WANGUARD 5.2 User Manual & Administrator's Guide
2
Filters Pkts/s
Number*
{filters_pps}
The latest packets/second throughput
recorded by actve Filter(s) in the
anomalous trafc.
3
Filters Bits/s
Number*
{filters_bps}
The latest bits/second throughput
recorded by actve Filter(s) in the
anomalous trafc.
4
Filters Max Pkts/s
Number*
{filters_max_pps}
The maximum packets/second throughput
recorded by actve Filter(s) in the
anomalous trafc.
5
Filters Max Bits/s
Number*
{filters_max_bps}
The maximum bits/second throughput
recorded by actve Filter(s) in the
anomalous trafc.
6
Filtered Packets
Number*
{filters_filtered_packets}
The number of packets fltered by actve
Filter(s).
7
Filtered Bits
Number*
{filters_filtered_bits}
The number of bits fltered by actve
Filter(s).
8
Filters CPU Usage
Number
{filters_max_cpu_usage}
The maximum CPU% used by Filter(s).
FILTER PARAMETERS
1
Filter #
Number
{filter_id}
The unique ID of the atack patern.
2
Filter Type (
ip
,
source
,
dest
,
proto
,
len
,
tl..
)
String
{filter_type}
The atack patern type:
- ip (atacker's IP address)
- source (source port of the atacker)
- dest (destnaton port of the victm)
- proto (the IP Protocol feld)
- len (the size of the packets)
- tl (the TimeToLive feld)
- others.
3
Filter Value
String
{filter_value}
The atack patern's value.
String
{filter_ip_dns}
If the atack patern is an IP, the Dynamic
Parameter provides the reverse DNS of the
IP.
4
Filter Pkts/s
Number*
{filter_pps}
The atack patern's latest packets/second
throughput.
5
Filter Bits/s
Number*
{filter_bps}
The atack patern's latest bits/second
throughput.
6
Filter Peak Pkts/s
Number*
{filter_max_pps}
The maximum packets rate matched by
the atack patern.
7
Filter Peak Bits/s
Number*
{filter_max_bps}
The maximum bits rate matched by the
atack patern.
8
Filter Severity
Number
{filter_severity}
The severity feld represents the rato
between atack patern trafc and
threshold values.
9
Filter Packets
Number*
{filter_packets}
The number of packets matched by the
atack patern.
10
Filter Bits
Number*
{filter_bits}
The number of bits matched by the atack
patern.
11
Filter Time Interval ( seconds )
Number
{filter_difftime}
The duraton of the atack patern.
12
Filter Whitelist
Number
{filter_whitelisted}
If the atack patern is whitelisted, the
value is 1. Otherwise it's 0.
13
Filter Trafc Sample Size ( bytes )
Number *
{filter_log_size}
Atack patern trafc sample size.
- 38 -
Summary of Contents for Wanguard 5.2
Page 1: ......