cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee Firewall (Sidewinder) Logs - session end and session drop differences

Hi All,

Anyone can assist in explaining the difference in the event: session end and event: session drop?

2014-11-23 11:26:02 -0300 f_kernel_ipfilter a_general_area t_nettraffic p_major

hostname: sinacofi1.rbi.cl event: session end application: FTP

netsessid: c7c8f5471ee79 src_geo: CL srcip: 168.231.1.15 srcport: 37175

srczone: internal protocol: 6 dst_geo: CL dstip: 163.250.1.7

dstport: 52822 dstzone: external bytes_written_to_client: 7102

bytes_written_to_server: 0 rule_name: ftp-lab-interside cache_hit: 0

start_time: 2014-11-23 11:26:01 -0300

2014-11-23 11:11:23 -0300 f_kernel_ipfilter a_general_area t_nettraffic p_major

hostname: sinacofi1.rbi.cl event: session drop application: FTP

netsessid: 559155471eb0b src_geo: CL srcip: 168.231.1.15 srcport: 25458

srczone: internal protocol: 6 dst_geo: CL dstip: 163.250.1.7 dstport: 21

dstzone: external rule_name: ftp-lab-interside cache_hit: 0

start_time: 2014-11-23 11:11:23 -0300

Does it means that for event: session end, the connection was successful, completed and ended, thus a session end log?

Where else for event: session drop, the connection was denied/blocked thus drop?

Appreciate your assistance in this. Thank you.

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.