need to understand teh below logs lines

Hi all,

i have some logs lines from my firewall and I need to understand it can u help me on translating it:

TCP backup:x.y.z.v/22222 (x.y.z.v/22222) inside:z.z.z.z/4444 (m.m.m.m/4444), flags UIOB, idle 0s, uptime 9h1m, timeout 3h0m, bytes 477289
TCP backup:x.y.z.v/66666 (x.y.z.v/66666) inside:z.z.z.z/4444 (m.m.m.m/4444), flags UIOB, idle 0s, uptime 9h2m, timeout 3h0m, bytes 640413
TCP backup:t.t.t.t/99999 ( t.t.t.t/99999) inside:z.z.z.z/4444 (m.m.m.m/4444), flags UIOB, idle 3s, uptime 9h3m, timeout 3h0m, bytes 543126
TCP backup:t.t.t.t/88888 ( t.t.t.t/88888) inside:z.z.z.z/4444 (m.m.m.m/4444), flags UIOB, idle 2s, uptime 9h13m, timeout 3h0m, bytes 532270
besmile4everAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zephyr ICTCloud ArchitectCommented:
This might be helpful understanding the firewall logs you're seeing.
0
besmile4everAuthor Commented:
well from upper lines i need to know source and dst? can u help me on that?
0
Zephyr ICTCloud ArchitectCommented:
It's difficult to say not knowing your config, but normally the first IP (in this case backup:xxxx) should be the outside address which connects to the inside one ...
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Zephyr ICTCloud ArchitectCommented:
Sorry, seeing your log again, it will be the other way around, connection to the outside (backup) from inside ...
0
besmile4everAuthor Commented:
thanks spravtek.

so you sure that there is a connection from inside to outside? not opposite?
0
Zephyr ICTCloud ArchitectCommented:
As far as I can tell from just seeing these log entries yes, on your firewall you could check this by performing this command:

sh conn long state data_out

Open in new window


If you have a Cisco ASA that is...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
besmile4everAuthor Commented:
thnks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.