cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

McAfee Firewall (Sidewinder) Logs - session end and session drop differences

Hi All,

Anyone can assist in explaining the difference in the event: session end and event: session drop?

2014-11-23 11:26:02 -0300 f_kernel_ipfilter a_general_area t_nettraffic p_major

hostname: sinacofi1.rbi.cl event: session end application: FTP

netsessid: c7c8f5471ee79 src_geo: CL srcip: 168.231.1.15 srcport: 37175

srczone: internal protocol: 6 dst_geo: CL dstip: 163.250.1.7

dstport: 52822 dstzone: external bytes_written_to_client: 7102

bytes_written_to_server: 0 rule_name: ftp-lab-interside cache_hit: 0

start_time: 2014-11-23 11:26:01 -0300

2014-11-23 11:11:23 -0300 f_kernel_ipfilter a_general_area t_nettraffic p_major

hostname: sinacofi1.rbi.cl event: session drop application: FTP

netsessid: 559155471eb0b src_geo: CL srcip: 168.231.1.15 srcport: 25458

srczone: internal protocol: 6 dst_geo: CL dstip: 163.250.1.7 dstport: 21

dstzone: external rule_name: ftp-lab-interside cache_hit: 0

start_time: 2014-11-23 11:11:23 -0300

Does it means that for event: session end, the connection was successful, completed and ended, thus a session end log?

Where else for event: session drop, the connection was denied/blocked thus drop?

Appreciate your assistance in this. Thank you.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator