4.10.3.2.Error Codes. Novell Security Manager Powered by Astaro

Using the Security System

111

112

150

151

152

153

105

106

107

108

109

110 changes, implemented by the configuration tool and also the log-in and log-out processes.

4.10.3.2.

Error Codes

The following is a list of all error, warning, and information codes with their meanings:

INFO:

000 System was restarted

System was restarted

A system backup file was generated automatically and sent via e-mail to the Administrator.

User Authentication deamon (UA) not running – restarted

Cron Task Scheduler not running – restarted

WebAdmin webserver not running – restarted ssh server not running – restarted license server not running – restarted configuration database server not running – restarted syslog server not running – restarted middleware not running – restarted

Root partition mounted at / is filling up please check tmpfs partition mounted at /opt/tmpfs is filling up - please check secure application partition mounted at /var/sec is filling up - please check logfile partition mounted at /var/log is filling up - please check

344

154

155

300

302

303

320

321

Using the Security System storage application partition mounted at / var/storage is filling up - please check

Up2Date partition mounted at /var/up2date is filling up - please check

System Up2Date: System Up2Date started

Further information on the Up2Date Service can be found in chapters on page 48.

System Up2Date: No new System Up2Date packages available

System Up2Date succeeded: Prefetched new System

Up2Date package(s)

For more Up2Date package information please see attachted Up2Date description file.

Further information on the System Up2Date can be found in chapters on page 48.

System Up2Date failed: License is not valid

System Up2Date: Started System Up2Date installlation in HA-Master-Mode

345

Using the Security System

351

352

353

354

322

323

350

360

361

700

System Up2Date: New System Up2Dates installed

Further information on the Up2Date package(s) can be found in the notification e-mail.

System Up2Date: Started System Up2Date Installation

Pattern Up2Date: Started Pattern Up2Date

Further information on the Up2Date Service can be found in chapters on page 48.

Pattern Up2Date: No new pattern available for

Virus Protection

Pattern Up2Date: No new pattern available for

Intrusion Protection

Pattern Up2Date: Trying another pattern type

Pattern Up2Date succeeded: Updated new Intrusion

Protection patterns

For more information please see the notification e-mail. Further information on the System Up2-

Date can be found in chapters on page 48.

Virus Pattern Up2Date: No pattern installation for Virus pattern needed

Virus Pattern Up2Date succeeded: Installed new

Virus Pattern

For more information please see the notification e-mail.

Daily log file archive

This is an archive file containing the log files. The date of these log files is specified in the notification.

346

710

850

851

Using the Security System

Log file partition is filling up

The log file partition usage reached the specified value in percent. Depending on your configuration the system will automatically take measures if the usage continues to grow. To make sure you don't lose any important log files, please check the WebAdmin settings and/or remove old log files manually.

Intrusion Protection Event

A packet was identified that may be part of an intrusion. The matching rule classified this as low priority level. Further information on the

Intrusion Prevention event can be found in the notification e-mail.

Intrusion Protection Event – Event buffering activated

A packet was identified that may be part of an intrusion. The matching rule classified this as low priority level. Event buffering has been activated. Further Intrusion Protection events will be collected and sent to you when the collection period has expired. If more events occur, this period will be increased. Further information on the Intrusion Prevention event can be found in the notification e-mail.

A portscan was detected. The originating host was: <IP>

A portscan from the given IP address was detected. The Portscan Detection function is described in chapter , on page 190.

347

Using the Security System

856

For more information:

- see WebAdmin -> Local Logs/Browse/Portscan

- search with whois to know who the source

IP belongs to:

-> RIPE NCC http://www.ripe.net/perl/whois?

query=$HOST

-> ARIN - http://www.arin.net/cgi-bin/whois.pl?

queryinput =$HOST

-> APNIC - http://cgi.apnic.net/apnic-bin/

whois.pl?search=$HOST

- use traceroute from

-> UC Berkeley

- http://www.net.berkeley.edu/cgi-bin/

traceroute? $HOST

Attention: source IP addresses can easily be forged by attackers.

Portscan detected - Event buffering activated

A portscan was detected. The originating host was: <IP>

A portscan from the given IP address was detected. The Portscan Detection function is described in chapter , on page 190.

Event buffering has been activated. Further

Intrusion Protection events will be collected and sent to you when the collection period has expired. If more events occur, this period will be increased. Further information on the Intrusion Prevention event can be found in the notification e-mail.

File transfer request 999

348

Using the Security System

This is the file you requested.

349

Using the Security System

WARN:

001

005

080

081

A feature will expire! The feature ... is time limited and will expire in ...

Please contact your local Novell partner or a

Novell sales representative to obtain a license update. E-Mail addresses:

America's: www.novell.com/offices/americas,

Europe, Asia Pacific and Africa: www.novell.com/offices.

For technical questions, please feel free to visit our user bulletin board at http://support.novell.com/forums/2sm.html, or our documentation resources at http://www.novell.com/documentation/nsma5.

Failed login attempt from ...(IP) at ...(time) with ...( username)

HA check: no link beat on interface – retrying

The link beat monitoring system on the firewall failed. The system will now try again. If the system continues to fail, the administrator will receive message WAR 081.

If you do not wish to use this monitoring function, no further action is required. After the system sends the WAR 081 message, it will not try to start the link beat monitoring system again.

HA check: interface does not support link beat check

The link beat monitoring system failed after multiple attempts. If you have recently installed the HA system, and you intend to use the

350

158

159

711

715

Using the Security System link beat monitoring system, please check that the network cards support link beat, and that they are supported by the security system. Also check to make sure that the link beat capable cards have been chosen for the data transfer connection.

The installation and management of the HA system is described in chapter , on page 98.

Interface uplink usage exceeds configured limit

On a Standard-Ethernet-interface the function

„Monitor Interface Usage“ was activated. The maximum value for the Uplink-Bandwidth was exceeded.

Interface uplink usage exceeds configured limit

On a Standard-Ethernet-interface the function

„Monitor Interface Usage“ was activated. The maximum value for the Downlink-Bandwidth was exceeded.

Log file(s) have been deleted

The log file partition usage reached the specified value in percent. Log Files have been deleted. To make sure you don't lose more log file(s), please check the WebAdmin settings and/or remove old log files manually. The deleted files and/or directories are listed in the attachment.

Remote log file storage failed

The daily log file archive could not be stored on the configured remote server. Please check the WebAdmin settings for:

Local Logs/Settings/Remote log file archive

351

Using the Security System

850

851

CRIT:

301

302

The archive file will be automatically retransfered with the next daily log file archive.

Intrusion Protection Event

A packet was identified that may be part of an intrusion. The matching rule classified this as medium priority level. Further information on the Intrusion Prevention event can be found in the notification e-mail.

Intrusion Protection Event – Event buffering activated

A packet was identified that may be part of an intrusion. The matching rule classified this as medium priority level. Event buffering has been activated. Further Intrusion Protection events will be collected and sent to you when the collection period has expired. If more events occur, this period will be increased. Further information on the Intrusion Prevention event can be found in the notification e-mail.

System Up2Date failed: Could not connect to

Authentication Server(s)

The authentication server is not reachable. If the problem continues, please contact the support department of your firewall provider.

System Up2Date failed: Download of System

Up2Date Packages failed

If the problem continues, please contact the support department of your firewall provider.

352

305

306

320

322

323

324

325

Using the Security System

System Up2Date: Wrong MD5sum for local System

Up2Date package

Please download a new Up2Date package. If the problem recurs, please contact the support department of your firewall provider.

System Up2Date failed: Wrong MD5sum for downloaded Up2Date Package

Please download a new Up2Date package. If the problem recurs, please contact the support department of your firewall provider.

System Up2Date failed: Wrong start parameters

If the problem recurs, please contact the support department of your firewall provider.

System Up2date stopped: Next Up2Date installlation locked by HA

System Up2Date failed: Corrupt Up2Date Package

Found corrupt Up2Date package. Please start process again. If the problem recurs, please contact the support department of your firewall provider.

System Up2Date failed: Invalid License

Your license is no longer valid.

System Up2Date failed: License check failed

Your license could not be checked. If the problem continues, please contact the support department of your firewall provider.

333 System Up2Date failed: Internal error

The system update failed. Please contact the support department of your firewall provider.

353

Using the Security System

341

342

343

354

334

335

336

337

338

339

340

System Up2Date failed: Invalid syntax

The system update failed. Please contact the support department of your firewall provider.

System Up2Date failed: Could not read Up2Date directory

The system update failed. Please contact the support department of your firewall provider.

System Up2Date failed: No installation directory

The system update failed. Please contact the support department of your firewall provider.

System Up2Date failed: Could not extract tar

Please start process again. If the problem recurs, please contact the support department of your firewall provider.

System Up2Date failed: Main Up2Date package not found

Please start process again. If the problem recurs, please contact the support department of your firewall provider.

System Up2Date failed: Version conflict

The system update failed. Please contact the support department of your firewall provider.

System Up2Date failed: Pre-Stop-Services script failed

System Up2Date failed: Post-Stop-Services script failed

System Up2Date failed: Pre-Start-Services script failed

System Up2Date failed: Starting Services failed

344

345

346

347

351

352

353

354

Using the Security System

The system update failed. Please contact the support department of your firewall provider.

System Up2Date failed: Post-Start-Services script failed

System Up2Date failed: Error occured while running installer

The system update failed. Please contact the support department of your firewall provider.

System Up2Date failed: Installer ended due to internal error

The system update failed. Please contact the support department of your firewall provider.

System Up2Date failed: Started without rpm parameters

The system update failed. Please contact the support department of your firewall provider.

Pattern Up2Date failed: Could not select

Authentication Server(s)

If the problem continues, please contact the support department of your firewall provider.

Pattern Up2Date failed: Could not connect to

Authentication Server(s)

The authentication server is not reachable. If the problem continues, please contact the support department of your firewall provider.

Virus Pattern Up2Date failed: Could not connect to Up2Date Server

The Up2Date server is not reachable. If the problem continues, please contact the support department of your firewall provider.

Intrusion Protection Pattern Up2Date failed:

Could not connect to Up2Date Server

355

Using the Security System

355

356

357

358

360

361

362

The Up2Date server is not reachable. If the problem continues, please contact the support department of your firewall provider.

Virus Pattern Up2Date failed: No active bases for Virus Patterns found

Intrusion Protection Pattern Up2Date failed: No active bases for Intrusion Protection Patterns found

Virus Pattern Up2Date failed: Internal MD5Sum

Error

Could not create correct MD5Sums. If the problem recurs, please contact the support department of your firewall provider.

Intrusion Protection Pattern Up2Date failed:

Internal MD5Sum Error

Could not create correct MD5Sums. If the problem recurs, please contact the support department of your firewall provider.

Pattern Up2Date failed: Licence Check failed

Your license could not be checked. If the problem continues, please contact the support department of your firewall provider.

Pattern Up2Date failed: Restart of Virus Scanner failed

If the problem continues, please contact the support department of your firewall provider.

Pattern Up2Date failed: MD5Sum Error occurred

If the problem continues, please contact the support department of your firewall provider.

System shut down due to full log file partition 712

356

850

851

860

Using the Security System

The log file partition usage reached the specified value in percent. To prevent the loss of important log files, the system has been shut down automatically. Please check the WebAdmin settings and/or remove old log files.

Intrusion Protection Event

A packet was identified that may be part of an intrusion. The matching rule classified this as highest priority level. Further information on the Intrusion Prevention event can be found in the notification e-mail.

Intrusion Protection Event – Event buffering activated

A packet was identified that may be part of an intrusion. The matching rule classified this as highest priority level. Event buffering has been activated. Further Intrusion Protection events will be collected and sent to you when the collection period has expired. If more events occur, this period will be increased. Further information on the Intrusion Prevention event can be found in the notification e-mail.

Intrusion Protection Event - Buffered Events

After the activation of the event buffering further IPS events have been collected. Please see the attached file for a list of collected events. This list will show you a maximum of events. A complete event history has been stored in the Intrusion Protection log files.

357