问题描述:
%Dec 8 16:07:31:278 2023 FW SSHS/6/SSHS_DISCONNECT: SSH user ubnt (IP: 118.45.72.178) disconnected from the server.
%Dec 8 16:07:31:277 2023 FW SSHS/6/SSHS_LOG: Disconnecting: Too many authentication failures for ubnt.
%Dec 8 16:07:31:277 2023 FW SSHS/6/SSHS_AUTH_EXCEED_RETRY_TIMES: SSH user ubnt (IP: 118.45.72.178) failed to log in, because the number of authentication attempts exceeded the upper limit.
%Dec 8 16:07:31:277 2023 FW SSHS/6/SSHS_LOG: Authentication failed for ubnt from 118.45.72.178 port 61803 because of invalid username or wrong password .
%Dec 8 16:04:00:660 2023 FW FILTER/6/FILTER_ZONE_IPV4_EXECUTION: SrcZoneName(1025)=Trust;DstZoneName(1035)=Untrust;Type(1067)=ACL;SecurityPolicy(1072)=Trust_Untrust;RuleID(1078)=1;Protocol(1001)=TCP;Application(1002)=https;SrcIPAddr(1003)=10.0.18.17;SrcPort(1004)=53438;SrcMacAddr(1021)=b044-2c43-0020;DstIPAddr(1007)=101.36.166.9;DstPort(1008)=443;MatchCount(1069)=30;Event(1048)=Permit;
%Dec 8 16:04:00:656 2023 FW FILTER/6/FILTER_ZONE_IPV4_EXECUTION: SrcZoneName(1025)=Trust;DstZoneName(1035)=Untrust;Type(1067)=ACL;SecurityPolicy(1072)=Trust_Untrust;RuleID(1078)=1;Protocol(1001)=UDP;Application(1002)=general_udp;SrcIPAddr(1003)=10.0.51.22;SrcPort(1004)=7973;SrcMacAddr(1021)=b044-2c43-0020;DstIPAddr(1007)=58.59.49.234;DstPort(1008)=7573;MatchCount(1069)=39;Event(1048)=Permit;
%Dec 8 16:04:00:655 2023 FW FILTER/6/FILTER_ZONE_IPV4_EXECUTION: SrcZoneName(1025)=Trust;DstZoneName(1035)=Untrust;Type(1067)=ACL;SecurityPolicy(1072)=Trust_Untrust;RuleID(1078)=1;Protocol(1001)=TCP;Application(1002)=other;SrcIPAddr(1003)=10.0.51.68;SrcPort(1004)=60667;SrcMacAddr(1021)=b044-2c43-0020;DstIPAddr(1007)=220.243.190.102;DstPort(1008)=443;MatchCount(1069)=22;Event(1048)=Permit;
%Dec 8 16:04:00:654 2023 FW FILTER/6/FILTER_ZONE_IPV4_EXECUTION: SrcZoneName(1025)=Untrust;DstZoneName(1035)=Local;Type(1067)=ACL;SecurityPolicy(1072)=ĬuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=invalid;SrcIPAddr(1003)=182.40.32.112;SrcPort(1004)=443;SrcMacAddr(1021)=a01c-8dd4-d943;DstIPAddr(1007)=123.125.144.2;DstPort(1008)=62044;MatchCount(1069)=1;Event(1048)=Permit;
组网及组网描述:
防火墙系统版本 7.1,麻烦解释下上下这些日志的作用,如何关闭下面日志在syslog的输出
- 2023-12-08提问
- 举报
-
(0)
最佳答案
安全策略下rule里面的logging enable取消
- 2023-12-08回答
- 评论(2)
- 举报
-
(0)
能不能设置log记录级别呢,怎么设置
RBM_P[F1090_S]info-center source default logbuffer level ? alert Action must be taken immediately (severity=1) critical Critical conditions (severity=2) debugging Debug-level messages (severity=7) emergency System is unusable (severity=0) error Error conditions (severity=3) informational Informational messages (severity=6) notification Normal but significant conditions (severity=5) warning Warning conditions (severity=4)
1.第一条日志是SSH用户ubnt(IP: 118.45.72.178)从服务器断开连接的记录。原因是该用户的认证尝试次数超过了上限,导致无法登录。日志级别是6,表示通知信息。
2.第二至第五条日志是防火墙对不同安全域之间的流量进行过滤的记录。日志中包含了源域名、目的域名、安全策略、规则ID、协议、应用、源IP地址、源端口、源MAC地址、目的IP地址、目的端口、匹配次数和事件等信息。日志级别也是6,表示通知信息。
- 2023-12-08回答
- 评论(0)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
RBM_P[F1090_S]info-center source default logbuffer level ? alert Action must be taken immediately (severity=1) critical Critical conditions (severity=2) debugging Debug-level messages (severity=7) emergency System is unusable (severity=0) error Error conditions (severity=3) informational Informational messages (severity=6) notification Normal but significant conditions (severity=5) warning Warning conditions (severity=4)