我不是系统管理员或网络管理员(我是软件开发人员)。在从事一个项目时,我必须更详细地了解从普富思实例。
我使用这些文档链接是为了更好地理解这些日志条目的含义:
- https://docs.netgate.com/pfsense/en/latest/monitoring/logs/firewall.html
- https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html
我正在获取如下条目(与 UDP 请求相关):
Jun 2 11:00:11 filterlog: 5,,,1000000103,vtnet0,match,block,in,4,0x0,,54,36357,0,DF,17,udp,196,62.77.36.6,10.0.0.2,500,500,176
我将此条目的内容放在多行上,试图注释每个字段的含义:
Jun 2 11:00:11 (DATE-TIMESTAMP)
filterlog: 5,,, (What 5 mean? Why is it followed by 3 "," character? are empty fields?)
1000000103 (THIS SHOULD BE THE DEFAULT BLOCKING RULE),
vtnet0 (ON THE vtnet0 INTERFACE),
match, (REASON OF LOG ENTRY)
block, (ACTION TAKEN: block or pass)
in, (TRAFFIC DIRECTION: in or out)
4, (IP VERSION: 4 for IPv4 or 6 for IPv6)
0x0,, (???)
54, (???)
36357, (???)
0, (???)
DF, (???)
17, (???)
udp, (PROTOCOL, IN THIS CASE IT WAS AN UDP REQUEST)
196, (???)
62.77.36.6, (SOURCE IP ???)
10.0.0.2, (DESTINATION IP ???)
500, (SOURCE PORT???)
500, (DESTINATION ???)
176 (???)
我标记了???我不知道该字段的含义。特别是我对与源端口和目标端口相关的重要信息有很大疑问(我认为是 500,但我完全不确定,这对我来说是一条重要信息)。
你能帮助我更好地理解这些字段的含义吗?