System Event Logs

The following table lists the system event logs in Deep Discovery Email Inspector.

Table 1. System event logs

ID

Log Type

Message

11001

Update events

Product Updates: {USER} installed hot fix {VERSION} from {IP}

11002

Update events

Product Updates: {USER} rolled back hot fix {VERSION} from {IP}

11003

Update events

Product Updates: Appliance firmware upgraded by {USER} from {IP}

12001

Update events

Deep Discovery Director: Hotfix update successful

12002

Update events

Deep Discovery Director: Firmware update successful

12003

Update events

Deep Discovery Director: Virtual Analyzer image import successful

12004

Update events

Deep Discovery Director: Configuration update successful

12005

Update events

Deep Discovery Director: Unregistered by Deep Discovery Director administrator

12101

Update events

Deep Discovery Director: Suspicious object synchronization with Apex Central disabled

12201

Update events

Deep Discovery Director: End-User Quarantine configuration disabled

130xx

Update events

ActiveUpdate: {COMPONENT} downloaded manually by {USER} from {IP}

131xx

Update events

ActiveUpdate: {COMPONENT} unsuccessfully downloaded manually by {USER} from {IP}

132xx

Update events

ActiveUpdate: {COMPONENT} downloaded by scheduled update

133xx

Update events

ActiveUpdate: {COMPONENT} unsuccessfully downloaded by scheduled update

134xx

Update events

ActiveUpdate: {COMPONENT} rolled back to version {VERSION} by {USER} from {IP}

135xx

Update events

ActiveUpdate: {COMPONENT} unsuccessfully rolled back by {USER} from {IP}

136xx

Update events

ActiveUpdate Exception - Apply {COMPONENT} {VERSION} to local scanner failed

20101

Audit log

System started

20102

Audit log

System stopped

20201

Audit log

Service started

20202

Audit log

Service stopped

20301

Audit log

License: {NAME} license expired, grace period ends on {DATE}

20302

Audit log

License: {NAME} license expired

20303

Audit log

License: {NAME} license updated

20401

Audit log

System Maintenance: Device powered off by {USER} from {IP}

20402

Audit log

System Maintenance: Device restarted by {USER} from {IP}

20501

Audit log

Logon: 'admin' logged on from {HOST} via SSH

20502

Audit log

Logon: Attempted logon with user name ('admin') from {HOST} via SSH

20503

Audit log

Logon: 'root' logged on from {HOST} with token {NAME} via SSH

20504

Audit log

Logon: Attempted logon with user name ('root') from {HOST} via SSH

20505

Audit log

Logon: 'admin' logged off from {HOST} via SSH

20506

Audit log

Logon: 'root' logged off from {HOST} with token {NAME} via SSH

20507

Audit log

Logon: Attempted logon with user name {USER} from {HOST} via SSH

30101

Audit log

Active update source setting was changed

30102

Audit log

Active update schedule setting was changed

30201

Audit log

System Settings: Host name saved as {NAME} by {USER} from {IP}

30202

Audit log

System Settings: {INTERFACE} IPv4 address and subnet mask were saved as {SUBNET} by {USER} from {IP}

30203

Audit log

System Settings: {INTERFACE} IPv6 address and prefix length were saved as {IP}/{LENGTH} by {USER} from {IP}

30204

Audit log

System Settings: {INTERFACE} IPv4 gateway saved as {GATEWAY} by {USER} from {IP}

30205

Audit log

System Settings: {INTERFACE} IPv6 gateway saved as {GATEWAY} by {USER} from {IP}

30206

Audit log

System Settings: {INTERFACE} primary IPv4 DNS server saved as {IP} and secondary IPv4 DNS server saved as {IP} by {USER} from {IP}

30207

Audit log

System Settings: {INTERFACE} primary IPv6 DNS server saved as {IP} and secondary IPv6 DNS server saved as {IP} by {USER} from {IP}

30208

Audit log

System Settings: {INTERFACE} IPv4 address and subnet mask deleted by {USER} from {IP}

30301

Audit log

System Settings: Operation mode saved as {MODE} by {USER} from {IP}

30401

Audit log

System Settings: Proxy settings modified by {USER} from {IP}

30402

Audit log

System Settings: Proxy settings unsuccessfully modified by {USER} from {IP}

30501

Audit log

System Settings: SMTP server settings modified by {USER} from {IP}

30601

Audit log

System Settings: System time zone saved as {ZONE} by {USER} from {IP}

30602

Audit log

System Settings: NTP server synchronization enabled by {USER} from {IP}

30603

Audit log

System Settings: NTP server synchronization disabled by {USER} from {IP}

30604

Audit log

System Settings: System time saved as {TIME} by {USER} from {IP}

30605

Audit log

System Settings: Database time zone saved as {ZONE} by {USER} from {IP}

30606

Audit log

System Settings: NTP server saved as {NAME} by {USER} from {IP}

30701

Audit log

System Settings: SNMP settings modified by {USER} from {IP}

30702

Audit log

System Settings: SNMP MIB files downloaded by {USER} from {IP}

30703

Audit log

System setting: Session timeout setting modified by {USER} from {IP}

30801

Audit log

Mail Settings: SMTP Connection setting saved by {USER} from {IP}

30802

Audit log

Mail Settings: TLS certificate uploaded by {USER} from {IP}

30803

Audit log

Mail Settings: TLS certificate downloaded by {USER} from {IP}

30901

Audit log

Mail Settings: Delivery profiles exported by {USER} from {IP}

30902

Audit log

Mail Settings: Delivery profiles unsuccessfully exported by {USER} from {IP}

30903

Audit log

Mail Settings: Delivery profiles imported by {USER} from {IP}

30904

Audit log

Mail Settings: Mail Settings: Delivery profiles unsuccessfully imported due to maximum entries (256) exceeded

30905

Audit log

Mail Settings: Delivery profiles unsuccessfully imported by {USER} from {IP}

30906

Audit log

Mail Settings: Delivery profile added by {USER} from {IP}

30907

Audit log

Mail Settings: Delivery profile modified by {USER} from {IP}

30908

Audit log

Mail Settings: Delivery profile deleted by {USER} from {IP}

31001

Audit log

Mail Settings: Mail settings modified by {USER} from {IP}

31101

Audit log

Mail Settings: SMTP server greeting saved by {USER} from {IP}

31102

Audit log

Mail Settings: Internal domain settings modified by {USER} from {IP}

31103

Audit log

Mail Settings: Internal domains imported by {USER} from {IP}

31104

Audit log

Mail Settings: Internal domain '%s' added through a policy by {USER} from {IP}

31201

Audit log

Log Settings: {NAME} syslog server profile created by {USER} from {IP}

31202

Audit log

Log Settings: {NAME} syslog server profile deleted by {USER} from {IP}

31203

Audit log

Log Settings: {NAME} syslog server profile modified by {USER} from {IP}

31204

Audit log

Log Settings: {NAME} enabled by {USER} from {IP}

31205

Audit log

Log Settings: {NAME} disabled by {USER} from {IP}

31301

Audit log

Integrated Products/Services: SFTP Upload settings modified by {USER} from {IP}

31401

Audit log

Integrated Products/Services: Microsoft Active Directory Integration settings modified by {USER} from {IP}

31501

Audit log

Integrated Products/Services: Threat Intelligent Sharing settings modified by {USER} from {IP}

31502

Audit log

Integrated Products/Services: {USER} generate suspicious objects list from {IP}

31601

Audit log

Integrated Products/Services: Auxiliary Products/Services settings modified by {USER} from {IP}

31602

Audit log

Integrated Products/Services: {USER} clicked Auxiliary Products/Services > Distribute Now from {IP}

31701

Audit log

Systems Settings: Apex Central settings modified by {USER} from {IP}

31702

Audit log

System Settings: Suspicious object synchronization enabled by {USER} from {IP}

31703

Audit log

System Settings: Suspicious object synchronization disabled by {USER} from {IP}

31801

Audit log

System Settings: Proxy settings for Deep Discovery Director modified by {USER} by {IP}

31802

Audit log

System Settings: Registered to Deep Discovery Director by {USER} from {IP}

31803

Audit log

System Settings: Unregistered from Deep Discovery Director by {USER} from {IP}

31804

Audit log

System Settings: Deep Discovery Director fingerprint trusted by {USER} from {IP}

31901

Audit log

Scanning / Analysis: Image imported by {USER} from {IP}

31902

Audit log

Scanning / Analysis: Image deleted by {USER} from {IP}

31903

Audit log

Scanning / Analysis: Number of instances for each Virtual Analyzer image modified by {USER} from {IP}

32001

Audit log

Scanning / Analysis: Virtual Analyzer settings modified by {USER} from {IP}

32101

Audit log

Scanning / Analysis: {PRODUCT NAME} registered to the external Virtual Analyzer

32102

Audit log

Scanning / Analysis: Unable to register to the external Virtual Analyzer

32103

Audit log

Scanning / Analysis: {PRODUCT NAME} unregistered from the external Virtual Analyzer

32104

Audit log

Scanning / Analysis: Virtual Analyzer external integration settings modified by {USER} from ''%s''

32201

Audit log

Scanning / Analysis: File Passwords setting was modified by {USER} from {IP}

32301

Audit log

Scanning / Analysis: Smart Protection settings modified by {USER} from {IP}

32401

Audit log

Scanning / Analysis: Smart Feedback settings modified by {USER} from {IP}

32501

Audit log

Scanning / Analysis: {USER} added YARA rule {NAME} from {IP}

32502

Audit log

Scanning / Analysis: {USER} modified YARA rule {NAME} from {IP}

32503

Audit log

Scanning / Analysis: {USER} deleted YARA rule {NAME} from {IP}

32504

Audit log

Scanning / Analysis: {USER} modified status for YARA rule {NAME} from {IP}

32510

Audit log

Scanning / Analysis: Time-of-Click settings modified by {USER} from {IP}

32520

Audit log

Scanning / Analysis: High-Profile Users settings modified by {USER} from {IP}

32521

Audit log

Scanning / Analysis: Internal Domains settings modified by {USER} from {IP}

32522

Audit log

Scanning / Analysis: Approved Senders settings modified by {USER} from {IP}

32530

Audit log

Scanning / Analysis: URL Scanning setting modified by {USER} from {IP}

32601

Audit log

System Maintenance: Configuration imported by {USER} from {IP}

32602

Audit log

System Maintenance: Configuration unsuccessfully imported by {USER} from {IP}

32603

Audit log

System Maintenance: Configuration exported by {USER} from {IP}

32604

Audit log

System Maintenance: Configuration unsuccessfully exported by {USER} from {IP}

32701

Audit log

System Maintenance: Data purge started automatically

32702

Audit log

System Maintenance: Data purge completed ({MIN} min {SEC} s)

32703

Audit log

System Maintenance: Storage maintenance setting modified by {USER} from {IP}

32801

Audit log

System Maintenance: System log level setting modified by {USER} from {IP}

32901

Audit log

Accounts / Contacts: {USER} created the account {NAME} from {IP}

32902

Audit log

Accounts / Contacts: {USER} deleted the account {NAME} from {IP}

32903

Audit log

Accounts / Contacts: {USER} modified the account {NAME} from {IP}

32904

Audit log

Accounts / Contacts: {USER} unlocked the account {NAME} from {IP}

33001

Audit log

Logon: {USER} logged on as {ROLE} role from {IP}

33002

Audit log

Logon: {USER} logged off from {IP}

33003

Audit log

Logon: Attempted logon with an invalid user name ({USER}) or password from {IP}

33004

Audit log

Logon: Attempted logon with a disabled user name ({USER}) from {IP}

33005

Audit log

Logon: Attempted logon with a locked user name {NAME} from {IP}

33006

Audit log

Logon: Unlocked user name {NAME} from {IP}

33007

Audit log

RDQA Logon: ''{USER}'' logged on as {NAME} role from {IP}

33008

Audit log

RDQA Logon: ''{USER}" logged off

33009

Audit log

RDQA Logon: Attempted logon with an invalid user name ''{USER}'' or password from {IP}

33010

Audit log

RDQA Logon: Attempted logon with a disabled user name ''{USER}'' from {IP}

33011

Audit log

RDQA Logon: Attempted logon with a locked user name ''{USER}'' from {IP}

33012

Audit log

RDQA Logon: Unlocked user name ''{USER}'' from {IP}

33101

Audit log

Accounts / Contacts: Contacts for alert notifications and reports modified by {USER} from {IP}

33201

Audit log

Accounts / Contacts: {USER} modified the password for {NAME} from {IP}

33301

Audit log

License: {NAME} license activated by {USER} from {IP}

33302

Audit log

License: Attempted to activate {NAME} license using an invalid Activation Code by {USER} from {IP}

33303

Audit log

License: {NAME} license updated by {USER} from {IP}

33401

Audit log

Policy: Policy setting changed by {USER} from {IP}

33402

Audit log

Policy: {USER} added policy {NAME} from {IP}

33403

Audit log

Policy: {USER} modified policy {NAME} from {IP}

33404

Audit log

Policy: {USER} imported policies from {IP}

33405

Audit log

Policy: {USER} deleted policy {NAME} from {IP}

33406

Audit log

Policy: {USER} copied policy {NAME} from {IP}

33407

Audit log

Policy: {USER} enabled policy {NAME} from {IP}

33408

Audit log

Policy: {USER} disabled policy {NAME} from {IP}

33409

Audit log

Policy: {USER} modified priority setting of policy {NAME} from {PRIORITY} to {PRIORITY} from {IP}

33410

Audit log

Policy: {USER} added content filtering rule {NAME} from {IP}

33411

Audit log

Policy: {USER} updated content filtering rule {NAME} from {IP}

33412

Audit log

Policy: {USER} copied content filtering rule {NAME} from {IP}

33413

Audit log

Policy: {USER} deleted content filtering rule {NAME} from {IP}

33414

Audit log

Policy: {USER} added antispam rule {NAME} from {IP}

33415

Audit log

Policy: {USER} updated antispam rule {NAME} from {IP}

33416

Audit log

Policy: {USER} copied antispam rule {NAME} from {IP}

33417

Audit log

Policy: {USER} deleted antispam rule {NAME} from {IP}

33418

Audit log

Policy: {USER} added advanced threat protection rule {NAME} from {IP}

33419

Audit log

Policy: {USER} updated advanced threat protection rule {NAME} from {IP}

33420

Audit log

Policy: {USER} copied advanced threat protection rule {NAME} from {IP}

33421

Audit log

Policy: {USER} deleted advanced threat protection rule {NAME} from {IP}

33422

Audit log

Policy: {USER} added policy notification {NAME} from {IP}

33423

Audit log

Policy: {USER} modified policy notification {NAME} from {IP}

33424

Audit log

Policy: {USER} deleted some policy notifications from {IP}

33425

Audit log

Policy: {USER} copied policy notification {NAME} from {IP}

33426

Audit log

Policy: {USER} added archive server {NAME} from {IP}

33427

Audit log

Policy: {USER} modified archive server {NAME} from {IP}

33428

Audit log

Policy: {USER} deleted some archive servers from {IP}

33429

Audit log

Policy: {USER} added DLP rule {NAME} from {IP}

33430

Audit log

Policy: '{USER} updated DLP rule {NAME} from {IP}

33431

Audit log

Policy: {USER} copied DLP rule {NAME} from {IP}

33432

Audit log

Policy: {USER} deleted DLP rule {NAME} from {IP}

33433

Audit log

Policy Objects: {USER} added expression {NAME} from {IP}

33434

Audit log

Policy Objects: {USER} updated expression {NAME} from {IP}

33435

Audit log

Policy Objects: {USER} copied expression {NAME} from {IP}

33436

Audit log

Policy Objects: {USER} deleted expression {NAME} from {IP}

33437

Audit log

Policy Objects: {USER} imported expression file from {IP}

33438

Audit log

Policy Objects: {USER} added file attribute {NAME} from {IP}

33439

Audit log

Policy Objects: {USER} updated file attribute {NAME} from {IP}

33440

Audit log

Policy Objects: {USER} copied file attribute {NAME} from {IP}

33441

Audit log

Policy Objects: {USER} deleted file attribute {NAME} from {IP}

33442

Audit log

Policy Objects: {USER} imported file attribute file from {IP}

33443

Audit log

Policy Objects: {USER} added keyword list {NAME} from {IP}

33444

Audit log

Policy Objects: {USER} updated keyword list {NAME} from {IP}

33445

Audit log

Policy Objects: {USER} copied keyword list {NAME} from {IP}

33446

Audit log

Policy Objects: {USER} deleted keyword list {NAME}from {IP}

33447

Audit log

Policy Objects: {USER} imported keyword list file from {IP}

33448

Audit log

Policy Objects: {USER} added template {NAME} from {IP}

33449

Audit log

Policy Objects: {USER} updated template {NAME} from {IP}

33450

Audit log

Policy Objects: {USER} copied template {NAME} from {IP}

33451

Audit log

Policy Objects: {USER} deleted template {NAME} from {IP}

33452

Audit log

Policy Objects: {USER} imported template file from {IP}

33501

Audit log

Policy: Policy exception settings modified by {USER} from {IP}

33502

Audit log

Policy: Graymail exception settings modified by {USER} from {IP}

33601

Audit log

Alerts: Alert rule settings modified by {USER} from {IP}

33701

Audit log

Report: Report settings changed by {USER} from {IP}

33801

Audit log

Detected Messages: Message {NAME} downloaded by {USER} from {IP}

33802

Audit log

Detected Messages: Investigation package {NAME} downloaded by {USER} from {IP}

33901

Audit log

Quarantine: MsgID {ID} released by {USER} from {IP}

33902

Audit log

Quarantine: MsgID {ID} deleted by {USER} from {IP}

33903

Audit log

Quarantine: Resumed processing message {ID} by {USER} from {IP}

33904

Audit log

Quarantine: Message {ID} unlocked and reprocessed by {USER} from {IP}

34001

Audit log

Unable to distribute suspicious objects to Check Point OPSEC. Verify that the Check Point OPSEC settings are correct and that no network problem exists.

34002

Audit log

Unable to distribute suspicious objects to Trend Micro TippingPoint SMS. Verify that the Trend Micro TippingPoint SMS settings are correct and that no network problem exists.

34003

Audit log

Unable to distribute suspicious objects to IBM Security Network Protection XGS. Verify that the IBM Security Network Protection XGS settings are correct and that no network problem exists.

34004

Audit log

Unable to distribute suspicious objects to Palo Alto Panorama or Firewalls. Verify that the Palo Alto Panorama or Firewalls settings are correct and that no network problem exists.

34005

Audit log

Unable to generate suspicious objects list. Verify that the Threat Intelligence Sharing settings are correct.

34101

Audit log

End-User Quarantine: EUQ settings modified by {USER} from {IP}

34102

Audit log

End-User Quarantine: User Quarantine Access settings modified by {USER} from {IP}

34103

Audit log

End-User Quarantine: EUQ Digest settings modified by {USER} from {IP}

34201

Audit log

Sender Filtering: Approved Senders list modified by {USER} from {IP}

34202

Audit log

Sender Filtering: ERS settings modified by {USER} from {IP}

34203

Audit log

Sender Filtering: DHA protection settings modified by {USER} from {IP}

34204

Audit log

Sender Filtering: Bounced attack protection settings modified by {USER} from {IP}

34205

Audit log

Sender Filtering: SMTP traffic throttling settings modified by {USER} from {IP}

34206

Audit log

Sender Filtering: Blocked Senders list modified by {USER} from {IP}

34207

Audit log

Sender Filtering: Some Blocked Senders list entries moved to Approved Senders list by {USER} from {IP}

34208

Audit log

Sender Filtering: SPF settings modified by {USER} from {IP}

34209

Audit log

Sender Filtering: DKIM Authentication settings modified by {USER} from {IP}

34210

Audit log

Sender Filtering: DKIM Signatures settings modified by {USER} from {IP}

34211

Audit log

Sender Filtering: DMARC settings modified by {USER} from {IP}

35001

Audit log

Message Queues: Messages deleted by {USER} from {IP}

35002

Audit log

Message Queues: Messages delivered by {USER} from {IP}

35003

Audit log

Message Queues: All messages delivered by {USER} from {IP}

35004

Audit log

Message Tracking: Investigation package {NAME} downloaded by {USER} from {IP}

35005

Audit log

Email Submissions: Message submitted by {USER} from {IP}

35006

Audit log

Message Queues: Messages rerouted by to {IP} by {USER} from {IP}

35007

Audit log

Message Queues: All messages rerouted by to {IP} by {USER} from {IP}

35011

Audit log

Integrated Products/Services: Registered to Email Encryption server by {USER} from {IP}

35012

Audit log

Integrated Products/Services: Domain {DOMAIN} added to Email Encryption server by {USER} from {IP}

35013

Audit log

Integrated Products/Services: Domain {DOMAIN} deleted from Email Encryption server by {USER} from {IP}

35014

Audit log

Integrated Products/Services: Key file uploaded to Email Encryption server for domain {DOMAIN} by {USER} from {IP}

35016

Audit log

Integrated Products/Services: Default sender modified to {SENDER} for Email Encryption by {USER} from {IP}

35017

Audit log

Integrated Products/Services: Email address modified to {EMAIL} for Email Encryption by {USER} from {IP}

41001

EUQ log

EUQ: {USER} logged on from {IP}

41002

EUQ log

EUQ: {USER} logged off from {IP}

41003

EUQ log

EUQ: MsgID {ID} released by {USER} from {IP}

41004

EUQ log

EUQ: MsgID {ID} deleted by {USER} from {IP}

41005

EUQ log

EUQ: Approved Senders list modified by {USER} from {IP}