|
|
|
|
|
|
ID
|
ログの種類
|
メッセージ
|
|---|---|---|
|
11001
|
Update (アップデートイベント)
|
Product Updates:{USER} installed hot fix {VERSION} from {IP}
|
|
11002
|
Update (アップデートイベント)
|
Product Updates:{USER} rolled back hot fix {VERSION} from {IP}
|
|
11003
|
Update (アップデートイベント)
|
Product Updates:Appliance firmware upgraded by {USER} from {IP}
|
|
12001
|
Update (アップデートイベント)
|
Deep Discovery Director:Hotfix update successful
|
|
12002
|
Update (アップデートイベント)
|
Deep Discovery Director:Firmware update successful
|
|
12003
|
Update (アップデートイベント)
|
Deep Discovery Director:Virtual Analyzer image import successful
|
|
12004
|
Update (アップデートイベント)
|
Deep Discovery Director:Configuration update successful
|
|
130xx
|
Update (アップデートイベント)
|
ActiveUpdate:{COMPONENT} downloaded manually by {USER} from {IP}
|
|
131xx
|
Update (アップデートイベント)
|
ActiveUpdate:{COMPONENT} unsuccessfully downloaded manually by {USER} from {IP}
|
|
132xx
|
Update (アップデートイベント)
|
ActiveUpdate:{COMPONENT} downloaded by scheduled update
|
|
133xx
|
Update (アップデートイベント)
|
ActiveUpdate:{COMPONENT} unsuccessfully downloaded by scheduled update
|
|
134xx
|
Update (アップデートイベント)
|
ActiveUpdate:{COMPONENT} rolled back to version {VERSION} by {USER} from {IP}
|
|
135xx
|
Update (アップデートイベント)
|
ActiveUpdate:{COMPONENT} unsuccessfully rolled back by {USER} from {IP}
|
|
136xx
|
Update (アップデートイベント)
|
ActiveUpdate Exception - Apply {COMPONENT} {VERSION} to local scanner failed
|
|
20101
|
Audit (監査ログ)
|
System started
|
|
20102
|
Audit (監査ログ)
|
System stopped
|
|
20201
|
Audit (監査ログ)
|
Service started
|
|
20202
|
Audit (監査ログ)
|
Service stopped
|
|
20301
|
Audit (監査ログ)
|
License: {NAME} license expired, grace period ends on {DATE}
|
|
20302
|
Audit (監査ログ)
|
License: {NAME} license expired
|
|
20303
|
Audit (監査ログ)
|
License: {NAME} license updated
|
|
30101
|
Audit (監査ログ)
|
Active update source setting was changed
|
|
30102
|
Audit (監査ログ)
|
Active update schecule setting was changed
|
|
30201
|
Audit (監査ログ)
|
System Settings:Host name saved as {NAME} by {USER} from {IP}
|
|
30202
|
Audit (監査ログ)
|
System Settings:{INTERFACE} IPv4 address and subnet mask were saved as {SUBNET} by
{USER} from {IP}
|
|
30203
|
Audit (監査ログ)
|
System Settings:{INTERFACE} IPv6 address and prefix length were saved as {IP}/{LENGTH}
by {USER} from {IP}
|
|
30204
|
Audit (監査ログ)
|
System Settings:{INTERFACE} IPv4 gateway saved as {GATEWAY} by {USER} from {IP}
|
|
30205
|
Audit (監査ログ)
|
System Settings:{INTERFACE} IPv6 gateway saved as {GATEWAY} by {USER} from {IP}
|
|
30206
|
Audit (監査ログ)
|
System Settings:{INTERFACE} primary IPv4 DNS server saved as {IP} and secondary IPv4
DNS server saved as {IP} by {USER} from {IP}
|
|
30207
|
Audit (監査ログ)
|
System Settings:{INTERFACE} primary IPv6 DNS server saved as {IP} and secondary IPv6
DNS server saved as {IP} by {USER} from {IP}
|
|
30301
|
Audit (監査ログ)
|
System Settings:Operation mode saved as {MODE} by {USER} from {IP}
|
|
30401
|
Audit (監査ログ)
|
System Settings:Proxy settings modified by {USER} from {IP}
|
|
30402
|
Audit (監査ログ)
|
System Settings:Proxy settings unsuccessfully modified by {USER} from {IP}
|
|
30501
|
Audit (監査ログ)
|
System Settings:SMTP server settings modified by {USER} from {IP}
|
|
30601
|
Audit (監査ログ)
|
System Settings:System time zone saved as {ZONE} by {USER} from {IP}
|
|
30602
|
Audit (監査ログ)
|
System Settings:NTP server synchronization enabled by {USER} from {IP}
|
|
30603
|
Audit (監査ログ)
|
System Settings:NTP server synchronization disabled by {USER} from {IP}
|
|
30604
|
Audit (監査ログ)
|
System Settings:System time saved as {TIME} by {USER} from {IP}
|
|
30605
|
Audit (監査ログ)
|
System Settings:Database time zone saved as {ZONE} by {USER} from {IP}
|
|
30606
|
Audit (監査ログ)
|
System Settings:NTP server saved as {NAME} by {USER} from {IP}
|
|
30701
|
Audit (監査ログ)
|
System Settings:SNMP settings modified by {USER} from {IP}
|
|
30702
|
Audit (監査ログ)
|
System Settings:SNMP MIB files downloaded by {USER} from {IP}
|
|
30801
|
Audit (監査ログ)
|
Mail Settings:SMTP Connection setting saved by {USER} from {IP}
|
|
30802
|
Audit (監査ログ)
|
Mail Settings:TLS certificate uploaded by {USER} from {IP}
|
|
30803
|
Audit (監査ログ)
|
Mail Settings:TLS certificate downloaded by {USER} from {IP}
|
|
30901
|
Audit (監査ログ)
|
Mail Settings:Delivery profiles exported by {USER} from {IP}
|
|
30902
|
Audit (監査ログ)
|
Mail Settings:Delivery profiles unsuccessfully exported by {USER} from {IP}
|
|
30903
|
Audit (監査ログ)
|
Mail Settings:Delivery profiles imported by {USER} from {IP}
|
|
30904
|
Audit (監査ログ)
|
Mail Settings: Mail Settings: Delivery profiles unsuccessfully imported due to maximum
entries (256) exceeded
|
|
30905
|
Audit (監査ログ)
|
Mail Settings:Delivery profiles unsuccessfully imported by {USER} from {IP}
|
|
30906
|
Audit (監査ログ)
|
Mail Settings:Delivery profile added by {USER} from {IP}
|
|
30907
|
Audit (監査ログ)
|
Mail Settings:Delivery profile modified by {USER} from {IP}
|
|
30908
|
Audit (監査ログ)
|
Mail Settings:Delivery profile deleted by {USER} from {IP}
|
|
31001
|
Audit (監査ログ)
|
Mail Settings:Mail settings modified by {USER} from {IP}
|
|
31101
|
Audit (監査ログ)
|
Mail Settings:SMTP server greeting saved by {USER} from {IP}
|
|
31201
|
Audit (監査ログ)
|
Log Settings:{NAME} syslog server profile created by {USER} from {IP}
|
|
31202
|
Audit (監査ログ)
|
Log Settings:{NAME} syslog server profile deleted by {USER} from {IP}
|
|
31203
|
Audit (監査ログ)
|
Log Settings:{NAME} syslog server profile modified by {USER} from {IP}
|
|
31204
|
Audit (監査ログ)
|
Log Settings:{NAME} enabled by {USER} from {IP}
|
|
31205
|
Audit (監査ログ)
|
Log Settings:{NAME} disabled by {USER} from {IP}
|
|
31301
|
Audit (監査ログ)
|
Integrated Products/Services:SFTP Upload settings modified by {USER} from {IP}
|
|
31401
|
Audit (監査ログ)
|
Integrated Products/Services:Microsoft Active Directory Integration settings modified
by {USER} from {IP}
|
|
31501
|
Audit (監査ログ)
|
Integrated Products/Services:Threat Intelligent Sharing settings modified by {USER}
from {IP}
|
|
31502
|
Audit (監査ログ)
|
Integrated Products/Services:{USER} generate suspicious objects list from {IP}
|
|
31601
|
Audit (監査ログ)
|
Integrated Products/Services:Auxiliary Products/Services settings modified by {USER}
from {IP}
|
|
31602
|
Audit (監査ログ)
|
Integrated Products/Services:{USER} clicked Auxiliary Products/Services > Distribute
Now from {IP}
|
|
31701
|
Audit (監査ログ)
|
Systems Settings:Control Manager settings modified by {USER} from {IP}
|
|
31702
|
Audit (監査ログ)
|
System Settings:Suspicious object synchronization enabled by {USER} from {IP}
|
|
31703
|
Audit (監査ログ)
|
System Settings:Suspicious object synchronization disabled by {USER} from {IP}
|
|
31801
|
Audit (監査ログ)
|
System Settings:Proxy settings for Deep Discovery Director modified by {USER} by {IP}
|
|
31802
|
Audit (監査ログ)
|
System Settings:Registered to Deep Discovery Director by {USER} from {IP}
|
|
31803
|
Audit (監査ログ)
|
System Settings:Unregistered from Deep Discovery Director by {USER} from {IP}
|
|
31804
|
Audit (監査ログ)
|
System Settings:Deep Discovery Director fingerprint trusted by {USER} from {IP}
|
|
31901
|
Audit (監査ログ)
|
Scanning / Analysis:Image imported by {USER} from {IP}
|
|
31902
|
Audit (監査ログ)
|
Scanning / Analysis:Image deleted by {USER} from {IP}
|
|
31903
|
Audit (監査ログ)
|
Scanning / Analysis:Number of instances for each Virtual Analyzer image modified by
{USER} from {IP}
|
|
32001
|
Audit (監査ログ)
|
Scanning / Analysis:Virtual Analyzer settings modified by {USER} from {IP}
|
|
32101
|
Audit (監査ログ)
|
Scanning / Analysis:{PRODUCT NAME} registered to the external Virtual Analyzer
|
|
32102
|
Audit (監査ログ)
|
Scanning / Analysis:Unable to register to the external Virtual Analyzer
|
|
32103
|
Audit (監査ログ)
|
Scanning / Analysis:{PRODUCT NAME} unregistered from the external Virtual Analyzer
|
|
32104
|
Audit (監査ログ)
|
Scanning / Analysis:Virtual Analyzer external integration settings modified by {USER}
from ''%s''
|
|
32201
|
Audit (監査ログ)
|
Scanning / Analysis:File Passwords setting was modified by {USER} from {IP}
|
|
32301
|
Audit (監査ログ)
|
Scanning / Analysis:Smart Protection settings modified by {USER} from {IP}
|
|
32401
|
Audit (監査ログ)
|
Scanning / Analysis:Smart Feedback settings modified by {USER} from {IP}
|
|
32501
|
Audit (監査ログ)
|
Scanning / Analysis: {USER} added YARA rule {NAME} from {IP}
|
|
32502
|
Audit (監査ログ)
|
Scanning / Analysis: {USER} modified YARA rule {NAME} from {IP}
|
|
32503
|
Audit (監査ログ)
|
Scanning / Analysis: {USER} deleted YARA rule {NAME} from {IP}
|
|
32504
|
Audit (監査ログ)
|
Scanning / Analysis: {USER} modified status for YARA rule {NAME} from {IP}
|
|
32510
|
Audit (監査ログ)
|
Scanning / Analysis: Time-of-Click settings modified by {USER} from {IP}
|
|
32601
|
Audit (監査ログ)
|
System Maintenance:Configuration imported by {USER} from {IP}
|
|
32602
|
Audit (監査ログ)
|
System Maintenance:Configuration unsuccessfully imported by {USER} from {IP}
|
|
32603
|
Audit (監査ログ)
|
System Maintenance:Configuration exported by {USER} from {IP}
|
|
32604
|
Audit (監査ログ)
|
System Maintenance:Configuration unsuccessfully exported by {USER} from {IP}
|
|
32701
|
Audit (監査ログ)
|
System Maintenance:Data purge started automatically
|
|
32702
|
Audit (監査ログ)
|
System Maintenance:Data purge completed ({MIN} min {SEC} s)
|
|
32703
|
Audit (監査ログ)
|
System Maintenance:Storage maintenance setting modified by {USER} from {IP}
|
|
32801
|
Audit (監査ログ)
|
System Maintenance:System log level setting modified by {USER} from {IP}
|
|
32901
|
Audit (監査ログ)
|
Accounts / Contacts:{USER} created the account {NAME} from {IP}
|
|
32902
|
Audit (監査ログ)
|
Accounts / Contacts:{USER} deleted the account {NAME} from {IP}
|
|
32903
|
Audit (監査ログ)
|
Accounts / Contacts:{USER} modified the account {NAME} from {IP}
|
|
32904
|
Audit (監査ログ)
|
Accounts / Contacts: {USER} unlocked the account {NAME} from {IP}
|
|
33001
|
Audit (監査ログ)
|
Logon:{USER} logged on as {ROLE} role from {IP}
|
|
33002
|
Audit (監査ログ)
|
Logon:{USER} logged off from {IP}
|
|
33003
|
Audit (監査ログ)
|
Logon:Attempted log on with an invalid user name ({USER}) or password from {IP}
|
|
33004
|
Audit (監査ログ)
|
Logon:Attempted log on with a disabled user name ({USER}) from {IP}
|
|
33005
|
Audit (監査ログ)
|
Logon: Attempted logon with a locked user name {NAME} from {IP}
|
|
33006
|
Audit (監査ログ)
|
Logon: Unlocked user name {NAME} from {IP}
|
|
33101
|
Audit (監査ログ)
|
Accounts / Contacts:Contacts for alert notifications and reports modified by {USER}
from {IP}
|
|
33201
|
Audit (監査ログ)
|
Accounts / Contacts:{USER} modified the password for {NAME} from {IP}
|
|
33301
|
Audit (監査ログ)
|
License: {NAME} license activated by {USER} from {IP}
|
|
33302
|
Audit (監査ログ)
|
License: Attempted to activate {NAME} license using an invalid Activation Code by
{USER} from {IP}
|
|
33303
|
Audit (監査ログ)
|
License: {NAME} license updated by {USER} from {IP}
|
|
33401
|
Audit (監査ログ)
|
Policy:Policy setting changed by {USER} from {IP}
|
|
33402
|
Audit (監査ログ)
|
Policy: {USER} added policy {NAME} from {IP}
|
|
33403
|
Audit (監査ログ)
|
Policy: {USER} modified policy {NAME} from {IP}
|
|
33404
|
Audit (監査ログ)
|
Policy: {USER} imported policy {NAME} from {IP}
|
|
33405
|
Audit (監査ログ)
|
Policy: {USER} deleted policy {NAME} from {IP}
|
|
33406
|
Audit (監査ログ)
|
Policy: {USER} copied policy {NAME} from {IP}
|
|
33407
|
Audit (監査ログ)
|
Policy: {USER} enabled policy {NAME} from {IP}
|
|
33408
|
Audit (監査ログ)
|
Policy: {USER} disabled policy {NAME} from {IP}
|
|
33409
|
Audit (監査ログ)
|
Policy: {USER} modified priority setting of policy {NAME} from {PRIORITY} to {PRIORITY}
from {IP}
|
|
33410
|
Audit (監査ログ)
|
Policy: {USER} added content filtering rule {NAME} from {IP}
|
|
33411
|
Audit (監査ログ)
|
Policy: {USER} updated content filtering rule {NAME} from {IP}
|
|
33412
|
Audit (監査ログ)
|
Policy: {USER} copied content filtering rule {NAME} from {IP}
|
|
33413
|
Audit (監査ログ)
|
Policy: {USER} deleted content filtering rule {NAME} from {IP}
|
|
33414
|
Audit (監査ログ)
|
Policy: {USER} added antispam rule {NAME} from {IP}
|
|
33415
|
Audit (監査ログ)
|
Policy: {USER} updated antispam rule {NAME} from {IP}
|
|
33416
|
Audit (監査ログ)
|
Policy: {USER} copied antispam rule {NAME} from {IP}
|
|
33417
|
Audit (監査ログ)
|
Policy: {USER} deleted antispam rule {NAME} from {IP}
|
|
33418
|
Audit (監査ログ)
|
Policy: {USER} added advanced threat protection rule {NAME} from {IP}
|
|
33419
|
Audit (監査ログ)
|
Policy: {USER} updated advanced threat protection rule {NAME} from {IP}
|
|
33420
|
Audit (監査ログ)
|
Policy: {USER} copied advanced threat protection rule {NAME} from {IP}
|
|
33421
|
Audit (監査ログ)
|
Policy: {USER} deleted advanced threat protection rule {NAME} from {IP}
|
|
33422
|
Audit (監査ログ)
|
Policy: {USER} added policy notification {NAME} from {IP}
|
|
33423
|
Audit (監査ログ)
|
Policy: {USER} modified policy notification {NAME} from {IP}
|
|
33424
|
Audit (監査ログ)
|
Policy: {USER} deleted some policy notifications from {IP}
|
|
33425
|
Audit (監査ログ)
|
Policy: {USER} copied policy notification {NAME} from {IP}
|
|
33501
|
Audit (監査ログ)
|
Policy:Policy exception settings modified by {USER} from {IP}
|
|
33502
|
Audit (監査ログ)
|
Policy: Graymail exception settings modified by {USER} from {IP}
|
|
33601
|
Audit (監査ログ)
|
Alerts:Alert rule settings modified by {USER} from {IP}
|
|
33701
|
Audit (監査ログ)
|
Report:Report settings changed by {USER} from {IP}
|
|
33801
|
Audit (監査ログ)
|
Detected Messages:Message {NAME} downloaded by {USER} from {IP}
|
|
33802
|
Audit (監査ログ)
|
Detected Messages:Investigation package {NAME} downloaded by {USER} from {IP}
|
|
33901
|
Audit (監査ログ)
|
Quarantine:MsgID {ID} released by {USER} from {IP}
|
|
33902
|
Audit (監査ログ)
|
Quarantine:MsgID {ID} deleted by {USER} from {IP}
|
|
33903
|
Audit (監査ログ)
|
Quarantine: Resumed processing message {ID} by {USER} from {IP}
|
|
34001
|
Audit (監査ログ)
|
Unable to distribute suspicious objects to Check Point OPSEC.Verify that the Check
Point OPSEC settings are correct and that no network problem exists.
|
|
34002
|
Audit (監査ログ)
|
Unable to distribute suspicious objects to Trend Micro TippingPoint SMS.Verify that
the Trend Micro TippingPoint SMS settings are correct and that no network problem
exists.
|
|
34003
|
Audit (監査ログ)
|
Unable to distribute suspicious objects to IBM Security Network Protection XGS.Verify
that the IBM Security Network Protection XGS settings are correct and that no network
problem exists.
|
|
34004
|
Audit (監査ログ)
|
Unable to distribute suspicious objects to Palo Alto Panorama or Firewalls.Verify
that the Palo Alto Panorama or Firewalls settings are correct and that no network
problem exists.
|
|
34005
|
Audit (監査ログ)
|
Unable to generate suspicious objects list.Verify that the Threat Intelligence Sharing
settings are correct.
|
|
34101
|
Audit (監査ログ)
|
End-User Quarantine: EUQ settings modified by {USER} from {IP}
|
|
34102
|
Audit (監査ログ)
|
End-User Quarantine: User Quarantine Access settings modified by {USER} from {IP}
|
|
34103
|
Audit (監査ログ)
|
End-User Quarantine: EUQ Digest settings modified by {USER} from {IP}
|
|
34201
|
Audit (監査ログ)
|
Sender Filtering: Approved Senders list modified by {USER} from {IP}
|
|
34202
|
Audit (監査ログ)
|
Sender Filtering: ERS settings modified by {USER} from {IP}
|
|
34203
|
Audit (監査ログ)
|
Sender Filtering: DHA protection settings modified by {USER} from {IP}
|
|
34204
|
Audit (監査ログ)
|
Sender Filtering: Bounced attack protection settings modified by {USER} from {IP}
|
|
34205
|
Audit (監査ログ)
|
Sender Filtering: SMTP traffic throttling settings modified by {USER} from {IP}
|
|
34206
|
Audit (監査ログ)
|
Sender Filtering: Blocked Senders list modified by {USER} from {IP}
|
|
34207
|
Audit (監査ログ)
|
Sender Filtering: Some Blocked Senders list entries moved to Approved Senders list
by {USER} from {IP}
|
|
35001
|
Audit (監査ログ)
|
Message Queues: Messages deleted by {USER} from {IP}
|
|
35002
|
Audit (監査ログ)
|
Message Queues: Messages delivered by {USER} from {IP}
|
|
35003
|
Audit (監査ログ)
|
Message Queues: All messages delivered by {USER} from {IP}
|
|
35004
|
Audit (監査ログ)
|
Message Tracking: Investigation package {NAME} downloaded by {USER} from {IP}
|
|
41001
|
エンドユーザメール隔離ログ
|
EUQ: {USER} logged on from {IP}
|
|
41002
|
エンドユーザメール隔離ログ
|
EUQ: {USER} logged off from {IP}
|
|
41003
|
エンドユーザメール隔離ログ
|
EUQ: MsgID {ID} released by {USER} from {IP}
|
|
41004
|
エンドユーザメール隔離ログ
|
EUQ: MsgID {ID} deleted by {USER} from {IP}
|
|
41005
|
エンドユーザメール隔離ログ
|
EUQ: Approved Senders list modified by {USER} from {IP}
|