List of events

The screen consists of three columns, as well as a help page at the end of the line for each event type.

Username

This field shows the number that identifies the event. It cannot be edited.

Level

This column shows the default alarm levels assigned to events.

 

There are 4 levels, which you can modify by selecting the desired level from the drop-down list. This list appears when you click on the downward arrow on the right:

  • Ignore: No logs on the event will be kept.
  • Minor: As soon as the event concerned is detected, a minor alarm will be generated. This alarm is transferred to the logs, and can be sent by Syslog (Logs – Syslog) or by e-mail (see module E-mail alerts).
  • Major: As soon as the event concerned is detected, a minor alarm will be generated. This alarm is transferred to the logs, and can be sent by Syslog (Logs – Syslog) or by e-mail (see module E-mail alerts).
  • Log: The Stormshield Network firewall does not do anything. This is useful when you wish to log only certain types of traffic without applying any particular action.

Message (language depends on the firewall language)

This field shows the name of the system event and its characteristics (cannot be edited).

NOTE

By clicking on the arrow on the right side of the column header, you can invert the order in which events appear.

Open help

When you select an event from the list by clicking on it, a “Show help” link appears.

 

Clicking on this link will take you to the Stormshield Network knowledge base, providing more details on the information relating to the event.

Configure

Send an e-mail: an e-mail will be sent when this alarm is raised (cf. module E-mail alerts) with the following conditions:

  • Number of alarms before sending: minimum number of alarms required before an e-mail is sent, during the period defined hereafter.
  • During the period of (seconds): period in seconds during which alarms have been raised, before an e-mail is sent.

 

Quarantine host: the packet that caused the alarm will be blocked with the following parameters. To remove a packet from quarantine, use Stormshield Network Realtime Monitor.

  • for a period of (minutes): duration of the quarantine

 

GENERAL NOTE

When you modify the alarm level of an event, don’t forget to click on “Apply” at the bottom of the page, in order to confirm your action.

System alarms list

ID

Name

Description

1

System shutdown

System shutdown

2

Authentication failed for

Authentication failed for

3

Connection terminated for

Connection terminated for

4

20% left in log file

20% left in log file

5

Connection established for

Connection established for

6

IPsec phase 1 failed

IPsec phase 1 failed

7

IPsec phase 2 failed

IPsec phase 2 failed

8

IPsec pre-shared key not found

IPsec pre-shared key not found

9

Firewall startup

Firewall startup

10

HA: Mode change

HA: Mode change

11

HA: Peer lost

HA: Peer lost

12

Invalid CRL

Invalid CRL

13

Invalid Certificate

Invalid Certificate

14

log partition has changed

log partition has changed

15

System error

System error

16

User denied in IPSEC negotiation

User denied in IPSEC negotiation

17

Antivirus: update failed

Antivirus: Update failed

18

Antivirus: update successful

Antivirus: Update successful

19

LDAP unreachable

LDAP unreachable

20

DNS error

DNS error

21

Certificate Revocation List is expired

Certificate Revocation List is expired

22

Certificate Revocation List expires in less than 3 days

Certificate Revocation List expires in less than 3 days

23

RAID alert:

RAID alert:

24

Watchdog has rebooted firewall

Watchdog has rebooted firewall

25

System date corrupted at boot

System date corrupted at boot

26

System updated

System updated

27

System date has been changed

System date has been changed

28

Many authentication failures

Many authentication failures

29

Backup dialup(s) activated

Backup dialup(s) activated

30

Client connection on local PPTP server established for

Client connection on local PPTP server established for

31

Client connection on local PPTP server terminated for

Client connection on local PPTP server terminated for

32

Authentication failed on local PPTP server for

Authentication failed on local PPTP server for

33

No PPPoE peer has answered for

No PPPoE peer has answered for

34

Your release is old, check that you are up to date.

Your release is old, check that you are up to date.

35

This dynamic DNS client configuration has been tagged invalid:

This dynamic DNS client configuration has been tagged invalid:

36

This dynamic DNS client configuration has bend successfully updated:

This dynamic DNS client configuration has bend successfully updated:

37

Interface up:

Interface up:

38

Interface down:

Interface down:

39

Server switched:

Server switched:

40

Custom event:

Custom event:

41

Active Update: update successful

Active Update: Update successful

42

Active Update: update failed

Active Update: Update failed

43

Active Update: your license has expired

Active Update: your license has expired

44

Antivirus failed:

Antivirus failed:

45

Too many Authentication failures:

Too many Authentication failures:

46

DHCP interface got a new IP address:

DHCP interface got a new IP address:

47

DHCP interface has released its IP address:

DHCP interface has released its IP address:

48

Restoring configuration from USB token:

Restoring configuration from USB token:

49

Installation of the secure configuration:

Installation of the secure configuration:

50

USB error:

USB error:

51

Activation error:

Activation error:

52

The event returned an unhandled error code:

The event returned an unhandled error code:

53

The following slot activation did not succeed:

The following slot activation did not succeed:

54

System was not properly halted

System was not properly halted

55

DNS cache is cycled too quickly

DNS cache is cycled too quickly

56

Get CRL failed

Get CRL failed

57

Invalid CRL

Invalid CRL

58

Invalid QoS queue in the filtering slot

Invalid QoS queue in the filtering slot

59

Configuration has been modified

Configuration has been modified

60

Configuration has been validated

Configuration has been validated

61

L2TP:

L2TP:

62

Error while validating configuration

Error while validating configuration

63

Invalid password for configuration

Invalid password for configuration

64

HA: PVM database sync failure

HA: PVM database sync failure

65

Globalgen : hardware configuration file created

Globalgen : hardware configuration file created

66

Problem reported on hard disk:

Problem reported on hard disk:

67

Network: Unexpected media type change

Network: Unexpected media type change

68

License Update: A new license is available

License Update: A new license is available

69

License Update: Temporary license, need to register

License Update: Temporary license, need to register

70

License Update: Download error

License Update: Download error

71

License Update: New license installed

License Update: New license installed

72

License Update: New license installed: need reboot

License Update: New license installed: need reboot

73

License: a feature has expired :

License: a feature has expired :

74

License: remaining days before expiration of

License: remaining days before expiration of

75

This address is banned from webadmin access : bruteforcing detection

This address is banned from webadmin access : bruteforcing detection

76

IPsec failover: peer is dead, switching to other peer

IPsec failover: peer is dead, switching to other peer

77

LDAP Base backend LDBM not supported. Ldap restore not performed

LDAP Base backend LDBM not supported. Ldap restore not performed

78

The webadmin portal is under brute force attack

The webadmin portal is under brute force attack

79

Configuration Migration:

Configuration Migration:

80

Patterns database is corrupted, you should try to update it with the force option

Patterns database is corrupted, you should try to update it with the force option

81

HA: Can't synchronize reports: Some firewalls have a log disk while others don't

HA: Can't synchronize reports: Some firewalls have a log disk while others don't

82

Remote host reachable:

Remote host reachable:

83

Remote host unreachable:

Remote host unreachable:

84 Aggregated link up: Aggregated link up:
85 Aggregated link down: Aggregated link down:
86 Backup successful Backup successful
87 Backup failed Backup failed
88 Power: Power:
89 Connection error with agentAD: Connection error with agentAD:
90 Topology change Topology change
91 Malicious file has been detected, hash: Malicious file has been detected, hash:
92 Remote service is no longer reachable: Remote service is no longer reachable:
93 Remote service is reachable: Remote service is reachable:
94 An error occurred loading a proxy functionality: An error occurred loading a proxy functionality: