< Home

Verification and Check

This section describes the verification and check operations after the data filtering feature is configured.

Verification

After configuring the data filtering feature, you can do as follows to check the configuration result:

Action

Command

Display the application categories that data filtering supports.

display data-filter application

Display the file types that data filtering supports.

display data-filter file-type

Display the information about keyword groups.

display keyword-group [ name name [ keyword-name keyword-name ] ]

Display predefined keyword rules.

display data-filter predefined-keyword

display data-filter predefined-keyword name [verbose]

Display the information about data filtering profiles.

display profile type data-filter [ name name [ rule-name rule-name ] ]

After configuring the data filtering feature, you can do as follows to view or clear statistics:

Action

Command

Display the data filtering statistics.

display data-filter statistics [ slot slot-id cpu cpu-id ]

Clear the data filtering statistics.

reset data-filter statistics

Viewing Logs

After referencing the data filtering profile in the security policy, the FW checks the data of traffic matching the security policy. If the transmitted data matches a data filtering rule, a content log is generated.

The following is an example of a content log (data filtering).

DLP/4/DATAFILTER(l): Some data containing illegitimate characters was transmitted. 
(SyslogId=100, VSys="test_vsys", Policy="test_policy", SrcIp=192.168.0.1, DstIp=172.16.99.2, 
SrcPort=2312, DstPort=80, SrcZone=Trust, DstZone=Untrust, User="test_user", Protocol=TCP, 
Application="HTTP", Profile="test_profile", Direction=download, EventNum=1, FileName="test.doc", 
KeywordGroup="default_keyword_group", Action=block)

The following table lists the fields in a content log.

Field

Description

syslog-id

Log ID

vsys-name

Name of the virtual system

policy-name

Name of the security policy

source-ip

Source IP address of packets

destination-ip

Destination IP address of packets

source-port

Source port of packets (the value is 0 for ICMP packets)

destination-port

Destination port of packets (the value is 0 for ICMP packets)

source-zone

Source security zone of packets

destination-zone

Destination security zone of packets

user-name

User name

protocol

Protocol of the packets matching the signature

application-name

Protocol that carries the packets

profile-name

Profile name

direction

File transfer direction

event-number

Number of merged events

file-name

Name of the filtered file

keyword-group

Name of the keyword group used in data filtering

action

Actions for data filtering:

  • Alert
  • Block
Parent Topic: Configuring Data Filtering Using the CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic