AudioCodes Mediant 800 User Manual page 195

CHAPTER 14 Security
The device also sends IDS notifications and alarms in Syslog messages to a Syslog server. This
occurs only if you have configured Syslog (see
with IDS alarms and notifications is shown below:
The table below lists the Syslog text messages per malicious event:
Table 14-8: Types of Malicious Events and Syslog Text String
TLS authentication failure
WebSocket establishment failure
Message exceeds a user-defined maximum
message length (50K)
Any SIP parser error
Message policy match
Basic headers not present
Content length header not present (for TCP)
Header overflow
Local authentication ("Bad digest" errors)
Remote authentication (SIP 401/407 is sent if
original message includes authentication)
Classification failure
Routing failure (no matched routing rule)
Other local rejects (prior to SIP 180 response)
Remote rejects (prior to SIP 180 response)
Malicious signature pattern detected
CAC threshold exceeded
Description
Connection Abuse
Malformed Messages
Authentication Failure
Dialog Establishment Failure
- 155 -
Mediant 800 Gateway & E-SBC | User's Manual
Enabling Syslog). An example of a Syslog message
Reason
Syslog String
abuse-tls-auth-fail
abuse-websocket-fail
malformed-invalid-msg-len
malformed-parse-error
malformed-message-policy
malformed-miss-header
malformed-miss-content-len
malformed-header-overflow
auth-establish-fail
auth-reject-response
establish-classify-fail
establish-route-fail
establish-local-reject
establish-remote-reject
establish-malicious-signature-db-reject
establish-cac-reject