| Appendix A - Logs | 557

Authentication Logs

Log Component

Firewall Authentication

My Account Authentication

VPN Authentication

SSL VPN Authentication

Dial-In Authentication

NTLM

External Authentication

Message ID

17701

17702

17703

17945

17704

17705

17706

17947

17707

17708

17709

17710

17711

17712

17946

17713

17714

17715

17948

17949

17950

17951

17952

17968

Message

User logged in successfully to firewall

User failed to login to firewall

User logged out from firewall

Received challenge from <Auth Mech> server via

<Client Type>.

User logged in successfully to My Account

User failed to login to My Account

User logged out from Account

Received challenge from <Auth Mech> server via

<Client Type>.

User logged in successfully to VPN

User failed to login to VPN

User logged out from VPN

User logged in successfully to SSL VPN

User failed to login to SSL VPN

User logged out from SSL VPN

Received challenge from <Auth Mech> server via

<Client Type>.

User logged in using Dial-In

User failed to login using Dial-In

User logged out of Dial-In

NTLM enabled but AD server not configured

Cannot establish NTLM authentication channel with

<server name>

NTLM authentication channel established successfully with <server name>

Cannot establish NTLM authentication channel with

<server name>

NTLM authentication disabled from appliance access connection to ADS/LDAPS <server ip/fqdn> failed because <reason>

Sample Logs

device="SFW" date=2017-01-31 time=18:13:38 timezone="IST" device_name="CR750iNG-XP" device_id=C44310050024-P29PUA log_id=062910617701 log_type="Event" log_component="Firewall

Authentication" log_subtype="Authentication" status="Successful" priority=Information user_name="jsmith" usergroupname="Open Group" auth_client="Web Client" auth_mechanism="Local" reason="" src_ip=10.198.47.71