CHAPTER14 Security
Mediant 800 Gateway & E-SBC | User's Manual
The device also sends IDS notifications and alarms in Syslog messages to a Syslog server. This
occurs only if you have configured Syslog (see Enabling Syslog). An example of a Syslog message
with IDS alarms and notifications is shown below:
The table below lists the Syslog text messages per malicious event:
Table 14-8: Types of Malicious Events and Syslog Text String
Reason
Description Syslog String
Connection Abuse
TLS authentication failure abuse-tls-auth-fail
WebSocket establishment failure abuse-websocket-fail
Malformed Messages
Message exceeds a user-defined maximum
message length (50K)
malformed-invalid-msg-len
Any SIP parser error malformed-parse-error
Message policy match malformed-message-policy
Basic headers not present malformed-miss-header
Content length header not present (for TCP) malformed-miss-content-len
Header overflow malformed-header-overflow
Authentication Failure
Local authentication ("Bad digest" errors) auth-establish-fail
Remote authentication (SIP 401/407 is sent if
original message includes authentication)
auth-reject-response
Dialog Establishment Failure
Classification failure establish-classify-fail
Routing failure (no matched routing rule) establish-route-fail
Other local rejects (prior to SIP 180 response) establish-local-reject
Remote rejects (prior to SIP 180 response) establish-remote-reject
Malicious signature pattern detected establish-malicious-signature-db-reject
CAC threshold exceeded establish-cac-reject
- 155 -
To Next Page
Loading...
