Event field values
The following table shows the most common log occurrences for the Event field.
| Event | Description |
|---|---|
| Allowed a connection from blacklister | A connection from a blacklister was allowed. |
| Application protocol version is not supported | The application protocol version used in the traffic is not supported. |
| Application protocol version not recognized | The application protocol version used in the traffic was not recognized. |
| Authentication error | There was an error in the user authentication process. |
| Authentication failed | A user did not successfully authenticate. |
| Authentication Server does not respond | There is no response from the legacy Stonesoft Authentication Server component. |
| Authentication succeeded | A user successfully authenticated. |
| Automatic online transition | An engine automatically went online. |
| Automatic standby transition | An engine automatically went to standby. |
| Blacklister not allowed | The component that attempted to send a blacklist request is not on the list of Allowed Blacklisters. |
| Blacklisting connection closed | A connection from a blacklister was closed. |
| Blacklisting entries flushed | All entries were removed from the engine's blacklist. |
| Blacklisting entry deleted | An entry was removed from the engine's blacklist. |
| Blacklisting entry expired | A blacklisting entry reached the end of its Duration time. |
| Can't connect to Log Server | The engine is unable to connect to the Log Server. |
| Configuration changed | The engine's configuration changed. |
| Configuration information for this connection | The engine's configuration at the time the connection was logged. |
| Connection closed | A connection was closed. |
| Connection Discarded | A connection was discarded by the engine. |
| Connection Queued | A connection was queued according to the QoS rules. |
| Connection redirected to Proxy Server | A connection was redirected to a proxy service. |
| Connection Refused | A connection was refused by the engine. |
| Connection Terminated | A connection was terminated by the engine. |
| Data connection redirected to Proxy Server | A data connection was redirected to a proxy service. |
| DHCP message received | A DHCP message was received. |
| DHCP Relay address not configured, reply discarded | A DHCP reply was discarded because no DCHP address is configured for the engine. |
| DHCP Relay address spoofed, request discarded | A DHCP request was discarded because the DHCP relay address was regarded as spoofed. |
| DHCP reply received | A DHCP reply was received. |
| DHCP reply sent | A DHCP reply was sent. |
| DHCP request forwarded | A DHCP request was forwarded. |
| DHCP request received | A DHCP request was received. |
| DHCP request sent | A DHCP request was sent. |
| Dropped AH packet | An IPsec AH packet was dropped. |
| Dropped ESP packet | An IPsec ESP packet was dropped. |
| Error in receiving a new configuration | There was an error when trying to transfer a new configuration to the engine. |
| Error with Proxy Server | There was an error when attempting to redirect a connection to a proxy service. |
| Failed to allow a related connection to open | The engine failed to open a related connection for a connection that had already been allowed. |
| Force offline by test failure | The engine was forced offline as the result of an automated test failing. |
| Going locked offline by command | An administrator commanded the engine to go to the locked offline state. |
| Going locked online by command | An administrator commanded the engine to go to the locked online state. |
| Going offline by command | An administrator commanded the engine to go offline. |
| Going offline by test failure | The engine went offline as the result of an automated test failing. |
| Going online by command | An administrator commanded the engine to go online. |
| Going standby by command | An administrator commanded the engine to go to standby. |
| Hybrid authentication done | Hybrid authentication successfully completed. |
| Hybrid authentication failed | Hybrid authentication failed. |
| Incomplete connection closed | A connection for which the TCP handshake did not complete was closed. |
| Internal engine error | An internal error occurred on the engine. |
| Internal error | An internal error occurred. |
| Invalid license | The engine has an invalid license. |
| Invalid properties of custom Protocol Agent | Invalid options have been configured for a custom Protocol Agent. |
| IPsec authentication error | An error occurred in IPsec authentication. |
| IPsec client cfg download done | The configuration for an IPsec VPN Client has finished downloading. |
| IPsec client cfg download failed | An attempt to download the configuration for an IPsec VPN Client failed. |
| IPsec client cfg download from | The configuration for an IPsec VPN Client was downloaded by the client at the source address. |
| IPsec IKE error | There was an error in the IKE negotiation for an IPsec VPN. |
| LDAP Server does not respond | An LDAP Server is not responding. |
| License exceeded | A throughput-based license was exceeded. |
| Log spool corrupted | The data in the engine's log spool partition has become corrupted. |
| Log spool is becoming full | The engine's log spool partition is becoming full. |
| New blacklisting entry | A new entry was added to the engine's blacklist. |
| New configuration successfully installed | A new configuration was installed on the engine. |
| New connection | A new connection was allowed through the engine. |
| New VPN connection | A new connection through an existing VPN tunnel was allowed. |
| No space left on device | The engine's hard drive is full. |
| No suitable NAT rule found | No NAT rule matched a connection. |
| No suitable NAT rule found for related connection | No NAT rule matched a related connection. |
| Node booted | An engine node booted up. |
| Node down | An engine node is down. |
| Node up | An engine node is up. |
| Oversized DHCP message discarded | An excessively large DHCP message was discarded. |
| Packet Discarded | A packet was discarded by the engine. |
| Packet too long | A packet was too long. |
| Packet too short | A packet was too short. |
| Receive ICMP echo | An ICMP echo (ping) was received. |
| Related Connection | A related connection was allowed through the engine. For example, an FTP data connection. |
| Related Packet | A related packet was allowed through the engine. For example, ICMP error messages related to an earlier TCP connection. |
| Requested NAT cannot be done | There was an error when applying NAT to the traffic. |
| Security Policy reload | New security policy is loaded on the engine. |
| Send ICMP echo | An ICMP echo (ping) was sent. |
| Sending DHCP reply failed | The engine failed to send a DHCP reply. |
| Sending DHCP request failed | The engine failed to send a DHCP request. |
| Sending sync messages | The engine is sending synchronization messages. |
| Server pool member went offline | A Server Pool member went offline. |
| Server pool member went online | A Server Pool member went online. |
| SSL Handshake failed | An SSL handshake failed. |
| Starting hybrid authentication | Hybrid authentication started. |
| Starting IKE initiator negotiation | KE initiator negotiation started. |
| Starting IKE responder negotiation | IKE responder negotiation started. |
| State sync communication failure | State synchronization communication between cluster nodes failed. |
| State sync configuration changed | The configuration of the synchronization communication between cluster nodes changed. |
| Unknown DCHP Relay error | An unknown error occurred in DHCP relay. |
| Unrecognized protocol | A protocol in the logged traffic was not recognized. |
| Went locked offline | The engine went to the locked offline state. |
| Went locked online | The engine went to the locked online state. |
| Went offline | The engine went offline. |
| Went online | The engine went online. |
| Went standby | The engine went to standby. |
A successful engine logon causes an event that is displayed in the Logs view with the following type of message in the Info Message field:
date time login[id]:USERNAME LOGIN on ‘device’A failed logon causes an info message of the following type:
date time login[id]:FAILED LOGIN (#) on ‘device’ FOR ‘UNKNOWN’