Skip to main content
Versa Networks

DoS Protection Logs

Versa-logo-release-icon.png For supported software information, click here.

Denial-of-service (DoS) protection logs send information about DoS attacks and actions taken in response. A DoS attack is an attempt to disrupt network services and deny network access by overloading unnecessary traffic using multiple sources.

DoS Threat Log

DoS Threat Log Message Format

2017-11-28T23:09:29+0000 dosThreatLog, applianceName=Site1Branch1, tenantName=Customer1, 
observationTimeMilliseconds=1511911030085, threatType=Flood, dosAttackName=UDP, tenantId=1, 
fromZone=(null), toZone=, dosAttacker=, dosVictim=, dosScanList=(null), dosScanPortsCount=0, 
dosAction=Drop, severityLevel=1, vsnId=0

DoS Threat Log Message Fields

Field

Description

applianceName

Name of the Versa Operating SystemTM (VOSTM) device. This is the name displayed in the output of the show system identification CLI command on the device.

tenantName

Tenant or organization name.

observationTimeMilliseconds

Time when the event occurred, in UNIX epoch time format.

threatType

Type of the threat:

  • Flood
  • Scan

dosAttackName

Type of DoS attack.

tenantId

Tenant identifier.

fromZone

Source zone from which the traffic originated.

toZone

Destination zone to which the traffic is destined.

dosAttacker

IP address of the attacker.

dosVictim

IP address of the attack victim.

dosScanList

For the Scan threat type, list of ports.

dosScanPortCount

Number of ports scanned.

dosAction

Action taken in response to the DoS attack.

severityLevel

Severity of the attack.

vsnId

Identifier of the virtual service node, or virtual machine (VM).

 

Supported Software

Releases 21.1.1 and later support all content in this article.

  • Was this article helpful?