No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Enterprise
Worldwide
Huawei Global - English
Search
Support Documentation
AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R007 Log Reference

This document supports all the logs of device, including the parameters, meaning, possible causes and solution.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IPS/4/BOTNET

IPS/4/BOTNET

Message

IPS/4/BOTNET(l): A botnet was detected. (SyslogId=[syslog-id], VSys=[vsys-name], Policy=[policy-name], SrcIp=[source-ip], DstIp=[destination-ip], SrcPort=[source-port], DstPort=[destination-port], SrcZone=[source-zone], DstZone=[destination-zone], User=[user-name], Protocol=[protocol], Application=[application-name], Profile=[profile-name], SignName=[signature-name], SignId=[signature-id], EventNum=[event-number], Target=[target], Severity=[severity], Os=[operating-system], Category=[category], Role=[role], SrcLocation=[source-location], DstLocation=[destination-location], Action=[action])

Description

The IPS detected botnet packets and logged the details on the event.

Parameters

Parameter Name Parameter Meaning
syslog-id Log ID
vsys-name Name of the virtual system
policy-name Name of the security policy
source-ip Source IP address of packets
destination-ip Destination IP address of packets
source-port Source port of packets (the field is 0 for ICMP packets)
destination-port Destination port of packets (the field is 0 for ICMP packets)
source-zone Source security zone of packets
destination-zone Destination security zone of packets
user-name User name
protocol Protocol of the packets matching the signature
application-name Application of the packets matching the signature
profile-name Profile name
signature-name Signature name
signature-id Signature ID
event-number Field for log merging: Logs are merged on the basis of the log generating frequency and the condition for log merging. The value is 1 if logs are not merged.
target Attack target of the packets matching the signature
  • Server
  • Client
  • Both
severity
Attack severity of the packets matching the signature
  • information
  • low
  • medium
  • high
operating-system
Operating system attacked by the packets matching the signature
  • all
  • android
  • ios
  • unix-like
  • windows
  • other
category Category of the attack matching the signature
role Role of communication parties on the botnet
  • 1: indicates packets from a zombie to a control terminal.
  • 2: indicates packets from a control terminal to a zombie.
  • 3: indicates packets from the IRC/Web server to a zombie.
  • 4: indicates packets from a zombie to the IRC/Web server.
  • 5: indicates packets from a control terminal to the IRC/Web server.
  • 6: indicates packets from the IRC/Web server to a control terminal.
  • 7: indicates attack packets from a zombie to the attacked.
source-location Location of the source IP address (dynamically identified)
destination-location Location of the destination IP address (dynamically identified)
action Action for the signature
  • Alert
  • Block

Possible Causes

Botnet packets matched the signature.

Procedure

  1. This log message indicates a normal situation, and no action is required.
Translation
简体中文
Download
Updated: 2022-12-12

Document ID: EDOC1000097209

Views: 783507

Downloads: 247

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :