DoS Protection Logs
For supported software information, click here.
Denial-of-service (DoS) protection logs send information about DoS attacks and actions taken in response. A DoS attack is an attempt to disrupt network services and deny network access by overloading unnecessary traffic using multiple sources.
DoS Threat Log
DoS Threat Log Message Format
2017-11-28T23:09:29+0000 dosThreatLog, applianceName=Site1Branch1, tenantName=Customer1, observationTimeMilliseconds=1511911030085, threatType=Flood, dosAttackName=UDP, tenantId=1, fromZone=(null), toZone=, dosAttacker=, dosVictim=, dosScanList=(null), dosScanPortsCount=0, dosAction=Drop, severityLevel=1, vsnId=0
DoS Threat Log Message Fields
Field |
Description |
---|---|
applianceName |
Name of the Versa Operating SystemTM (VOSTM) device. This is the name displayed in the output of the show system identification CLI command on the device. |
tenantName |
Tenant or organization name. |
observationTimeMilliseconds |
Time when the event occurred, in UNIX epoch time format. |
threatType |
Type of the threat:
|
dosAttackName |
Type of DoS attack. |
tenantId |
Tenant identifier. |
fromZone |
Source zone from which the traffic originated. |
toZone |
Destination zone to which the traffic is destined. |
dosAttacker |
IP address of the attacker. |
dosVictim |
IP address of the attack victim. |
dosScanList |
For the Scan threat type, list of ports. |
dosScanPortCount |
Number of ports scanned. |
dosAction |
Action taken in response to the DoS attack. |
severityLevel |
Severity of the attack. |
vsnId |
Identifier of the virtual service node, or virtual machine (VM). |
Supported Software
Releases 21.1.1 and later support all content in this article.