Articles on: Firewall Panel

Understanding Attack Logs in the Firewall Panel

Understanding Attack Logs


The Attack Logs section of the Firewall Panel shows all detected DDoS attacks across your protected IPs. It provides details such as severity, metrics, and duration so you can review and respond to incidents.


Where to Find Attack Logs

  1. Log into the Firewall Panel.
  2. Click Attack Logs in the sidebar.
  3. The page will display an overview and a detailed table of all recorded attacks.


Attack Logs - Firewall Panel


Key Metrics Explained

Each entry in the Attack Logs includes the following:

  • Event ID — A unique identifier for the attack event.
  • IP Address — The target IP that was attacked.
  • User — Which user or service was associated with the IP.
  • Severity — Classification of the attack (Low, Medium, High, Critical).
  • Attack Metrics — Shows bandwidth (Mbps/Gbps/Tbps) and packet rate (pps).
  • Started — Timestamp of when the attack began.
  • Duration — How long the attack lasted until it was mitigated or ended.
Example: 1.24 Gbps / 460 Kpps means the attack reached 1.24 gigabits per second with 460,000 packets per second.


Severity Levels

  • Low — Small attack, often background noise. Typically auto-mitigated.
  • Medium — Noticeable traffic spikes, may affect services without filtering.
  • High — Strong attack, could disrupt service if unprotected. Requires active monitoring.
  • Critical — Large-scale attack. Strict firewall mitigation is essential.


Filtering Attack Logs

At the top of the Attack Logs page, you can filter by:

  • IP Address — Show only attacks on a specific IP.
  • Event ID — Jump to a known attack event.
  • Date Range — Limit results to a specific timeframe.

This helps narrow down investigations when managing multiple IPs.


When to Take Action

  • If you see Critical or repeated Medium/High attacks, consider applying:
    • Custom Filters to block targeted ports.
    • Profile Presets suited for your application.
  • If your service is down during an attack, check if:
    • The correct filters/profiles were applied.
    • Query filters (Steam, ARK, DayZ) are enabled if needed.
  • Use Activity Logs to confirm if filters were added or removed during the attack window.


Example Attack Analysis

An entry like:

  • IP Address: 127.0.0.1
  • Severity: Critical
  • Attack Metrics: 21.4 Gbps / 8.4 Mpps
  • Duration: 2m 36s

This indicates a short but very intense volumetric attack. Even though it lasted only a few minutes, it required automatic mitigation to avoid downtime.


Best Practices

  • Regularly review Attack Logs to understand your threat landscape.
  • Pair Filters with Activity Logs to see which filters were active at the time.
  • Set up Discord Notifications so you’re alerted in real-time when an attack begins.
  • Use logs as evidence when troubleshooting with support.

Updated on: 27/09/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!