Log > Categories
771
SonicOS Enhanced 4.0 Administrator Guide
Log Categories
SonicWALL security appliances provide automatic attack protection against well known
exploits. The majority of these legacy attacks were identified by telltale IP or TCP/UDP
characteristics, and recognition was limited to a set of fixed layer 3 and layer 4 values. As the
breadth and sophistication of attacks evolved, it’s become essential to dig deeper into the
traffic, and to develop the sort of adaptability that could keep pace with the new threats.
All SonicWALL security appliances, even those running SonicWALL IPS, continue to recognize
these legacy port and protocol types of attacks. The current behavior on all SonicWALL security
appliances devices is to automatically and holistically prevent these legacy attacks, meaning
that it is not possible to disable prevention of these attacks either individually or globally.
SonicWALL security appliances now include an expanded list of attack categories that can be
logged.
The View Style menu provides the following three log category views:
• All Categories - Displays both Legacy Categories and Expanded Categories.
• Legacy Categories - Displays log categories carried over from earlier SonicWALL log
event categories.
• Expanded Categories - Displays the expanded listing of categories that includes the older
Legacy Categories log events rearranged into the new structure.
The following table describes both the Legacy and Extended log categories.
Log Type Category Description
802.11b
Management
Legacy Logs WLAN IEEE 802.11b connections.
Advanced Routing Expanded Logs messages related to RIPv2 and OSPF routing events.
Attacks Legacy Logs messages showing Denial of Service attacks, such as SYN Flood, Ping
of Death, and IP spoofing
Authenticated
Access
Expanded Logs administrator, user, and guest account activity
Blocked Java, etc. Legacy Logs Java, ActiveX, and Cookies blocked by the SonicWALL security
appliance.
Blocked Web Sites Legacy Logs Web sites or newsgroups blocked by the Content Filter List or by
customized filtering.
BOOTP Expanded Logs BOOTP activity
Crypto Test Expanded Logs crypto algorithm and hardware testing
DDNS Expanded Logs Dynamic DNS activity
Denied LAN IP Legacy Logs all LAN IP addresses denied by the SonicWALL security appliance.
DHCP Client Expanded Logs DHCP client protocol activity
DHCP Relay Expanded Logs DHCP central and remote gateway activity
Dropped ICMP Legacy Logs blocked incoming ICMP packets.
Dropped TCP Legacy Logs blocked incoming TCP connections.
Dropped UDP Legacy Logs blocked incoming UDP packets.
Firewall Event Extended Logs internal firewall activity
Firewall Hardware Extended Logs firewall hardware error events