DoS Protection Logs
For supported software information, click here.
Denial-of-service (DoS) protection logs send information about DoS attacks and actions taken in response. A DoS attack is an attempt to disrupt network services and deny network access by overloading unnecessary traffic using multiple sources.
DoS Threat Log
DoS Threat Log Message Format
2017-11-28T23:09:29+0000 dosThreatLog, applianceName=Site1Branch1, tenantName=Customer1, observationTimeMilliseconds=1511911030085, threatType=Flood, dosAttackName=UDP, tenantId=1, fromZone=(null), toZone=, dosAttacker=, dosVictim=, dosScanList=(null), dosScanPortsCount=0, dosAction=Drop, severityLevel=1, vsnId=0
DoS Threat Log Message Fields
| Field |
Description |
|---|---|
|
applianceName |
Name of the Versa Operating SystemTM (VOSTM) device. This is the name displayed in the output of the show system identification CLI command on the device. |
|
tenantName |
Tenant or organization name. |
|
observationTimeMilliseconds |
Time when the event occurred, in UNIX epoch time format. |
|
threatType |
Type of the threat:
|
|
dosAttackName |
Type of DoS attack. |
|
tenantId |
Tenant identifier. |
|
fromZone |
Source zone from which the traffic originated. |
|
toZone |
Destination zone to which the traffic is destined. |
|
dosAttacker |
IP address of the attacker. |
|
dosVictim |
IP address of the attack victim. |
|
dosScanList |
(Deprecated) For the Scan threat type, list of ports. |
|
dosScanPortCount |
(Deprecated) Number of ports scanned. |
|
dosAction |
Action taken in response to the DoS attack. |
|
severityLevel |
Severity of the attack. |
|
vsnId |
Identifier of the virtual service node, or virtual machine (VM). |
Supported Software
Releases 21.1.1 and later support all content in this article.