Many networking Operations Interface (OI) messages including TCP/IP Firewall messages (that were all previously logged as successful actions that are not security relevant) are now logged as either successful actions that are security relevant, or failed actions that are security violations in the Sumlog.
The following tables show which networking OI messages (commands, responses, reports, and log-only reports) are logged as either security relevant messages or security violation messages. These tables are derived from (and are a subset of) more general tables in the Networking Encoded Messages Programming Reference Manual.
Table 48. Networking Commands by Code
|
Table Code |
Command/Inquiry Name |
Log Major/Log Minor |
Log Result |
|---|---|---|---|
|
1003 |
ADD CONNECTION |
CNS/GS |
RELEVANT (2) |
|
1004 |
ADD CONNECTION GROUP |
CNS/GS |
RELEVANT (2) |
|
1005 |
ADD CONNECTION PROFILE |
CNS/GS |
RELEVANT (2) |
|
1007 |
ADD HOST |
BNAv2 |
RELEVANT (2) |
|
1009 |
ADD NEIGHBOR |
BNAv2 |
RELEVANT (2) |
|
1017 |
DEBUG |
CNS/MPSM |
RELEVANT (2) |
|
1018 |
APPLICATION AUTHORIZATION |
BNAv2 |
RELEVANT (2) |
|
1019 |
APPLICATION AUTHORIZATION Inquiry |
BNAv2 |
RELEVANT (2) |
|
1022 |
AUTHORIZE |
CNS/LCF |
RELEVANT (2) |
|
1023 |
AUTHORIZE Inquiry |
CNS/LCF |
RELEVANT (2) |
|
1024 |
AVERAGE SEGMENT SIZE |
BNAv2 |
RELEVANT (2) |
|
1025 |
UNIVERSAL TIME COORDINATED |
CNS/LCF |
RELEVANT (2) |
|
1027 |
VALIDATE |
BNAv2 |
RELEVANT (2) |
|
1031 |
CANDIDATE Inquiry |
BNAv2 |
RELEVANT (2) |
|
1047 |
DELETE CONNECTION |
CNS/GS |
RELEVANT (2) |
|
1048 |
DELETE CONNECTION GROUP |
CNS/GS |
RELEVANT (2) |
|
1049 |
DELETE CONNECTION PROFILE |
CNS/GS |
RELEVANT (2) |
|
1051 |
DELETE HOST |
BNAv2 |
RELEVANT (2) |
|
1053 |
DELETE NEIGHBOR |
BNAv2 |
RELEVANT (2) |
|
1054 |
DELETE STATION GROUP |
CNS/LSS |
RELEVANT (2) |
|
1086 |
HOST NAME |
CNS/NPSM |
RELEVANT (2) |
|
1088 |
HOST PASSWORD |
BNAv2 |
RELEVANT (2) |
|
1089 |
HOST PASSWORD Inquiry |
BNAv2 |
RELEVANT (2) |
|
1092 |
LINK RESISTANCE FACTOR |
CNS/GS |
RELEVANT (2) |
|
1097 |
LOCAL IDENTITY |
BNAv2 |
RELEVANT (2) |
|
1102 |
MAXIMUM HOP COUNT |
BNAv2 |
RELEVANT (2) |
|
1104 |
MAXIMUM PROGRAM AGENTS |
CNS/LCF |
RELEVANT (2) |
|
1106 |
MAXIMUM RESISTANCE FACTOR |
BNAv2 |
RELEVANT (2) |
|
1109 |
MODIFY CONNECTION |
CNS/GS |
RELEVANT (2) |
|
1110 |
MODIFY CONNECTION GROUP |
CNS/GS |
RELEVANT (2) |
|
1114 |
MONITOR |
CNS/NPSM |
RELEVANT (2) |
|
1120 |
SPECIAL WINDOW SIZE FACTOR |
BNAv2 |
RELEVANT (2) |
|
1121 |
REMOVE NP FROM SET |
BNAv2 |
RELEVANT (2) |
|
1123 |
NET |
BNAv2 |
RELEVANT (2) |
|
1125 |
NETWORK VERSION |
CNS/MPSM |
RELEVANT (2) |
|
1126 |
LOGGING |
CNS/LCF |
RELEVANT (2) |
|
1128 |
MODIFY HOST |
BNAv2 |
RELEVANT (2) |
|
1129 |
NODE RESISTANCE FACTOR |
BNAv2 |
RELEVANT (2) |
|
1154 |
PROGRAM |
CNS/LCF |
RELEVANT (2) |
|
1157 |
PROGRAM AGENT SECURITY |
CNS/LCF |
RELEVANT (2) |
|
1158 |
PROGRAM AGENT SECURITY Inquiry |
CNS/LCF |
RELEVANT (2) |
|
1177 |
NEIGHBOR PASSWORD |
BNAv2 |
RELEVANT (2) |
|
1178 |
NEIGHBOR PASSWORD Inquiry |
BNAv2 |
RELEVANT (2) |
|
1179 |
REPORTS |
CNS/LCF |
RELEVANT (2) |
|
1193 |
START TRACE |
BNAv2 |
RELEVANT (2) |
|
1228 |
HOST GROUP |
CNS/NPSM |
RELEVANT (2) |
|
1261 |
NETWORK INITIALIZATION FILE VERSION |
CNS/LCF |
RELEVANT (2) |
|
1288 |
NCSDB LOCATION Inquiry |
CNS/LCF |
RELEVANT (2) |
|
1327 |
SUBPORT DEACTIVATE |
BNAv2 |
RELEVANT (2) |
|
2505 |
AUDIT RESPONSES |
CNS/LCF |
RELEVANT (2) |
|
2506 |
AUDIT RESPONSES Inquiry |
CNS/LCF |
RELEVANT (2) |
|
2509 |
CONTROL |
CNS/LCF |
RELEVANT (2) |
|
2514 |
LOG AGENT |
CNS/LCF |
RELEVANT (2) |
|
38002 |
TCP/IP DEBUG |
TCPIP |
RELEVANT (2) |
|
38005 |
TCP/IP IDENTITY |
TCPIP/IP |
RELEVANT (2) |
|
38007 |
TCP/IP HOST NAME |
TCPIT/PIM |
RELEVANT (2) |
|
38012 |
TCP/IP STATUS Inquiry |
TCPIP/IP |
RELEVANT (2) |
|
38021 |
TCP/IP SECURITY STATE |
TCPIP/SECURITY |
RELEVANT (2) |
|
38022 |
TCP/IP SECURITY |
TCPIP/SECURITY |
RELEVANT (2) |
|
38026 |
TCP/IP OPTION |
TCPIP/TCPM |
RELEVANT (2) |
|
38028 |
TCP/IP SSL CIPHERS Inquiry |
TCPIP/SECURITY |
RELEVANT (2) |
|
38029 |
TCP/IP SSL VERSIONS Inquiry |
TCPIP/SECURITY |
RELEVANT (2) |
|
38036 |
TCP/IP DYNAMICINIT |
TCPIP/TCPMGR |
RELEVANT (2) |
|
38042 |
TCP/IP IDENTITY |
TCPIP/IP |
RELEVANT (2) |
|
38044 |
TCP/IP RIP RIPAUTHENTICATION |
TCPIP/RIP |
RELEVANT (2) |
|
38046 |
TCP/IP TCPIPIDENTITY |
TCPIP/IP |
RELEVANT (2) |
|
38049 |
TCP/IP RIP RIPAUTHENTICATION |
TCPIP/RIP |
RELEVANT (2) |
|
38051 |
TCP/IP BROADCASTFILTER |
TCPIP/SECURITY |
RELEVANT (2) |
|
38052 |
TCP/IP MONITOREVENTS |
TCPIP/SECURITY |
RELEVANT (2) |
|
38054 |
TCP/IP IDENTITY |
TCPIP/IP |
RELEVANT (2) |
|
38058 |
TCP/IP STATUS Inquiry |
TCPIP/IP |
RELEVANT (2) |
|
38060 |
TCP/IP STATUS Inquiry |
TCPIP/IP |
RELEVANT (2) |
|
42001 |
SNMP SET |
NMS/SNMP |
RELEVANT (2) |
|
42009 |
SNMP + (Initialization) |
NMS/SNMP |
RELEVANT (2) |
|
42010 |
SNMP - (Termination) |
NMS/SNMP |
RELEVANT (2) |
|
42012 |
SNMP DEBUG |
NMS/SNMP |
RELEVANT (2) |
|
42014 |
SNMP COMMUNITY |
NMS/SNMP |
RELEVANT (2) |
|
42015 |
SNMP TRAP COMMUNITY |
NMS/SNMP |
RELEVANT (2) |
|
42016 |
SNMP REQUEST (AUTHENTICATION FAILURE TRAP) |
NMS/SNMP |
RELEVANT (2) |
|
42020 |
SNMP = |
NMS/SNMP |
RELEVANT (2) |
|
42021 |
SNMP TRAPSOURCE |
NMS/SNMP |
RELEVANT (2) |
Table 49. Networking Reports by Code
|
Code |
Report Name |
Log Major/Log Minor |
Log Result |
|---|---|---|---|
|
8013 |
Add Station Group Command Failed In ICP |
CNS/LSS |
VIOLATION (3) |
|
8031 |
Host Saved |
BNAv2 |
RELEVANT (2) |
|
8041 |
Local Station Validation Failure |
BNAv2 |
VIOLATION (3) |
|
8050 |
Port Level Error |
BNAv2 |
RELEVANT (2) |
|
8055 |
Remote Station Validation Failure |
BNAv2 |
VIOLATION (3) |
|
8058 |
Networking Available |
CNS/NPSM |
RELEVANT (2) |
|
8076 |
Trace Result Received |
BNAv2 |
RELEVANT (2) |
|
8082 |
Apparent Network Configuration Error |
CNS/NPSM |
VIOLATION (3) |
|
8084 |
Logging Level Changed |
CNS/LCF |
RELEVANT (2) |
|
8090 |
Node Shutdown in Progress |
CNS/NPSM |
RELEVANT (2) |
|
8094 |
Router Configuration Error |
BNAv2 |
VIOLATION (3) |
|
8095 |
Neighbor Greeting Timeout Failure |
BNAv2 |
VIOLATION (3) |
|
8096 |
Router Link Validation Failure |
BNAv2 |
VIOLATION (3) |
|
8119 |
Router Configuration Mismatch |
BNAv2 |
VIOLATION (3) |
|
41005 |
TCP/IP Connection Reset |
TCP/IP |
RELEVANT (2) |
|
41009 |
TCP/IP Ping Request Not Sent To <Hostname> |
TCPIP/ICMP |
VIOLATION (3) |
|
41012 |
Duplicate IP Address Detected On Network: |
TCP/IP |
VIOLATION (3) |
|
41013 |
IP Configuration Inconsistency Report |
TCP/IP |
VIOLATION (3) |
|
41015 |
TCP/IP Dynamic Port Filtering Report |
TCP/IP/SECURITY |
RELEVANT (2) |
|
41016 |
TCP/IP Broadcast Filtering Report |
TCP/IP |
VIOLATION (3) |
|
41017 |
Detected Broadcast Storm Ceased |
TCP/IP |
VIOLATION (3) |
Table 50. Networking Log-Only Reports by Code
|
Code |
Log Report Name |
Log Major/Log Minor |
Log Result |
|---|---|---|---|
|
18010 |
BNA Router Frame Error |
BNAv2 |
RELEVANT (2) |
|
18047 |
Port Level Log |
BNAv2 |
RELEVANT (2) |
|
18049 |
Router Monitor Copy |
BNAv2 |
RELEVANT (2) |
|
18051 |
Router Monitor Summary |
BNAv2 |
RELEVANT (2) |
|
18116 |
TCP/IP ICMP Reports Display |
TCPIP/ICMP |
RELEVANT (2) |
|
18117 |
TCP/IP Reset Reports Display |
TCPIP/TCP |
RELEVANT (2) |
|
18118 |
TCP/IP Error Reports Display |
TCPIP/TCP |
RELEVANT (2) |
|
18126 |
TCP/IP Security |
TCPIP/SECURITY |
VIOLATION (3) |
|
18127 |
TCP/IP Security |
TCPIP/SECURITY |
VIOLATION (3) |
|
18128 |
TCP/IP MonitorEvents Report |
TCPIP/SECURITY |
RELEVANT (2) |
|
18129 |
TCP/IP Security |
TCPIP/SECURITY |
VIOLATION (3) |
|
18130 |
TCP/IP Security |
TCPIP/SECURITY |
VIOLATION (3) |
|
18131 |
TCP/IP Dynamic Port Filtering |
TCPIP/SECURITY |
RELEVANT (2) |
|
18132 |
TCP/IP IPsec Report |
TCPIP/SECURITY |
VIOLATION (3) |
