Is there a Kerio log analyzer?

S

Sergey Ryzhkin2017-09-27 09:12:59

firewall

Sergey Ryzhkin, 2017-09-27 09:12:59

Is there a program or service where you can analyze the logs in Kerio, i.e. decipher what is written there and what necessary actions can be taken to protect yourself from the same scans and other things.
Here are two trite lines from the Security tab:

[26/Sep/2017 13:02:25] IPS: Packet drop, severity: Blacklist, Rule ID: 1:2500060 ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 31, proto:TCP, ip/port:5.188.10.176:34692 -> <мой внешний адрес>:22
[26/Sep/2017 13:07:13] IPS: Alert, severity: Medium, Rule ID: 125:3 ftp_pp: FTP parameter length overflow, proto:TCP, ip/port:192.168.2.27:50272

I would like to understand what these alerts are, and that, for example, the first one tried to make his packages drop and everything in the same vein.
In general, a banal decryption of logs.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

O

Oleg, 2017-09-27
@Franciz

ips is an intrusion prevention module.
the error is written in text, immediately after the rule id.
if you need to allow or skip some error, add its id to the allowed list and that's it.
did not meet analyzers