|
|
|
|
|
|
ID
|
Log Type
|
Message
|
|---|---|---|
|
11001
|
Update events
|
Product Updates: {USER} installed hot fix {VERSION} from {IP}
|
|
11002
|
Update events
|
Product Updates: {USER} rolled back hot fix {VERSION} from {IP}
|
|
11003
|
Update events
|
Product Updates: Appliance firmware upgraded by {USER} from {IP}
|
|
12001
|
Update events
|
Deep Discovery Director: Hotfix update successful
|
|
12002
|
Update events
|
Deep Discovery Director: Firmware update successful
|
|
12003
|
Update events
|
Deep Discovery Director: Virtual Analyzer image import successful
|
|
12004
|
Update events
|
Deep Discovery Director: Configuration update successful
|
|
130xx
|
Update events
|
ActiveUpdate: {COMPONENT} downloaded manually by {USER} from
{IP}
|
|
131xx
|
Update events
|
ActiveUpdate: {COMPONENT} unsuccessfully downloaded manually by
{USER} from {IP}
|
|
132xx
|
Update events
|
ActiveUpdate: {COMPONENT} downloaded by scheduled update
|
|
133xx
|
Update events
|
ActiveUpdate: {COMPONENT} unsuccessfully downloaded by scheduled
update
|
|
134xx
|
Update events
|
ActiveUpdate: {COMPONENT} rolled back to version {VERSION} by {USER}
from {IP}
|
|
135xx
|
Update events
|
ActiveUpdate: {COMPONENT} unsuccessfully rolled back by {USER} from
{IP}
|
|
136xx
|
Update events
|
ActiveUpdate Exception - Apply {COMPONENT} {VERSION} to local
scanner failed
|
|
20101
|
Audit log
|
System started
|
|
20102
|
Audit log
|
System stopped
|
|
20201
|
Audit log
|
Service started
|
|
20202
|
Audit log
|
Service stopped
|
|
20301
|
Audit log
|
License: Product license expired, grace period ends on {DATE}
|
|
20302
|
Audit log
|
License: Product license expired
|
|
20303
|
Audit log
|
License: Product license updated
|
|
30101
|
Audit log
|
Active update source setting was changed
|
|
30102
|
Audit log
|
Active update schecule setting was changed
|
|
30201
|
Audit log
|
System Settings: Host name saved as {NAME} by {USER} from {IP}
|
|
30202
|
Audit log
|
System Settings: {INTERFACE} IPv4 address and subnet mask were saved
as {SUBNET} by {USER} from {IP}
|
|
30203
|
Audit log
|
System Settings: {INTERFACE} IPv6 address and prefix length were
saved as {IP}/{LENGTH} by {USER} from {IP}
|
|
30204
|
Audit log
|
System Settings: {INTERFACE} IPv4 gateway saved as {GATEWAY} by
{USER} from {IP}
|
|
30205
|
Audit log
|
System Settings: {INTERFACE} IPv6 gateway saved as {GATEWAY} by
{USER} from {IP}
|
|
30206
|
Audit log
|
System Settings: {INTERFACE} primary IPv4 DNS server saved as {IP}
and secondary IPv4 DNS server saved as {IP} by {USER} from {IP}
|
|
30207
|
Audit log
|
System Settings: {INTERFACE} primary IPv6 DNS server saved as {IP}
and secondary IPv6 DNS server saved as {IP} by {USER} from {IP}
|
|
30301
|
Audit log
|
System Settings: Operation mode saved as {MODE} by {USER} from
{IP}
|
|
30401
|
Audit log
|
System Settings: Proxy settings modified by {USER} from {IP}
|
|
30402
|
Audit log
|
System Settings: Proxy settings unsuccessfully modified by {USER}
from {IP}
|
|
30501
|
Audit log
|
System Settings: SMTP server settings modified by {USER} from
{IP}
|
|
30601
|
Audit log
|
System Settings: System time zone saved as {ZONE} by {USER} from
{IP}
|
|
30602
|
Audit log
|
System Settings: NTP server synchronization enabled by {USER} from
{IP}
|
|
30603
|
Audit log
|
System Settings: NTP server synchronization disabled by {USER} from
{IP}
|
|
30604
|
Audit log
|
System Settings: System time saved as {TIME} by {USER} from {IP}
|
|
30605
|
Audit log
|
System Settings: Database time zone saved as {ZONE} by {USER} from
{IP}
|
|
30606
|
Audit log
|
System Settings: NTP server saved as {NAME} by {USER} from {IP}
|
|
30701
|
Audit log
|
System Settings: SNMP settings modified by {USER} from {IP}
|
|
30702
|
Audit log
|
System Settings: SNMP MIB files downloaded by {USER} from {IP}
|
|
30801
|
Audit log
|
Mail Settings: SMTP Connection setting saved by {USER} from {IP}
|
|
30802
|
Audit log
|
Mail Settings: TLS certificate uploaded by {USER} from {IP}
|
|
30803
|
Audit log
|
Mail Settings: TLS certificate downloaded by {USER} from {IP}
|
|
30901
|
Audit log
|
Mail Settings: Delivery profiles exported by {USER} from {IP}
|
|
30902
|
Audit log
|
Mail Settings: Delivery profiles unsuccessfully exported by {USER}
from {IP}
|
|
30903
|
Audit log
|
Mail Settings: Delivery profiles imported by {USER} from {IP}
|
|
30904
|
Audit log
|
Mail Settings: Delivery profiles unsuccessfully imported since total
exceeds 256
|
|
30905
|
Audit log
|
Mail Settings: Delivery profiles unsuccessfully imported by {USER}
from {IP}
|
|
30906
|
Audit log
|
Mail Settings: Delivery profile added by {USER} from {IP}
|
|
30907
|
Audit log
|
Mail Settings: Delivery profile modified by {USER} from {IP}
|
|
30908
|
Audit log
|
Mail Settings: Delivery profile deleted by {USER} from {IP}
|
|
31001
|
Audit log
|
Mail Settings: Mail settings modified by {USER} from {IP}
|
|
31101
|
Audit log
|
Mail Settings: SMTP server greeting saved by {USER} from {IP}
|
|
31201
|
Audit log
|
Log Settings: {NAME} syslog server profile created by {USER} from
{IP}
|
|
31202
|
Audit log
|
Log Settings: {NAME} syslog server profile deleted by {USER} from
{IP}
|
|
31203
|
Audit log
|
Log Settings: {NAME} syslog server profile modified by {USER} from
{IP}
|
|
31204
|
Audit log
|
Log Settings: {NAME} enabled by {USER} from {IP}
|
|
31205
|
Audit log
|
Log Settings: {NAME} disabled by {USER} from {IP}
|
|
31301
|
Audit log
|
Integrated Products/Services: SFTP Upload settings modified by {USER}
from {IP}
|
|
31401
|
Audit log
|
Integrated Products/Services: Microsoft Active Directory Integration
settings modified by {USER} from {IP}
|
|
31501
|
Audit log
|
Integrated Products/Services: Threat Intelligent Sharing settings
modified by {USER} from {IP}
|
|
31502
|
Audit log
|
Integrated Products/Services: {USER} generate suspicious objects
list from {IP}
|
|
31601
|
Audit log
|
Integrated Products/Services:Auxiliary Products/Services settings
modified by {USER} from {IP}
|
|
31602
|
Audit log
|
Integrated Products/Services: {USER} clicked Auxiliary
Products/Services > Distribute Now from {IP}
|
|
31701
|
Audit log
|
Systems Settings: Control Manager settings modified by {USER} from
{IP}
|
|
31702
|
Audit log
|
System Settings: Suspicious object synchronization enabled by {USER}
from {IP}
|
|
31703
|
Audit log
|
System Settings: Suspicious object synchronization disabled by
{USER} from {IP}
|
|
31801
|
Audit log
|
System Settings: Proxy settings for Deep Discovery Director modified
by {USER} by {IP}
|
|
31802
|
Audit log
|
System Settings: Registered to Deep Discovery Director by {USER}
from {IP}
|
|
31803
|
Audit log
|
System Settings: Unregistered from Deep Discovery Director by {USER}
from {IP}
|
|
31804
|
Audit log
|
System Settings: Deep Discovery Director fingerprint trusted by
{USER} from {IP}
|
|
31901
|
Audit log
|
Scanning / Analysis: Image imported by {USER} from {IP}
|
|
31902
|
Audit log
|
Scanning / Analysis: Image deleted by {USER} from {IP}
|
|
31903
|
Audit log
|
Scanning / Analysis: Number of instances for each Virtual Analyzer
image modified by {USER} from {IP}
|
|
32001
|
Audit log
|
Scanning / Analysis: Virtual Analyzer settings modified by {USER}
from {IP}
|
|
32101
|
Audit log
|
Scanning / Analysis: {PRODUCT NAME} registered to the external
Virtual Analyzer
|
|
32102
|
Audit log
|
Scanning / Analysis: Unable to register to the external Virtual
Analyzer
|
|
32103
|
Audit log
|
Scanning / Analysis: {PRODUCT NAME} unregistered from the external
Virtual Analyzer
|
|
32104
|
Audit log
|
Scanning / Analysis: Virtual Analyzer external integration settings
modified by {USER} from ''%s''
|
|
32201
|
Audit log
|
Scanning / Analysis: File Passwords setting was modified by {USER}
from {IP}
|
|
32301
|
Audit log
|
Scanning / Analysis: Smart Protection settings modified by {USER}
from {IP}
|
|
32401
|
Audit log
|
Scanning / Analysis: Smart Feedback settings modified by {USER} from
{IP}
|
|
32501
|
Audit log
|
YARA Rules: {USER} added rule {NAME} from {IP}
|
|
32502
|
Audit log
|
YARA Rules: {USER} modified rule {NAME} from {IP}
|
|
32503
|
Audit log
|
YARA Rules: {USER} deleted rule {NAME} from {IP}
|
|
32504
|
Audit log
|
YARA Rules: {USER} modified status for rule {NAME} from {IP}
|
|
32601
|
Audit log
|
System Maintenance: Configuration imported by {USER} from {IP}
|
|
32602
|
Audit log
|
System Maintenance: Configuration unsuccessfully imported by {USER}
from {IP}
|
|
32603
|
Audit log
|
System Maintenance: Configuration exported by {USER} from {IP}
|
|
32604
|
Audit log
|
System Maintenance: Configuration unsuccessfully exported by {USER}
from {IP}
|
|
32701
|
Audit log
|
System Maintenance: Data purge started automatically
|
|
32702
|
Audit log
|
System Maintenance: Data purge completed ({MIN} min {SEC} s)
|
|
32703
|
Audit log
|
System Maintenance: Storage maintenance setting modified by {USER}
from {IP}
|
|
32801
|
Audit log
|
System Maintenance: System log level setting modified by {USER} from
{IP}
|
|
32901
|
Audit log
|
Accounts / Contacts: {USER} created the account {NAME} from {IP}
|
|
32902
|
Audit log
|
Accounts / Contacts: {USER} deleted the account {NAME} from {IP}
|
|
32903
|
Audit log
|
Accounts / Contacts: {USER} modified the account {NAME} from
{IP}
|
|
33001
|
Audit log
|
Logon: {USER} logged on as {ROLE} role from {IP}
|
|
33002
|
Audit log
|
Logon: {USER} logged off from {IP}
|
|
33003
|
Audit log
|
Logon: Attempted log on with an invalid user name ({USER}) or
password from {IP}
|
|
33004
|
Audit log
|
Logon: Attempted log on with a disabled user name ({USER}) from
{IP}
|
|
33101
|
Audit log
|
Accounts / Contacts: Contacts for alert notifications and reports
modified by {USER} from {IP}
|
|
33201
|
Audit log
|
Accounts / Contacts: {USER} modified the password for {NAME} from
{IP}
|
|
33301
|
Audit log
|
License: Product registered by {USER} from {IP}
|
|
33302
|
Audit log
|
License: Unsuccessful registration using an invalid Activation Code
by {USER} from {IP}
|
|
33401
|
Audit log
|
Policy: Policy setting changed by {USER} from {IP}
|
|
33501
|
Audit log
|
Policy: Policy exception settings modified by {USER} from {IP}
|
|
33601
|
Audit log
|
Alerts: Alert rule settings modified by {USER} from {IP}
|
|
33701
|
Audit log
|
Report: Report settings changed by {USER} from {IP}
|
|
33801
|
Audit log
|
Detected Messages: Message {NAME} downloaded by {USER} from {IP}
|
|
33802
|
Audit log
|
Detected Messages: Investigation package {NAME} downloaded by {USER}
from {IP}
|
|
33901
|
Audit log
|
Quarantine: MsgID {ID} released by {USER} from {IP}
|
|
33902
|
Audit log
|
Quarantine: MsgID {ID} deleted by {USER} from {IP}
|
|
34001
|
Audit log
|
Unable to distribute suspicious objects to Check Point OPSEC. Verify
that the Check Point OPSEC settings are correct and that no network problem
exists.
|
|
34002
|
Audit log
|
Unable to distribute suspicious objects to Trend Micro TippingPoint
SMS. Verify that the Trend Micro TippingPoint SMS settings are correct and that no
network problem exists.
|
|
34003
|
Audit log
|
Unable to distribute suspicious objects to IBM Security Network
Protection XGS. Verify that the IBM Security Network Protection XGS settings are
correct and that no network problem exists.
|
|
34004
|
Audit log
|
Unable to distribute suspicious objects to Palo Alto Panorama or
Firewalls. Verify that the Palo Alto Panorama or Firewalls settings are correct
and that no network problem exists.
|
|
34005
|
Audit log
|
Unable to generate suspicious objects list. Verify that the Threat
Intelligence Sharing settings are correct.
|