226 Integrating Symantec Mail Security with Symantec Security Information Manager
Interpreting events in the Information Manager
Firewall events that are sent to the Information Manager
Event ID
(SES_EVENT_<Unique ID>)
SES_EVENT_CONNECTION_ACCEPTED
(512000)
SES_DETAIL_CONNECTION_REJECTED
(517242)
SES_DETAIL_CONNECTION_REJECTED
(517247)
Definition Update events that are sent to the Information Manager
Event ID
(SES_EVENT_<Unique ID>)
SES_EVENT_VIRUS_DEFINITION_UPDAT
E (92004)
SES_EVENT_LIST_UPDATE (92009)
SES_EVENT_LIST_UPDATE (92009)
SES_EVENT_LIST_UPDATE (92009)
Table C-3
Settings for Administrative and Definition Update statistics
Setting
Path for Windows:
Filename:
Configure as:
Table C-4
lists the firewall events that Symantec Mail Security for SMTP can
send to the Information Manager.
Table C-4
Firewall events that are sent to the Information Manager
Severity
Informational symc_firewall_network
Informational symc_firewall_network
Informational symc_firewall_network
Table C-5
lists the definition update events that Symantec Mail Security for
SMTP can send to the Information Manager.
Table C-5
Definition Update events that are sent to the Information Manager
Severity
Informational symc_def_update
Informational symc_def_update
Informational symc_def_update
Informational symc_def_update
Value
c:\Program Files\
Symantec\SMSSMTP\logs\tomcat\BMI_SESA\Brightmail_
SESA_Events.2
Brightmail_SESA_Events
Dynamic Filename & Monitor in Real Time
Event class
Event class
Rule description
(Reason sent)
Connection Permitted
Connection Rejected
Connection Deferred
Rule Description
(Reason sent)
Antivirus definition
update
Body hash definition
update
BLRM definition update
Spamsig definition update