Event field values
The following table shows the most common log occurrences for the Event field.
Event | Description |
---|---|
Allowed a connection from blacklister | A connection from a blacklister was allowed. |
Application protocol version is not supported | The application protocol version used in the traffic is not supported. |
Application protocol version not recognized | The application protocol version used in the traffic was not recognized. |
Authentication error | There was an error in the user authentication process. |
Authentication failed | A user did not successfully authenticate. |
Authentication Server does not respond | There is no response from the legacy Stonesoft Authentication Server component. |
Authentication succeeded | A user successfully authenticated. |
Automatic online transition | An engine automatically went online. |
Automatic standby transition | An engine automatically went to standby. |
Blacklister not allowed | The component that attempted to send a blacklist request is not on the list of Allowed Blacklisters. |
Blacklisting connection closed | A connection from a blacklister was closed. |
Blacklisting entries flushed | All entries were removed from the engine's blacklist. |
Blacklisting entry deleted | An entry was removed from the engine's blacklist. |
Blacklisting entry expired | A blacklisting entry reached the end of its Duration time. |
Can't connect to Log Server | The engine is unable to connect to the Log Server. |
Configuration changed | The engine's configuration changed. |
Configuration information for this connection | The engine's configuration at the time the connection was logged. |
Connection closed | A connection was closed. |
Connection Discarded | A connection was discarded by the engine. |
Connection Queued | A connection was queued according to the QoS rules. |
Connection redirected to Proxy Server | A connection was redirected to a proxy service. |
Connection Refused | A connection was refused by the engine. |
Connection Terminated | A connection was terminated by the engine. |
Data connection redirected to Proxy Server | A data connection was redirected to a proxy service. |
DHCP message received | A DHCP message was received. |
DHCP Relay address not configured, reply discarded | A DHCP reply was discarded because no DCHP address is configured for the engine. |
DHCP Relay address spoofed, request discarded | A DHCP request was discarded because the DHCP relay address was regarded as spoofed. |
DHCP reply received | A DHCP reply was received. |
DHCP reply sent | A DHCP reply was sent. |
DHCP request forwarded | A DHCP request was forwarded. |
DHCP request received | A DHCP request was received. |
DHCP request sent | A DHCP request was sent. |
Dropped AH packet | An IPsec AH packet was dropped. |
Dropped ESP packet | An IPsec ESP packet was dropped. |
Error in receiving a new configuration | There was an error when trying to transfer a new configuration to the engine. |
Error with Proxy Server | There was an error when attempting to redirect a connection to a proxy service. |
Failed to allow a related connection to open | The engine failed to open a related connection for a connection that had already been allowed. |
Force offline by test failure | The engine was forced offline as the result of an automated test failing. |
Going locked offline by command | An administrator commanded the engine to go to the locked offline state. |
Going locked online by command | An administrator commanded the engine to go to the locked online state. |
Going offline by command | An administrator commanded the engine to go offline. |
Going offline by test failure | The engine went offline as the result of an automated test failing. |
Going online by command | An administrator commanded the engine to go online. |
Going standby by command | An administrator commanded the engine to go to standby. |
Hybrid authentication done | Hybrid authentication successfully completed. |
Hybrid authentication failed | Hybrid authentication failed. |
Incomplete connection closed | A connection for which the TCP handshake did not complete was closed. |
Internal engine error | An internal error occurred on the engine. |
Internal error | An internal error occurred. |
Invalid license | The engine has an invalid license. |
Invalid properties of custom Protocol Agent | Invalid options have been configured for a custom Protocol Agent. |
IPsec authentication error | An error occurred in IPsec authentication. |
IPsec client cfg download done | The configuration for an IPsec VPN Client has finished downloading. |
IPsec client cfg download failed | An attempt to download the configuration for an IPsec VPN Client failed. |
IPsec client cfg download from | The configuration for an IPsec VPN Client was downloaded by the client at the source address. |
IPsec IKE error | There was an error in the IKE negotiation for an IPsec VPN. |
LDAP Server does not respond | An LDAP Server is not responding. |
License exceeded | A throughput-based license was exceeded. |
Log spool corrupted | The data in the engine's log spool partition has become corrupted. |
Log spool is becoming full | The engine's log spool partition is becoming full. |
New blacklisting entry | A new entry was added to the engine's blacklist. |
New configuration successfully installed | A new configuration was installed on the engine. |
New connection | A new connection was allowed through the engine. |
New VPN connection | A new connection through an existing VPN tunnel was allowed. |
No space left on device | The engine's hard drive is full. |
No suitable NAT rule found | No NAT rule matched a connection. |
No suitable NAT rule found for related connection | No NAT rule matched a related connection. |
Node booted | An engine node booted up. |
Node down | An engine node is down. |
Node up | An engine node is up. |
Oversized DHCP message discarded | An excessively large DHCP message was discarded. |
Packet Discarded | A packet was discarded by the engine. |
Packet too long | A packet was too long. |
Packet too short | A packet was too short. |
Receive ICMP echo | An ICMP echo (ping) was received. |
Related Connection | A related connection was allowed through the engine. For example, an FTP data connection. |
Related Packet | A related packet was allowed through the engine. For example, ICMP error messages related to an earlier TCP connection. |
Requested NAT cannot be done | There was an error when applying NAT to the traffic. |
Security Policy reload | New security policy is loaded on the engine. |
Send ICMP echo | An ICMP echo (ping) was sent. |
Sending DHCP reply failed | The engine failed to send a DHCP reply. |
Sending DHCP request failed | The engine failed to send a DHCP request. |
Sending sync messages | The engine is sending synchronization messages. |
Server pool member went offline | A Server Pool member went offline. |
Server pool member went online | A Server Pool member went online. |
SSL Handshake failed | An SSL handshake failed. |
Starting hybrid authentication | Hybrid authentication started. |
Starting IKE initiator negotiation | KE initiator negotiation started. |
Starting IKE responder negotiation | IKE responder negotiation started. |
State sync communication failure | State synchronization communication between cluster nodes failed. |
State sync configuration changed | The configuration of the synchronization communication between cluster nodes changed. |
Unknown DCHP Relay error | An unknown error occurred in DHCP relay. |
Unrecognized protocol | A protocol in the logged traffic was not recognized. |
Went locked offline | The engine went to the locked offline state. |
Went locked online | The engine went to the locked online state. |
Went offline | The engine went offline. |
Went online | The engine went online. |
Went standby | The engine went to standby. |
A successful engine logon causes an event that is displayed in the Logs view with the following type of message in the Info Message field:
date time login[id]:USERNAME LOGIN on ‘device’
A failed logon causes an info message of the following type:
date time login[id]:FAILED LOGIN (#) on ‘device’ FOR ‘UNKNOWN’