If the Firewall drops an appropriate packet, a SYSLOG notification is created as follows:
PACKET_ALERT: Dst: 192.168.200.10:80 {}, Src: 10.0.0.37:4353 {} (TCP): port filter
Ports are printed only for port-based protocols. Station names are printed, if the LANCOM can resolve them directly (without external DNS request).
If the SYSLOG flag is set for a filter entry (%s action), then this notification becomes more detailed. Then the filter name, the exceeded limit and the filter action carried out are printed also. For the example above this should read as:
PACKET_ALERT: Dst: 192.168.200.10:80 {}, Src: 10.0.0.37:4353 {} (TCP): port filter
PACKET_INFO:
matched filter: BLOCKHTTP exceeded limit: more than 0 packets transmitted or received on a connection actions: drop; block source address for 1 minutes; send syslog message;