what they mean?
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: Messages in log
« Reply #3 on: February 03, 2010, 12:40:47 PM »
The log manual on security.dlink.com.tw is your one stop shop for the oracle of log messages.
Logged
non progredi est regredi