- Table of Contents
-
- 02-Monitor
- 01-Attack defense statistics
- 02-Application audit logs
- 03-Blacklist logs
- 04-File filtering logs
- 05-TopN file filtering statistics
- 06-TopN file filtering trends
- 07-Flood attack logs
- 08-DNS cache information
- 09-Transparent DNS proxy statistics
- 10-Link load balancing statistics
- 11-Server load balancing statistics
- 12-URL visit trends
- 13-Operation logs
- 14-Report settings
- 15-Scanning attack logs
- 16-Session list
- 17-Single-packet attack logs
- 18-System logs
- 19-Threat logs
- 20-TopN threats
- 21-TopN threat trends
- 22-Traffic logs
- 23-TopN traffic
- 24-TopN traffic trends
- 25-URL filtering logs
- 26-TopN URL filtering statistics
- 27-TopN URL filtering trends
- 28-User information center
- 29-Security policy log
- 30-IPv4 online users
- 31-IPv6 online users
- 32-Load balancing logging
- 33-LB session information
- 34-MAC authentication online users
- Related Documents
-
Title | Size | Download |
---|---|---|
17-Single-packet attack logs | 18.42 KB |
Single-packet attack logs
Introduction
If logging is enabled for single-packet attack events, the device outputs a log when a packet with a specific signature is detected.
By default, log aggregation for single-packet attack events is enabled. The device aggregates multiple logs generated during a period of time and outputs one log. Logs that are aggregated must have the following attributes in common:
· Security zone where the attacks are detected.
· Attack type.
· Attack prevention action.
· Source and destination IP addresses.
· VPN instance (VRF) to which the victim IP address belongs.
You can disable log aggregation for single-packet attack events on the System > Log Settings > Attack Defense Log Settings page. As a best practice, do not disable log aggregation if single-packet attacks frequently occur. A large number of logs will consume the display resources.