[rmalghan]

I am trying to classify the logs coming from firewall as either accept, deny or reject messages. I am seeing a number of messages which are either decrypt or autcrypt or encrypt or keyinst. I am trying to understand what these messages are and how to classify them.

keyinst traffic from X.X.X.X (hostname) to X.X.X.X (X.X.X.X)
authcrypt tcp traffic from X.X.X.X (hostname) to X.X.X.X (hostname) on port 1101 (1101)
decrypt icmp traffic from X.X.X.X (hostname) to X.X.X.X (hostname) of type Photuris - need authorization

Thanks
Ravi