SSH Tectia
Home Prev Up Next  

Appendix E Audit Messages

This appendix lists the audit messages generated by the Connection Broker.

1000 KEX_failure

Level: warning

Origin: SSH Tectia Server, Connection Broker

The key exchange failed.

Default log facility: normal

ArgumentDescription
Username User's login name (not present for first KEX)
Algorithm KEX algorithm name (not present if failure happens before choosing the algorithm)
Text Error description
Session-Id Session identifier (not present for first KEX)

1001 Algorithm_negotiation_failure

Level: warning

Origin: SSH Tectia Server, Connection Broker

Algorithm negotiation failed - there was no common algorithm in the client's and server's lists.

Default log facility: normal

ArgumentDescription
Username User's login name (not present for first KEX)
Algorithm Algorithm type
Client algorithms Client's algorithm list
Server algorithms Server's algorithm list
Session-Id Session identifier (not present for first KEX)

1002 Algorithm_negotiation_success

Level: informational

Origin: SSH Tectia Server, Connection Broker

Algorithm negotiation succeeded.

Default log facility: normal

ArgumentDescription
Username User's login name (not present for first KEX)
Text Negotiated algorithms
Session-Id Session identifier (not present for first KEX)

1100 Certificate_validation_failure

Level: informational

Origin: SSH Tectia Server, Connection Broker

A received certificate failed to validate correctly under any of the configured CAs.

Default log facility: normal

ArgumentDescription
Username User's login name (not present for first KEX)
Text Resulting search states for all configured CAs.
Session-Id Session identifier (not present for first KEX)

1101 Certificate_validation_success

Level: informational

Origin: SSH Tectia Server, Connection Broker

A received certificate validated correctly under one or more configured CAs.

Default log facility: normal

ArgumentDescription
Username User's login name
CA List A list of CAs under which the user's certificate validated correctly.
Session-Id Session identifier

1110 CM_find_started

Level: informational

Origin: SSH Tectia Server, Connection Broker

A low-level search was started in the certificate validation subsystem.

Default log facility: normal

ArgumentDescription
Ctx Search context
Search constraints Search constraints.

1111 CM_find_finished

Level: informational

Origin: SSH Tectia Server, Connection Broker

A low-level find operation has finished in the certificate validation subsystem.

Default log facility: normal

ArgumentDescription
Ctx Context pointer that identifies the search

1112 CM_cert_not_in_search_interval

Level: informational

Origin: SSH Tectia Server, Connection Broker

The certificate is not valid during the required time period.

Default log facility: normal

ArgumentDescription
SubjectName Subject name of the certificate
Text Error description
Ctx Search context

1113 CM_certificate_revoked

Level: informational

Origin: SSH Tectia Server, Connection Broker

A certificate was found to be revoked.

Default log facility: normal

ArgumentDescription
SubjectName Subject name of the certificate
Ctx The context pointer of the search

1114 CM_cert_search_constraint_mismatch

Level: informational

Origin: SSH Tectia Server, Connection Broker

The certificate did not satisfy the constraints set for the search.

Default log facility: normal

ArgumentDescription
SubjectName Subject name of the certificate
Text Description of the mismatch
Ctx Search context

1115 CM_ldap_search_started

Level: informational

Origin: SSH Tectia Server, Connection Broker

An LDAP search for a CRL or a sub-CA is being started.

Default log facility: normal

ArgumentDescription
Text Search details

1116 CM_ldap_search_success

Level: informational

Origin: SSH Tectia Server, Connection Broker

An LDAP search for a CRL or a sub-CA completed successfully.

Default log facility: normal

ArgumentDescription
Text Search details

1117 CM_ldap_search_failure

Level: informational

Origin: SSH Tectia Server, Connection Broker

The attempt to contact an LDAP server was unsuccessful.

Default log facility: normal

ArgumentDescription
Text Error details

1118 CM_http_search_started

Level: informational

Origin: SSH Tectia Server, Connection Broker

The certificate validation subsystem is initiating a search for a CRL or a sub-CA through the HTTP protocol.

Default log facility: normal

ArgumentDescription
Text Search target

1119 CM_http_search_success

Level: informational

Origin: SSH Tectia Server, Connection Broker

An HTTP request for a CRL or a sub-CA completed successfully.

Default log facility: normal

ArgumentDescription
Text Status message detailing what was being retrieved

1120 CM_http_search_failure

Level: informational

Origin: SSH Tectia Server, Connection Broker

An HTTP request for a CRL or a sub-CA failed.

Default log facility: normal

ArgumentDescription
Text Error details

1121 CM_crl_added

Level: informational

Origin: SSH Tectia Server, Connection Broker

A new CRL was successfully added to the certificate validation subsystem.

Default log facility: normal

ArgumentDescription
Text CRL's issuer and validity period

1122 Certificate_end_point_id_check_success

Level: informational

Origin: Connection Broker

End point identity check succeeded.

Default log facility: normal

ArgumentDescription
Server Host name
Text Explanatory message

1123 Certificate_end_point_id_check_warning

Level: informational

Origin: Connection Broker

Certificate end point identity check warning.

Default log facility: normal

ArgumentDescription
Server Host name
Text Warning message

1124 Certificate_end_point_id_check_failure

Level: informational

Origin: Connection Broker

Certificate end point identity check failure.

Default log facility: normal

ArgumentDescription
Server Host name
Text Error message

1200 Key_store_create

Level: informational

Origin: SSH Tectia Server, Connection Broker

Key store created.

Default log facility: normal

1201 Key_store_create_failed

Level: warning

Origin: SSH Tectia Server, Connection Broker

Key store creation failed.

Default log facility: normal

1202 Key_store_destroy

Level: informational

Origin: SSH Tectia Server, Connection Broker

Key store destroyed.

Default log facility: normal

1204 Key_store_add_provider

Level: informational

Origin: SSH Tectia Server, Connection Broker

Added a provider to the key store.

Default log facility: normal

ArgumentDescription
Type Provider type
Init info Initialization info

1205 Key_store_add_provider_failed

Level: warning

Origin: SSH Tectia Server, Connection Broker

Adding a provider to the key store failed.

Default log facility: normal

ArgumentDescription
Type Provider type
Init info Initialization info
EK error Error message

1206 Key_store_remove_provider

Level: informational

Origin: SSH Tectia Server, Connection Broker

Removed a provider from the key store.

Default log facility: normal

ArgumentDescription
Init info Provider name

1208 Key_store_decrypt

Level: informational

Origin: SSH Tectia Server, Connection Broker

A key was used successfully for decryption.

Default log facility: normal

ArgumentDescription
Key path Key path
Fwd path Fwd path

1209 Key_store_decrypt_failed

Level: warning

Origin: SSH Tectia Server, Connection Broker

A key was used unsuccessfully for decryption.

Default log facility: normal

ArgumentDescription
Key path Key path
Fwd path Fwd path
Crypto error Error string

1210 Key_store_sign

Level: informational

Origin: SSH Tectia Server, Connection Broker

A key was used successfully for signing.

Default log facility: normal

ArgumentDescription
Key path Key path
Fwd path Fwd path

1211 Key_store_sign_failed

Level: warning

Origin: SSH Tectia Server, Connection Broker

A key was used unsuccessfully for signing.

Default log facility: normal

ArgumentDescription
Key path Key path
Fwd path Fwd path
Crypto error Error string

1212 Key_store_sign_digest

Level: informational

Origin: SSH Tectia Server, Connection Broker

A key was used successfully for signing a digest.

Default log facility: normal

ArgumentDescription
Key path Key path
Fwd path Fwd path

1213 Key_store_sign_digest_failed

Level: warning

Origin: SSH Tectia Server, Connection Broker

A key was used unsuccessfully for signing a digest.

Default log facility: normal

ArgumentDescription
Key path Key path
Fwd path Fwd path
Crypto error Error string

1214 Key_store_ek_provider_failure

Level: warning

Origin: SSH Tectia Server, Connection Broker

External key provider failure.

Default log facility: normal

ArgumentDescription
Key path Key path
Text Key label

6000 Broker_client_connect

Level: informational

Origin: Connection Broker

Client connected to Broker

Default log facility: discard

ArgumentDescription
Client Client name
Pid Process id
Local username Local user name

6001 Broker_client_connect_failed

Level: warning

Origin: Connection Broker

Client tried unsuccessfully connect to Broker

Default log facility: normal

ArgumentDescription
Client Client name
Pid Process id
Local username Local user name
Text Reason

6002 Broker_client_disconnect

Level: informational

Origin: Connection Broker

Client disconnected from Broker

Default log facility: discard

ArgumentDescription
Client Client name
Pid Process id
Local username Local user name

6004 Broker_exec_channel_open

Level: informational

Origin: Connection Broker

Broker opened exec channel

Default log facility: discard

ArgumentDescription
Client Client name
Pid Client process id
Server Server host
Server Port Server port
Remote username Remote user name
Local username Local user name
Command Command
Text Exec parameters
Channel Id Channel ID
Session-Id Session ID

6005 Broker_exec_channel_open_failed

Level: warning

Origin: Connection Broker

Broker failed to open exec channel for client.

Default log facility: normal

ArgumentDescription
Client Client name
Pid Client process id
Server Server host
Server Port Server port
Remote username Remote user name
Local username Local user name
Command Command
Text Exec parameters
Channel Id Channel ID
Text Reason
Session-Id Session ID

6006 Broker_tunnel_open

Level: informational

Origin: Connection Broker

Broker opens a tunnel for client.

Default log facility: discard

ArgumentDescription
Client Client name
Pid Client process id
Server Server host
Server Port Server port
Remote username Remote user name
Local username Local user name
Dst Destination host
Dst Port Destination port
Tunnel type Tunnel type
Session-Id Session ID

6007 Broker_tunnel_open_failed

Level: warning

Origin: Connection Broker

Broker fails to open a tunnel for client.

Default log facility: normal

ArgumentDescription
Client Client name
Pid Client process id
Server Server host
Server Port Server port
Remote username Remote user name
Local username Local user name
Dst Destination host
Dst Port Destination port
Tunnel type Tunnel type
Text Reason
Session-Id Session ID

6008 Broker_tunnel_listener_open

Level: informational

Origin: Connection Broker

Broker opens a tunnel listener for client.

Default log facility: discard

ArgumentDescription
Client Client name
Pid Client process id
Server Server host
Server Port Server port
Remote username Remote user name
Local username Local user name
Listener Listener host
Listener Port Listener port
Dst Destination host
Dst Port Destination port
Tunnel type Tunnel type
Text Tunnel listener parameters
Session-Id Session ID

6009 Broker_tunnel_listener_open_failed

Level: warning

Origin: Connection Broker

Broker fails to open a tunnel listener for client.

Default log facility: normal

ArgumentDescription
Client Client name
Pid Client process id
Server Server host
Server Port Server port
Remote username Remote user name
Local username Local user name
Listener Listener host
Listener Port Listener port
Dst Destination host
Dst Port Destination port
Tunnel type Tunnel type
Text Tunnel listener parameters
Text Reason
Session-Id Session ID

6010 Broker_channel_fd_strip

Level: informational

Origin: Connection Broker

Broker destroys a channel object (underlying fd returned to client).

Default log facility: discard

ArgumentDescription
Client Client name
Pid Client process id
Channel Id Channel ID
Text Channel permanent?
Local username Local user name
Session-Id Session ID

6011 Broker_channel_fd_strip_failed

Level: warning

Origin: Connection Broker

Broker fails to destroy a channel object (and return the underlying fd to client).

Default log facility: normal

ArgumentDescription
Client Client name
Pid Client process id
Channel Id Channel ID
Text Channel permanent?
Local username Local user name
Text Reason
Session-Id Session ID

6012 Broker_channel_control

Level: informational

Origin: Connection Broker

Broker sends a channel control message.

Default log facility: discard

ArgumentDescription
Client Client name
Pid Client process id
Channel Id Channel ID
Command Command
Args Arguments
Local username Local user name
Session-Id Session ID

6013 Broker_channel_control_failed

Level: warning

Origin: Connection Broker

Broker failed to send a channel control message.

Default log facility: normal

ArgumentDescription
Client Client name
Pid Client process id
Channel Id Channel ID
Command Command
Args Arguments
Local username Local user name
Text Reason
Session-Id Session ID

6014 Broker_channel_close

Level: informational

Origin: Connection Broker

Broker closes a channel.

Default log facility: discard

ArgumentDescription
Client Client name
Pid Client process id
Channel Id Channel ID
Exit Value Exit value
Local username Local user name
Session-Id Session ID

6015 Broker_channel_close_failed

Level: warning

Origin: Connection Broker

Broker fails to close channel.

Default log facility: normal

ArgumentDescription
Client Client name
Pid Client process id
Channel Id Channel ID
Local username Local user name
Text Reason

6016 Broker_profile_list_request

Level: informational

Origin: Connection Broker

Broker sends profile list to client.

Default log facility: discard

ArgumentDescription
Client Client name
Pid Client process id
Text List of profiles
Local username Local user name

6018 Broker_server_version_request

Level: informational

Origin: Connection Broker

Broker requests (and gets) server version.

Default log facility: discard

ArgumentDescription
Client Client name
Pid Client process id
Channel Id Channel ID
Ver Version
Local username Local user name
Session-Id Session ID

6019 Broker_server_version_request_failed

Level: warning

Origin: Connection Broker

Broker fails to get server version.

Default log facility: normal

ArgumentDescription
Client Client name
Pid Client process id
Channel Id Channel ID
Local username Local user name
Text Reason
Session-Id Session ID

6020 Broker_channel_process_exit

Level: informational

Origin: Connection Broker

Channel process exit request was successful.

Default log facility: discard

ArgumentDescription
Client Client name
Pid Client process id
Local username Local user name
Session-Id Session ID

6021 Broker_channel_process_exit_failed

Level: warning

Origin: Connection Broker

Channel process exit request failed.

Default log facility: normal

ArgumentDescription
Client Client name
Pid Client process id
Text Reason
Local username Local user name
Session-Id Session ID

6022 Broker_ui_auth

Level: informational

Origin: Connection Broker

UI auth request was successful.

Default log facility: discard

ArgumentDescription
Client Client name
Pid Client process id
Local username Local user name

6023 Broker_ui_auth_failed

Level: warning

Origin: Connection Broker

UI auth request failed.

Default log facility: normal

ArgumentDescription
Client Client name
Pid Client process id
Local username Local user name
Text Reason

6025 Broker_connector_license_check_failed

Level: warning

Origin: Connection Broker

Connector license check failed

Default log facility: normal

ArgumentDescription
Text Error message
Session-Id Session id

6100 Broker_starting

Level: notice

Origin: Connection Broker

Broker starting.

Default log facility: normal

ArgumentDescription
Local username Local user name

6101 Broker_start_failed

Level: warning

Origin: Connection Broker

Broker start failed

Default log facility: normal

ArgumentDescription
Local username Local user name
Success | Error Error code
Text Error message

6102 Broker_running

Level: notice

Origin: Connection Broker

Broker running.

Default log facility: normal

ArgumentDescription
Local username Local user name

6104 Broker_stopping

Level: notice

Origin: Connection Broker

Broker stopping

Default log facility: normal

ArgumentDescription
Local username Local user name

6106 Broker_reconfig_started

Level: notice

Origin: Connection Broker

Reconfig started.

Default log facility: normal

ArgumentDescription
Local username Local user name

6108 Broker_reconfig_finished

Level: notice

Origin: Connection Broker

Broker reconfig finished.

Default log facility: normal

ArgumentDescription
Local username Local user name
Success | Error Error code

6110 Broker_global_config_read

Level: informational

Origin: Connection Broker

Global config read.

Default log facility: normal

ArgumentDescription
File name File name
Local username Local user name

6111 Broker_global_config_read_failed

Level: warning

Origin: Connection Broker

Reading global config failed.

Default log facility: normal

ArgumentDescription
File name File name
Local username Local user name

6112 Broker_user_config_read

Level: informational

Origin: Connection Broker

User config read.

Default log facility: normal

ArgumentDescription
File name File name
Local username Local user name

6113 Broker_user_config_read_failed

Level: warning

Origin: Connection Broker

Reading user config failed.

Default log facility: normal

ArgumentDescription
File name File name
Local username Local user name

6200 Broker_tcp_connect

Level: informational

Origin: Connection Broker

Broker TCP connection attempt was successful.

Default log facility: discard

ArgumentDescription
Dst Destination host
Dst Port Destination port
Src Port Source port
Local username Local username

6201 Broker_tcp_connect_failed

Level: warning

Origin: Connection Broker

Broker TCP connection attempt failed.

Default log facility: normal

ArgumentDescription
Dst Destination host
Dst Port Destination port
Local username Local username
NIO error NIO error

6204 Broker_transport_connect

Level: informational

Origin: Connection Broker

A transport was connected through TCP.

Default log facility: discard

ArgumentDescription
Dst Destination host
Dst Port Destination port
Remote username Remote username
Src Port Source port
Local username Local username
Session-Id Session ID

6206 Broker_transport_gateway_connect

Level: informational

Origin: Connection Broker

A transport was connected through a gateway handle.

Default log facility: discard

ArgumentDescription
Dst Destination host
Dst Port Destination port
Remote username Remote username
Local username Local username
Session-Id Session ID

6208 Broker_connection_connect

Level: informational

Origin: Connection Broker

Broker successfully got a SecSh connection up.

Default log facility: discard

ArgumentDescription
Dst Destination host
Dst Port Destination port
Local username Local username
Remote username Remote username
Uses gateway? Is this going through a gateway handle
Session-Id Session ID

6209 Broker_connection_connect_failed

Level: warning

Origin: Connection Broker

Broker failed to get a SecSh connection up.

Default log facility: normal

ArgumentDescription
Dst Destination host
Dst Port Destination port
Local username Local username
Remote username Remote username
Uses gateway? Is this going through a gateway handle
Session-Id Session ID
Text Error code

6210 Broker_connection_disconnect

Level: informational

Origin: Connection Broker

A SecSh connection initiated by the Broker was disconnected.

Default log facility: discard

ArgumentDescription
Local username Local user
Session-Id Session identifier

6301 Broker_userauth_failure

Level: warning

Origin: Connection Broker

Userauth failed.

Default log facility: normal

ArgumentDescription
Text Reason
Session-Id Session identifier

6302 Broker_userauth_method_success

Level: informational

Origin: Connection Broker

Userauth method succeeded.

Default log facility: discard

ArgumentDescription
Text Authentication method
Session-Id Session identifier

6303 Broker_userauth_method_failure

Level: warning

Origin: Connection Broker

Userauth method failed.

Default log facility: discard

ArgumentDescription
Text Authentication method
Text Reason
Session-Id Session identifier

Home Prev Up Next  

Copyright 2005 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information