Symantec™ Security Gateways Reference Guide - Sawmill

158 Log messagesNotice messages (200-299)PayloadPayload offsetStart timeEnd timeSource IPSource PortDestination IPDestination PortPacketInterfaceSource MACDestination MACVLAN IDOutcomeThe exact snippet of data that generated the event. This may be empty for somealerts.The number of bytes into the payload data when the alerting pattern starts. Thisvalue is zero-indexed and is left/right inclusive.The starting time of the event.The end time of the event.The source IP address of the attack. This is also used when blacklist notifications areconfigured.The level four network of the source of the attack traffic.The destination IP address of the attack.The level four network of the destination of the attack traffic.The whole or partial IP packet triggering the event.The string identifying the device, on which the packet was captured.The source Ethernet address of the offending packet.The destination Ethernet address of the offending packet.The virtual local area network (VLAN) ID from the Ethernet header of the offendingpacket.Currently set to unknown199 - Bad protocol passedDescription: The H.323 voice over IP protocol is bad, so it is passed.Notice messages (200-299)Log messages in the range 200-299 are notices that indicate a situation requiring minor attention.201 - Access deniedDescription: The system does not permit access as no rule that allows this connection exists. To pass this traffic, createan appropriate rule.201 - Adjust time server offset second(s)Description: The time is being adjusted by the number specified.201 - Already authenticatedDescription: The user attempts to authenticate.201 - Command received while waiting for data connectionDescription: While waiting to establish an FTP connection, an unexpected command was received by the FTP proxy.201 - Connection closed before connected to last destinationDescription: A connection was terminated before the connection process was complete.