- Table of Contents
-
- 03-Monitor
- 01-Blacklist logs
- 02-Single-packet attack logs
- 03-Scanning attack logs
- 04-Flood attack logs
- 05-Threat logs
- 06-URL filtering logs
- 07-File filtering logs
- 08-Security policy log
- 09-Application audit logs
- 10-System logs
- 11-Operation logs
- 12-Traffic logs
- 13-TopN traffic
- 14-TopN threats
- 15-TopN URL filtering statistics
- 16-TopN file filtering statistics
- 17-Attack defense statistics
- 18-Server load balancing statistics
- 19-Link load balancing statistics
- 20-Transparent DNS proxy statistics
- 21-TopN traffic trends
- 22-TopN threat trends
- 23-TopN URL filtering trends
- 24-TopN file filtering trends
- 25-URL visit trends
- 26-Report settings
- 27-Session list
- 28-LB session information
- 29-User information center
- 30-DNS cache information
- 31-IPv4 online users
- 32-IPv6 online users
- 33-MAC authentication online users
- 34-Load balancing logging
- Related Documents
-
Title | Size | Download |
---|---|---|
02-Single-packet attack logs | 18.45 KB |
Single-packet attack logs
Introduction
If logging is enabled for single-packet attack events, the device outputs a log when a packet with a specific signature is detected.
By default, log aggregation for single-packet attack events is enabled. The device aggregates multiple logs generated during a period of time and outputs one log. Logs that are aggregated must have the following attributes in common:
· Security zone where the attacks are detected.
· Attack type.
· Attack prevention action.
· Source and destination IP addresses.
· VPN instance (VRF) to which the victim IP address belongs.
You can disable log aggregation for single-packet attack events on the System > Log Settings > Attack Defense Log Settings page. As a best practice, do not disable log aggregation if single-packet attacks frequently occur. A large number of logs will consume the display resources.