Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

188

189

190

191

192

193

194

195

196

197

Appendix C: Log Viewer "info" Messages Messages in the 'info' column of the log viewer

Advanced Technical Reference Guide 4.1 • June 2000 191

FIELD MEANING

ip_vers Contains the I.P. version (normally 4).

Key update for The name of the module for which a key update has occurred.

Len Contains the length of the packet, when 'long' logging is used.

License violation detected This field exists when a license violation is detected. Contains the list of

internal addresses (one address for each log record) in ip format (e.g.

192.168.160.1).

Message For a log of a syn attack, specifies the nature of the attack. Could be either

"syn -> syn-ack -> rst" or "syn -> syn-ack -> timeout".

Methods: Contains three components separated by commas. The first is the algorithm

used to generate the session key, the second is the algorithm used for the

entire session, and the third is the hashing algorithm (e.g. "fwz, des, md5").

Orig_from The "from" address of the SMTP mail message, before a possible translation.

Orig_to The "to" address of the SMTP mail message, before a possible translation.

Packets The number of packets transferred in a session. Used for accounting and live

connections.

Reason Contains the authentication message in authentication rules. A list of the

messages can be found on page 507 of the Check Point 2000 Administration

Guide (page 56 of the VPN-1/FireWall--1 Architecture and Administration

User Guide, Version 4.0). Authentication attempts may be denied for any of

the 8 reasons specified. In addition, you can also get the successful

authentication message ("authenticated by" followed by the scheme - radius,

axent, s/key, securid, os password or VPN-1/FireWall--1 internal password).

Res_action In ftp/http account logs, contains the direction of the file transfer ("get" or

"put").

Resource In http account logs, contains the url accessed.

Request The type of a sam request: “inhibit” or “uninhibit”.

Rpc-prog Contains the rpc program number for rpc rules.

Scheme: The encryption scheme used ("fwz", "skip", etc.)

Signed by The certificate authority used to sign a certain key sent to a firewall module.

Start_time The time the connection started. Used for accounting.

SPI Contains the ipsec spi.

Sys_msgs Contains one of the following:

"started sending log to local host",

"security policy uninstalled",

"installed <name of security policy>".

Target The host for which the “inhibit” or “uninhibit” sam request was made.

To The "to" address of the smtp mail message, after a possible translation.

Error notification From …, to …, cause of errors in resending e-mail from mail dequeuer to mail

server (connection failed, no disk space on mail server, etc.) .

ISAKMP Log Completion of Phase 1, encryption algorithm/hash algorithm, Causes of any

Phase 1 errors.

Negotiation Id Host(1) negotiation id

Host(2) negotiation id.