Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1481148214831484148514861487148814891490
C-15
Log Messages
Log Message Formats and Fields
Figure C-2. Finding the Signature Family and Signature ID
Figure C-2 shows a log message that shows that rule 30091 of the DOS
signature family was activated.
Log messages from the IPS attack family (id=ips_attack_family) may also
contain these fields:
Table C-11. IPS Attack Family Fields
Field Name Value Format Description
actiontype [ignore | report | drop |
disconnect | log]
The action taken by the IPS
attackid text The value(s) shown in the Industry ID column on Intrusion
Prevention/Detection > Signatures > View.
attacktime [YYYY-MM-DD HH:MM:SS] The time of the attack
category [general | http | mail | telnet
| dns | rpc | ftp | snmp | icmp
| tcp | udp | ip | nntp]
The category or protocol to which the rule belongs
connectiondirection [both | initiator | responder] The direction of the connection that triggered the event.
ipidentification integer The IP identification value
ipoptions integer IP options
mid integer Same as the value for rule
packetdirection [0 | 1 | 2] The direction of the packet that triggered the rule: 0 = common; 1 =
inbound; 2 = outbound
packetlength integer The length of the packet in bytes that triggered the IPS rule
ruleaction [Allow | Block | Terminate] Action configured for the severity on Intrusion Prevention > Settings
> Actions.
ruledsc text Brief description of the rule