This article applies to:

• WebMarshal 6.X and 7.X

Question:

• What events does WebMarshal log in the Windows Event Log?
• What are the WebMarshal event log codes?

Information:

WebMarshal services log the following events to the Windows Event Log.

In many cases the text of the entry provides further details.

All services

These messages are normally logged with a "category" that indicates which module or behavior was affected. Where an error occurred, additional information is normally present in the text of the message.

Informational messages (startup/shutdown)

• 1000: Successfully registered WebMarshal Filter with ISA Server.
• 1000: ScanEngine's update thread started successfully and will regularly check for new plugins.
• 1000: ScanEngine's updater thread is stopping.
• 1003: Service starting.
• 1004: Service started.
• 1005: Service stopping.
• 1006: Service stopped.
• 1007: The WebMarshal database is available.

Error messages  

• 3000: An unexpected error occurred while starting the service.
• 3001: An unexpected error has occurred.
• 3002: WebMarshal was unable to complete a database operation.
• 3003: The WebMarshal database is unavailable.

Controller Service

Informational messages

• 8000: Contact with the WebMarshal Array Manager has been lost. This server will continue to process requests.
  • Commonly caused by network problems between the Array Manager and a processing node.
• 8001: Contact with the WebMarshal Array Manager has been restored.
• 8002: Contact with the WebMarshal Array Manager has been lost. This is most likely caused by a software version mismatch between this server and the Array Manager. Please ensure that this server is running the same version of WebMarshal as the Array Manager. This server will continue to process requests.
  • Expected during upgrade in an array situation, when one of the servers has not yet been upgraded.

Proxy Service

Warning messages

• 10003: Failed to initialize proxy cache. Proxy will start with the cache disabled.
  • Commonly caused by resident virus scanning.
• 10004: The WebMarshal Proxy cache drive is running low on free disk space. This may impact WebMarshal's performance.

Error messages

• 10000: A forbidden connection attempt was detected from {client}.
  • Commonly caused by proxy LAT configuration.
  • This "error" could reflect intended behavior.
• 10001: Failed to begin a new proxy connection thread.
• 10002: Unable to bind to {port number} to listen for proxy requests.
  • Commonly caused by another application listening on the port.

Content Filter

Warning messages

• 20000: An attempt by the user {user} to access the Internet was blocked because the user was not found in the WebMarshal database.
• 20001: The following invalid web request was blocked by the WebMarshal filter.

Engine

Warning messages

• 30001: Your license key will expire in {number} days.
• 30005: WebMarshal has detected rules requiring an extended period of time to complete.
• 30007: The following download {download} to user {user} should have been blocked because of exceeding the quota but wasn't.
  • For more information, see Trustwave Knowledgebase article Q11322.
• 30008: The following download {download} to user {user} exceeded size limit but was not blocked.
  • For more information, see Trustwave Knowledgebase article Q11322.
• 30010: A user attempted to log on using NDS creditials, but no NDS client is installed on this Node.

Error messages

• 30000: License error.
• 30002: Your license key has expired. Rules will no longer be processed.
• 30003: Failed to send mail message.
• 30004: Failed to create Eicar.com test virus file
  • Commonly caused by resident virus scanning.
• 30006: Failed to initialize the {scanner name} virus scanner.

Array Manager

Warning messages

• 30009: The WebMarshal Array Manager has been unable to contact the WebMarshal Node Controller service since {time}. Policy synchronization with the node will not occur until the connection has been restored.  

Scan Engine plugins (TRACEnet, SafeSearch, Customer Feedback)

Warning messages (2000)

• A number of conditions can cause an error from WebMarshal Engine with category General. These conditions generally indicate that an update failed, but processing of user requests continues using the previous version of the plugin. The update will be retried on a schedule. If the same message is logged repeatedly, contact Trustwave Technical Support for assistance.

Error messages (3000)

• A number of conditions can cause an error from WebMarshal Engine with category General. These conditions caused the service to stop and also resulted in creation of a memory dump for debugging. Contact Trustwave Technical Support for assistance.

Other warning messages (2000)

• URL category has a large number of entries, system performance may be affected.
• URL category loaded from file has a large number of entries, system performance may be affected.
• Filtering list is unlicensed.
• Failed to retrieve default domain (NT connector)

Other error messages (3000)

• Filtering List update failed.
• Filtering list license has expired.
• Filtering list error during update or use that caused a service to stop. 

Notes:

More detailed information is normally available in the WebMarshal text logs. These logs can be found in the Logging folder within the WebMarshal install.