# CyberGuard SG300 Logs



## shanku2k (Sep 3, 2008)

Hi,

Once of our client has the above-said model, SG300.

By analyzing the logs we believe that (but we are not sure), while starting of each transaction, the firewall creates one log specifying "create" in the log , similarly while closing of each transaction it creates another log specifying "destroy" in the log. And each transaction will have one 'id' in the log which is specified by attribute "id" .

I here by attaching the sample logs for your reference

<6>Aug 22 17:11:22 firewall kernel: (20080722xxx....) connxxxx create: id=c0b00e40 proto=udp in=eth0 out= tx-src=10.xxx.xxx.xxx tx-dst=10.xxx.xxx.xxx tx-sport=138 tx-dport=138 tx-packets=1 tx-bytes=203 rx-src=10.xxx.xxx.xxx rx-dst=10.xxx.xxx.xxx rx-sport=138 rx-dport=138 rx-packets=0 rx-bytes=0 mark=4

<6>Aug 22 17:12:24 firewall kernel: (20080722T1xxxx...) connxxxx destroy: id=c0b00e40 proto=udp in=eth0 out= tx-src=10.xxx.xxx.xxx tx-dst=10.xxx.xxx.xxx tx-sport=138 tx-dport=138 tx-packets=13 tx-bytes=2777 rx-src=10.xxx.xxx.xxx rx-dst=10.xxx.xxx.xxx rx-sport=138 rx-dport=138 rx-packets=0 rx-bytes=0 mark=4

Kindly let us know whether our assumption is right, else, kindly elaborate.

Sir, We would appreciate if you could point us the link, where we can get the complete documentation, which describes all the attributes that are present in the logs.

Thanks
Samy.


----------

