Name

AFHP-888 — Honeypot module statistics message

Severity

I (statistic)

Message text

PROXY-EVENT PROTOCOL=%s CLIENT=%s CLIENT-IP=%s CLIENT-PORT=%s SERVER=%s SERVER-IP=%s SERVER-PORT=%s SERVER-PORT-NAME=%s USER=%s BYTES-CIN=%s BYTES-COUT=%s BYTES-SIN=%s BYTES-SOUT=%s DURATION=%s STATUS=%s RESULT=%s RULE=%s

Description

This message informs that the honeypot module registers an intrusion attempt.

Common fields:

  • network protocol (TCP / UDP)

  • client (hostname if available, IP address otherwise)

  • client IP address

  • client port number

  • server (hostname if available, IP address otherwise)

  • server IP address

  • server port number

  • server port name

  • authenticated user

  • client-side bytes in (client <- proxy)

  • client-side bytes out (client -> proxy)

  • server-side bytes in (proxy <- server)

  • server-side bytes out (proxy -> server)

  • duration in seconds

  • status code (REJECTED)

  • result code (OK / FAILED / ABORTED)

  • rule name.

See also

logging(7)

Authors

This man page is a part of Kernun Firewall.
Copyright © 2000–2021 Trusted Network Solutions, a. s.
All rights reserved.