#firewall #security #siem #logs #sonicwall

bin+lib u-siem-sonicwall

Library to be used to build a custom SIEM with the framework uSIEM

4 releases

0.0.10 Oct 25, 2021
0.0.9 Feb 14, 2021
0.0.6 Feb 7, 2021
0.0.5 Feb 7, 2021

#10 in #siem

MIT license

1MB
13K SLoC

Rust

uSIEM SonicWall

uSIEM parser for SonicWall Firewall

Working modules: Firewall and WebProxy

TODO: IPS, Auth, Endpoint

Web Categories: https://www.sonicwall.com/products/firewalls/security-services/content-filtering-services/content-filtering-categories/#toggle-id-53

Traffic Report Syslogs

Syslog ‘c’ Value Syslog ID Event Message Comments
c=1024 This means Traffic Reporting, including bytes transferred. 97 Syslog Website Accessed Has URL data
c=1024 537 Connection Closed Non-URL traffic
c=1024 1153 SSL VPN Traffic Statistics reported by SSL VPN
c=1024 1463 DPI-SSL Inspection Cleaned-up Statistics reported by DPI-SSL
c=262144 This means Connection Opened (most probably zero bytes transferred). 98 Connection Opened It is possible for some packets to trigger a Connection Opened, but later be dropped due to policy settings.

Example: <134>id=firewall sn=18B1690729A8 time="2016-06-16 17:21:40 UTC" fw=10.205.123.15 pri=6 c=1024 m=97 app=48 n=9 src=192.168.168.10:52589:X0 dst=69.192.240.232:443:X1:a69-192-240-232.deploy.akamaitechnologies.com srcMac=98:90:96:de:f1:78 dstMac=ec:f4:bb:fb:f7:f6 proto=tcp/https op=1 sent=798 rcvd=12352 result=403 dstname=www.suntrust.com arg=/favicon.ico code=20 Category="Online Banking"

<134>id=firewall sn=18B1690729A8 time="2016-08-19 17:15:19 UTC" fw=10.205.123.15 pri=6 c=1024 m=537 msg="Connection Closed" app=44 n=1183392 src=10.205.122.22:514:X1 dst=10.205.123.15:514:X1 proto=udp/syslog sent=294 spkt=1

Security related Message ID (https://www.sonicwall.com/techdocs/pdf/sonicos-6-5-1-log-events-reference-guide.pdf)

22  Security ServicesAttacksAttack   ALERT  501  Ping of Death BlockedPing of death dropped
23  Security ServicesAttacksAttack   ALERT  502  IP Spoof DetectedIP spoof dropped
24  Users   Authentication AccessUser Activity INFO   ---   User Disconnect DetectedUser logged out - user disconnect detected 
25  Firewall SettingsFlood ProtectionAttack   WARNING 503  Possible SYN FloodPossible SYN flood attack detected
27  Security ServicesAttacksAttack   ALERT  505  Land Attack  Land attack dropped
29  Users   Authentication AccessUser Activity INFO   ---   Successful Admin LoginAdministrator login allowed
30  Users   Authentication AccessAttack   ALERT  560  Wrong Admin PasswordAdministrator login denied due to bad credentials
31  Users   Authentication AccessUser Activity INFO   ---   Successful User LoginUser login from an internal zone allowed
32  Users   Authentication AccessUser Activity INFO   ---   Wrong User Password User login denied due to bad credentials
33  Users   Authentication AccessUser Activity INFO   ---   Unknown User Login AttemptUser login denied due to bad credentials
34  Users   Authentication AccessUser Activity INFO   ---   Login Timeout Pending login timed out
35  Users   Authentication AccessAttack   ALERT  506  Admin Login DisabledAdministrator login denied from %s; logins disabled from this interface
41  Network  Network Access Debug   NOTICE  ---   Unknown Protocol DroppedUnknown protocol dropped
67  VPN   VPN IPsec   Attack   ERROR  508  IPsec Authenticate FailureIPsec Authentication Failed
70  VPN   VPN IPsec   Attack   ERROR  510  Illegal IPsec PeerIPsec packet from or to an illegal host
81  Security ServicesAttacksAttack   ALERT  520  Smurf Attack  Smurf Amplification attack dropped
82  Security ServicesAttacksAttack   ALERT  521  Port Scan PossiblePossible port scan detected
83  Security ServicesAttacksAttack   ALERT  522  Port Scan ProbableProbable port scan detected
98  Network  Network Access Connection INFO   ---   Connection OpenedConnection Opened
138 Network  Interfaces   System Error WARNING 636  WAN IP ChangeWan IP Changed
139 VPN   VPN Client   User Activity INFO   ---   XAUTH SuccessXAUTH Succeeded with VPN %s
140 VPN   VPN Client   User Activity ERROR  ---   XAUTH Failure XAUTH Failed with VPN %s, Authentication failure
159 Security ServicesAnti-Virus   Maintenance WARNING 526  AV Expire messageReceived AV Alert: Your Network Anti-Virus subscription has expired. %s
165 Security ServicesE-mail Filtering Attack   ALERT  527  Allow E-mail AttachmentForbidden E-Mail attachment disabled
177 Security ServicesAttacksAttack   ALERT  528  TCP FIN Scan  Probable TCP FIN scan detected
178 Security ServicesAttacksAttack   ALERT  529  TCP Xmas Scan Probable TCP XMAS scan detected
179 Security ServicesAttacksAttack   ALERT  530  TCP Null Scan Probable TCP NULL scan detected
199 Users   Authentication AccessUser Activity INFO   ---   Admin Login From CLICLI administrator login allowed
200 Users   Authentication AccessUser Activity WARNING ---   Admin Password Error From CLICLI administrator login denied due to bad credentials
212 Network  L2TP Client   Maintenance INFO   ---   L2TP PPP Authenticate FailedL2TP PPP Authentication Failed
229 VPN   DHCP Relay   Attack   ERROR  533  DHCPR IP SpoofIP spoof detected on packet to Central Gateway, packet dropped
235 Users   Authentication AccessUser Activity INFO   ---   Admin VPN LoginVPN zone administrator login allowed
236 Users   Authentication AccessUser Activity INFO   ---   Admin WAN LoginWAN zone administrator login allowed
237 Users   Authentication AccessUser Activity INFO   ---   User VPN LoginVPN zone remote user login allowed
238 Users   Authentication AccessUser Activity INFO   ---   User WAN LoginWAN zone remote user login allowed
243 Users   Radius AuthenticationUser Activity INFO   ---   User Login FailedUser login denied - RADIUS authentication failure
244 Users   Radius AuthenticationUser Activity WARNING ---   User Login TimeoutUser login denied - RADIUS server Timeout
245 Users   Radius AuthenticationUser Activity WARNING ---   User Login ErrorUser login denied - RADIUS configuration error
246 Users   Authentication AccessUser Activity INFO   ---   User Login From Wrong LocationUser login denied - User has no privileges for login from that location
248 Security ServicesE-mail Filtering Attack   ERROR  534  E-mail AttachmentForbidden E-Mail attachment deleted
267 Security ServicesAttacksAttack   ALERT  547  TCP Xmas Tree AttackTCP Xmas Tree dropped
289 Network  PPP---INFO   ---   PPP Authenticate SuccessPPP: Authentication successful
290 Network  PPP---INFO   ---   PPP PAP Failed PPP: PAP Authentication failed - check username / password
291 Network  PPP---INFO   ---   PPP CHAP FailedPPP: CHAP authentication failed - check username / password
292 Network  PPP---INFO   ---   PPP MS-CHAP FailedPPP: MS-CHAP authentication failed - check username / password
311 VPN   L2TP Server  Maintenance INFO   ---   L2TP Radius Authentication FailureL2TP Server:  RADIUS/LDAP reports Authentication Failure
312 VPN   L2TP Server  Maintenance INFO   ---   L2TP Local Authentication FailureL2TP Server:  Local  Authentication Failure
318 VPN   L2TP Server  Maintenance INFO   ---   L2TP Local Authentication SuccessL2TP Server:  Local  Authentication Success.
319 VPN   L2TP Server  Maintenance INFO   ---   L2TP Radius Authentication SuccessL2TP Server:  RADIUS/LDAP Authentication Success
329 Users   Authentication AccessAttack   ERROR  561  User Login LockoutUser login failure rate exceeded - logins from user IP address denied
336 VPN   L2TP Server  Maintenance INFO   ---   L2TPS Tunnel DeleteL2TP Server : Deleting the Tunnel
344 VPN   L2TP Server  Maintenance INFO   ---   L2TPS Authentication Local FailureL2TP Server : User  Name authentication Failure locally
408 Security ServicesAnti-Virus   Maintenance INFO   ---   AV License ExceededAnti-Virus Licenses Exceeded
438 Users   Authentication AccessUser Activity INFO   ---   User Login Lockout ExpiredLocked-out user logins allowed - lockout period expired
439 Users   Authentication AccessUser Activity INFO   ---   User Login Lockout Clear Locked-out user logins allowed by %s
440 Firewall  Access Rules  User Activity INFO   ---   Rule Added  Access rule added
441 Firewall  Access Rules  User Activity INFO   ---   Rule Modified Access rule viewed or modified
442 Firewall  Access Rules  User Activity INFO   ---   Rule Deleted  Access rule deleted
446 Firewall SettingsFTPAttack   ERROR  551  FTP Passive AttackFTP: PASV response spoof attack dropped
452 VPN   VPN PKI    Maintenance ERROR  ---   PKI Bad PasswordPKI Failure: Incorrect admin password
465 VPN   VPN PKI    Maintenance ERROR  ---   PKI Certificate ExpirePKI Failure: Certificate expiration
473 VPN   DHCP Relay   Debug   INFO   ---   Remote: DHCP RequestDHCP REQUEST received from remote device
474 VPN   DHCP Relay   Debug   INFO   ---   Remote: DHCP DiscoverDHCP DISCOVER received from remote devic
476 VPN   DHCP Relay   Debug   INFO   ---   Server: DHCP OfferDHCP OFFER received from server
482 Security ServicesAnti-Virus   Maintenance WARNING 552  AV Expiration WarningReceived AV Alert: Your Network Anti-Virus subscription will expire in 7 days. %s
486 Users   Authentication AccessUser Activity INFO   ---   WLAN User Login DenyUser login denied - User has no privileges for guest service
491 Security ServicesE-mail Filtering Maintenance WARNING 564  E-mail Filtering Expiration WarningReceived E-Mail Filter Alert: Your E-Mail Filtering subscription will expire in 7 days.
492 Security ServicesE-mail Filtering Maintenance WARNING 565  E-mail Filtering Expiration MessageReceived E-Mail Filter Alert: Your E-Mail Filtering subscription has expired
506 Users   Authentication AccessMaintenance INFO   ---   VPN Disabled VPN disabled by administrator
507 Users   Authentication AccessMaintenance INFO   ---   VPN Enabled VPN enabled by administrator
508 Users   Authentication AccessMaintenance INFO   ---   WLAN DisabledWLAN disabled by administrator
509 Users   Authentication AccessMaintenance INFO   ---   WLAN Enabled WLAN enabled by administrator
566 Network  Interfaces   System Error ALERT  647  Multi-Interface Link DownInterface %s Link Is Down
575 System  Hardware   System EnvironmentERROR  101  Voltages Out of ToleranceVoltages Out of Tolerance
576 System  Hardware   System EnvironmentALERT  102  Fan Failure  Fan Failure
578 System  Hardware   System EnvironmentALERT  104  Thermal Red  Thermal Red
579 System  Hardware   System EnvironmentALERT  105  Thermal Red Timer ExceededThermal Red Timer Exceeded
580 Network  TCPAttack   ALERT  558  TCP SYN/FIN Packet DropTCP SYN/FIN packet dropped
583 Users   Authentication AccessAttack   ERROR  559  User Login DisableUser login disabled from %s
606 Security ServicesAttacksAttack   ALERT  568  Spank Attack Spank attack multicast packet dropped
608 Security ServicesIPSAttack   ALERT  569  IPS Detection AlertIPS Detection Alert: %s
609 Security ServicesIPSAttack   ALERT  570  IPS Prevention AlertIPS Prevention Alert: %s
610 Security ServicesCrypto Test   Maintenance ERROR  ---   Hardware AES Test FailedCrypto Hardware AES test failed
614 Security ServicesGeneralMaintenance WARNING 571  IDP Expiration MessageReceived IPS Alert: Your Intrusion Prevention (IDP) subscription has expired.
646 Firewall  Access Rules  System Error ALERT  5238  Source IP Connection LimitPacket dropped; connection limit for this source IP address has been reached
647 Firewall  Access Rules  System Error ALERT  5239  Destination IP Connection LimitPacket dropped; connection limit for this destination IP address has been reached
648 VPN   VPN IPsec   Attack   ERROR  572  Illegal DestinationPacket destination not in VPN Access list
734 Firewall  Access Rules  ---INFO   ---   Source Connection StatusSource IP address connection status: %s
735 Firewall  Access Rules  ---INFO   ---   Destination Connection StatusDestination IP address connection status: %s
745 Users   Radius AuthenticationUser Activity INFO   ---   LDAP Authentication FailureUser login denied - LDAP authentication failure
746 Users   Radius AuthenticationUser Activity WARNING ---   LDAP Server TimeoutUser login denied - LDAP server Timeout
747 Users   Radius AuthenticationUser Activity WARNING ---   LDAP Server ErrorUser login denied - LDAP server down or misconfigured
748 Users   Radius AuthenticationUser Activity WARNING ---   LDAP Communication ProblemUser login denied - LDAP communication problem
749 Users   Radius AuthenticationUser Activity WARNING ---   LDAP Server Invalid CredentialUser login denied - invalid credentials on LDAP server
750 Users   Radius AuthenticationUser Activity WARNING ---   LDAP Server Insufficient AccessUser login denied - insufficient access on LDAP server
751 Users   Radius AuthenticationUser Activity WARNING ---   LDAP Schema MismatchUser login denied - LDAP schema mismatch
753 Users   Radius AuthenticationUser Activity WARNING ---   LDAP Server Name Resolution FailedUser login denied - LDAP server name resolution failed
754 Users   Radius AuthenticationUser Activity WARNING ---   RADIUS Server Name Resolution FailedUser login denied - RADIUS server name resolution failed
755 Users   Radius AuthenticationUser Activity WARNING ---   LDAP Server Certificate InvalidUser login denied - LDAP server certificate not valid
756 Users   Radius AuthenticationUser Activity WARNING ---   LDAP TLS or Local ErrorUser login denied - TLS or local certificate problem
757 Users   Radius AuthenticationUser Activity WARNING ---   LDAP Directory MismatchUser login denied - LDAP directory mismatch
759 Users   Authentication AccessUser Activity INFO   ---   User Already Logged-InUser login denied - user already logged in
789 Security ServicesIDPAttack   ALERT  6435  IDP Detection AlertIDP Detection Alert: %s
790 Security ServicesIDPAttack   ALERT  6436  IDP Prevention AlertIDP Prevention Alert: %s
793 Firewall  Application FirewallUser Activity ALERT  13201 Application Firewall AlertApplication Firewall Alert: %s
794 Security ServicesAnti-Spyware  Attack   ALERT  6437  Anti-Spyware Prevention AlertAnti-Spyware Prevention Alert: %s
795 Security ServicesAnti-Spyware  Attack   ALERT  6438  Anti-Spyware Detection AlertAnti-Spyware Detection Alert: %s
796 Security ServicesAnti-Spyware  Maintenance WARNING 8631  Anti-Spyware Service ExpiredAnti-Spyware Service Expire
797 Security ServicesRBL Filter   ---NOTICE  ---   Outbound Connection DropOutbound connection to RBL-listed SMTP server dropped
798 Security ServicesRBL Filter   ---NOTICE  ---   Inbound Connection DropInbound connection from RBL-listed SMTP server dropped
799 Security ServicesRBL Filter   ---NOTICE  ---   SMTP Server on RBL BlacklistSMTP server found on RBL blacklist
809 Security ServicesGAVAttack   ALERT  8632  AV Gateway AlertGateway Anti-Virus Alert: %s
810 Security ServicesGAVMaintenance WARNING 8633  AV Gateway Service ExpireGateway Anti-Virus Service expired
815 Network  ARP---WARNING ---   Too Many Gratuitous ARPs DetectedToo many gratuitous ARPs detected
856 Firewall SettingsFlood ProtectionAttack   WARNING ---   SYN Flood Watch ModeSYN Flood Mode changed by user to: Watch and report possible SYN floods
857 Firewall SettingsFlood ProtectionAttack   WARNING ---   SYN Flood Trigger ModeSYN Flood Mode changed by user to: Watch and proxy WAN connections when under attack
858 Firewall SettingsFlood ProtectionAttack   WARNING ---   SYN Flood Proxy ModeSYN Flood Mode changed by user to: Always proxy WAN connections
859 Firewall SettingsFlood ProtectionAttack   ALERT  ---   SYN Flood Proxy Trigger ModePossible SYN flood detected on WAN IF %s - switching to connection-proxy mode
860 Firewall SettingsFlood ProtectionAttack   ALERT  ---   SYN Flood DetectedPossible SYN Flood on IF %s
861 Firewall SettingsFlood ProtectionAttack   ALERT  ---   SYN Flood Proxy Mode CancelSYN flood ceased or flooding machines blacklisted - connection proxy disabled
862 Firewall SettingsFlood ProtectionAttack   WARNING ---   SYN Flood Blacklist OnSYN Flood blacklisting enabled by user
863 Firewall SettingsFlood ProtectionAttack   WARNING ---   SYN Flood Blacklist OffSYN Flood blacklisting disabled by user
864 Firewall SettingsFlood ProtectionAttack   ALERT  ---   SYN-Flooding Machine BlacklistedSYN-Flooding machine %s blacklisted
865 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Machine removed from SYN Flood BlacklistMachine %s removed from SYN flood blacklist
866 Firewall SettingsFlood ProtectionAttack   WARNING ---   Possible SYN Flood ContinuesPossible SYN Flood on IF %s continues
867 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Possible SYN Flood CeasedPossible SYN Flood on IF %s has ceased
868 Firewall SettingsFlood ProtectionAttack   WARNING ---   SYN Flood Blacklist ContinuesSYN Flood Blacklist on IF %s continues
869 Firewall SettingsFlood ProtectionAttack   DEBUG  ---   TCP SYN ReceiveTCP SYN received
879 Wireless  RF Monitoring ---WARNING ---   WLAN Radio Frequency Threat DetectedWLAN radio frequency threat detected
881 System  Time---NOTICE  ---   System Clock Manually UpdatedSystem clock manually updated
897 Firewall SettingsFlood ProtectionAttack   INFO   ---   Invalid TCP SYN Flood CookieTCP packet received with invalid SYN Flood cookie; TCP packet dropped
898 Firewall SettingsFlood ProtectionAttack   ALERT  ---   RST-Flooding Machine BlacklistedRST-Flooding machine %s blacklisted
899 Firewall SettingsFlood ProtectionAttack   WARNING ---   RST Flood Blacklist ContinuesRST Flood Blacklist on IF %s continues
900 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Machine Removed From RST Flood BlacklistMachine %s removed from RST flood blacklist
901 Firewall SettingsFlood ProtectionAttack   ALERT  ---   FIN-Flooding Machine BlacklistedFIN-Flooding machine %s blacklisted
902 Firewall SettingsFlood ProtectionAttack   WARNING ---   FIN Flood Blacklist ContinuesFIN Flood Blacklist on IF %s continues
903 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Machine Removed From FIN Flood BlacklistMachine %s removed from FIN flood blacklist
904 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Possible RST FloodPossible RST Flood on IF %s
905 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Possible FIN FloodPossible FIN Flood on IF %s
906 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Possible RST Flood CeasedPossible RST Flood on IF %s has ceased
907 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Possible FIN Flood CeasedPossible FIN Flood on IF %s has ceased
908 Firewall SettingsFlood ProtectionAttack   WARNING ---   Possible RST Flood ContinuesPossible RST Flood on IF %s continues
909 Firewall SettingsFlood ProtectionAttack   WARNING ---   Possible FIN Flood ContinuesPossible FIN Flood on IF %s continues
986 Users   Authentication AccessUser Activity INFO   ---   Not Allowed by Policy RuleUser login denied - not allowed by Policy rule
987 Users   Authentication AccessUser Activity INFO   ---   Not Found LocallyUser login denied - not found locally
992 Users   SSO Agent AuthenticationUser Activity WARNING ---   User Name Too LongSSO agent returned user name too long
993 Users   SSO Agent AuthenticationUser Activity WARNING ---   Domain Name Too LongSSO agent returned domain name too lon
994 Users   Authentication AccessUser Activity INFO   ---   Configuration Mode Administration Session StartedConfiguration mode administration session started
996 Users   Authentication AccessUser Activity INFO   ---   Read-only Mode GUI Administration Session StartedRead-only mode GUI administration session started
999 Firewall SettingsSSL Control   Blocked Sites INFO   ---   Website Found in BlacklistSSL Control: Website found in blacklist
1010 Users   Radius AuthenticationSystem Error ALERT  ---   Using LDAP Without TLSUsing LDAP without TLS - highly insecure
1035 Users   Authentication AccessUser Activity INFO   ---   Password ExpireUser login denied - password expired
1048 Users   Authentication Access---INFO   ---   Password doesn't meet constraintsUser login denied - password doesn't meet constraints
1049 System  Settings    ---INFO   ---   System Setting ImportedSystem Setting Imported
1050 VPN   VPN IPsec   User Activity INFO   ---   VPN Policy AddedVPN policy %s is added
1051 VPN   VPN IPsec   User Activity INFO   ---   VPN Policy DeletedVPN policy %s is deleted
1052 VPN   VPN IPsec   User Activity INFO   ---   VPN Policy ModifiedVPN policy %s is modified
1080 Users   Authentication Access---INFO   ---   Successful SSL VPN User LoginSSL VPN zone remote user login allowed
1084 Anti-Spam General---INFO   13803 Service Enable Anti-Spam service is enabled by administrator.
1085 Anti-Spam General---INFO   13804 Service Disable Anti-Spam service is disabled by administrator.
1086 Anti-Spam General---WARNING 13805 Service Subscription ExpireYour Anti-Spam Service subscription has expired
1088 Anti-Spam General---WARNING 13807 Startup Failure Anti-Spam Startup Failure - %s
1093 Anti-Spam GRID---NOTICE  13811 SMTP Server Found on Reject ListSMTP server found on Reject List
1098 Network  DNS---ALERT  6465  DNS Rebind Attack DetectedPossible DNS rebind attack detected
1099 Network  DNS---ALERT  6466  DNS Rebind Attack BlockedDNS rebind attack blocked
1108 Anti-Spam E-mail---INFO   ---   E-mail Message BlockedMessage blocked by Real-Time E-mail Scanner
1110 Network  DHCP Server  ---INFO   ---   Assigned IP AddressAssigned IP address %s
1114 Firewall SettingsFTP---DEBUG  ---   FTP Client User LoginFtp client user logged in successfully
1115 Firewall SettingsFTP---DEBUG  ---   FTP Client User Login FailedFtp client user logged in failed
1149 High AvailabilityCluster---WARNING ---   VRRP Expiration MessageYour Active/Active Clustering subscription has expired
1153 SSL VPN  GeneralConnection TrafficINFO   ---   SSL VPN Traffic SSL VPN Traffic
1154 Firewall  Application Control---ALERT  15001 Application Control Detection AlertApplication Control Detection Alert: %s
1155 Firewall  Application Control---ALERT  15002 Application Control Prevention AlertApplication Control Prevention Alert: %s
1159 Security ServicesGeneral---WARNING ---   Visualization Control Expire MessageReceived Alert: Your Visualization Control subscription has expired
1176 WAN AccelerationLocal WXA Appliance---WARNING ---   WAN Acceleration Software License ExpiredYour WAN Acceleration Service subscription has expired.
1177 Network  DNSDebug   ALERT  ---   Malformed DNS PacketMalformed DNS packet detected
1178 Users   SSO Agent AuthenticationUser Activity ALERT  ---   High SSO Packet CountA high percentage of the system packet buffers are held waiting for SSO
1179 Users   SSO Agent AuthenticationUser Activity ALERT  ---   High SSO User ConnectionA user has a very high number of connections waiting for SSO
1180 Firewall SettingsFlood Protection---ALERT  ---   DOS Protection on WAN Begin DOS protection on WAN begins %s
1181 Firewall SettingsFlood Protection---WARNING ---   DOS Protection on WAN In-ProgressDOS protection on WAN %s
1182 Firewall SettingsFlood Protection---ALERT  ---   DOS Protection on WAN StoppedDOS protection on WAN %s
1195 Security ServicesBotnet Filter  Security ServicesWARNING ---   Botnet Filter Subscription ExpiredReceived Alert: Your Firewall Botnet Filter subscription has expired
1198 Security ServicesGeo-IP Filter  ---ALERT  ---   Geo IP Initiator BlockedInitiator from country blocked: %s
1199 Security ServicesGeo-IP Filter  ---ALERT  ---   Geo IP Responder BlockedResponder from country blocked: %s
1200 Security ServicesBotnet Filter  ---ALERT  ---   Botnet Initiator BlockedSuspected Botnet initiator blocked: %s
1201 Security ServicesBotnet Filter  ---ALERT  ---   Botnet Responder BlockedSuspected Botnet responder blocked: %s
1213 Firewall SettingsFlood ProtectionAttack   ALERT  ---   UDP Flood DetectedPossible UDP flood attack detected
1214 Firewall SettingsFlood ProtectionAttack   ALERT  ---   ICMP Flood DetectedPossible ICMP flood attack detected
1222 System  SNMP---WARNING ---   Invalid SNMPv3 UserInvalid SNMPv3 User
1304 Network  Network Access Debug   ALERT  ---   Packet Dropped Due to NDPP RulesPacket is dropped due to NDPP rules
1316 Network  ARP---ALERT  ---   ARP Attack DetectedPossible ARP attack from MAC address %s
1332 System  StatusMaintenance ALERT  ---   NDPP Mode ChangeNDPP mode is changed to %s
1333 Users   Authentication AccessUser Activity INFO   ---   Create a User %s
1334 Users   Authentication AccessUser Activity INFO   ---   Edit a User  %s
1335 Users   Authentication AccessUser Activity INFO   ---   Delete a User %s
1337 System  Settings    Firewall   INFO   ---   User Password Changed by Administrators%s
1338 System  Settings    Firewall   INFO   ---   User Change PasswordUser %s password is changed
1343 VPN   VPN IPsec   User Activity INFO   ---   VPN Policy Enabled/DisabledVPN Policy %s
1366 Firewall SettingsFlood ProtectionAttack   ALERT  ---   TCP-Flooding Machine BlacklistedTCP-Flooding machine %s blacklisted
1367 Firewall SettingsFlood ProtectionAttack   WARNING ---   TCP Flood Blacklist ContinuesTCP Flood Blacklist on IF %s continues
1368 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Machine Removed From TCP Flood BlacklistMachine %s removed from TCP flood blacklist
1369 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Possible TCP FloodPossible TCP Flood on IF %s
1370 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Possible TCP Flood CeasedPossible TCP Flood on IF %s has ceased
1371 Firewall SettingsFlood Protection---WARNING ---   Possible TCP Flood ContinuesPossible TCP Flood on IF %s continues
1373 Security ServicesAttacksAttack   ALERT  ---   IPv6 fragment size is less than minimum (<1280)IPv6 fragment dropped, invalid length (<1280 Bytes)
1374 Security ServicesAttacksAttack   ALERT  ---   IP Reassembly : Incomplete IGMP fragmentIGMP packet dropped, incomplete fragments
1375 Security ServicesAttacksAttack   ALERT  ---   UDP fragmented datagram is too big (>65535)UDP fragment dropped, exceeds maximum IP datagram size (>65535)
1376 Security ServicesAttacksAttack   ALERT  ---   Nestea/Teardrop AttackNestea/Teardrop attack dropped
1378 Anti-Spam General---ALERT  ---   SHLO replay attackPossible replay attack with this client IP - %s
1381 Security ServicesGeneral---WARNING 15003 Application Control Expiration MessageReceived App-Control Alert: Your Application Control subscription has expired.
1382 Log    Configuration AuditingUser Activity INFO   5609  Configuration Change SucceededConfiguration succeeded: %s
1383 Log    Configuration AuditingUser Activity INFO   5610  Configuration Change FailedConfiguration failed: %s
1387 Security ServicesAttacksAttack   ALERT  ---   TCP Null Flag AttackTCP Null Flag dropped
1388 VPN   VPN IPsec   Attack   DEBUG  ---   Vpn Decryption FailedIPSec VPN Decryption Failed
1426 Wireless  SonicPoint/SonicWave---INFO   13603 SonicPoint/SonicWave Unexpected Reboot %s unexpected reboot. Please check whether input power is adequate and ethernet connection is secured. (SonicWave/SonicPoint AC/NDR requires 802.3at PoE+)
1432 System  Settings    Firewall   INFO   ---   Configuration ChangeConfiguration changed: %
1442 System  Hardware   System EnvironmentALERT  ---   USB Over CurrentUSB Over Current
1443 Firewall SettingsAdvanced   Debug   WARNING ---   Control Plane Flood Protection Threshold ExceededControl Plane Flood Protection Threshold Exceeded: %s
1444 High AvailabilityStateMaintenance ERROR  ---   HA Reboot  Reboot occured (Reason :%s)
1450 Firewall SettingsFlood ProtectionAttack   ALERT  ---   UDPv6 Flood DetectedPossible UDPv6 flood attack detected
1451 Firewall SettingsFlood ProtectionAttack   ALERT  ---   ICMPv6 Flood DetectedPossible ICMPv6 flood attack detected
1452 Firewall SettingsFlood ProtectionAttack   ALERT  ---   Half Open TCP Connection Threshold ExceededToo many half-open TCP connection
1459 Security ServicesGAVMaintenance INFO   ---   Capture ATP File Transfer AttemptGateway Anti-Virus Status: %s
1460 Security ServicesGAVMaintenance INFO   ---   Capture ATP File Transfer ResultGateway Anti-Virus Status: %s
1461 Security ServicesContent Filter  ---NOTICE  703  CFS Alert   CFS Alert: %s1462 Security ServicesGAV---INFO   ---   AV Gateway InformGateway Anti-Virus Inform: %s
1474 Security ServicesGeo-IP Filter  ---ALERT  ---   Custom Geo IP Initiator BlockedInitiator from country blocked: %s, Source: Custom List
1475 Security ServicesGeo-IP Filter  ---ALERT  ---   Custom Geo IP Responder BlockedResponder from country blocked: %s, Source: Custom List
1476 Security ServicesBotnet Filter  ---ALERT  ---   Custom Botnet Initiator BlockedSuspected Botnet initiator blocked: %s, Source: Custom List
1477 Security ServicesBotnet Filter  ---ALERT  ---   Custom Botnet Responder BlockedSuspected Botnet responder blocked: %s, Source: Custom List
1495 System  StatusMaintenance INFO   ---   Firewall was Rebooted by Setting ImportFirewall was rebooted by setting import at %s
1496 System  StatusMaintenance INFO   ---   Firewall was Rebooted by FirmwareFirewall was rebooted by %
1507 Network  IPv6 MAC-IP Anti-SpoofAttack   ALERT  ---   IPv6 MAC-IP Anti-Spoof Check Enforced For HostsIPv6 MAC-IP Anti-spoof check enforced for hosts
1508 Network  IPv6 MAC-IP Anti-SpoofAttack   ALERT  ---   IPv6 MAC-IP Anti-Spoof Cache Not Found For RouterIPv6 MAC-IP Anti-spoof cache not found for this router
1509 Network  IPv6 MAC-IP Anti-SpoofAttack   ALERT  ---   IPv6 MAC-IP Anti-Spoof Cache Not RouterIPv6 MAC-IP Anti-spoof cache found, but it is not a router
1510 Network  IPv6 MAC-IP Anti-SpoofAttack   ALERT  ---   IPv6 MAC-IP Anti-Spoof Cache Blacklisted DeviceIPv6 MAC-IP Anti-spoof cache found, but it is blacklisted device
1515 System  Cloud Backup  Firewall   INFO   ---   Delete Cloud Backup Successful%s
1516 System  Cloud Backup  Firewall   INFO   ---   Delete Cloud Backup Failed%
1517 Users   Authentication AccessUser Activity INFO   ---   User Name Invalid Symbol User name invalid symbol: %s 
1518 Security ServicesBotnet Filter  ---ALERT  ---   Botnet Initiator BlockedSuspected Botnet initiator blocked: %s, Source: Dynamic List
1519 Security ServicesBotnet Filter  ---ALERT  ---   Botnet Responder BlockedSuspected Botnet responder blocked: %s, Source: Dynamic List
1526 Wireless  SonicPoint/SonicWave---INFO   ---   SonicWave License Invalid SonicWave %s
1532 Security ServicesDPI-SSH    Users    ALERT  ---   DPI-SSH PF UserDPI SSH Port Forward Alert: %s
1534 Security ServicesDPI-SSH    ---ALERT  ---   DPI-SSH Connection CheckDPI-SSH Connection: %s
1564 Security ServicesDPI-SSL EnforcementMaintenance WARNING ---   SSLE Expire MessageReceived DPI-SSL Enforcement Alert: Your Network DPI-SSL Enforcement subscription has expired. %s

Dependencies

~2.3–3.5MB
~67K SLoC