Firewall events that are sent to the Information Manager
Event ID
(SES_EVENT_<Unique ID>)
SES_EVENT_CONNECTION_ACCEPTED
(512000)
SES_DETAIL_CONNECTION_REJECTED
(517242)
SES_DETAIL_CONNECTION_REJECTED
(517247)
Definition Update events that are sent to the Information Manager
Event ID
(SES_EVENT_<Unique ID>)
SES_EVENT_VIRUS_DEFINITION_UPDAT
E (92004)
SES_EVENT_LIST_UPDATE (92009)
SES_EVENT_LIST_UPDATE (92009)
SES_EVENT_LIST_UPDATE (92009)
SES_EVENT_LIST_UPDATE (92009)
SES_EVENT_LIST_UPDATE (92009)
Integrating Symantec Mail Security with Symantec Security Information Manager
Administration events
■
Note: Although some Information Manager Event IDs are the same for multiple
events, the event descriptions and occasionally the severity is different.
Table A-1
lists the firewall events that Symantec Mail Security for SMTP can
send to the Information Manager.
Table A-1
Firewall events that are sent to the Information Manager
Severity
Informational symc_firewall_network
Informational symc_firewall_network
Informational symc_firewall_network
Table A-2
lists the definition update events that Symantec Mail Security for
SMTP can send to the Information Manager.
Table A-2
Definition Update events that are sent to the Information Manager
Severity
Informational symc_def_update
Informational symc_def_update
Informational symc_def_update
Informational symc_def_update
Informational symc_def_update
Informational symc_def_update
Interpreting events in the Information Manager
Event class
Event class
Rule description
(Reason sent)
Connection Permitted
Connection Rejected
Connection Deferred
Rule Description
(Reason sent)
Antivirus definition
update
Body hash definition
update
BLRM definition update
Spamsig definition update
Spamhunter definition
update
Intsig definition update
51