Network Prevent for Web operational log files and event codes

Network Prevent for Web
operational log files and event codes

Network Prevent for Web
log file names use the format of WebPrevent_Operational
X
.log (where
X
is a number). The number of files that are stored and their sizes can be specified by changing the values in the
FileReaderLogging.properties
file. This file is in the
c:\Program Files\Symantec\DataLossPrevention\DetectionServer\15.8.00000\Protect\config
(Windows) or
/opt/Symantec/DataLossPrevention/DetectionServer/15.8.00000/Protect/config
(Linux) directory. By default, the values are:
  • com.vontu.icap.log.IcapOperationalLogHandler.limit = 5000000
  • com.vontu.icap.log.IcapOperationalLogHandler.count = 5
Status codes for
Network Prevent for Web
operational logs
lists the
Network Prevent for Web
-defined operational logging codes by category. The italicized part of the text contains event parameters.
Status codes for
Network Prevent for Web
operational logs
Code
Text and Description
Operational Events
1100
Starting
Network Prevent for Web
1101
Shutting down
Network Prevent for Web
Connectivity Events
1200
Listening for incoming connections at
icap_bind_address
:
icap_bind_port
Where:
  • icap_bind_address
    is the
    Network Prevent for Web
    bind address to which the server listens. This address is specified with the Icap.BindAddress Advanced Setting.
  • icap_bind_port
    is the port at which the server listens. This port is set in the
    Server > Configure
    page.
1201
Connection (
id=conn_id
) opened from
host(icap_client_ip:icap_client_port)
Where:
  • conn_id
    is the connection ID that is allocated to this connection. This ID can be helpful in doing correlations between multiple logs.
  • icap_client_ip
    and
    icap_client_port
    are the proxy's IP address and port from which the connect operation to
    Network Prevent for Web
    was performed.
1202
Connection (
id=conn_id
) closed (
close_reason
)
Where:
  • conn_id
    is the connection ID that is allocated to the connect operation.
  • close_reason
    provides the reason for closing the connection.
1203
Connection states: REQMOD=
N
, RESPMOD=
N
, OPTIONS=
N
, OTHERS=
N
Where
N
indicates the number of connections in each state, when the message was logged.
This message provides the system state in terms of connection management. It is logged whenever a connection is opened or closed.
Connectivity Errors
5200
Failed to create listener at
icap_bind_address:icap_bind_port
Where:
  • icap_bind_address
    is the
    Network Prevent for Web
    bind address to which the server listens. This address can be specified with the Icap.BindAddress Advanced Setting.
  • icap_bind_port
    is the port at which the server listens. This port is set on the
    Server > Configure
    page.
5201
Connection was rejected from unauthorized host (
host_ip
:
port
)
Where
host_ip
and
port
are the proxy system IP and port address from which a connect attempt to
Network Prevent for Web
was performed. If the host is not listed in the Icap.AllowHosts Advanced setting, it is unable to form a connection.