Symantec™ Security Gateways Reference Guide - Sawmill

Log messagesInformational messages (100-199)157171 - SESA Agent removedDescription: The software that lets the security gateway communicate with the SESA Manager is no longer required andis deleted.171 - Temporarily suppressing messages because the security gateway has reached log limits fordriver messages at this levelDescription: Due to increased volume, information log messages are no longer logged until conditions improve, so thatthe log services do not load the CPU.172 - Successfully activated security gateway configurationDescription: A new configuration has been activated on the security gateway. This is the result of a local administratoractivating a set of configuration edits, or the security gateway receiving a configuration from the SESAManager. The user parameter indicates the administrator (or SESA administrator if managed by SESA) andthe revision parameter contains the policy and location settings revision information.175 - Perform graceful shutdown of the systemDescription: The security gateway system is shutting down normally.190 - Remote management timed outDescription: The security gateway remote management session was logged out after it was left up and running with nointeraction.190 - Intrusion Event detectedDescription: An intrusion event is detected and all suspicious packets from the rogue host are dropped. The log messageprovides information on the type of intrusion event and includes parameters that elaborate on the event.One of these parameters is a hyperlink that provides more information on the event. The parameters arelisted below:Policy TagVendorClassFamilyA string identifying the type of event.This is currently Symantec.Currently all trackable events are of one sensor class “sniffer.”The family to which the event belongs.The Legal Values are listed below:“integrity” Indicates a protocol anomaly event.“availability”“notice”Context dataContext descriptionFlow CookieIP ProtocolLevelReliabilityIndicates a counter alert event.Indicates a trackable event.Context specific data about the connection event.Textual description of the data, a given state machine adds to the context data buffer.A string that pseudo uniquely identifies the network flow where the event occurs.This is a conglomerate of the protocol, IPs and ports on both ends of the connection.The transport layer protocol on which the event was detected.A number between 0 and 255, which represents how severe the event is.A number between 0 and 255, which represents how reliable the event is.