LogLogic McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
|
|
- Karen Caldwell
- 8 years ago
- Views:
Transcription
1 LogLogic McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide Document Release: September 2011 Part Number: LL ELS This manual supports LogLogic Sidewinder Release 1.2 and later, and LogLogic Software Release 5.1 and later until replaced by a new edition.
2 2011 LogLogic, Inc. Proprietary Information Trademarks This document contains proprietary and confidential information of LogLogic, Inc. and its licensors. In accordance with the license, this document may not be copied, disclosed, modified, transmitted, or translated except as permitted in writing by LogLogic, Inc. LogLogic and the LogLogic logo are trademarks or registered trademarks of LogLogic, Inc. in the United States and/or foreign countries. All other company or product names are trademarks or registered trademarks of their respective owners. Notice The information contained in this document is subject to change at any time without notice. All warranties with respect to the software and accompanying documentation are set our exclusively in the Software License Agreement or in the Product Purchase Agreement that covers the documentation. LogLogic, Inc. 110 Rose Orchard Way, Suite 200 San Jose, CA Tel: Fax: U.S. Toll Free:
3 Contents Preface About This Guide Technical Support Documentation Support Conventions Chapter 1 Configuring LogLogic s Sidewinder Log Collection Introduction to Sidewinder Prerequisites Configuring Sidewinder Enabling the LogLogic Appliance to Capture Data Adding a Sidewinder Device Verifying the Configuration Chapter 2 How LogLogic Supports Sidewinder How LogLogic Captures Sidewinder Data LogLogic Real-Time LogLogic Search- Based Chapter 3 Troubleshooting and FAQ Troubleshooting Frequently Asked Questions Appendix A Reference LogLogic Support for Sidewinder s McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 3
4 4 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
5 Preface About This Guide The LogLogic Appliance-based solution lets you capture and manage log data from all types of log sources in your enterprise. The LogLogic support for McAfee Firewall Enterprise (Sidewinder) enables LogLogic Appliances to capture logs from machines running Sidewinder. Once the logs are captured and parsed, you can generate reports and create alerts on Sidewinder s operations. For more information on creating reports and alerts, see the LogLogic User Guide and LogLogic Online Help. Technical Support LogLogic is committed to the success of our customers and to ensuring our products improve customers' ability to maintain secure, reliable networks. Although LogLogic products are easy to use and maintain, occasional assistance might be necessary. LogLogic provides timely and comprehensive customer support and technical assistance from highly knowledgeable, experienced engineers who can help you maximize the performance of your LogLogic Appliances. To reach LogLogic Customer Support: Telephone: Toll Free LOGS Local EMEA or APAC: + 44 (0) or +44 (0) support@loglogic.com You can also visit the LogLogic Support website at: When contacting Customer Support, be prepared to provide: Your name, address, phone number, and fax number Your company name and company address Your machine type and release version A description of the problem and the content of pertinent error messages (if any) Documentation Support Your feedback on LogLogic documentation is important to us. Send to DocComments@loglogic.com if you have questions or comments. Your comments will be reviewed and addressed by the LogLogic technical writing team. In your message, please indicate the software name and version you are using, as well as the title and document date of your documentation. McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 5
6 Conventions LogLogic documentation uses the following conventions to highlight code and command-line elements: A monospace font is used for programming elements (such as code fragments, objects, methods, parameters, and HTML tags) and system elements (such as filenames, directories, paths, and URLs). A monospace bold font is used to distinguish system prompts or screen output from user responses, as in this example: username: system home directory: home\app A monospace italic font is used for placeholders, which are general names that you replace with names specific to your site, as in this example: LogLogic_home_directory\upgrade\ Straight brackets signal options in command-line syntax. For example: ls [-AabCcdFfgiLlmnopqRrstux1] [-X attr] [path...] 6 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
7 Chapter 1 Configuring LogLogic s Sidewinder Log Collection This chapter describes the configuration steps involved to enable a LogLogic Appliance to capture Sidewinder logs. The configuration steps assume that you have a functioning LogLogic Appliance that can be configured to capture Sidewinder-related log data. Introduction to Sidewinder Prerequisites Configuring Sidewinder Enabling the LogLogic Appliance to Capture Data Verifying the Configuration Introduction to Sidewinder Sidewinder (also known as Secure Firewall) is a hardware appliance that contains the following features: Application-layer firewall VPN functionality Web filtering Anti-spam/Anti-fraud functionality Anti-virus/Anti-spyware filtering engines The logs produced by Sidewinder include events from all of its application functions (i.e., firewall, VPN, Web filtering, etc.) as well as local auditing of the Sidewinder appliance itself (e.g., appliance configuration changes, logins, daemon errors, etc.). Sidewinder appliances can generate audit log messages via Syslog using a variety of log formats. The LogLogic Appliance supports Syslog Sidewinder firewall events using the Sidewinder Export Format (SEF). The LogLogic Appliance acts as the Syslog Server for Sidewinder, and Sidewinder sends SEF-formatted Syslog messages via UDP or TCP to the Appliance s Syslog Listener. The configuration procedures for Sidewinder and the LogLogic Appliance depend upon your environment. For more information, see How LogLogic Captures Sidewinder Data on page 14. McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 7
8 Prerequisites Prior to configuring Sidewinder and the LogLogic Appliance, ensure that you meet the following prerequisites: Secure Computing Sidewinder appliances running version 6.1, 6.2.x, 7.0 Proper access permissions to make configuration changes LogLogic Appliance running Release 5.1 or later installed with a Log Source Package that includes Sidewinder support Administrative access on the LogLogic Appliance McAfee Firewall Enterprise (Sidewinder) appliances running version 7.0 Configuring Sidewinder You must enable and configure auditing and Syslog on Sidewinder prior to configuring the LogLogic Appliance. Note: This document does not describe all features and functionality within Sidewinder regarding configuration and Syslog. For more information on these areas, see McAfee Support Knowledge Base ( and the McAfee Product Documentation. To configure Sidewinder version 6.1: 1. Make sure that the auditing and syslog daemons are stopped on the Sidewinder host machine. 2. On Sidewinder, navigate to the following location: /etc/sidewinder/ 3. Open the auditd.conf file in a text editor and add the following line to the end of the file: syslog(facility filters["filter"] format) where, facility Facility level associated with the Syslog message (e.g., local0-local7) filter Name of the sacap filter to use for all the events. If this parameter is set to NULL, then all audit events are reported to the log. Note: Depending on load and network traffic, a more restrictive filter than NULL might be needed. For more information on sacap filters, see the McAfee Product Documentation. format output format. Make sure this is set to SEF (Sidewinder Export Format used by Sidewinder G2 Security Reporter). For example, syslog(local0 filters["null"] SEF) 4. Open the syslogd.conf file in a text editor and modify the default burb entry (log_burb[0]) to the correct burb. 5. Navigate to the following location: /etc/ 8 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
9 6. Open the syslog.conf file in a text editor and add the following line to the file: where, facility Facility level you specified in same facility as mentioned above x.x.x.x IP address of the remote Syslog Server (i.e., LogLogic Appliance) For example, 7. Restart the auditing and syslog daemons by completing the following steps: a. Find the Syslog Process Identifier (PID) using the pss syslog command. b. Restart the syslogd and audit processes by using the following commands: kill syslogpid ind Slog /usr/sbin/syslogd -l cf server restart auditd To configure Sidewinder version 6.2.x: 1. Make sure that the auditing and syslog daemons are stopped on the Sidewinder host machine. 2. Navigate to the following location: /etc/sidewinder/ 3. Open the auditd.conf file in a text editor and add the following line to the end of the file: syslog(facility filters["filter"] format) where, facility Facility level associated with the Syslog message (e.g., local0-local7) filter Name of the sacap filter to use for all the events. If this parameter is set to NULL, then all audit events are reported to the log. Note: Depending on load and network traffic, a more restrictive filter than NULL might be needed. For more information on sacap filters, see the McAfee Product Documentation. format output format. Make sure this is set to SEF (Sidewinder Export Format used by Sidewinder G2 Security Reporter). For example, syslog(local0 filters["null"] SEF) 4. Navigate to the following location: /etc/ 5. Open the syslog.conf file in a text editor and add the following line to the file: where, facility Facility level you specified in same facility as mentioned above x.x.x.x IP address of the remote Syslog Server (i.e., LogLogic Appliance) For example, McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 9
10 6. Restart the auditing and syslog daemons by completing the following steps: a. Find the Syslog Process Identifier (PID) using the pss syslog command. b. Restart the syslogd and audit processes by using the following commands: kill -HUP syslogpid ind Slog /usr/sbin/syslogd -l cf server restart auditd To configure Sidewinder version 7.0: 1. Make sure that the auditing and syslog daemons are stopped on the Sidewinder host machine. 2. Navigate to the following location: /secureos/etc/ 3. Open the auditd.conf file in a text editor and add the following line to the end of the file: syslog(facility filters["filter"] format) where, facility Facility level associated with the Syslog message (e.g., local0-local7) filter Name of the sacap filter to use for all the events. If this parameter is set to NULL, then all audit events are reported to the log. Note: Depending on load and network traffic, a more restrictive filter than NULL might be needed. For more information on sacap filters, see the McAfee Product Documentation. format output format. Make sure this is set to SEF (Sidewinder Export Format used by Sidewinder G2 Security Reporter). For example, syslog(local0 filters["null"] SEF) 4. Navigate to the following location: /etc/ 5. Open the syslog.conf file in a text editor and add the following line to the file: where, facility Facility level you specified in same facility as mentioned above x.x.x.x IP address of the remote Syslog Server (i.e., LogLogic Appliance) For example, 6. Within the syslog.conf file by changing this line: *.notice;auth,...uucp.none /var/logmessages to this: *.notice;auth,...uucp,facility.none /var/logmessages Changing this line prevents redundant logging. 7. Restart the auditing and syslog daemons by using the following commands: cf daemond restart agent=syslog cf daemond restart agent=auditd 10 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
11 Enabling the LogLogic Appliance to Capture Data The following sections describe how to configure the LogLogic Appliance to capture Sidewinder Syslog messages. Caution: The LogLogic Appliance s device auto-identification feature is not supported for Sidewinder. You must manually add Sidewinder as a device on the Appliance. Adding a Sidewinder Device If you do not want to utilize the auto-identification feature, you can manually add a Sidewinder device to the LogLogic Appliance before you redirect the logs. To add Sidewinder as a new device: 1. Log in to the LogLogic Appliance. 2. From the navigation menu, select Management > Devices. The Devices tab appears. 3. Click Add New. The Add Device tab appears. 4. Type in the following information for the device: Name Name for the Sidewinder device Description (optional) Description of the Sidewinder device Device Type Select Sidewinder from the drop-down menu Host IP IP address of the Sidewinder appliance Enable Data Collection Select the Yes radio button Refresh Device Name through DNS Lookups (optional) Select this checkbox to enable the Name field to be automatically updated. The name is obtained using a reverse DNS lookup on the configured refresh interval. The DNS name overrides any manual name you assign. McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 11
12 Figure 1 Add Device Tab 5. Click Add. 6. Verify that your new device appears in the Devices tab and that Enabled is set to Yes. When the logs arrive from the specified Sidewinder appliance, the LogLogic Appliance uses the device you just added if the hostname or IP match. Verifying the Configuration The section describes how to verify that the configuration changes made to Sidewinder and the LogLogic Appliance are applied correctly. To verify the configuration: 1. Log in to the LogLogic Appliance. 2. From the navigation menu, select Dashboards > Log Source Status. 3. Locate the IP address for each Sidewinder device. If the device name (Sidewinder) appears in the list of devices, then the configuration is correct (see Figure 2 on page 13). 12 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
13 Figure 2 Verification of the Sidewinder Configuration If the device does not appear in the Log Source Status tab, check the Sidewinder logs for events that should have been sent. If events were detected and are still not appearing on the LogLogic Appliance, verify the Sidewinder configuration and the LogLogic Appliance configuration. You can also verify that the LogLogic Appliance is properly capturing log data from Sidewinder by trying to view the data in the reports. LogLogic recommends checking the reports to make sure that the data obtained is valid and matches expectations. For more information, see LogLogic Real-Time on page 15. If the device name appears in the list of devices but event data for the device is not appearing within your reports, see Troubleshooting on page 18 for more information. McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 13
14 Chapter 2 How LogLogic Supports Sidewinder This chapter describes LogLogic s support for Sidewinder. LogLogic enables you to capture Sidewinder log data to monitor events. How LogLogic Captures Sidewinder Data LogLogic Real-Time LogLogic Search- Based How LogLogic Captures Sidewinder Data Sidewinder version 6.1, 6.2.x, and 7.0 (or later) support various streamed event formats through Syslog (e.g., Sidewinder Export Format (SEF), WebTrends Extended Logging Format (WELF), W3C Extended Logging Format (HTTP), etc.). Regardless of the Sidewinder version, the LogLogic Appliance only supports Sidewinder firewall events in SEF format. Sidewinder generates Syslog messages in SEF format, then messages are sent, via UDP or TCP, to the Syslog Listener on the LogLogic Appliance. Figure 3 Sidewinder with LogLogic Appliance as the Syslog Server Once the data is captured you can generate reports. In addition, you can create alerts to notify you of issues on your Sidewinder. For more information on creating reports and alerts, see the LogLogic User Guide and LogLogic Online Help. Table 1 on page 22 lists the Sidewinder Syslog messages that are supported by the LogLogic Appliance. Note: The LogLogic Appliance captures all messages from the Sidewinder logs, but includes only specific messages for report/alert generation. For more information, see Appendix A Reference on page 21 for sample log messages for each event and event to category mapping. 14 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
15 LogLogic Real-Time LogLogic provides pre-configured Real-Time for Sidewinder log data. The following Real-Time are available: User Authentication Displays identity and access related events during a specified time interval. User Created/Deleted Displays user being created or deleted by an administrator during a specified time interval. Last User Activity Displays user-specific details and used to track user activity during a specified time interval. To access LMI 5 Real-Time : 1. In the top navigation pane, click. 2. Click Access Control. The following Real-Time are available: User Authentication User Created/Deleted Last User Activity You can create custom reports from the existing Real-Time Report templates. For more information, see the LogLogic User Guide and LogLogic Online Help. LogLogic Search- Based LogLogic provides pre-configured Search s for Sidewinder log data. Search s are used to filter report data and create alerts. To access Search s: 1. From the navigation menu, select Search. 2. Select Search s. The following Search s are available: Note: All Sidewinder Search s use Regular Expressions (RegEx) that can be used to create reports using RegEx Search features on the LogLogic Appliance. Sidewinder 6.2: ACL Modification v6.2 - Access Control List (ACL) Database Change s. Uses the following RegEx: type=t_acl_change Sidewinder 6.2: Protocol Error v6.2 - Traffic passing by violated the Protocol. Uses the following RegEx: type=t_protocol_error Sidewinder 6.2: Proxy Flooded v6.2 - Proxy Flooded Type. Using RegEx: type=t_snmp_coldtrap Sidewinder 6.2: SNMP Coldstart Trap v6.2 - SNMP Coldstart Trap s. Using RegEx: type=t_proxy_flooded Sidewinder 6.2: SYN Attack v6.2 - SYN Attack messages. Using RegEx: type=t_syn_attack McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 15
16 Sidewinder 6.2: TACACS/RADIUS Accounting v6.2 - TACACS/RADIUS Accounting s. Using RegEx: type=t_tacrad_acct Sidewinder 6.2: Type Enforcement v6.2 - Type Enforcement Errors generated by the Kernel like DDT Violation/DIT Violation/Domain Privilege Denied/Failed type Change. Using RegEx: type\=(t_ddtviolation t_ditviolation t_dmnprivdenied t_chtype) Sidewinder 6.2: User Database Modification v6.2 - User Database Modification by User or System. Using RegEx: type\=(t_udb_sysac t_udb_useract) Sidewinder 7.x: Application Defense Violation v7.x - Application Defense Violation. Using RegEx: type=t_auth_lockout Sidewinder 7.x: Authentication Lockout v7.x - Authentication Failure Lockout. Using RegEx: type=t_attack.*?(?=category=)category=appdef_violation Sidewinder 7.x: Buffer Overflow Attack v7.x - Buffer Overflow Attack. Using RegEx: type=t_attack.*?(?=category=)category=buffer_overflow Sidewinder 7.x: Connection Failed v7.x - Connection to the Server Failed. Using RegEx: event=(failed connection connect failed) Sidewinder 7.x: Denial of Service Attack v7.x - DOS Attack. Using RegEx: type=t_attack.*?(?=category=)category=dos Sidewinder 7.x: General Attack v7.x - General Attack. Using RegEx: type=t_attack.*?(?=category=)category=general Sidewinder 7.x: Invalid TCP packets v7.x - Invalid TCP packets. Using RegEx: (event\=(tcp old duplicate TCP data/ closed conn TCP RESET sequence error)) Sidewinder 7.x: License Expiration v7.x - License Feature Expiration. Using RegEx: type=t_license_expire Sidewinder 7.x: License Notice v7.x - User License close to the max. outbound host IP addresses. Using RegEx: event=license notice Sidewinder 7.x: Passport v7.x - Passport Change s. Using RegEx: type\=t_passport_chng.*?(?=event\=)event\=(?!passport expiration)[^\,]* Sidewinder 7.x: Passport Expiration v7.x - Passport Expired. Using RegEx: type=t_passport_chng.*?(?=event=)event=passport expiration Sidewinder 7.x: Policy Violation v7.x - Policy Violation s. Using RegEx: type=t_attack.*?(?=category=)category=policy_violation Sidewinder 7.x: Protocol Violation v7.x - Protocol Violation s. Using RegEx: type=t_attack.*?(?=category=)category=protocol_violation Sidewinder 7.x: Signature-based IPS Intrusion Attempt v7.x - Signature-based IPS Intrusion Attempt. Using RegEx: type=t_attack.*?(?=category=)category=signature_ips Sidewinder 7.x: Spam v7.x - Spam. Using RegEx: type=t_attack.*?(?=category=)category=spam Sidewinder 7.x: System Backup v7.x - System Backup Success/Failure s. Using RegEx: event\=(system backup success system backup failure) Sidewinder 7.x: Virus v7.x - Virus. Using RegEx: type=t_attack.*?(?=category=)category=virus Sidewinder: Blackhole v7.x and v6.2 - Blackhole Add/Delete/Update/Expire/Address error s. Using RegEx: type=t_blackhole 16 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
17 Sidewinder: Configuration Change v7.x and v6.2 - Administrative Configuration Change s. Using RegEx: type=t_cfg_change Sidewinder: Console Login Failure v7.x and v6.2 - Console Login Failure. Using RegEx: (type=t_attack.*?(?=event)event=auth deny.*?(?=reason)reason="authentication failed."\,information="console login authentication failed[a-za-z0-9 -_]*) (type=t_auth_attempt.*?(?=result)result=0\,info="[a-za-z0-9-_ ]*console[a-za-z0-9 -_]*) Sidewinder: Hardware/Software Failure v7.x and v6.2 - Hardware/Software/NIC/ Memory/ Disk Failure s. Using RegEx: type=(t_hardware_failure t_software_failure) Sidewinder: Health Monitoring v7.x and v6.2 - Health Monitoring of Load/CPU/ Memory/Interface/ General data s. Using RegEx: (type\=t_lcm\,pri\=(?!p_minor)[^\,]*) (type\=t_interface\,pri\=(?!p _minor)[^\,]*) (type\=t_geninfo\,pri\=(?!p_minor)[^\,]*) Sidewinder: License Exceeded v7.x and v6.2 - User License Exceeded the maximum number of outbound host IP addresses. Using RegEx: type=t_lic_exceeded Sidewinder: Log Overflow v7.x and v6.2 - Log overflow. Using RegEx: type=t_log_overflow Sidewinder: Proxy/Remote Server Authentication Failure v7.x and v6.2 - Authentication to Proxy/Remote Server Failed. Using RegEx: type=t_proxyauth Sidewinder: Software Client Login Failure v7.x and v6.2 - Software Client Login Failure. Using RegEx: (type=t_attack.*?(?=event)event=auth deny.*?(?=reason)reason="authentication failed."\,information="cobra login authentication failed) (type=t_auth_attempt.*?(?=result)result=0.*?(?=info)info=[a -za-z0-9 -_]*cobra[a-za-z0-9 -_]*) Sidewinder: UDP Drop v7.x and v6.2 - UDP Packet got Dropped. Using RegEx: type\=t_udp_drop Sidewinder: UPS v7.x and v6.2 - UPS Powerfail/Shutdown s. Using RegEx: type\=(t_ups_powerfail t_ups_shutdown) For more information on Search s, reports, and alerts see the LogLogic User Guide and LogLogic Online Help. McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 17
18 Chapter 3 Troubleshooting and FAQ This chapter contains troubleshooting regarding the configuration and/or use of log collection for Sidewinder. It also contains Frequently Asked Questions (FAQ), providing quick answers to common questions. Troubleshooting Frequently Asked Questions Troubleshooting Is your version of Sidewinder supported? For more information, see Prerequisites on page 8. Is your LogLogic Appliance running Release 5.1 or later? If you are running an release prior to 5.1, you might require an upgrade. Contact LogLogic Support for more information. If Sidewinder events are not appearing on the LogLogic Appliance... Sidewinder might not be configured correctly. Make sure that audit logging is configured using the SEF format, Syslog is configured, and that a Syslog Server (i.e., the LogLogic Appliance) has been defined. If you have not properly configured Syslog on Sidewinder to send logs to the LogLogic Appliance, then Sidewinder will write the logs to a file on the local system (i.e., /var/ log/messages). Make sure that Sidewinder is not sending log messages the local file. Configuration steps for Sidewinder vary depending on the version. For more information see, Configuring Sidewinder on page 8. If events are not displaying on the LogLogic Appliance even after configuring Sidewinder correctly... Sidewinder sends the logs, via UDP or TCP via Syslog, to the LogLogic Appliance. Make sure that the UDP or TCP port is enabled on Sidewinder. For more information on supported protocols and ports, see the LogLogic Administration Guide. 18 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
19 Frequently Asked Questions How does the LogLogic Appliance collect logs from Sidewinder? Sidewinder forwards logs using the SEF event format through Syslog. SEF-formatted Syslog messages are sent via UDP or TCP to the LogLogic Appliance. The LogLogic Appliance acts as a Syslog Server for Sidewinder and recognizes messages using the Syslog Listener. For more information, see How LogLogic Captures Sidewinder Data on page 14. What access permissions are required? To configure auditing and Syslog on Sidewinder, the user needs to have the proper access permissions to edit configuration files and start/stop the auditing and syslog daemons. How do I configure Syslog on Sidewinder? Follow the procedures on Configuring Sidewinder on page 8. Also make sure that you verify your configuration changes on the LogLogic Appliance (Verifying the Configuration on page 12). McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 19
20 20 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
21 Appendix A Reference This appendix lists the LogLogic-supported Sidewinder events. The Sidewinder event table identifies events that can be analyzed through LogLogic reports. All sample log messages were captured by LogLogic s Syslog Listener. LogLogic Support for Sidewinder s The following list describes the contents of each of the columns in the table below. ID # Item Number Name Value of event field in 7.x Version or status field in 6.2 or 6.1 Version is displayed otherwise it is Not Applicable (N/A) Agile Defines if the Sidewinder event is available through the LogLogic Agile Report Engine or through the search capabilities. If the event is available through the Agile Report Engine, then you can use LogLogic s Real-Time and Summary to analyze and display the captured log data. Otherwise, all other supported events that are captured by the LogLogic Appliance can be viewed by performing a search for the log data. Title/Comments Sidewinder version number and comments if available. Comments are displayed if particular type in a version as more than one format supported. Category Audit or Operational Type Type of event such as t_iptraffic or t_attack Appears In LogLogic-provided reports that the event appears in Sample Log Message Sample Sidewinder log messages converted into text (.txt) format. The Collector captures invaluable log data to track actions such as modifications to files, account changes, machine access, and other actions that can represent fraudulent activity. The LogLogic appliance can be configured to provide administrators with real-time alerts whenever data integrity and confidentiality is compromised. In addition, LogLogic s Agile and search capabilities can be used to analyze the captured log data. McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 21
22 Table 1 Sidewinder s ID # Name Agile Title Category Type Appears In Sample Log Message 1 ACL allow Agile 7.x Audit t_aclallow Accepted 2 ACL deny Agile 7.x Audit t_attack Denied 3 auth deny Agile 7.x Audit t_attack User Last Activity /User Authentication 4 auth allow Agile 7.x Audit t_auth_attempt User Last Activity /User Authentication <131>Jan 15 14:51:23 auditd: date="mar 15 15:55:21 CDT",fac=f_ssh_server,area=a_general_area,type=t_ aclallow,pri=p_major,pid=11596,ruid=0,euid=0,pgid=1 1596,logid=0,cmd=sshd,domain=ssh1,edomain=ssh1,hostname=xxxx.x.com,event=ACL allow,srcip= ,srcport=33180,srcburb=exter nal,dstip= ,dstport=22,dstburb=external,pr otocol=6,service_name=sshd,user_name=x,auth_met hod=password,acl_id="secure Shell Server",cache_hit=0,reason="Traffic allowed by policy." <131>Jan 15 14:48:01 auditd: date="jan 15 22:48:01 UTC",fac=f_login_sidewinder,area=a_general_area,ty pe=t_attack,pri=p_major,pid=95290,ruid=0,euid=0,pgi d=95263,logid=0,cmd=login_sidewinder,domain=log n,edomain=logn,hostname=sidewinder1.loglabs.com,category=policy_violation,event=acl deny,attackip= ,attackburb=firewall,srcip= ,srcport=0,srcburb=Firewall,dstip= ,dst port=0,dstburb=firewall,protocol=6,service_name=log in,user_name=admin,auth_method=failed-password, acl_id="deny All",cache_hit=0,reason="Traffic denied by policy." <179>Jun 24 05:07:27 auditd: date="aug 11 12:51:09 PDT",fac=f_login,area=a_general_area,type=t_attack, pri=p_major,pid=2374,ruid=0,euid=0,pgid=2374,logid =0,cmd=login,domain=Logn,edomain=Logn,hostnam e=sidewinder1.loglabs.com,category=policy_violation, event=auth deny,user_name=admin,auth_method=password,rea son="authentication failed.",information="cobra login authentication failed for user `admin', method Password, from " <179>Jun 24 05:07:27 auditd: date="aug 11 08:25:23 PDT",fac=f_ssh_server,area=a_server,type=t_auth_a ttempt,pri=p_major,pid=1198,ruid=0,euid=0,pgid=119 8,logid=0,cmd=sshd,domain=ssh2,edomain=ssh2,hos tname=sidewinder1.loglabs.com,event=auth allow,user_name=spippari,auth_method=password,re ason="authentication succeeded.",information="authentication Accepted for user `spippari', method Password from port 1037" 5 authentication failure lockout Agile 7.x Audit t_auth_lockout User Last Activity <179>Jun 6 18:32:37 auditd: date="aug 25 22:29:34 PDT",fac=f_acld,area=a_server,type=t_auth_lockout, pri=p_major,pid=2012,ruid=0,euid=0,pgid=2012,logid =0,cmd=acld,domain=Acld,edomain=Acld,hostname= sidewinder1.loglabs.com,event=authentication failure lockout,user_name=spippari,reason="authentication failure limit exceeded." 22 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
23 ID # Name Agile Title Category Type Appears In Sample Log Message 6 authentication failure clear Agile 7.x Audit t_auth_lockout User Last Activity <179>Jun 6 18:32:37 auditd: date="aug 25 22:25:28 PDT",fac=f_acld,area=a_server,type=t_auth_lockout, pri=p_major,pid=2012,ruid=0,euid=0,pgid=2012,logid =0,cmd=acld,domain=Acld,edomain=Acld,hostname= sidewinder1.loglabs.com,event=authentication failure clear,user_name=rathna,admin=rathna 7 config Modify Agile 7.x/ format 1 8 config Modify Agile 7.x/ format 2 9 config Modify Agile 7.x/ format 3 10 config Modify Agile 7.x/ format 4 Audit t_cfg_change User Last Activity Audit t_cfg_change User Last Activity,User Created/ Deleted Audit t_cfg_change User Last Activity,User Created/ Deleted Audit t_cfg_change User Last Activity,User Created/ Deleted <139>Sep 10 07:54:25 auditd: date="sep 10 21:52:12 PDT",fac=f_system,area=a_general_area,type=t_cfg_ change,pri=p_major,pid=34240,ruid=0,euid=0,pgid=3 4240,logid=103,cmd=AdminConsole,domain=CARW, edomain=carw,hostname=sidewinder1.loglabs.com,event=config modify,user_name=rathna,config_area="admin user database",config_item=admins:testuser,information=" Changed Firewall administrator testuser: office='wipro Technologies'" <139>Sep 10 07:54:25 auditd: date="sep 10 14:54:25 UTC",fac=f_system,area=a_general_area,type=t_cfg _change,pri=p_major,pid=48475,ruid=0,euid=0,pgid= 48475,logid=102,cmd=AdminConsole,domain=CARW,edomain=CARW,hostname=sidewinder1.loglabs.co m,event=config modify,user_name=spippari,config_area="admin user database",config_item=admins:cwee,information="ad ded Firewall administrator cwee: crypt_password='_v...03/fz4a0ycyz/yu', directory='/ home/cwee', full_name='chris Wee', home_phone=' ', office='home', office_phone=' ', roles=[], shell='nologin'" <139>Sep 10 07:54:25 auditd: date="sep 10 21:48:11 PDT",fac=f_system,area=a_general_area,type=t_cfg_ change,pri=p_major,pid=34240,ruid=0,euid=0,pgid=3 4240,logid=103,cmd=AdminConsole,domain=CARW, edomain=carw,hostname=sidewinder1.loglabs.com,event=config modify,user_name=rathna,config_area="user database",config_item=udb:testuser,information="add ed User testuser: crypt='_x...mucbglf3lh4uf7q', placeholder='not used', swede_crypt_last_mod_time= , swede_expire_last_mod_time=0.0" <139>Sep 10 07:54:25 auditd: date="sep 10 21:54:35 PDT",fac=f_system,area=a_general_area,type=t_cfg_ change,pri=p_major,pid=34240,ruid=0,euid=0,pgid=3 4240,logid=103,cmd=AdminConsole,domain=CARW, edomain=carw,hostname=sidewinder1.loglabs.com,event=config modify,user_name=rathna,config_area="admin user database",config_item=admins:testuser,information=" Deleted Firewall administrator testuser" McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 23
24 ID # Name Agile Title Category Type Appears In Sample Log Message 11 config Modify Agile 7.x/ format 5 Audit t_cfg_change User Last Activity,User Created/ Deleted <139>Sep 10 07:54:25 auditd: date="sep 10 21:54:35 PDT",fac=f_system,area=a_general_area,type=t_cfg_ change,pri=p_major,pid=34240,ruid=0,euid=0,pgid=3 4240,logid=103,cmd=AdminConsole,domain=CARW, edomain=carw,hostname=sidewinder1.loglabs.com,event=config modify,user_name=rathna,config_area="user database",config_item=udb:testuser,information="del eted User testuser" 12 IP session open 13 IP session timeout 14 IP session close 15 proxy traffic begin Agile 7.x Audit t_ipftraffic Accepted Agile 7.x Audit t_ipftraffic Accepted Agile 7.x Audit t_ipftraffic Accepted Agile 7.x Audit t_nettraffic Accepted <131>Jan 15 14:51:23 auditd: date="mar 5 01:18:07 EST",fac=f_kernel_ipfilter,area=a_general_area,type= t_ipftraffic,pri=p_major,pid=0,ruid=0,euid=0,pgid=0,lo gid=0,cmd=kernel,domain=,edomain=,hostname=xxx xxxx.xxxx.com,event=ip session open,rule_name=scobra_out_filter,srcip= , srcport=1662,dstip= ,dstport=9003,protoco l=6,netsessid=45eba8ff <131>Jan 15 14:51:23 auditd: date="mar 5 01:18:07 EST",fac=f_kernel_ipfilter,area=a_general_area,type= t_ipftraffic,pri=p_major,pid=0,ruid=0,euid=0,pgid=0,lo gid=0,cmd=kernel,domain=,edomain=,hostname=xxx xxxx.xxxx.com,event=ip session timeout,rule_name=scobra_out_filter,srcip= ,srcport=1662,dstip= ,dstport=9003,byte s_written_to_client= ,bytes_written_to_server =122272,protocol=6,netsessid=45eba8ff <131>Jan 15 14:51:23 auditd: date="mar 5 01:18:07 EST",fac=f_kernel_ipfilter,area=a_general_area,type= t_ipftraffic,pri=p_major,pid=0,ruid=0,euid=0,pgid=0,lo gid=0,cmd=kernel,domain=,edomain=,hostname=xxx xxxx.xxxx.com,event=ip session close,rule_name=scobra_out_filter,srcip= , srcport=1662,dstip= ,dstport=9003,bytes_ written_to_client=800,bytes_written_to_server=80,pro tocol=6,netsessid=45eba8ff <131>Jan 15 14:51:23 auditd: date="mar 15 02:00:01 EDT",fac=f_http_proxy,area=a_libproxycommon,type =t_nettraffic,pri=p_major,pid=32152,ruid=0,euid=0,pgi d=32152,logid=0,cmd=httpp,domain=htpp,edomain=h tpp,hostname=xxxxxxx.xxxx.com,event=proxy traffic begin,service_name=http-all,netsessid=45f8e0e1000 ea505,srcip= ,srcport=57961,srcburb=inter nal,protocol=6,dstip= ,dstport=80,dstburb= external,acl_id=nt_http_out-nt_http_servicesproxy-aut h-internal,cache_hit=0,request_status=0,start_time=" Thu Mar 15 02:00:01 " 24 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
25 ID # Name Agile Title Category Type Appears In Sample Log Message 16 proxy traffic continue 17 proxy traffic end 18 proxy authentication failure 19 remote server authentication failure 20 server traffic begin Agile 7.x Audit t_nettraffic Accepted Agile 7.x Audit t_nettraffic Accepted Agile 7.x Audit t_proxyauth Denied Agile 7.x Audit t_proxyauth Denied Agile 7.x Audit t_servtraffic Accepted <131>Jan 15 14:51:23 auditd: date="mar 15 02:00:02 EDT",fac=f_http_proxy,area=a_libproxycommon,type =t_nettraffic,pri=p_major,pid=32152,ruid=0,euid=0,pgi d=32152,logid=0,cmd=httpp,domain=htpp,edomain=h tpp,hostname=xxxxxxx.xxxx.com,event=proxy traffic continue,service_name=http-all,netsessid=45f8e0e10 00ea505,srcip= ,srcport=57961,srcburb=in ternal,protocol=6,dstip= ,dstport=80,dstbur b=external,bytes_written_to_client=476,bytes_written _to_server=99,acl_id=nt_http_out-nt_http_services-pr oxy-auth-internal,cache_hit=0,request_status=0,start_ time="thu Mar 15 02:00:01 " <131>Jan 15 14:51:23 auditd: date="mar 15 02:00:02 EDT",fac=f_http_proxy,area=a_libproxycommon,type =t_nettraffic,pri=p_major,pid=32152,ruid=0,euid=0,pgi d=32152,logid=0,cmd=httpp,domain=htpp,edomain=h tpp,hostname=xxxxxxx.xxxx.com,event=proxy traffic end,service_name=http-all,netsessid=45f8e0e1000ea 505,srcip= ,srcport=57961,srcburb=interna l,protocol=6,dstip= ,dstport=80,dstburb=ex ternal,bytes_written_to_client=476,bytes_written_to_s erver=99,acl_id=nt_http_out-nt_http_services-proxy-a uth-internal,cache_hit=0,request_status=0,start_time= "Thu Mar 15 02:00:01 " <131>Jan 15 14:51:23 auditd: date="mar 16 16:33:55 CDT",fac=f_sendmail_daemon,area=a_server,type=t _proxyauth,pri=p_major,pid=2076,ruid=0,euid=0,pgid =2071,logid=0,cmd=sendmail,domain=mta1,edomain =mta1,hostname=carp.b.com,event=proxy authentication failure,srcip= ,srcport=3578,srcburb=exter nal,protocol=6,dstip= ,dstport=456,dstburb =dmz,interface=eth3,acl_id=acl_rul_1,reason="send mail determined that this session is not allowed." <131>Jan 15 14:51:23 auditd: date="mar 16 16:33:55 CDT",fac=f_sendmail_daemon,area=a_server,type=t _proxyauth,pri=p_major,pid=2076,ruid=0,euid=0,pgid =2071,logid=0,cmd=sendmail,domain=mta1,edomain =mta1,hostname=carp.b.com,event=remote server authentication failure,srcip= ,srcport=3578,srcburb=exter nal,protocol=6,dstip= ,dstport=456,dstburb =dmz,interface=eth3,acl_id=acl_rul_1,reason="send mail determined that this session is not allowed." <131>Jan 15 14:51:23 auditd: date="mar 15 02:00:01 EDT",fac=f_http_proxy,area=a_libproxycommon,type =t_servtraffic,pri=p_major,pid=32152,ruid=0,euid=0,p gid=32152,logid=0,cmd=httpp,domain=htpp,edomain =htpp,hostname=xxxxxxx.xxxx.com,event=server traffic begin,service_name=http-all,netsessid=45f8e0e1000 ea505,srcip= ,srcport=57961,srcburb=inter nal,protocol=6,dstip= ,dstport=80,dstburb= external,acl_id=nt_http_out-nt_http_servicesproxy-aut h-internal,cache_hit=0,request_status=0,start_time=" Thu Mar 15 02:00:01 " McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 25
26 ID # Name Agile Title Category Type Appears In Sample Log Message 21 server traffic continue 22 server traffic end Agile 7.x Audit t_servtraffic Accepted Agile 7.x Audit t_servtraffic Accepted <131>Jan 15 14:51:23 auditd: date="mar 15 02:00:02 EDT",fac=f_http_proxy,area=a_libproxycommon,type =t_servtraffic,pri=p_major,pid=32152,ruid=0,euid=0,p gid=32152,logid=0,cmd=httpp,domain=htpp,edomain =htpp,hostname=xxxxxxx.xxxx.com,event=server traffic continue,service_name=http-all,netsessid=45f8e0e10 00ea505,srcip= ,srcport=57961,srcburb=in ternal,protocol=6,dstip= ,dstport=80,dstbur b=external,bytes_written_to_client=476,bytes_written _to_server=99,acl_id=nt_http_out-nt_http_services-pr oxy-auth-internal,cache_hit=0,request_status=0,start_ time="thu Mar 15 02:00:01 " <131>Jan 15 14:51:23 auditd: date="mar 15 02:00:02 EDT",fac=f_http_proxy,area=a_libproxycommon,type =t_servtraffic,pri=p_major,pid=32152,ruid=0,euid=0,p gid=32152,logid=0,cmd=httpp,domain=htpp,edomain =htpp,hostname=xxxxxxx.xxxx.com,event=server traffic end,service_name=http-all,netsessid=45f8e0e1000ea 505,srcip= ,srcport=57961,srcburb=interna l,protocol=6,dstip= ,dstport=80,dstburb=ex ternal,bytes_written_to_client=476,bytes_written_to_s erver=99,acl_id=nt_http_out-nt_http_services-proxy-a uth-internal,cache_hit=0,request_status=0,start_time= "Thu Mar 15 02:00:01 " 23 N/A Agile 6.2. Audit t_aclallow Accepted 24 N/A Agile 6.2 Audit t_acldeny Denied 25 N/A Agile 6.2 Audit t_auth_attempt User Last Activity /User Authentication 26 ipf_open Agile 6.2 Audit t_ipftraffic Accepted <179>May 22 17:16:52 auditd: date="may 22 17:16:52 GMT",fac=f_wwwproxy,area=a_server,type=t_aclallo w,pri=p_major,pid=1545,ruid=0,euid=0,pgid=1545,fid =0,logid=0,cmd=httpp,domain=htpp,edomain=htpp,sr cip= ,dstip= ,protocol=6,servic e_name=http,agent_type=proxy,user_name=(null),acl _id="internet Services" <131>Jan 15 14:51:23 auditd: date="may 14 17:02: CDT",fac=f_nss,area=a_server,type=t_acldeny,pri=p_ major,pid=22800,ruid=0,euid=0,pgid=220,fid=0,logid= 0,cmd=nss,domain=nss2,edomain=nss2,srcip= ,dstip= ,protocol=6,service_ name=telnet,agent_type=server,user_name=null),acl _id=deny_all,acl_pos=7 <179>Jun 24 05:07:27 auditd: date="may 16 13:18: CDT",fac=f_ftpproxy,area=a_server,type=t_auth_atte mpt,pri=p_major,pid=464,ruid=0,euid=0,pgid=464,logi d=0,cmd=pftp,domain=pftx,edomain=pftx,user_aut h_name=a,auth_method=password,result=1,info="aut hentication Accepted for user `a:password', method password" <131>Jan 15 14:51:23 auditd: date="oct 30 11:17: CST",fac=f_kern_ipfilt,area=a_general_area,type=t_ip ftraffic,pri=p_major,pid=0,ruid=0,euid=0,pgid=0,fid=0,l ogid=0,cmd=abc,domain=,edomain=,status=ipf_open, rule_name=some-rule,srcip= ,srcport= 1153,dstip= ,dstport=122,protocolname=tc p,netsessid=454633bd a 26 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
27 ID # Name Agile Title Category Type Appears In Sample Log Message 27 ipf_close Agile 6.2 Audit t_ipftraffic Accepted 28 conn_open Agile 6.2 Audit t_nettraffic Accepted 29 conn_cont Agile 6.2 Audit t_nettraffic Accepted 30 conn_close Agile 6.2 Audit t_nettraffic Accepted 31 N/A Agile 6.2 Audit t_proxyauth Denied <131>Jan 15 14:51:23 auditd: date="mar 5 01:18:07 EST",fac=f_kernel_ipfilter,area=a_general_area,type= t_ipftraffic,pri=p_major,pid=0,ruid=0,euid=0,pgid=0,fid =0,logid=0,cmd=kernel,domain=,edomain=,status=ipf _close,rule_name=scobra_out_filter,srcip= ,srcport=1662,dstip= ,dstport=9003,bytes _written_to_client=900,bytes_written_to_server=90,pr otocol=6,netsessid=45eba8ff <179>Jan 1 00:00:00 auditd: date="apr 19 12:25: CDT",fac=f_telnetproxy,area=a_server,type=t_nettraff ic,pri=p_major,pid=3544,ruid=0,euid=0,pgid=3544,fid = ,logid=0,cmd=tnauthp,domain=Atnx,edomai n=atnx,srcip= ,srcport=49566,srcburb =2,dstip= ,dstport=23,dstburb=1,protoc ol=6,service_name=nt_tnauthp,status=conn_open,net sessid=3cc f <179>Jan 1 00:00:00 auditd: date="apr 19 12:25: CDT",fac=f_telnetproxy,area=a_server,type=t_nettraff ic,pri=p_major,pid=3544,ruid= 0,euid=0,pgid=3544,fid= ,logid=0,cmd=tnauth p,domain=atnx,edomain=atnx,srcip= ,sr cport=49566,srcburb=2,dstip= ,dstport =23,dstburb=1,protocol=6,bytes_written_to_client=0,b ytes_written_to_server=0,service_name=nt_tnauthp,r eason=" continue ",status=conn_cont,auth_metho d=password,user_name=a,request_status=1,start_tim e="fri Apr 19 12:25: ",netsessid=3cc f <179>Jan 1 00:00:00 auditd: date="apr 19 12:25: CDT",fac=f_telnetproxy,area=a_server,type=t_nettraff ic,pri=p_major,pid=3544,ruid= 0,euid=0,pgid=3544,fid= ,logid=0,cmd=tnauth p,domain=atnx,edomain=atnx,srcip= ,sr cport=49566,srcburb=2,dstip= ,dstport =23,dstburb=1,protocol=6,bytes_written_to_client=0,b ytes_written_to_server=0,service_name=nt_tnauthp,r eason="proxy traffic end",status=conn_close,auth_method=password,user _name=a,request_status=1,start_time="fri Apr 19 12:25: ",netsessid=3cc f <135>Jan 1 00:00:03 sidewinder1 auditd: date="jan 1 00:00:03 PST",fac=f_ssod,area=a_auditlib,type=t_proxyauth,pr i=p_major,pid=94704,ruid=161,euid=194,pgid=1137,fi d=0,logid=138,cmd=find,domain=ssh2,edomain=pas w,srcip= ,srcport=2010,dstip= , dstport=3002,protocol=5,srchost= ,dstho st=desthost 32 N/A Agile 6.2/ format 1 (action is add or delete) Audit t_udb_useract User Last Activity,User Created/ Deleted <179>Jun 6 18:32:37 auditd: date="may 14 17:27: CDT",fac=f_passwordwarder,area=a_libudb,type=t_u db_useract,pri=p_major,pid=22821,ruid=0,euid=0,pgi d=247,logid=0,cmd=pasw,domain=pasw,edomain=pa sw,udb_admin=root,udb_user=a,udb_class=common, udb_action=add McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 27
28 ID # Name Agile Title Category Type Appears In Sample Log Message 33 N/A Agile 6.2/ format 1 (action is modify) Audit t_udb_useract User Last Activity <179>Jun 6 18:32:37 auditd: date="may 14 17:27: CDT",fac=f_passwordwarder,area=a_libudb,type=t_u db_useract,pri=p_major,pid=22821,ruid=0,euid=0,pgi d=247,logid=0,cmd=pasw,domain=pasw,edomain=pa sw,udb_admin=root,udb_user=a,udb_class=common, udb_action=modify 34 N/A Agile 6.1 Audit t_aclallow Accepted 35 N/A Agile 6.1 Audit t_acldeny Denied 36 N/A Agile 6.1 Audit t_auth_attempt User Last Activity /User Authentication 37 ipf_open Agile 6.1 Audit t_ipftraffic Accepted 38 ipf_close Agile 6.1 Audit t_ipftraffic Accepted <179>May 22 17:16:52 auditd: date="may 22 17:16:52 GMT",fac=f_wwwproxy,area=a_server,type=t_aclallo w,pri=p_major,pid=1545,ruid=0,euid=0,pgid=1545,fid =0,logid=0,cmd=httpp,domain=htpp,edomain=htpp,ho stname=xxx,srcip= ,srcburb=internal,dstip = ,dstburb=external,protocol=6,service_na me=http,agent_type=proxy,user_name=(null),auth_m ethod=(null),acl_id="internet Services",cache_hit=1,acl_position=6 <179>Jun 24 05:15:57 auditd: date="jun 24 05:15:57 EDT",fac=f_smtp_proxy,area=a_server,type=t_aclden y,pri=p_major,pid=1350,ruid=0,euid=0,pgid=1350,fid= 0,logid=0,cmd=smtpp,domain=SMTp,edomain=SMTp,hostname=xxx,srcip= ,srcburb=internal,ds tip= ,dstburb=internal,protocol=6,service _name=smtp,agent_type=proxy,attackip= ,attackburb=internal,user_name=(null),auth_method =(null),acl_id="deny All",cache_hit=1,acl_position=23 <179>Jun 24 05:07:57 auditd: date="jun 24 05:07:57 EDT",fac=f_login,area=a_general_area,type=t_auth_ attempt,pri=p_major,pid=1880,ruid=0,euid=0,pgid=18 80,fid=0,logid=0,cmd=login,domain=Logn,edomain=L ogn,hostname=xxx,user_name=abc,auth_method=-p assword,result=1,information="cobra login authentication Accepted for user `abc, method -password, from " <179>Aug 13 14:49:19 auditd: date="aug 13 14:49:19 JST",fac=f_kern_ipfilt,area=a_general_area,type=t_ip ftraffic,pri=p_major,pid=0,ruid=0,euid=0,pgid=0,logid= 0,cmd=kernel,domain=htpp,edomain=htpp,hostname =xxx,status=ipf_open,rule_name=web-proxy-out _high,srcip= ,srcport=600,dstip= ,dstport=4000,protocolname=tcp,netsessid=48a275 df0006e3da <179>Aug 13 14:50:47 auditd: date="aug 13 14:50:47 JST",fac=f_kern_ipfilt,area=a_general_area,type=t_ip ftraffic,pri=p_major,pid=0,ruid=0,euid=0,pgid=0,logid= 0,cmd=kernel,domain=htpp,edomain=htpp,hostname =xxx,status=ipf_close,rule_name=web-proxy-out _high,srcip= ,srcport=650,dstip= ,dstport=6000,bytes_written_to_client=226,bytes_w ritten_to_server=652,protocolname=tcp,netsessid=48 a275dd000276e4 28 McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide
29 ID # Name Agile Title Category Type Appears In Sample Log Message 39 conn_open Agile 6.1 Audit t_nettraffic Accepted 40 conn_cont Agile 6.1 Audit t_nettraffic Accepted <179>Jan 1 00:00:00 auditd: date="jan 1 00:00:00 PST",fac=f_udp_proxy,area=a_liblicense,type=t_nettr affic,pri=p_major,pid=23589,ruid=159,euid=188,pgid= 1137,fid=0,logid=276,cmd=dnsp,domain=Htps,edoma in=htps,hostname=xxx,srcip= ,srcport=50 12,srcburb=external,dstip= ,dstport=6008, dstburb=external,protocol=6,service_name=httpp,stat us=conn_open,acl_id="internet Services",cache_hit=0,netsessid= fa72 <179>Aug 13 14:16:09 auditd: date="aug 13 14:16:09 JST",fac=f_wwwproxy,area=a_libproxycommon,type= t_nettraffic,pri=p_major,pid=1309,ruid=0,euid=0,pgid= 1309,logid=0,cmd=httpp,domain=htpp,edomain=htpp, hostname=xxx,srcip= ,srcport=1011,srcbur b=int,dstip= ,dstport=5660,dstburb=ext,pro tocol=6,bytes_written_to_client=722,bytes_written_to _server=1452,service_name=httpp,reason= continu e,status=conn_cont,acl_id=web-proxy-http_o ut,cache_hit=0,request_status=0,start_time="wed Aug 13 14:12:56 ",netsessid=48a26d e99 41 conn_close Agile 6.1/ format 1 42 conn_close Agile 6.1/ format 2 Audit t_nettraffic Accepted Audit t_nettraffic Accepted <179>May 22 17:16:52 auditd: date="may 22 17:16:52 GMT",fac=f_wwwproxy,area=a_libproxycommon,type =t_nettraffic,pri=p_major,pid=1545,ruid=0,euid=0,pgid =1545,fid=0,logid=0,cmd=httpp,domain=htpp,edomai n=htpp,hostname=xxx,srcip= ,srcport=900,srcburb=internal,dstip= ,dstport=900,dstb urb=external,protocol=6,bytes_written_to_client=500, bytes_written_to_server=60,service_name=httpp,stat us=conn_close,acl_id="internet Services",cache_hit=1,request_status=0,start_time=" Tue May 22 17:16:53 ",netsessid= d <179>Aug 13 14:28:31 auditd: date="aug 13 14:28:31 JST",fac=f_mail,area=a_server,type=t_nettraffic,pri=p _major,pid=20756,ruid=0,euid=0,pgid=20756,logid=0, cmd=sendmail,domain=mta2,edomain=mta2,hostnam e=xxx,srcip= ,srcport=344,srcburb=ext,dsti p= ,dstport=2500,dstburb=int,protocol=6,b ytes_written_to_client=0,bytes_written_to_server=201 2,service_name=sendmail(2),reason="Normal delivery of message m7d5sp6z020754",status=conn_close,acl_id=smtp_ all,cache_hit=0,queueid=m7d5sp6z020754,mail_sen der=xxx@xxx.com,recipient=xxx@xxx.mil,start_time= "Wed Aug 13 14:28:31 ",netsessid=48a270ff McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide 29
LogLogic Trend Micro OfficeScan Log Configuration Guide
LogLogic Trend Micro OfficeScan Log Configuration Guide Document Release: September 2011 Part Number: LL600065-00ELS090000 This manual supports LogLogic Trend Micro OfficeScan Release 1.0 and later, and
More informationLogLogic Cisco IPS Log Configuration Guide
LogLogic Cisco IPS Log Configuration Guide Document Release: March 2011 Part Number: LL600072-00ELS090000 This manual supports LogLogic Cisco IPS Release 1.0 and later, and LogLogic Software Release 4.9.1
More informationLogLogic General Database Collector for Microsoft SQL Server Log Configuration Guide
LogLogic General Database Collector for Microsoft SQL Server Log Configuration Guide Document Release: Septembere 2011 Part Number: LL600066-00ELS100000 This manual supports LogLogic General Database Collector
More informationLogLogic Cisco NetFlow Log Configuration Guide
LogLogic Cisco NetFlow Log Configuration Guide Document Release: September 2011 Part Number: LL600068-00ELS090000 This manual supports LogLogic Cisco NetFlow Version 1.0, and LogLogic Software Release
More informationJuniper Secure Access SSL VPN Log Configuration Guide
Juniper Secure Access SSL VPN Log Configuration Guide Document Release: March 2012 Part Number: LL600049-00ELS01000000 This manual supports LogLogic Juniper Secure Access SSL VPN Release 1.0 and later,
More informationLogLogic Symantec Endpoint Protection Log Configuration Guide
LogLogic Symantec Endpoint Protection Log Configuration Guide Document Release: September 2011 Part Number: LL60005-00ELS100001 This manual supports LogLogic Symantec Endpoint Protection Release 1.0 and
More informationLogLogic Microsoft Dynamic Host Configuration Protocol (DHCP) Log Configuration Guide
LogLogic Microsoft Dynamic Host Configuration Protocol (DHCP) Log Configuration Guide Document Release: September 2011 Part Number: LL600026-00ELS090000 This manual supports LogLogic Microsoft DHCP Release
More informationLogLogic Microsoft Domain Name System (DNS) Log Configuration Guide
LogLogic Microsoft Domain Name System (DNS) Log Configuration Guide Document Release: September 2011 Part Number: LL600027-00ELS090000 This manual supports LogLogic Microsoft DNS Release 1.0 and later,
More informationLogLogic Blue Coat ProxySG Syslog Log Configuration Guide
LogLogic Blue Coat ProxySG Syslog Log Configuration Guide Document Release: September 2011 Part Number: LL600070-00ELS100000 This manual supports LogLogic Blue Coat ProxySG Release 1.0 and later, and LogLogic
More informationLogLogic Juniper Networks Intrusion Detection and Prevention (IDP) Log Configuration Guide
LogLogic Juniper Networks Intrusion Detection and Prevention (IDP) Log Configuration Guide Document Release: September 2011 Part Number: LL600015-00ELS090000 This manual supports LogLogic Juniper Networks
More informationMicrosoft Active Directory (AD) Service Log Configuration Guide
Microsoft Active Directory (AD) Service Log Configuration Guide Document Release: October 2011 Part Number: LL600011-00ELS090000 This manual supports LogLogic Microsoft AD Service Release 1.0 and above,
More informationLogLogic Cisco NetFlow Log Configuration Guide
LogLogic Cisco NetFlow Log Configuration Guide Document Release: March 2012 Part Number: LL600068-00ELS090000 This manual supports LogLogic Cisco NetFlow Version 2.0, and LogLogic Software Release 5.1
More informationLogLogic Microsoft SQL Server Log Configuration Guide
LogLogic Microsoft SQL Server Log Configuration Guide Document Release: March 2012 Part Number: LL600028-00ELS090002 This manual supports LogLogic Microsoft SQL Server Release 2.0 and later, and LogLogic
More informationLogLogic Check Point Management Station Log Configuration Guide
LogLogic Check Point Management Station Log Configuration Guide Document Release: September 2011 Part Number: LL600013-00ELS090000 This manual supports LogLogic Check Point Management Station Release 2.0
More informationLogLogic Microsoft Internet Information Services (IIS) Log Configuration Guide
LogLogic Microsoft Internet Information Services (IIS) Log Configuration Guide Document Release: September 2011 Part Number: LL60001-00ELS090000 This manual supports LogLogic Microsoft IIS Release 1.0
More informationLogLogic Apache Web Server Log Configuration Guide
LogLogic Apache Web Server Log Configuration Guide Document Release: September 2011 Part Number: LL60009-00ELS090001 This manual supports LogLogic Apache Web Server Release 1.0 and later, and LogLogic
More informationLogLogic Juniper Networks JunOS Log Configuration Guide
LogLogic Juniper Networks JunOS Log Configuration Guide Document Release: September 2011 Part Number: LL600052-00EL01000000 This manual supports LogLogic s Juniper Networks JunOS Release 1.0 and above,
More informationRSA Event Source Configuration Guide. McAfee Firewall Enterprise
Configuration Guide McAfee Firewall Enterprise Last Modified: Wednesday, October 24, 2012 Event Source (Device) Product Information Vendor McAfee Event Source (Device) Firewall Enterprise (formerly Secure
More informationLogLogic IBM i5/os Collector Guide
LogLogic IBM i5/os Collector Guide Software Release: 1.0 Document Release: December 2010 Part Number: LL600020-00EI5010001 This manual supports LogLogic IBM i5/os Collector Release 1.0 and later, and LogLogic
More informationLogLogic Microsoft Windows Server 2000/2003 Log Configuration Guide
LogLogic Microsoft Windows Server 2000/2003 Log Configuration Guide Document Release: September 2011 Part Number: LL600029-00ELS090002 This manual supports LogLogic Microsoft Windows Server 2000/2003 Release
More informationCopyright 2012 Trend Micro Incorporated. All rights reserved.
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationTIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage
TIBCO LogLogic SOX and COBIT Compliance Suite Quick Start Guide Software Release: 3.5.0 December 2012 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE.
More informationTIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage
TIBCO LogLogic HIPAA Compliance Suite Quick Start Guide Software Release: 3.5.0 December 2012 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE
More informationLogLogic Blue Coat ProxySG Log Configuration Guide
LogLogic Blue Coat ProxySG Log Configuration Guide Document Release: September 2011 Part Number: LL600012-00ELS100001 This manual supports LogLogic Blue Coat ProxySG Release 1.0 and later, and LogLogic
More informationConfiguring NetFlow Secure Event Logging (NSEL)
73 CHAPTER This chapter describes how to configure NSEL, a security logging mechanism that is built on NetFlow Version 9 technology, and how to handle events and syslog messages through NSEL. The chapter
More informationNMS300 Network Management System
NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate
More informationContent Filtering Client Policy & Reporting Administrator s Guide
Content Filtering Client Policy & Reporting Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION
More informationSonicWALL Global Management System Reporting Guide Standard Edition
SonicWALL Global Management System Reporting Guide Standard Edition Version 2.8 Copyright Information 2004 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described
More informationF-SECURE MESSAGING SECURITY GATEWAY
F-SECURE MESSAGING SECURITY GATEWAY DEFAULT SETUP GUIDE This guide describes how to set up and configure the F-Secure Messaging Security Gateway appliance in a basic e-mail server environment. AN EXAMPLE
More informationSecurity Correlation Server Quick Installation Guide
orrelog Security Correlation Server Quick Installation Guide This guide provides brief information on how to install the CorreLog Server system on a Microsoft Windows platform. This information can also
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationTIBCO LogLogic Log Management Intelligence (LMI) Configuration and Upgrade Guide
TIBCO LogLogic Log Management Intelligence (LMI) Configuration and Upgrade Guide Software Release 5.4.2 November 2013 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER
More informationSecurity Correlation Server Quick Installation Guide
orrelogtm Security Correlation Server Quick Installation Guide This guide provides brief information on how to install the CorreLog Server system on a Microsoft Windows platform. This information can also
More informationCopyright 2013 Trend Micro Incorporated. All rights reserved.
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationhttp://docs.trendmicro.com/en-us/smb/hosted-email-security.aspx
Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationHP A-IMC Firewall Manager
HP A-IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW101-20110805 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this
More informationChapter 8 Monitoring and Logging
Chapter 8 Monitoring and Logging This chapter describes the SSL VPN Concentrator status information, logging, alerting and reporting features. It describes: SSL VPN Concentrator Status Active Users Event
More informationConfiguration Information
Configuration Information Email Security Gateway Version 7.7 This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard.
More informationGFI Product Manual. Administration and Configuration Manual
GFI Product Manual Administration and Configuration Manual http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as is"
More informationVirtual Fragmentation Reassembly
Virtual Fragmentation Reassembly Currently, the Cisco IOS Firewall specifically context-based access control (CBAC) and the intrusion detection system (IDS) cannot identify the contents of the IP fragments
More informationARUBA WIRELESS AND CLEARPASS 6 INTEGRATION GUIDE. Technical Note
ARUBA WIRELESS AND CLEARPASS 6 INTEGRATION GUIDE Technical Note Copyright 2013 Aruba Networks, Inc. Aruba Networks trademarks include, Aruba Networks, Aruba Wireless Networks, the registered Aruba the
More informationUsing RADIUS Agent for Transparent User Identification
Using RADIUS Agent for Transparent User Identification Using RADIUS Agent Web Security Solutions Version 7.7, 7.8 Websense RADIUS Agent works together with the RADIUS server and RADIUS clients in your
More informationHP IMC Firewall Manager
HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this
More informationDC Agent Troubleshooting
DC Agent Troubleshooting Topic 50320 DC Agent Troubleshooting Web Security Solutions v7.7.x, 7.8.x 27-Mar-2013 This collection includes the following articles to help you troubleshoot DC Agent installation
More informationConfiguration Information
This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard. Other topics covered include Email Security interface navigation,
More informationPIX/ASA 7.x with Syslog Configuration Example
PIX/ASA 7.x with Syslog Configuration Example Document ID: 63884 Introduction Prerequisites Requirements Components Used Conventions Basic Syslog Configure Basic Syslog using ASDM Send Syslog Messages
More informationPIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example
PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example Document ID: 77869 Contents Introduction Prerequisites Requirements Components Used Related Products
More informationRSA Authentication Manager 7.1 Basic Exercises
RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo
More informationSOA Software API Gateway Appliance 7.1.x Administration Guide
SOA Software API Gateway Appliance 7.1.x Administration Guide Trademarks SOA Software and the SOA Software logo are either trademarks or registered trademarks of SOA Software, Inc. Other product names,
More informationUser Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream
User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationConfiguring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0
Avaya Solution & Interoperability Test Lab Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0 Abstract These Application Notes
More informationEMC Data Domain Management Center
EMC Data Domain Management Center Version 1.1 Initial Configuration Guide 302-000-071 REV 04 Copyright 2012-2015 EMC Corporation. All rights reserved. Published in USA. Published June, 2015 EMC believes
More informationQuick Start Guide. for Installing vnios Software on. VMware Platforms
Quick Start Guide for Installing vnios Software on VMware Platforms Copyright Statements 2010, Infoblox Inc. All rights reserved. The contents of this document may not be copied or duplicated in any form,
More informationIntegrating Barracuda Web Application Firewall
Integrating Barracuda Web Application Firewall EventTracker v7.x Publication Date: July 28, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides
More informationUsing DC Agent for Transparent User Identification
Using DC Agent for Transparent User Identification Using DC Agent Web Security Solutions v7.7, 7.8 If your organization uses Microsoft Windows Active Directory, you can use Websense DC Agent to identify
More informationHillstone StoneOS User Manual Hillstone Unified Intelligence Firewall Installation Manual
Hillstone StoneOS User Manual Hillstone Unified Intelligence Firewall Installation Manual www.hillstonenet.com Preface Conventions Content This document follows the conventions below: CLI Tip: provides
More informationIntegrate Check Point Firewall
Integrate Check Point Firewall EventTracker Enterprise Publication Date: Oct.26, 2015 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is
More informationManagement, Logging and Troubleshooting
CHAPTER 15 This chapter describes the following: SNMP Configuration System Logging SNMP Configuration Cisco NAC Guest Server supports management applications monitoring the system over SNMP (Simple Network
More informationApplication Interface Services Server for Mobile Enterprise Applications Configuration Guide Tools Release 9.2
[1]JD Edwards EnterpriseOne Application Interface Services Server for Mobile Enterprise Applications Configuration Guide Tools Release 9.2 E61545-01 October 2015 Describes the configuration of the Application
More informationInterworks. Interworks Cloud Platform Installation Guide
Interworks Interworks Cloud Platform Installation Guide Published: March, 2014 This document contains information proprietary to Interworks and its receipt or possession does not convey any rights to reproduce,
More informationSonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging
SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION:
More informationIntegrating Juniper Netscreen (ScreenOS)
Integrating Juniper Netscreen (ScreenOS) EventTracker Enterprise Publication Date: Jan. 5, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide helps you
More informationVantage Report. User s Guide. www.zyxel.com. Version 3.0 10/2006 Edition 1
Vantage Report User s Guide Version 3.0 10/2006 Edition 1 www.zyxel.com About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the Vantage
More informationBarracuda Networks Web Application Firewall
McAfee Enterprise Security Manager Data Source Configuration Guide Data Source: Barracuda Networks Web Application Firewall January 30, 2015 Barracuda Networks Web Application Firewall Page 1 of 10 Important
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More informationHP TippingPoint Security Management System User Guide
HP TippingPoint Security Management System User Guide Version 4.0 Abstract This information describes the HP TippingPoint Security Management System (SMS) client user interface, and includes configuration
More information11.1. Performance Monitoring
11.1. Performance Monitoring Windows Reliability and Performance Monitor combines the functionality of the following tools that were previously only available as stand alone: Performance Logs and Alerts
More informationfåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé
fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé Internet Server FileXpress Internet Server Administrator s Guide Version 7.2.1 Version 7.2.2 Created on 29 May, 2014 2014 Attachmate Corporation and its licensors.
More informationSetup Guide Revision A. WDS Connector
Setup Guide Revision A WDS Connector COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee
More informationRemote Management. Vyatta System. REFERENCE GUIDE SSH Telnet Web GUI Access SNMP VYATTA, INC.
VYATTA, INC. Vyatta System Remote Management REFERENCE GUIDE SSH Telnet Web GUI Access SNMP Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com 650 413 7200 1 888 VYATTA 1 (US and Canada)
More informationPolycom RSS 4000 / RealPresence Capture Server 1.6 and RealPresence Media Manager 6.6
INTEGRATION GUIDE May 2014 3725-75304-001 Rev B Polycom RSS 4000 / RealPresence Capture Server 1.6 and RealPresence Media Manager 6.6 Polycom, Inc. 0 Copyright 2014, Polycom, Inc. All rights reserved.
More informationTIBCO LogLogic. PCI Compliance Suite Guidebook. Software Release: 3.5.0. December 2012. Two-Second Advantage
TIBCO LogLogic PCI Compliance Suite Guidebook Software Release: 3.5.0 December 2012 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED
More informationIntegrating Trend Micro OfficeScan 10 EventTracker v7.x
Integrating Trend Micro OfficeScan 10 EventTracker v7.x Publication Date: August 26, 2015 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide will help you in
More informationIBM Security QRadar Version 7.1.0 (MR1) WinCollect User Guide
IBM Security QRadar Version 7.1.0 (MR1) WinCollect User Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 59. Copyright
More informationBorderware Firewall Server Version 7.1. VPN Authentication Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved
Borderware Firewall Server Version 7.1 VPN Authentication Configuration Guide Copyright 2005 CRYPTOCard Corporation All Rights Reserved http://www.cryptocard.com Overview The BorderWare Firewall Server
More informationMcAfee Web Gateway 7.4.1
Release Notes Revision B McAfee Web Gateway 7.4.1 Contents About this release New features and enhancements Resolved issues Installation instructions Known issues Find product documentation About this
More informationvcloud Director User's Guide
vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationWEBROOT EMAIL ARCHIVING SERVICE. Getting Started Guide North America. The best security in an unsecured world. TM
WEBROOT EMAIL ARCHIVING SERVICE Getting Started Guide North America Webroot Software, Inc. World Headquarters 2560 55th Street Boulder CO 80301 USA www.webroot.com 800.870.8102 Table of Contents Create
More informationServer Manager Help 10/6/2014 1
Server Manager Help 10/6/2014 1 Table of Contents Server Manager Help... 1 Getting Started... 7 About SpectorSoft Server Manager... 8 Client Server Architecture... 9 System Requirements... 10 Screencasts...
More informationChapter 4 Firewall Protection and Content Filtering
Chapter 4 Firewall Protection and Content Filtering The ProSafe VPN Firewall 50 provides you with Web content filtering options such as Block Sites and Keyword Blocking. Parents and network administrators
More informationThere are numerous ways to access monitors:
Remote Monitors REMOTE MONITORS... 1 Overview... 1 Accessing Monitors... 1 Creating Monitors... 2 Monitor Wizard Options... 11 Editing the Monitor Configuration... 14 Status... 15 Location... 17 Alerting...
More informationMcAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course
McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course The McAfee Firewall Enterprise System Administration course from McAfee University is a fast-paced,
More informationSYSLOG 1 Overview... 1 Syslog Events... 1 Syslog Logs... 4 Document Revision History... 5
Syslog SYSLOG 1 Overview... 1 Syslog Events... 1 Syslog Logs... 4 Document Revision History... 5 Overview Syslog messages are event messages and alerts that are sent by the operating system, applications
More informationRSA Authentication Manager
McAfee Enterprise Security Manager Data Source Configuration Guide Data Source: RSA Authentication Manager February 26, 2015 RSA Authentication Manager Page 1 of 9 Important Note: The information contained
More informationTrustwave SEG Cloud Customer Guide
Trustwave SEG Cloud Customer Guide Legal Notice Copyright 2015 Trustwave Holdings, Inc. All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation
More informationSophos for Microsoft SharePoint startup guide
Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning
More informationNETWRIX ACCOUNT LOCKOUT EXAMINER
NETWRIX ACCOUNT LOCKOUT EXAMINER ADMINISTRATOR S GUIDE Product Version: 4.1 July 2014. Legal Notice The information in this publication is furnished for information use only, and does not constitute a
More informationPacket Capture. Document Scope. SonicOS Enhanced Packet Capture
Packet Capture Document Scope This solutions document describes how to configure and use the packet capture feature in SonicOS Enhanced. This document contains the following sections: Feature Overview
More informationChapter 8 Router and Network Management
Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by
More informationParallels Plesk Control Panel
Parallels Plesk Control Panel Copyright Notice ISBN: N/A Parallels 660 SW 39 th Street Suite 205 Renton, Washington 98057 USA Phone: +1 (425) 282 6400 Fax: +1 (425) 282 6444 Copyright 1999-2008, Parallels,
More informationCyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10
Cyberoam Virtual Security Appliance - Installation Guide for XenServer Version 10 Document Version 10.6.1-01/07/2014 Contents Preface... 4 Base Configuration... 4 Installation Procedure... 4 Cyberoam Virtual
More informationActive Directory Self-Service FAQ
Active Directory Self-Service FAQ General Information: info@cionsystems.com Online Support: support@cionsystems.com CionSystems Inc. Mailing Address: 16625 Redmond Way, Ste M106 Redmond, WA. 98052 http://www.cionsystems.com
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationConfiguration Guide. BES12 Cloud
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
More informationExtreme Control Center, NAC, and Purview Virtual Appliance Installation Guide
Extreme Control Center, NAC, and Purview Virtual Appliance Installation Guide 9034968 Published April 2016 Copyright 2016 All rights reserved. Legal Notice Extreme Networks, Inc. reserves the right to
More informationNetFlow Analytics for Splunk
NetFlow Analytics for Splunk User Manual Version 3.5.1 September, 2015 Copyright 2012-2015 NetFlow Logic Corporation. All rights reserved. Patents Pending. Contents Introduction... 3 Overview... 3 Installation...
More informationShadowControl ShadowStream
ShadowControl ShadowStream Revision 1.3 4/12/2012 Table of Contents Introduction... 3 Download ShadowStream Server... 3 Installation... 4 Configuration... 5 Creating Users... 6 Testing the User Rights...
More informationTracking Network Changes Using Change Audit
CHAPTER 14 Change Audit tracks and reports changes made in the network. Change Audit allows other RME applications to log change information to a central repository. Device Configuration, Inventory, and
More information