Current Position:Home > AccAD Audit events - explained

AccAD Audit events - explained

Update:11-30Source: network consolidation
Here is a list of messages
"DEVICE_ACTIVATED" generated during startup of AccAD device
"DEVICE_UNACTIVATED" generated during shutdown of AccAD device
"LINK_ESTABLISHED" every time one AccAD device connected to other - Wed Dec 7 07:23:33 0 INFO LINK_ESTABLISHED INFO_LOGS Link [1001,1002] is operational
"LINK_CANCELED"  - every time connection between AccAD devices broken - Wed Dec 7 07:23:33 0 INFO LINK_CANCELED INFO_LOGS Link [1001,1002] failed
"POLICY_DOWNLOAD_FAILURE" AccAD device failed to download policy part from repository
"POLICY_EXECUTION_FAILURE" AccAD device failed to execute part of policy
"SERVICEONHOST_NOT_FUNCTIONING" Backend is not available for communication ( communication failure reason is provided ) Tue Dec 6 13:12:32 WARNING SERVICEONHOST_NOT_FUNCTIONING INFO_LOGS Connection timed out
"SERVICEONHOST_ACTIVATION_DETECTED" Communication problems with backend was fixed e.g. backend is available again - Tue Dec 6 13:12:40 2011 WARNING SERVICEONHOST_ACTIVATION_DETECTED INFO_LOGS  Restored connection to server
"SRM_CONNECTOR_NOT_FOUND_ERROR" Reported each time when for particular service connector not found ( connector is a part of AccAD that creates sockets for communication with backend
"SRM_HTTP_AGGREGATION_TIMEOUT_ERROR" Generated in case if aggregation process in socket is failed with timeout e.g. client or backend stops to send HTTP header for example
"SRM_HTTP_HEADER_PROCESSING_ERROR" Received HTTP header is too long or in wrong format
"SUSPECTED_FLOOD" Currently unused, reserved for cases when download rate of sockets was adjusted
"VLM_SSL_VERIFICATION_FAIL" Generated when other AccAD device certificates are incorrect, could be DoS attack or attempt to hack
"VLM_DEVICE_ID_VERIFICATION_FAIL" Generated when device id in certificate is different from actual device id
"VLM_VERSION_VERIFICATION_FAIL" Generated when versions of AccAD devices are different
"VLM_INCORRECT_CONFIGURATION" Currently unused, reserved for cases of VMlink Manager misconfiguration, for example number of streams requested by user are unsupported
"VLM_ACCEPT_FAIL" AccAD Link / tunnel could not accept incoming connections or incoming connection is problematic. For example, two AccAD devices with same device id tries to connect to this device. Most popular reason for this audit event is incorrect link ip or port.
"VLM_CONNECT_FAIL" AccAD device fails to connect to specified AccAD device due various reasons e.g. check audit events generated by other device or check link ip / port
"COMPRESSION_ERROR" Compression / Decompression / Online Offline analysis errors reported under this category
"NODE_IN_CLUSTER_NOT_FUNCTIONING" One of nodes in backend cluster are not available
"NODE_IN_CLUSTER_ACTIVATION_DETECTED" node in backend cluster become available

The Best Answer

By default, the events are generated in GMT-0 timezone to allow distributed environment with machines in different timezones to record a coherent time.
You can add a formula in your reports to adjust to your timezone.
  • AccAD Audit events - explained Update:11-30

    Here is a list of messages "DEVICE_ACTIVATED" generated during startup of AccAD device "DEVICE_UNACTIVATED" generated during shutdown of AccAD device "LINK_ESTABLISHED" every time one AccAD device connected to other - Wed Dec

  • Audit Event Logging - attributes automatically converted to uppercase? Update:11-30

    Hi, we have the issue of registering auditing events; when we register a new audit event having our set of attributes, for some unknown reason all these attributes are changed to all capital letters, we can see it directly in the waveset database. Ho

  • Unable to capture Exchange Mailbox Auditing events for email creation Update:10-11

    We are looking to capture Owner mailbox auditing events using the native Exchange 2013 auditing tools (Search-MailboxAuditLog). I have auditing enabled with all actions for Owner, and capture items performed via Outlook, except for new emails created

  • Variant "_$$audit-event-count" has not been declared in the current scope. Update:10-11

    I migrated my bpel process manager from Version 2.1.2 [oc4j linux] to [using jboss as application server]. The orabpel schema for seems to be a bit different. I installed the new schema and then dumped all the data from my previ

  • Solaris 10 with Trusted Extensions - Security Audit Events [short] Descript Update:11-30

    {color:#000000}I know that the security audit events and classes in Solaris 10 have changed when viewing these files: audit_class, audit_event, and audit_control with that of the same files for TSOL8. In order to perform an accurate and acceptable re

  • Reporting on ADFS Audit Events Update:11-30

    I haven't had much luck researching potential solutions for how to report on ADFS activity. Most articles describe how to enable debugging for troubleshooting purposes, but haven't found anything to build a report off of that info. Basically I am loo

  • Looking for different audit events in Oracle Linux Update:11-30

    Hi, I am looking for different audit events in Oracle Linux. I did lot of googling but could not find anything relevant. Can you please share some doc/info if you have. Thanks, RaviYou can probably spent all day searching in

  • Controlling #views/#prints and getting audit event notifications Update:11-30

    We have an evaluation of LiveCycle up and running, and we are negotiatons for purchase. In doing some quick proof-of-concept work, we ran across a couple issues we are looking to get help with. Background: We are working in .Net using LiveCycle web s

  • CSA 6 Continuing Audit Events on Hosts with Non-Audit Policies Update:11-30

    I have two groups for desktop PCs, with the same policies. In the group I'm using for auditing, most policies are set to audit mode -- at policy level, not rule module level. In the other group, those same policies are not in audit mode. The original

  • Data Access Service is unable to log audit events to the security event log Update:11-30

    Hi, Scenario: SCOM 2012 R2 UR4. (Windows 2012 R2) Today SCOM have generated 4 alerts Data Access Service is unable to log audit events to the security event log. The service account for "System Center Data Access Service" service is "Local