-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathEvent Mappings.txt
231 lines (203 loc) · 7.94 KB
/
Event Mappings.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
Event ID: Initialization Sequence Completed
Category: openvpn
Name: VPN Service Started Successfully
High Level Category: Application
Low Level Category: VPN Opened
Severity: 1
Description: The VPN server has completed the initialization sequence. This indicates that the server is up and running and actively ready for incoming connections.
Event ID: Could not determine IPv4/IPv6 protocol
Category: openvpn
Name: VPN Server Unknown Protocol Type
High Level Category: Application
Low Level Category: VPN Queued
Severity: 3
Description: The VPN server is unable to determine the protocol type (IPv4/IPv6). This is normal upon the VPN startup process.
Event ID: Listening for incoming UDP connection
Category: openvpn
Name: VPN Listening for Incoming UDP Connections
High Level Category: Application
Low Level Category: VPN Opened
Severity: 1
Description: The VPN server has successfully started up and is currently listening for incoming UDP connections.
Event ID: Listening for incoming TCP connection
Category: openvpn
Name: VPN Listening for Incoming TCP Connections
High Level Category: Application
Low Level Category: VPN Opened
Severity: 1
Description: The VPN server has successfully started up and is currently listening for incoming TCP connections.
Event ID: MULTI_sva: pool returned
Category: openvpn
Name: VPN Internal Address Assigned
High Level Category: Application
Low Level Category: VPN In Progress
Severity: 1
Description: The VPN server has assigned an IP address from the internal VPN address pool.
Event ID: TCPv6_SERVER link local
Category: openvpn
Name: IPv6 VPN Server Started
High Level Category: System
Low Level Category: Service Started
Severity: 1
Description: The service for IPv6 VPN server has started. This will happen typically during a server reboot or on startup.
Event ID: TCPv6_SERVER: Operation Timed Out
Category: openvpn
Name: IPv6 VPN timed out
High Level Category: System
Low Level Category: Service Failure
Severity: 1
Description: The service for IPv6 VPN server has timed out.
Event ID: Inactivity timeout
Category: openvpn
Name: VPN Inactivity Timeout
High Level Category: Application
Low Level Category: VPN Closed
Severity: 3
Description: The VPN connection has timed out due to inactivity of the client.
Event ID: WARNING: Failed running command
Category: openvpn
Name: VPN Generic Authentication Failure
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed running an authentication command.
Event ID: TLS Auth Error: Auth Username/Password verification failed for peer
Category: openvpn
Name: VPN TLS Authentication Failure
High Level Category: Authentication
Low Level Category: User Login Failure
Severity: 3
Description: The VPN server failed to successfully authenticate the user.
Event ID: TLS Error: TLS key negotiation failed to occur within 60 seconds
Category: openvpn
Name: VPN TLS Key Negotiation Failed
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed due to a TLS key negotiation not occurring within 60 seconds.
Event ID: TLS Error: TLS key negotiation failed to occur within 60 seconds
Category: openvpn
Name: VPN TLS Key Negotiation Failed
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed due to a TLS key negotiation not occurring within 60 seconds.
Event ID: TLS Error: Auth Username/Password was not provided by peer
Category: openvpn
Name: VPN No Username or Password Specified
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed due no username and/or password being specified while attempting to establish the connection.
Event ID: TLS Error: TLS handshake failed
Category: openvpn
Name: VPN Failed the TLS Handshake
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed the TLS key handshake process.
Event ID: TLS Error: incoming packet authentication failed
Category: openvpn
Name: VPN Failed Packet Authentication
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed to authenticate the incoming packet.
Event ID: TLS Error: cannot locate HMAC in incoming packet
Category: openvpn
Name: VPN Failed to Find HMAC in Packet
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed to find the HMAC in the incoming packet.
Event ID: Fatal TLS error
Category: openvpn
Name: VPN Fatal TLS error
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed a TLS check when attempting establishing a connection.
Event ID: TLS Error: unknown opcode received
Category: openvpn
Name: VPN Unknown Packet Received
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed to establish a connection due to a none VPN type packet being received. This is usually an indication the port is being probed.
Event ID: Authenticate/Decrypt packet error: packet HMAC authentication failed
Category: openvpn
Name: VPN Packet Authentication/Decrypt Error
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed to authenticate/decrypt the incoming packet.
Event ID: Authenticate/Decrypt packet error: bad packet ID
Category: openvpn
Name: Bad VPN Packet ID
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed to authenticate/decrypt the incoming packet due to a bad packet ID.
Event ID: requires the local group VPN
Category: openvpn
Name: VPN User Authentication Failure
High Level Category: Application
Low Level Category: VPN Denied
Severity: 4
Description: The VPN server failed to successfully authenticate the user due to an incorrect username or the user not having VPN permissions.
Event ID: could not authenticate
Category: openvpn
Name: VPN Password Authentication Failure
High Level Category: Authentication
Low Level Category: User Login Failure
Severity: 3
Description: The VPN server failed to successfully authenticate the user due to the incorrect password/token.
Event ID: Peer Connection Initiated
Category: openvpn
Name: Attempting to Send VPN Connection Settings
High Level Category: Application
Low Level Category: VPN Queued
Severity: 3
Description: VPN settings attempting to be provided to the VPN server prior to VPN authentication.
Event ID: authenticated
Category: openvpn
Name: Successful VPN Authentication
High Level Category: Authentication
Low Level Category: User Login Success
Severity: 1
Description: A VPN connection was been successfully authenticated and an active session is now in progress.
Event ID: peer info
Category: openvpn
Name: Receiving VPN Connection Settings
High Level Category: Application
Low Level Category: VPN Queued
Severity: 3
Description: VPN settings are being provided to the VPN server prior to VPN authentication.
Event ID: TCP connection established
Category: openvpn
Name: VPN Connection Opened
High Level Category: Application
Low Level Category: VPN Opened
Severity: 1
Description: A connection has been established to the VPN server. This happens prior to VPN authentication.
Event ID: Connection reset
Category: openvpn
Name: VPN Connection Reset
High Level Category: Application
Low Level Category: VPN Reset
Severity: 3
Description: The VPN connection was reset.
Event ID: WARNING: Bad encapsulated packet length from peer
Category: openvpn
Name: VPN Bad Encapsulated Packet
High Level Category: Application
Low Level Category: VPN Terminated
Severity: 4
Description: This possibly indicates an attempted VPN attack or a possible configuration issue with the endpoint.
Event ID: LDAP bind error
Category: openvpn
Name: LDAP Authentication Error
High Level Category: Authentication
Low Level Category: User Login Failure
Severity: 3
Description: The LDAP service failed to bind correctly. This could possibly be due to incorrect/invalid credentials.