Filter
Top Products
Chapter 11. Logging
A to B Packets from A to B matches.
B to A Packets from B to A matches.
Between A&B Packets from A to B, or from B to A, matches.
not this combination Packets that do not match the given combination of A and B are shown in
the log.
If you, for example, want to search for all packets to a web server, but not packets on the "normal" client and server
ports in your environment, fill in the form like this:
ICMP
ICMP packets contain a type field and a code field. When searching for ICMP packets, you can select all packets or
only those matching certain criteria.
In the type and code fields, you can enter a single number (e. g., 5), a range of numbers (e. g., 5-10), a list of
numbers and ranges, separated by commas (e. g., 5, 10-20) or nothing at all. If the field is empty, any type or code
will match. See appendix G, Lists of ports, ICMP and protocols, for more information on ICMP types and codes.
If you want to study all traffic except the one of a certain type/code, enter the type/code number(s) here and mark
the "not" box.
ESP
ESP is an authentication/encryption protocol. Select this if you want to search for encrypted packets.
Note that you must have selected a log class which saves to local file, for encrypted packets, to be able to display
them here.
Protocol number
Here, you enter the number(s) of the protocols you want to search for. You can enter a single number (e. g., 5), a
range of numbers (e. g., 5-10), a list of numbers and ranges, separated by commas (e. g., 5, 10-20) or nothing at all.
If the field is empty, any protocol will match. See appendix C, Lists of Reserved Ports, ICMP Types and Codes, and
Internet Protocols, for more information on protocol numbers.
If you want to study all traffic except the one over a certain protocol or protocols, enter the protocol number(s) here
and mark the "not" box.
Beside the boxes
On the right-hand side of the boxes, select time interval and event for the log display.
Show newest at top
Choosing Show newest at top will display the log in reverse order, i. e., the latest log event will be displayed first.
100