4 releases
0.0.10 | Oct 25, 2021 |
---|---|
0.0.9 | Feb 14, 2021 |
0.0.6 | Feb 7, 2021 |
0.0.5 | Feb 7, 2021 |
#10 in #siem
1MB
13K
SLoC
uSIEM SonicWall
uSIEM parser for SonicWall Firewall
Working modules: Firewall and WebProxy
TODO: IPS, Auth, Endpoint
Web Categories: https://www.sonicwall.com/products/firewalls/security-services/content-filtering-services/content-filtering-categories/#toggle-id-53
Traffic Report Syslogs
Syslog ‘c’ Value | Syslog ID | Event Message | Comments |
---|---|---|---|
c=1024 This means Traffic Reporting, including bytes transferred. | 97 | Syslog Website Accessed | Has URL data |
c=1024 | 537 | Connection Closed | Non-URL traffic |
c=1024 | 1153 | SSL VPN Traffic | Statistics reported by SSL VPN |
c=1024 | 1463 | DPI-SSL Inspection Cleaned-up | Statistics reported by DPI-SSL |
c=262144 This means Connection Opened (most probably zero bytes transferred). | 98 | Connection Opened | It is possible for some packets to trigger a Connection Opened, but later be dropped due to policy settings. |
Example:
<134>id=firewall sn=18B1690729A8 time="2016-06-16 17:21:40 UTC" fw=10.205.123.15 pri=6 c=1024 m=97 app=48 n=9 src=192.168.168.10:52589:X0 dst=69.192.240.232:443:X1:a69-192-240-232.deploy.akamaitechnologies.com srcMac=98:90:96:de:f1:78 dstMac=ec:f4:bb:fb:f7:f6 proto=tcp/https op=1 sent=798 rcvd=12352 result=403 dstname=www.suntrust.com arg=/favicon.ico code=20 Category="Online Banking"
<134>id=firewall sn=18B1690729A8 time="2016-08-19 17:15:19 UTC" fw=10.205.123.15 pri=6 c=1024 m=537 msg="Connection Closed" app=44 n=1183392 src=10.205.122.22:514:X1 dst=10.205.123.15:514:X1 proto=udp/syslog sent=294 spkt=1
Security related Message ID (https://www.sonicwall.com/techdocs/pdf/sonicos-6-5-1-log-events-reference-guide.pdf)
22 Security ServicesAttacksAttack ALERT 501 Ping of Death BlockedPing of death dropped
23 Security ServicesAttacksAttack ALERT 502 IP Spoof DetectedIP spoof dropped
24 Users Authentication AccessUser Activity INFO --- User Disconnect DetectedUser logged out - user disconnect detected
25 Firewall SettingsFlood ProtectionAttack WARNING 503 Possible SYN FloodPossible SYN flood attack detected
27 Security ServicesAttacksAttack ALERT 505 Land Attack Land attack dropped
29 Users Authentication AccessUser Activity INFO --- Successful Admin LoginAdministrator login allowed
30 Users Authentication AccessAttack ALERT 560 Wrong Admin PasswordAdministrator login denied due to bad credentials
31 Users Authentication AccessUser Activity INFO --- Successful User LoginUser login from an internal zone allowed
32 Users Authentication AccessUser Activity INFO --- Wrong User Password User login denied due to bad credentials
33 Users Authentication AccessUser Activity INFO --- Unknown User Login AttemptUser login denied due to bad credentials
34 Users Authentication AccessUser Activity INFO --- Login Timeout Pending login timed out
35 Users Authentication AccessAttack ALERT 506 Admin Login DisabledAdministrator login denied from %s; logins disabled from this interface
41 Network Network Access Debug NOTICE --- Unknown Protocol DroppedUnknown protocol dropped
67 VPN VPN IPsec Attack ERROR 508 IPsec Authenticate FailureIPsec Authentication Failed
70 VPN VPN IPsec Attack ERROR 510 Illegal IPsec PeerIPsec packet from or to an illegal host
81 Security ServicesAttacksAttack ALERT 520 Smurf Attack Smurf Amplification attack dropped
82 Security ServicesAttacksAttack ALERT 521 Port Scan PossiblePossible port scan detected
83 Security ServicesAttacksAttack ALERT 522 Port Scan ProbableProbable port scan detected
98 Network Network Access Connection INFO --- Connection OpenedConnection Opened
138 Network Interfaces System Error WARNING 636 WAN IP ChangeWan IP Changed
139 VPN VPN Client User Activity INFO --- XAUTH SuccessXAUTH Succeeded with VPN %s
140 VPN VPN Client User Activity ERROR --- XAUTH Failure XAUTH Failed with VPN %s, Authentication failure
159 Security ServicesAnti-Virus Maintenance WARNING 526 AV Expire messageReceived AV Alert: Your Network Anti-Virus subscription has expired. %s
165 Security ServicesE-mail Filtering Attack ALERT 527 Allow E-mail AttachmentForbidden E-Mail attachment disabled
177 Security ServicesAttacksAttack ALERT 528 TCP FIN Scan Probable TCP FIN scan detected
178 Security ServicesAttacksAttack ALERT 529 TCP Xmas Scan Probable TCP XMAS scan detected
179 Security ServicesAttacksAttack ALERT 530 TCP Null Scan Probable TCP NULL scan detected
199 Users Authentication AccessUser Activity INFO --- Admin Login From CLICLI administrator login allowed
200 Users Authentication AccessUser Activity WARNING --- Admin Password Error From CLICLI administrator login denied due to bad credentials
212 Network L2TP Client Maintenance INFO --- L2TP PPP Authenticate FailedL2TP PPP Authentication Failed
229 VPN DHCP Relay Attack ERROR 533 DHCPR IP SpoofIP spoof detected on packet to Central Gateway, packet dropped
235 Users Authentication AccessUser Activity INFO --- Admin VPN LoginVPN zone administrator login allowed
236 Users Authentication AccessUser Activity INFO --- Admin WAN LoginWAN zone administrator login allowed
237 Users Authentication AccessUser Activity INFO --- User VPN LoginVPN zone remote user login allowed
238 Users Authentication AccessUser Activity INFO --- User WAN LoginWAN zone remote user login allowed
243 Users Radius AuthenticationUser Activity INFO --- User Login FailedUser login denied - RADIUS authentication failure
244 Users Radius AuthenticationUser Activity WARNING --- User Login TimeoutUser login denied - RADIUS server Timeout
245 Users Radius AuthenticationUser Activity WARNING --- User Login ErrorUser login denied - RADIUS configuration error
246 Users Authentication AccessUser Activity INFO --- User Login From Wrong LocationUser login denied - User has no privileges for login from that location
248 Security ServicesE-mail Filtering Attack ERROR 534 E-mail AttachmentForbidden E-Mail attachment deleted
267 Security ServicesAttacksAttack ALERT 547 TCP Xmas Tree AttackTCP Xmas Tree dropped
289 Network PPP---INFO --- PPP Authenticate SuccessPPP: Authentication successful
290 Network PPP---INFO --- PPP PAP Failed PPP: PAP Authentication failed - check username / password
291 Network PPP---INFO --- PPP CHAP FailedPPP: CHAP authentication failed - check username / password
292 Network PPP---INFO --- PPP MS-CHAP FailedPPP: MS-CHAP authentication failed - check username / password
311 VPN L2TP Server Maintenance INFO --- L2TP Radius Authentication FailureL2TP Server: RADIUS/LDAP reports Authentication Failure
312 VPN L2TP Server Maintenance INFO --- L2TP Local Authentication FailureL2TP Server: Local Authentication Failure
318 VPN L2TP Server Maintenance INFO --- L2TP Local Authentication SuccessL2TP Server: Local Authentication Success.
319 VPN L2TP Server Maintenance INFO --- L2TP Radius Authentication SuccessL2TP Server: RADIUS/LDAP Authentication Success
329 Users Authentication AccessAttack ERROR 561 User Login LockoutUser login failure rate exceeded - logins from user IP address denied
336 VPN L2TP Server Maintenance INFO --- L2TPS Tunnel DeleteL2TP Server : Deleting the Tunnel
344 VPN L2TP Server Maintenance INFO --- L2TPS Authentication Local FailureL2TP Server : User Name authentication Failure locally
408 Security ServicesAnti-Virus Maintenance INFO --- AV License ExceededAnti-Virus Licenses Exceeded
438 Users Authentication AccessUser Activity INFO --- User Login Lockout ExpiredLocked-out user logins allowed - lockout period expired
439 Users Authentication AccessUser Activity INFO --- User Login Lockout Clear Locked-out user logins allowed by %s
440 Firewall Access Rules User Activity INFO --- Rule Added Access rule added
441 Firewall Access Rules User Activity INFO --- Rule Modified Access rule viewed or modified
442 Firewall Access Rules User Activity INFO --- Rule Deleted Access rule deleted
446 Firewall SettingsFTPAttack ERROR 551 FTP Passive AttackFTP: PASV response spoof attack dropped
452 VPN VPN PKI Maintenance ERROR --- PKI Bad PasswordPKI Failure: Incorrect admin password
465 VPN VPN PKI Maintenance ERROR --- PKI Certificate ExpirePKI Failure: Certificate expiration
473 VPN DHCP Relay Debug INFO --- Remote: DHCP RequestDHCP REQUEST received from remote device
474 VPN DHCP Relay Debug INFO --- Remote: DHCP DiscoverDHCP DISCOVER received from remote devic
476 VPN DHCP Relay Debug INFO --- Server: DHCP OfferDHCP OFFER received from server
482 Security ServicesAnti-Virus Maintenance WARNING 552 AV Expiration WarningReceived AV Alert: Your Network Anti-Virus subscription will expire in 7 days. %s
486 Users Authentication AccessUser Activity INFO --- WLAN User Login DenyUser login denied - User has no privileges for guest service
491 Security ServicesE-mail Filtering Maintenance WARNING 564 E-mail Filtering Expiration WarningReceived E-Mail Filter Alert: Your E-Mail Filtering subscription will expire in 7 days.
492 Security ServicesE-mail Filtering Maintenance WARNING 565 E-mail Filtering Expiration MessageReceived E-Mail Filter Alert: Your E-Mail Filtering subscription has expired
506 Users Authentication AccessMaintenance INFO --- VPN Disabled VPN disabled by administrator
507 Users Authentication AccessMaintenance INFO --- VPN Enabled VPN enabled by administrator
508 Users Authentication AccessMaintenance INFO --- WLAN DisabledWLAN disabled by administrator
509 Users Authentication AccessMaintenance INFO --- WLAN Enabled WLAN enabled by administrator
566 Network Interfaces System Error ALERT 647 Multi-Interface Link DownInterface %s Link Is Down
575 System Hardware System EnvironmentERROR 101 Voltages Out of ToleranceVoltages Out of Tolerance
576 System Hardware System EnvironmentALERT 102 Fan Failure Fan Failure
578 System Hardware System EnvironmentALERT 104 Thermal Red Thermal Red
579 System Hardware System EnvironmentALERT 105 Thermal Red Timer ExceededThermal Red Timer Exceeded
580 Network TCPAttack ALERT 558 TCP SYN/FIN Packet DropTCP SYN/FIN packet dropped
583 Users Authentication AccessAttack ERROR 559 User Login DisableUser login disabled from %s
606 Security ServicesAttacksAttack ALERT 568 Spank Attack Spank attack multicast packet dropped
608 Security ServicesIPSAttack ALERT 569 IPS Detection AlertIPS Detection Alert: %s
609 Security ServicesIPSAttack ALERT 570 IPS Prevention AlertIPS Prevention Alert: %s
610 Security ServicesCrypto Test Maintenance ERROR --- Hardware AES Test FailedCrypto Hardware AES test failed
614 Security ServicesGeneralMaintenance WARNING 571 IDP Expiration MessageReceived IPS Alert: Your Intrusion Prevention (IDP) subscription has expired.
646 Firewall Access Rules System Error ALERT 5238 Source IP Connection LimitPacket dropped; connection limit for this source IP address has been reached
647 Firewall Access Rules System Error ALERT 5239 Destination IP Connection LimitPacket dropped; connection limit for this destination IP address has been reached
648 VPN VPN IPsec Attack ERROR 572 Illegal DestinationPacket destination not in VPN Access list
734 Firewall Access Rules ---INFO --- Source Connection StatusSource IP address connection status: %s
735 Firewall Access Rules ---INFO --- Destination Connection StatusDestination IP address connection status: %s
745 Users Radius AuthenticationUser Activity INFO --- LDAP Authentication FailureUser login denied - LDAP authentication failure
746 Users Radius AuthenticationUser Activity WARNING --- LDAP Server TimeoutUser login denied - LDAP server Timeout
747 Users Radius AuthenticationUser Activity WARNING --- LDAP Server ErrorUser login denied - LDAP server down or misconfigured
748 Users Radius AuthenticationUser Activity WARNING --- LDAP Communication ProblemUser login denied - LDAP communication problem
749 Users Radius AuthenticationUser Activity WARNING --- LDAP Server Invalid CredentialUser login denied - invalid credentials on LDAP server
750 Users Radius AuthenticationUser Activity WARNING --- LDAP Server Insufficient AccessUser login denied - insufficient access on LDAP server
751 Users Radius AuthenticationUser Activity WARNING --- LDAP Schema MismatchUser login denied - LDAP schema mismatch
753 Users Radius AuthenticationUser Activity WARNING --- LDAP Server Name Resolution FailedUser login denied - LDAP server name resolution failed
754 Users Radius AuthenticationUser Activity WARNING --- RADIUS Server Name Resolution FailedUser login denied - RADIUS server name resolution failed
755 Users Radius AuthenticationUser Activity WARNING --- LDAP Server Certificate InvalidUser login denied - LDAP server certificate not valid
756 Users Radius AuthenticationUser Activity WARNING --- LDAP TLS or Local ErrorUser login denied - TLS or local certificate problem
757 Users Radius AuthenticationUser Activity WARNING --- LDAP Directory MismatchUser login denied - LDAP directory mismatch
759 Users Authentication AccessUser Activity INFO --- User Already Logged-InUser login denied - user already logged in
789 Security ServicesIDPAttack ALERT 6435 IDP Detection AlertIDP Detection Alert: %s
790 Security ServicesIDPAttack ALERT 6436 IDP Prevention AlertIDP Prevention Alert: %s
793 Firewall Application FirewallUser Activity ALERT 13201 Application Firewall AlertApplication Firewall Alert: %s
794 Security ServicesAnti-Spyware Attack ALERT 6437 Anti-Spyware Prevention AlertAnti-Spyware Prevention Alert: %s
795 Security ServicesAnti-Spyware Attack ALERT 6438 Anti-Spyware Detection AlertAnti-Spyware Detection Alert: %s
796 Security ServicesAnti-Spyware Maintenance WARNING 8631 Anti-Spyware Service ExpiredAnti-Spyware Service Expire
797 Security ServicesRBL Filter ---NOTICE --- Outbound Connection DropOutbound connection to RBL-listed SMTP server dropped
798 Security ServicesRBL Filter ---NOTICE --- Inbound Connection DropInbound connection from RBL-listed SMTP server dropped
799 Security ServicesRBL Filter ---NOTICE --- SMTP Server on RBL BlacklistSMTP server found on RBL blacklist
809 Security ServicesGAVAttack ALERT 8632 AV Gateway AlertGateway Anti-Virus Alert: %s
810 Security ServicesGAVMaintenance WARNING 8633 AV Gateway Service ExpireGateway Anti-Virus Service expired
815 Network ARP---WARNING --- Too Many Gratuitous ARPs DetectedToo many gratuitous ARPs detected
856 Firewall SettingsFlood ProtectionAttack WARNING --- SYN Flood Watch ModeSYN Flood Mode changed by user to: Watch and report possible SYN floods
857 Firewall SettingsFlood ProtectionAttack WARNING --- SYN Flood Trigger ModeSYN Flood Mode changed by user to: Watch and proxy WAN connections when under attack
858 Firewall SettingsFlood ProtectionAttack WARNING --- SYN Flood Proxy ModeSYN Flood Mode changed by user to: Always proxy WAN connections
859 Firewall SettingsFlood ProtectionAttack ALERT --- SYN Flood Proxy Trigger ModePossible SYN flood detected on WAN IF %s - switching to connection-proxy mode
860 Firewall SettingsFlood ProtectionAttack ALERT --- SYN Flood DetectedPossible SYN Flood on IF %s
861 Firewall SettingsFlood ProtectionAttack ALERT --- SYN Flood Proxy Mode CancelSYN flood ceased or flooding machines blacklisted - connection proxy disabled
862 Firewall SettingsFlood ProtectionAttack WARNING --- SYN Flood Blacklist OnSYN Flood blacklisting enabled by user
863 Firewall SettingsFlood ProtectionAttack WARNING --- SYN Flood Blacklist OffSYN Flood blacklisting disabled by user
864 Firewall SettingsFlood ProtectionAttack ALERT --- SYN-Flooding Machine BlacklistedSYN-Flooding machine %s blacklisted
865 Firewall SettingsFlood ProtectionAttack ALERT --- Machine removed from SYN Flood BlacklistMachine %s removed from SYN flood blacklist
866 Firewall SettingsFlood ProtectionAttack WARNING --- Possible SYN Flood ContinuesPossible SYN Flood on IF %s continues
867 Firewall SettingsFlood ProtectionAttack ALERT --- Possible SYN Flood CeasedPossible SYN Flood on IF %s has ceased
868 Firewall SettingsFlood ProtectionAttack WARNING --- SYN Flood Blacklist ContinuesSYN Flood Blacklist on IF %s continues
869 Firewall SettingsFlood ProtectionAttack DEBUG --- TCP SYN ReceiveTCP SYN received
879 Wireless RF Monitoring ---WARNING --- WLAN Radio Frequency Threat DetectedWLAN radio frequency threat detected
881 System Time---NOTICE --- System Clock Manually UpdatedSystem clock manually updated
897 Firewall SettingsFlood ProtectionAttack INFO --- Invalid TCP SYN Flood CookieTCP packet received with invalid SYN Flood cookie; TCP packet dropped
898 Firewall SettingsFlood ProtectionAttack ALERT --- RST-Flooding Machine BlacklistedRST-Flooding machine %s blacklisted
899 Firewall SettingsFlood ProtectionAttack WARNING --- RST Flood Blacklist ContinuesRST Flood Blacklist on IF %s continues
900 Firewall SettingsFlood ProtectionAttack ALERT --- Machine Removed From RST Flood BlacklistMachine %s removed from RST flood blacklist
901 Firewall SettingsFlood ProtectionAttack ALERT --- FIN-Flooding Machine BlacklistedFIN-Flooding machine %s blacklisted
902 Firewall SettingsFlood ProtectionAttack WARNING --- FIN Flood Blacklist ContinuesFIN Flood Blacklist on IF %s continues
903 Firewall SettingsFlood ProtectionAttack ALERT --- Machine Removed From FIN Flood BlacklistMachine %s removed from FIN flood blacklist
904 Firewall SettingsFlood ProtectionAttack ALERT --- Possible RST FloodPossible RST Flood on IF %s
905 Firewall SettingsFlood ProtectionAttack ALERT --- Possible FIN FloodPossible FIN Flood on IF %s
906 Firewall SettingsFlood ProtectionAttack ALERT --- Possible RST Flood CeasedPossible RST Flood on IF %s has ceased
907 Firewall SettingsFlood ProtectionAttack ALERT --- Possible FIN Flood CeasedPossible FIN Flood on IF %s has ceased
908 Firewall SettingsFlood ProtectionAttack WARNING --- Possible RST Flood ContinuesPossible RST Flood on IF %s continues
909 Firewall SettingsFlood ProtectionAttack WARNING --- Possible FIN Flood ContinuesPossible FIN Flood on IF %s continues
986 Users Authentication AccessUser Activity INFO --- Not Allowed by Policy RuleUser login denied - not allowed by Policy rule
987 Users Authentication AccessUser Activity INFO --- Not Found LocallyUser login denied - not found locally
992 Users SSO Agent AuthenticationUser Activity WARNING --- User Name Too LongSSO agent returned user name too long
993 Users SSO Agent AuthenticationUser Activity WARNING --- Domain Name Too LongSSO agent returned domain name too lon
994 Users Authentication AccessUser Activity INFO --- Configuration Mode Administration Session StartedConfiguration mode administration session started
996 Users Authentication AccessUser Activity INFO --- Read-only Mode GUI Administration Session StartedRead-only mode GUI administration session started
999 Firewall SettingsSSL Control Blocked Sites INFO --- Website Found in BlacklistSSL Control: Website found in blacklist
1010 Users Radius AuthenticationSystem Error ALERT --- Using LDAP Without TLSUsing LDAP without TLS - highly insecure
1035 Users Authentication AccessUser Activity INFO --- Password ExpireUser login denied - password expired
1048 Users Authentication Access---INFO --- Password doesn't meet constraintsUser login denied - password doesn't meet constraints
1049 System Settings ---INFO --- System Setting ImportedSystem Setting Imported
1050 VPN VPN IPsec User Activity INFO --- VPN Policy AddedVPN policy %s is added
1051 VPN VPN IPsec User Activity INFO --- VPN Policy DeletedVPN policy %s is deleted
1052 VPN VPN IPsec User Activity INFO --- VPN Policy ModifiedVPN policy %s is modified
1080 Users Authentication Access---INFO --- Successful SSL VPN User LoginSSL VPN zone remote user login allowed
1084 Anti-Spam General---INFO 13803 Service Enable Anti-Spam service is enabled by administrator.
1085 Anti-Spam General---INFO 13804 Service Disable Anti-Spam service is disabled by administrator.
1086 Anti-Spam General---WARNING 13805 Service Subscription ExpireYour Anti-Spam Service subscription has expired
1088 Anti-Spam General---WARNING 13807 Startup Failure Anti-Spam Startup Failure - %s
1093 Anti-Spam GRID---NOTICE 13811 SMTP Server Found on Reject ListSMTP server found on Reject List
1098 Network DNS---ALERT 6465 DNS Rebind Attack DetectedPossible DNS rebind attack detected
1099 Network DNS---ALERT 6466 DNS Rebind Attack BlockedDNS rebind attack blocked
1108 Anti-Spam E-mail---INFO --- E-mail Message BlockedMessage blocked by Real-Time E-mail Scanner
1110 Network DHCP Server ---INFO --- Assigned IP AddressAssigned IP address %s
1114 Firewall SettingsFTP---DEBUG --- FTP Client User LoginFtp client user logged in successfully
1115 Firewall SettingsFTP---DEBUG --- FTP Client User Login FailedFtp client user logged in failed
1149 High AvailabilityCluster---WARNING --- VRRP Expiration MessageYour Active/Active Clustering subscription has expired
1153 SSL VPN GeneralConnection TrafficINFO --- SSL VPN Traffic SSL VPN Traffic
1154 Firewall Application Control---ALERT 15001 Application Control Detection AlertApplication Control Detection Alert: %s
1155 Firewall Application Control---ALERT 15002 Application Control Prevention AlertApplication Control Prevention Alert: %s
1159 Security ServicesGeneral---WARNING --- Visualization Control Expire MessageReceived Alert: Your Visualization Control subscription has expired
1176 WAN AccelerationLocal WXA Appliance---WARNING --- WAN Acceleration Software License ExpiredYour WAN Acceleration Service subscription has expired.
1177 Network DNSDebug ALERT --- Malformed DNS PacketMalformed DNS packet detected
1178 Users SSO Agent AuthenticationUser Activity ALERT --- High SSO Packet CountA high percentage of the system packet buffers are held waiting for SSO
1179 Users SSO Agent AuthenticationUser Activity ALERT --- High SSO User ConnectionA user has a very high number of connections waiting for SSO
1180 Firewall SettingsFlood Protection---ALERT --- DOS Protection on WAN Begin DOS protection on WAN begins %s
1181 Firewall SettingsFlood Protection---WARNING --- DOS Protection on WAN In-ProgressDOS protection on WAN %s
1182 Firewall SettingsFlood Protection---ALERT --- DOS Protection on WAN StoppedDOS protection on WAN %s
1195 Security ServicesBotnet Filter Security ServicesWARNING --- Botnet Filter Subscription ExpiredReceived Alert: Your Firewall Botnet Filter subscription has expired
1198 Security ServicesGeo-IP Filter ---ALERT --- Geo IP Initiator BlockedInitiator from country blocked: %s
1199 Security ServicesGeo-IP Filter ---ALERT --- Geo IP Responder BlockedResponder from country blocked: %s
1200 Security ServicesBotnet Filter ---ALERT --- Botnet Initiator BlockedSuspected Botnet initiator blocked: %s
1201 Security ServicesBotnet Filter ---ALERT --- Botnet Responder BlockedSuspected Botnet responder blocked: %s
1213 Firewall SettingsFlood ProtectionAttack ALERT --- UDP Flood DetectedPossible UDP flood attack detected
1214 Firewall SettingsFlood ProtectionAttack ALERT --- ICMP Flood DetectedPossible ICMP flood attack detected
1222 System SNMP---WARNING --- Invalid SNMPv3 UserInvalid SNMPv3 User
1304 Network Network Access Debug ALERT --- Packet Dropped Due to NDPP RulesPacket is dropped due to NDPP rules
1316 Network ARP---ALERT --- ARP Attack DetectedPossible ARP attack from MAC address %s
1332 System StatusMaintenance ALERT --- NDPP Mode ChangeNDPP mode is changed to %s
1333 Users Authentication AccessUser Activity INFO --- Create a User %s
1334 Users Authentication AccessUser Activity INFO --- Edit a User %s
1335 Users Authentication AccessUser Activity INFO --- Delete a User %s
1337 System Settings Firewall INFO --- User Password Changed by Administrators%s
1338 System Settings Firewall INFO --- User Change PasswordUser %s password is changed
1343 VPN VPN IPsec User Activity INFO --- VPN Policy Enabled/DisabledVPN Policy %s
1366 Firewall SettingsFlood ProtectionAttack ALERT --- TCP-Flooding Machine BlacklistedTCP-Flooding machine %s blacklisted
1367 Firewall SettingsFlood ProtectionAttack WARNING --- TCP Flood Blacklist ContinuesTCP Flood Blacklist on IF %s continues
1368 Firewall SettingsFlood ProtectionAttack ALERT --- Machine Removed From TCP Flood BlacklistMachine %s removed from TCP flood blacklist
1369 Firewall SettingsFlood ProtectionAttack ALERT --- Possible TCP FloodPossible TCP Flood on IF %s
1370 Firewall SettingsFlood ProtectionAttack ALERT --- Possible TCP Flood CeasedPossible TCP Flood on IF %s has ceased
1371 Firewall SettingsFlood Protection---WARNING --- Possible TCP Flood ContinuesPossible TCP Flood on IF %s continues
1373 Security ServicesAttacksAttack ALERT --- IPv6 fragment size is less than minimum (<1280)IPv6 fragment dropped, invalid length (<1280 Bytes)
1374 Security ServicesAttacksAttack ALERT --- IP Reassembly : Incomplete IGMP fragmentIGMP packet dropped, incomplete fragments
1375 Security ServicesAttacksAttack ALERT --- UDP fragmented datagram is too big (>65535)UDP fragment dropped, exceeds maximum IP datagram size (>65535)
1376 Security ServicesAttacksAttack ALERT --- Nestea/Teardrop AttackNestea/Teardrop attack dropped
1378 Anti-Spam General---ALERT --- SHLO replay attackPossible replay attack with this client IP - %s
1381 Security ServicesGeneral---WARNING 15003 Application Control Expiration MessageReceived App-Control Alert: Your Application Control subscription has expired.
1382 Log Configuration AuditingUser Activity INFO 5609 Configuration Change SucceededConfiguration succeeded: %s
1383 Log Configuration AuditingUser Activity INFO 5610 Configuration Change FailedConfiguration failed: %s
1387 Security ServicesAttacksAttack ALERT --- TCP Null Flag AttackTCP Null Flag dropped
1388 VPN VPN IPsec Attack DEBUG --- Vpn Decryption FailedIPSec VPN Decryption Failed
1426 Wireless SonicPoint/SonicWave---INFO 13603 SonicPoint/SonicWave Unexpected Reboot %s unexpected reboot. Please check whether input power is adequate and ethernet connection is secured. (SonicWave/SonicPoint AC/NDR requires 802.3at PoE+)
1432 System Settings Firewall INFO --- Configuration ChangeConfiguration changed: %
1442 System Hardware System EnvironmentALERT --- USB Over CurrentUSB Over Current
1443 Firewall SettingsAdvanced Debug WARNING --- Control Plane Flood Protection Threshold ExceededControl Plane Flood Protection Threshold Exceeded: %s
1444 High AvailabilityStateMaintenance ERROR --- HA Reboot Reboot occured (Reason :%s)
1450 Firewall SettingsFlood ProtectionAttack ALERT --- UDPv6 Flood DetectedPossible UDPv6 flood attack detected
1451 Firewall SettingsFlood ProtectionAttack ALERT --- ICMPv6 Flood DetectedPossible ICMPv6 flood attack detected
1452 Firewall SettingsFlood ProtectionAttack ALERT --- Half Open TCP Connection Threshold ExceededToo many half-open TCP connection
1459 Security ServicesGAVMaintenance INFO --- Capture ATP File Transfer AttemptGateway Anti-Virus Status: %s
1460 Security ServicesGAVMaintenance INFO --- Capture ATP File Transfer ResultGateway Anti-Virus Status: %s
1461 Security ServicesContent Filter ---NOTICE 703 CFS Alert CFS Alert: %s1462 Security ServicesGAV---INFO --- AV Gateway InformGateway Anti-Virus Inform: %s
1474 Security ServicesGeo-IP Filter ---ALERT --- Custom Geo IP Initiator BlockedInitiator from country blocked: %s, Source: Custom List
1475 Security ServicesGeo-IP Filter ---ALERT --- Custom Geo IP Responder BlockedResponder from country blocked: %s, Source: Custom List
1476 Security ServicesBotnet Filter ---ALERT --- Custom Botnet Initiator BlockedSuspected Botnet initiator blocked: %s, Source: Custom List
1477 Security ServicesBotnet Filter ---ALERT --- Custom Botnet Responder BlockedSuspected Botnet responder blocked: %s, Source: Custom List
1495 System StatusMaintenance INFO --- Firewall was Rebooted by Setting ImportFirewall was rebooted by setting import at %s
1496 System StatusMaintenance INFO --- Firewall was Rebooted by FirmwareFirewall was rebooted by %
1507 Network IPv6 MAC-IP Anti-SpoofAttack ALERT --- IPv6 MAC-IP Anti-Spoof Check Enforced For HostsIPv6 MAC-IP Anti-spoof check enforced for hosts
1508 Network IPv6 MAC-IP Anti-SpoofAttack ALERT --- IPv6 MAC-IP Anti-Spoof Cache Not Found For RouterIPv6 MAC-IP Anti-spoof cache not found for this router
1509 Network IPv6 MAC-IP Anti-SpoofAttack ALERT --- IPv6 MAC-IP Anti-Spoof Cache Not RouterIPv6 MAC-IP Anti-spoof cache found, but it is not a router
1510 Network IPv6 MAC-IP Anti-SpoofAttack ALERT --- IPv6 MAC-IP Anti-Spoof Cache Blacklisted DeviceIPv6 MAC-IP Anti-spoof cache found, but it is blacklisted device
1515 System Cloud Backup Firewall INFO --- Delete Cloud Backup Successful%s
1516 System Cloud Backup Firewall INFO --- Delete Cloud Backup Failed%
1517 Users Authentication AccessUser Activity INFO --- User Name Invalid Symbol User name invalid symbol: %s
1518 Security ServicesBotnet Filter ---ALERT --- Botnet Initiator BlockedSuspected Botnet initiator blocked: %s, Source: Dynamic List
1519 Security ServicesBotnet Filter ---ALERT --- Botnet Responder BlockedSuspected Botnet responder blocked: %s, Source: Dynamic List
1526 Wireless SonicPoint/SonicWave---INFO --- SonicWave License Invalid SonicWave %s
1532 Security ServicesDPI-SSH Users ALERT --- DPI-SSH PF UserDPI SSH Port Forward Alert: %s
1534 Security ServicesDPI-SSH ---ALERT --- DPI-SSH Connection CheckDPI-SSH Connection: %s
1564 Security ServicesDPI-SSL EnforcementMaintenance WARNING --- SSLE Expire MessageReceived DPI-SSL Enforcement Alert: Your Network DPI-SSL Enforcement subscription has expired. %s
Dependencies
~2.3–3.5MB
~67K SLoC