advertisement
Using the Security System
111
112
150
151
152
153
105
106
107
108
109
110 changes, implemented by the configuration tool and also the log-in and log-out processes.
4.10.3.2.
Error Codes
The following is a list of all error, warning, and information codes with their meanings:
INFO:
000 System was restarted
System was restarted
A system backup file was generated automatically and sent via e-mail to the Administrator.
User Authentication deamon (UA) not running – restarted
Cron Task Scheduler not running – restarted
WebAdmin webserver not running – restarted ssh server not running – restarted license server not running – restarted configuration database server not running – restarted syslog server not running – restarted middleware not running – restarted
Root partition mounted at / is filling up please check tmpfs partition mounted at /opt/tmpfs is filling up - please check secure application partition mounted at /var/sec is filling up - please check logfile partition mounted at /var/log is filling up - please check
344
154
155
300
302
303
320
321
Using the Security System storage application partition mounted at / var/storage is filling up - please check
Up2Date partition mounted at /var/up2date is filling up - please check
System Up2Date: System Up2Date started
Further information on the Up2Date Service can be found in chapters on page 48.
System Up2Date: No new System Up2Date packages available
System Up2Date succeeded: Prefetched new System
Up2Date package(s)
For more Up2Date package information please see attachted Up2Date description file.
Further information on the System Up2Date can be found in chapters on page 48.
System Up2Date failed: License is not valid
System Up2Date: Started System Up2Date installlation in HA-Master-Mode
345
Using the Security System
351
352
353
354
322
323
350
360
361
700
System Up2Date: New System Up2Dates installed
Further information on the Up2Date package(s) can be found in the notification e-mail.
System Up2Date: Started System Up2Date Installation
Pattern Up2Date: Started Pattern Up2Date
Further information on the Up2Date Service can be found in chapters on page 48.
Pattern Up2Date: No new pattern available for
Virus Protection
Pattern Up2Date: No new pattern available for
Intrusion Protection
Pattern Up2Date: Trying another pattern type
Pattern Up2Date succeeded: Updated new Intrusion
Protection patterns
For more information please see the notification e-mail. Further information on the System Up2-
Date can be found in chapters on page 48.
Virus Pattern Up2Date: No pattern installation for Virus pattern needed
Virus Pattern Up2Date succeeded: Installed new
Virus Pattern
For more information please see the notification e-mail.
Daily log file archive
This is an archive file containing the log files. The date of these log files is specified in the notification.
346
710
850
851
Using the Security System
Log file partition is filling up
The log file partition usage reached the specified value in percent. Depending on your configuration the system will automatically take measures if the usage continues to grow. To make sure you don't lose any important log files, please check the WebAdmin settings and/or remove old log files manually.
Intrusion Protection Event
A packet was identified that may be part of an intrusion. The matching rule classified this as low priority level. Further information on the
Intrusion Prevention event can be found in the notification e-mail.
Intrusion Protection Event – Event buffering activated
A packet was identified that may be part of an intrusion. The matching rule classified this as low priority level. Event buffering has been activated. Further Intrusion Protection events will be collected and sent to you when the collection period has expired. If more events occur, this period will be increased. Further information on the Intrusion Prevention event can be found in the notification e-mail.
A portscan was detected. The originating host was: <IP>
A portscan from the given IP address was detected. The Portscan Detection function is described in chapter , on page 190.
347
Using the Security System
856
For more information:
- see WebAdmin -> Local Logs/Browse/Portscan
- search with whois to know who the source
IP belongs to:
-> RIPE NCC http://www.ripe.net/perl/whois?
query=$HOST
-> ARIN - http://www.arin.net/cgi-bin/whois.pl?
queryinput =$HOST
-> APNIC - http://cgi.apnic.net/apnic-bin/
whois.pl?search=$HOST
- use traceroute from
-> UC Berkeley
- http://www.net.berkeley.edu/cgi-bin/
traceroute? $HOST
Attention: source IP addresses can easily be forged by attackers.
Portscan detected - Event buffering activated
A portscan was detected. The originating host was: <IP>
A portscan from the given IP address was detected. The Portscan Detection function is described in chapter , on page 190.
Event buffering has been activated. Further
Intrusion Protection events will be collected and sent to you when the collection period has expired. If more events occur, this period will be increased. Further information on the Intrusion Prevention event can be found in the notification e-mail.
File transfer request 999
348
Using the Security System
This is the file you requested.
349
Using the Security System
WARN:
001
005
080
081
A feature will expire! The feature ... is time limited and will expire in ...
Please contact your local Novell partner or a
Novell sales representative to obtain a license update. E-Mail addresses:
America's: www.novell.com/offices/americas,
Europe, Asia Pacific and Africa: www.novell.com/offices.
For technical questions, please feel free to visit our user bulletin board at http://support.novell.com/forums/2sm.html, or our documentation resources at http://www.novell.com/documentation/nsma5.
Failed login attempt from ...(IP) at ...(time) with ...( username)
HA check: no link beat on interface – retrying
The link beat monitoring system on the firewall failed. The system will now try again. If the system continues to fail, the administrator will receive message WAR 081.
If you do not wish to use this monitoring function, no further action is required. After the system sends the WAR 081 message, it will not try to start the link beat monitoring system again.
HA check: interface does not support link beat check
The link beat monitoring system failed after multiple attempts. If you have recently installed the HA system, and you intend to use the
350
158
159
711
715
Using the Security System link beat monitoring system, please check that the network cards support link beat, and that they are supported by the security system. Also check to make sure that the link beat capable cards have been chosen for the data transfer connection.
The installation and management of the HA system is described in chapter , on page 98.
Interface uplink usage exceeds configured limit
On a Standard-Ethernet-interface the function
„Monitor Interface Usage“ was activated. The maximum value for the Uplink-Bandwidth was exceeded.
Interface uplink usage exceeds configured limit
On a Standard-Ethernet-interface the function
„Monitor Interface Usage“ was activated. The maximum value for the Downlink-Bandwidth was exceeded.
Log file(s) have been deleted
The log file partition usage reached the specified value in percent. Log Files have been deleted. To make sure you don't lose more log file(s), please check the WebAdmin settings and/or remove old log files manually. The deleted files and/or directories are listed in the attachment.
Remote log file storage failed
The daily log file archive could not be stored on the configured remote server. Please check the WebAdmin settings for:
Local Logs/Settings/Remote log file archive
351
Using the Security System
850
851
CRIT:
301
302
The archive file will be automatically retransfered with the next daily log file archive.
Intrusion Protection Event
A packet was identified that may be part of an intrusion. The matching rule classified this as medium priority level. Further information on the Intrusion Prevention event can be found in the notification e-mail.
Intrusion Protection Event – Event buffering activated
A packet was identified that may be part of an intrusion. The matching rule classified this as medium priority level. Event buffering has been activated. Further Intrusion Protection events will be collected and sent to you when the collection period has expired. If more events occur, this period will be increased. Further information on the Intrusion Prevention event can be found in the notification e-mail.
System Up2Date failed: Could not connect to
Authentication Server(s)
The authentication server is not reachable. If the problem continues, please contact the support department of your firewall provider.
System Up2Date failed: Download of System
Up2Date Packages failed
If the problem continues, please contact the support department of your firewall provider.
352
305
306
320
322
323
324
325
Using the Security System
System Up2Date: Wrong MD5sum for local System
Up2Date package
Please download a new Up2Date package. If the problem recurs, please contact the support department of your firewall provider.
System Up2Date failed: Wrong MD5sum for downloaded Up2Date Package
Please download a new Up2Date package. If the problem recurs, please contact the support department of your firewall provider.
System Up2Date failed: Wrong start parameters
If the problem recurs, please contact the support department of your firewall provider.
System Up2date stopped: Next Up2Date installlation locked by HA
System Up2Date failed: Corrupt Up2Date Package
Found corrupt Up2Date package. Please start process again. If the problem recurs, please contact the support department of your firewall provider.
System Up2Date failed: Invalid License
Your license is no longer valid.
System Up2Date failed: License check failed
Your license could not be checked. If the problem continues, please contact the support department of your firewall provider.
333 System Up2Date failed: Internal error
The system update failed. Please contact the support department of your firewall provider.
353
Using the Security System
341
342
343
354
334
335
336
337
338
339
340
System Up2Date failed: Invalid syntax
The system update failed. Please contact the support department of your firewall provider.
System Up2Date failed: Could not read Up2Date directory
The system update failed. Please contact the support department of your firewall provider.
System Up2Date failed: No installation directory
The system update failed. Please contact the support department of your firewall provider.
System Up2Date failed: Could not extract tar
Please start process again. If the problem recurs, please contact the support department of your firewall provider.
System Up2Date failed: Main Up2Date package not found
Please start process again. If the problem recurs, please contact the support department of your firewall provider.
System Up2Date failed: Version conflict
The system update failed. Please contact the support department of your firewall provider.
System Up2Date failed: Pre-Stop-Services script failed
System Up2Date failed: Post-Stop-Services script failed
System Up2Date failed: Pre-Start-Services script failed
System Up2Date failed: Starting Services failed
344
345
346
347
351
352
353
354
Using the Security System
The system update failed. Please contact the support department of your firewall provider.
System Up2Date failed: Post-Start-Services script failed
System Up2Date failed: Error occured while running installer
The system update failed. Please contact the support department of your firewall provider.
System Up2Date failed: Installer ended due to internal error
The system update failed. Please contact the support department of your firewall provider.
System Up2Date failed: Started without rpm parameters
The system update failed. Please contact the support department of your firewall provider.
Pattern Up2Date failed: Could not select
Authentication Server(s)
If the problem continues, please contact the support department of your firewall provider.
Pattern Up2Date failed: Could not connect to
Authentication Server(s)
The authentication server is not reachable. If the problem continues, please contact the support department of your firewall provider.
Virus Pattern Up2Date failed: Could not connect to Up2Date Server
The Up2Date server is not reachable. If the problem continues, please contact the support department of your firewall provider.
Intrusion Protection Pattern Up2Date failed:
Could not connect to Up2Date Server
355
Using the Security System
355
356
357
358
360
361
362
The Up2Date server is not reachable. If the problem continues, please contact the support department of your firewall provider.
Virus Pattern Up2Date failed: No active bases for Virus Patterns found
Intrusion Protection Pattern Up2Date failed: No active bases for Intrusion Protection Patterns found
Virus Pattern Up2Date failed: Internal MD5Sum
Error
Could not create correct MD5Sums. If the problem recurs, please contact the support department of your firewall provider.
Intrusion Protection Pattern Up2Date failed:
Internal MD5Sum Error
Could not create correct MD5Sums. If the problem recurs, please contact the support department of your firewall provider.
Pattern Up2Date failed: Licence Check failed
Your license could not be checked. If the problem continues, please contact the support department of your firewall provider.
Pattern Up2Date failed: Restart of Virus Scanner failed
If the problem continues, please contact the support department of your firewall provider.
Pattern Up2Date failed: MD5Sum Error occurred
If the problem continues, please contact the support department of your firewall provider.
System shut down due to full log file partition 712
356
850
851
860
Using the Security System
The log file partition usage reached the specified value in percent. To prevent the loss of important log files, the system has been shut down automatically. Please check the WebAdmin settings and/or remove old log files.
Intrusion Protection Event
A packet was identified that may be part of an intrusion. The matching rule classified this as highest priority level. Further information on the Intrusion Prevention event can be found in the notification e-mail.
Intrusion Protection Event – Event buffering activated
A packet was identified that may be part of an intrusion. The matching rule classified this as highest priority level. Event buffering has been activated. Further Intrusion Protection events will be collected and sent to you when the collection period has expired. If more events occur, this period will be increased. Further information on the Intrusion Prevention event can be found in the notification e-mail.
Intrusion Protection Event - Buffered Events
After the activation of the event buffering further IPS events have been collected. Please see the attached file for a list of collected events. This list will show you a maximum of events. A complete event history has been stored in the Intrusion Protection log files.
357
advertisement
Related manuals
advertisement
Table of contents
- 10 1.Introduction to the Technology
- 17 2.Installation
- 18 2.1.System Requirements
- 21 2.2.Installation Instructions
- 21 2.2.1.Software Installation
- 26 2.2.2.Configuring the Security System
- 34 3.WebAdmin
- 35 3.1.Info Box
- 35 3.2.Tab List
- 36 3.3.1.The Status Light
- 36 3.3.2.Selection Field
- 37 3.3.3.The Selection Table
- 38 3.3.4.Drop-down Menus
- 40 3.4.Online Help
- 41 3.5.Refresh
- 42 4.Using the Security System
- 44 4.1.Basic Settings (System)
- 44 4.1.1.Settings
- 49 4.1.2.Licensing
- 53 4.1.3.Up2Date Service
- 60 4.1.4.Backup
- 67 4.1.5.SNMP
- 69 4.1.6.Remote Syslog Server
- 71 4.1.7.User Authentication
- 72 4.1.7.1.RADIUS
- 77 4.1.7.2.SAM – NT/2000/XP
- 79 4.1.7.3.Active Directory/NT Domain Membership
- 81 4.1.7.4.LDAP Server
- 97 4.1.8.WebAdmin Settings
- 100 4.1.9.WebAdmin Site Certificate
- 103 4.1.10.High Availability
- 110 4.1.11.Shut down/Restart
- 110 4.2.Networks and Services (Definitions)
- 111 4.2.1.Networks
- 118 4.2.2.Services
- 122 4.2.3.Users
- 126 4.3.Network Settings (Network)
- 126 4.3.1.Hostname/DynDNS
- 127 4.3.2.Interfaces
- 132 4.3.2.1.Standard Ethernet Interface
- 138 4.3.2.2.Additional Address on Ethernet Interface
- 140 4.3.2.3.Wireless LAN
- 150 4.3.2.4.Virtual LAN
- 155 4.3.2.5.PPPoE-DSL Connection
- 160 4.3.2.6.PPTPoE/PPPoA-DSL Connections
- 165 4.3.2.7.PPP over Serial Modem Line
- 171 4.3.3.Routing
- 173 4.3.4.NAT/Masquerading
- 173 4.3.4.1.NAT
- 177 4.3.4.2.Masquerading
- 178 4.3.4.3.Load Balancing
- 181 4.3.5.DHCP Server
- 185 4.3.6.PPTP VPN
- 191 4.3.7.Accounting
- 193 4.3.8.Ping Check
- 195 4.4.Intrusion Protection
- 195 4.4.1.Settings
- 197 4.4.2.Rules
- 202 4.4.3.Advanced
- 204 4.5.Packet Filter
- 204 4.5.1.Rules
- 216 4.5.2.ICMP
- 219 4.5.3.Advanced
- 225 4.6.Application Gateways (Proxies)
- 226 4.6.1.HTTP
- 234 4.6.1.1.Content Filter (Surf Protection)
- 248 4.6.3.SOCKS
- 250 4.6.4.POP
- 255 4.6.5.Ident
- 256 4.6.6.SMTP
- 265 4.6.6.1.Content Filter
- 270 4.6.6.2.Spam Protection
- 279 4.6.7.Proxy Content Manager
- 285 4.7.Virtual Private Networks (IPSec VPN)
- 293 4.7.1.Connections
- 302 4.7.2.Policies
- 306 4.7.3.Local Keys
- 309 4.7.4.Remote Keys
- 312 4.7.5.L2TP over IPSec
- 314 4.7.6.CA Management
- 319 4.7.7.Advanced
- 322 4.8.System Management (Reporting)
- 322 4.8.1.Administration
- 323 4.8.2.Virus
- 323 4.8.3.Hardware
- 324 4.8.4.Network
- 325 4.8.5.Packet Filter
- 325 4.8.6.Content Filter
- 326 4.8.7.PPTP/IPSec VPN
- 326 4.8.8.Intrusion Protection
- 326 4.8.10.HTTP Proxy Usage
- 326 4.8.11.Executive Report
- 327 4.8.12.Accounting
- 329 4.8.13.System Information
- 331 4.9.Remote Management (Remote Management)
- 331 4.9.1.Report Manager (RM)
- 336 4.10.Local Logs (Log Files)
- 336 4.10.1.Settings
- 340 4.10.2.Local Log File Query
- 341 4.10.3.Browse
- 345 4.10.3.1.Log Files
- 349 4.10.3.2.Error Codes
- 363 4.11.Online Help
- 364 4.12.Exiting the Security System
- 365 Glossary
- 372 Index
- 386 Notes