asa防火墙日志格式

原始事件名称源地址<182>Dec 22 2010 14:03:05: %ASA-6-302013: Built

inbound TCP connection 698572247 for

outside:218.200.47.30/12026 (218.200.47.30/12026) to inside:10.1.2.97/443 (192.168.100.97/443)Built inbound TCP

connection

218.200.47.3

日志格式:时间--日志编号--连接发起端--协议类型--实际源地址--实际目标地址表示该链接是外部(outside)发起的TCP 连接

<182>Dec 22 2010 10:52:59: %ASA-6-302013: Built

outbound TCP connection 697738388 for outside:61.155.167.40/80 (61.155.167.40/80) to inside:10.1.3.14/3555 (192.168.100.9/15753)Built outbound TCP connection

10.1.3.14

日志格式:时间--日志编号--连接发起端--协议类型--实际目标地址 -- 实际源地址表示该链接是内部(inside)发起的TCP连接

<182>Dec 22 2010 10:52:59: %ASA-6-302015: Built

outbound UDP connection 697738382 for outside:117.18.82.7/123 (117.18.82.7/123) to inside:10.10.1.31/2693 (192.168.100.9/59375)Built outbound UDP

connection

117.18.82.7

日志格式:时间--日志编号--连接发起端--协议类型--实际源地址--实际目标地址表示该次数据传递是对内部(inside)发起请求的响应

<182>Dec 22 2010 14:03:02: %ASA-6-302015: Built

inbound UDP connection 698571994 for

inside:10.1.1.131/33689 (10.1.1.131/33689) to identity:172.16.0.10/161 (172.16.0.10/161)Built inbound UDP

connection

10.1.1.131

日志格式:时间--日志编号--连接发起端--协议类型--实际源地址--实际目标地址表示该次数据传递是对外部(outside)发起请求的响应

源端口目标地址目标端口设备地址设备方向设备入站接口1202610.1.2.97443172.16.0.10Inbound outside

355561.155.167.4080172.16.0.10Outbound outside

12310.10.1.312693172.16.0.10Outbound outside

33689172.16.0.10161172.16.0.10Inbound inside

设备出站接口inside

inside

inside

identity