Right now I am doing research to make the logfiles, that are generated by the UTM-firewall, useful to detect the network of malicious threats. I have the logfile below:
2018:03:15-10:03:27 BDUUTM-1 ulogd[905]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="62017" initf="eth1" srcmac="f0:f7:55:ca:80:3a" dstmac="00:1a:8c:f0:30:a1" srcip="64.233.173.159" dstip="87.251.46.138" proto="6" length="60" tos="0x00" prec="0x00" ttl="40" srcport="38679" dstport="80" tcpflags="SYN"
Now is my first question, what does the following logs mean?: ulogd[905]:, id="2000", severity="info", sys="SecureNet", sub="packetfilter", name="Packet logged", action="log", fwrule="62017", tos="0x00", prec="0x00".
My second question is, which data can be useful to detect the network of malicious threats?
Kind regards,
Edward
This thread was automatically locked due to age.