Rev C SonicOS Combined Log Event Reference Guide

SonicOS Combined Log Event Reference Guide
| 1
Notes, Cautions, and Warnings
NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
2013 Dell Inc.

Trademarks: Dell, the DELL logo, SonicWALL, SonicWALL GMS, SonicWALL Analyzer, Reassembly-Free Deep Packet Inspection, Dynamic Security for the Global Network, SonicWALL Clean VPN, SonicWALL Clean Wireless, SonicWALL Comprehensive Gateway Security Suite, SonicWALL Mobile Connect, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc. 2013 09 P/N 232-001771-00 Rev. C
Overview
This reference guide lists and describes SonicOS log event messages for SonicOS 5.8.1, 6.0.1, and 6.1. Reference a log event message by using the alphabetical index from the Log Event Message Index table of this document. This document contains the following sections: Log > Monitor on page 1 Log > Categories on page 2 Index of Log Event Messages on page 2 Log > Syslog on page 67 Index of Syslog Tag Field Descriptions on page 68 Table of Values on page 79
Log > Monitor

The Dell SonicWALL security appliance maintains an Event log for tracking potential security threats. This log can be viewed by navigating to the Dashboard > Log Monitor or Log > View page, or it can be automatically sent to an email address for convenience and archiving. The log is displayed in a table and can be sorted by column. For more information on configuring the Log Monitor page, refer to the SonicOS Administrators Guide.
| 1
Log > Categories

The Log > Categories page allows you to categorize and customize the logging functions on your Dell SonicWALL security appliance for troubleshooting and diagnostics. For more information on configuring and managing the Log > Categories page, refer to the SonicOS Administrators Guide.
Index of Log Event Messages

The following table is the Log Event Message Index, which is an alphabetical list of log event messages for the SonicOS 5.8.1, , and 6.1 firmware. Each log event message described in the following table provides the following log event details:

Log Event MessagesDisplays the name of the event message. SonicOS CategoryDisplays the SonicOS category type. This is the same category as Table 2: Expanded Categories on page 80. Legacy CategoryDisplays the category event type. This is the same category as Table 1: Legacy Category on page 79. Priority LevelDisplays the level of urgency of the log event message. For additional information, you can also reference Table 3: Priority Leve on page 83. Log Event Message ID NumberDisplays the ID number of the log event message. SNMP Trap TypeDisplays the SNMP Trap ID number of the log event message.
LogEventMessages DOSprotectiononWAN%s DOSprotectiononWANbegins %s "AsperDiagnosticAutorestart configurationrequest,restarting system"
SonicOSCategory IntrusionPrevention IntrusionPrevention
LegacyCategory NetworkDebug NetworkDebug
PriorityLevel ALERT ALERT
Log Message ID Number 1181 1180
SNMP Trap Type
FirewallEvent
INFO
1047
2 |
#Websitehit %sautodialfailed:Current ConnectionModelisconfigured asEthernetOnly %sEthernetPortDown %sEthernetPortUp %sisoperational %sisunavailable RegistrationUpdate Needed:Restoreyour existingsecurityservice subscriptionsbyclicking<a href="/Security_Services/ enable_services.html">here</a> 3G/4G%sdevicedetected 3G/4GDialup:%s
NetworkTraffic
Syslogonlyfor trafficreporting
INFO
97
PPPDialUp FirewallEvent FirewallEvent AntiSpamService AntiSpamService
SystemErrors SystemErrors SystemErrors
ALERT ERROR WARNING WARNING WARNING
1028 333 332 1082 1083
641 640 13801 13802
SecurityServices FirewallHardware PPPDialUp
System Maintenance System Environment UserActivity
WARNING INFO ALERT
496 1017 1026
3G/4GDialup:datausagelimit reachedforthe'%s'billingcycle. Disconnectingthe3G/4Gsession. PPPDialUp 3G/4G:NoSIMdetected 802.11Management Ahighpercentageofthesystem packetbuffersareheldwaiting forSSO Apriorversionofpreferences wasloadedbecausethemost recentpreferencesfilewas inaccessible FirewallHardware Wireless SSOAgent Authentication
UserActivity 802.11 Management
ALERT ALERT INFO
1027 1055 518
7643
UserActivity
ALERT
1178
FirewallEvent
SystemErrors
WARNING
572
648
| 3
ASonicOSStandardtoEnhanced Upgradewasperformed Auserhasaveryhighnumberof connectionswaitingforSSO Accessattemptfromhostoutof compliancewithGSCpolicy
FirewallEvent SSOAgent Authentication
System Maintenance
INFO
611
UserActivity System Maintenance System Maintenance System Maintenance UserActivity UserActivity UserActivity UserActivity BlockedWebSites System Maintenance
ALERT
1179
SecurityServices
INFO
761
Accessattemptfromhost withoutAntiVirusagentinstalled SecurityServices Accessattemptfromhost withoutGSCinstalled SecurityServices Accessruleadded FirewallRule Accessruledeleted Accessrulemodified Accessrulesrestoredtodefaults Accesstoproxyserverdenied ActiveBackupdetectsActive Primary:BackupgoingIdle FirewallRule FirewallRule FirewallRule NetworkAccess
INFO INFO INFO INFO INFO INFO NOTICE
123 763 440 442 441 443 60
8627 705
HighAvailability
INFO
154
Active/ActiveClusteringlicenseis notactivatedonthefollowing clusterunits:%s HighAvailability ActiveXaccessdenied ActiveXorJavaarchiveaccess denied ADConnector%sresponsetimed out;applyingcachingpolicy Addanattackmessage AddedanewmembertoanLDAP mirrorusergroup Addedhostentrytodynamic addressobject AddednewLDAPmirroruser group:%s NetworkAccess NetworkAccess MicrosoftActive Directory FirewallEvent Remote Authentication DynamicAddress Objects Remote Authentication
BlockedJavaEtc BlockedJavaEtc
ERROR NOTICE NOTICE
1152 18 20
Attacks UserActivity System Maintenance UserActivity
ERROR ERROR INFO INFO INFO
769 143 1192 911 1190
525
4 |
AddingDynamicEntryforBound MACAddress AddingL2TPIPpoolAddress objectFailed. AddingtomulticastpolicyList, interface:%s AddingtoMulticastpolicyList, VPNSPI:%s Administratorloggedout Administratorloggedout inactivitytimerexpired Administratorloginallowed Administratorlogindenieddue tobadcredentials Administratorlogindeniedfrom %s;loginsdisabledfromthis interface Administratornamechanged AllDDNSassociationshavebeen deleted Allpreferencevalueshavebeen settofactorydefaultvalues AllowedLDAPservercertificate withwronghostname AnLDAPusergroupnestingisnot beingmirrored AntiSpamserviceisdisabledby administrator. AntiSpamserviceisenabledby administrator. AntiSpamStartupFailure%s AntiSpamTeardownFailure%s AntiSpywareDetectionAlert:%s AntiSpywarePreventionAlert: %s
Network L2TPServer Multicast Multicast Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access DDNS
SystemErrors UserActivity UserActivity UserActivity Attacks
INFO ERROR DEBUG DEBUG INFO INFO INFO ALERT
813 603 697 699 261 262 29 30
661 560
Attacks System Maintenance System Maintenance
ALERT INFO INFO
35 328 783
506
FirewallEvent Remote Authentication Remote Authentication AntiSpamService AntiSpamService AntiSpamService AntiSpamService IntrusionPrevention IntrusionPrevention
SystemErrors
WARNING
574
650
UserActivity UserActivity Attacks Attacks
WARNING WARNING INFO INFO WARNING WARNING ALERT ALERT
752 1246 1085 1084 1088 1089 795 794
13804 13803 13807 13808 6438 6437
| 5
AntiSpywareServiceExpired AntiVirusagentoutofdateon host AntiVirusLicensesExceeded AppflowServerEvent ApplicationControlDetection Alert:%s ApplicationControlPrevention Alert:%s ApplicationFilterDetectionAlert: %s ApplicationFiltersBlockAlert:%s
SecurityServices SecurityServices SecurityServices AppFlowServer ApplicationControl ApplicationControl IntrusionPrevention IntrusionPrevention
System Maintenance System Maintenance System Maintenance Attacks Attacks
WARNING INFO INFO INFO ALERT ALERT ALERT ALERT
796 124 408 1263 1154 1155 650 649
8631 15001 15002
ApplicationFirewallAlert:%s
AppRules
UserActivity
ALERT
793
13201
ARPrequestpacketreceived
Network
INFO
717
ARPrequestpacketsent
Network
INFO
715
ARPresponsepacketreceived
Network
INFO
716
ARPresponsepacketsent ARPtimeout AssignedIPaddress%s AssociationFloodfromWLAN station AttempttocontactRemote backupserverforupload approvalfailed Authenticationtimeoutduring RemotelyTriggeredDialout session
Network Network DHCPServer WLANIDS
NetworkDebug
INFO DEBUG
718 45 1110 548
903
INFO ExpandedWLAN IDSactivity ALERT System Maintenance
FirewallEvent Authenticated Access
DEBUG
1160
UserActivity
INFO
821
6 |
BackOrificeattackdropped Backupactive Backupfirewallbeingpreempted byPrimary Backupfirewallhastransitioned toActive Backupfirewallhastransitioned toIdle Backupfirewallrebootingitself asittransitionedfromActiveto IdlewhilePreempt BackupgoingActiveinpreempt modeApplicationFirewallreboot Backupmissedheartbeatsfrom Primary Backupreceivederrorsignal fromPrimary Backupreceivedheartbeatfrom wrongsource Backupreceivedrebootsignal fromPrimary Backupremoteserverdidnot approveuploadrequest Backupshutdownbecause licenseisexpired BackupWANlinkdown,Primary goingActive Backupwillbeshutdownin%s minutes BadCRLformat BindtoLDAPserverfailed BlockedQuickModeforClient usingDefaultKeyId BOOTPClientIPaddressonLAN conflictswithremotedeviceIP, deletingIPaddressfromremote table BOOTPreplyrelayedtolocal device
IntrusionPrevention HighAvailability HighAvailability HighAvailability HighAvailability
Attacks SystemErrors SystemErrors System Maintenance System Maintenance
ALERT INFO ERROR ALERT ALERT
73 825 152 145 147
512 619
HighAvailability
INFO
1059
HighAvailability HighAvailability HighAvailability HighAvailability HighAvailability FirewallEvent HighAvailability HighAvailability HighAvailability VPNPKI Remote Authentication VPNClient
SystemErrors SystemErrors SystemErrors System Maintenance SystemErrors System Maintenance SystemErrors SystemErrors SystemErrors UserActivity SystemErrors SystemErrors
ERROR ERROR ERROR INFO ERROR DEBUG ERROR ERROR ERROR ALERT ERROR ERROR
170 149 151 161 672 1161 824 219 823 277 1009 505
622 616 618 666 633 660
BOOTP BOOTP
System Maintenance System Maintenance
INFO INFO
619 620
| 7
BOOTPRequestreceivedfrom remotedevice BOOTPserverresponserelayed toremotedevice Broadcastpacketdropped CannotconnecttotheCRLserver CannotValidateIssuerPath CertificateonRevokedlist(CRL) CFLautodownloaddisabled, timeproblemdetected Chat%s Chatcompleted Chatfailed:%s Chatstarted Chatstartedby'%s' Chatwrote'%s' CLIadministratorloggedout CLIadministratorloginallowed CLIadministratorlogindenied duetobadcredentials Computedhashdoesnotmatch hashreceivedfrompeer; presharedkeymismatch Configurationmode administrationsessionended Configurationmode administrationsessionstarted
BOOTP BOOTP NetworkAccess VPNPKI VPNPKI VPNPKI
NetworkDebug NetworkDebug NetworkDebug UserActivity UserActivity UserActivity System Maintenance UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity
DEBUG DEBUG DEBUG ALERT ALERT ALERT
621 618 46 274 878 279
SecurityServices PPPDialUp PPPDialUp PPPDialUp PPPDialUp PPPDialUp PPPDialUp Authenticated Access Authenticated Access Authenticated Access
INFO INFO INFO INFO INFO INFO INFO INFO INFO
268 1022 1020 1023 1019 1032 1021 520 199
UserActivity
WARNING
200
VPNIKE Authenticated Access Authenticated Access
UserActivity
WARNING
410
UserActivity
INFO
995
UserActivity
INFO
994
8 |
ConnectionClosed
NetworkTraffic
Syslogonlyfor trafficreporting
INFO
537
ConnectionOpened Connectiontimedout Contentfiltersubscription expired. Cookieremoved CPUreaches80%utilizationfor morethan10seconds. CRLhasexpired CRLloadedfrom CRLmissingIssuerrequiresCRL checking. CRLvalidationfailureforRoot Certificate CryptoDEStestfailed CryptoDHtestfailed Cryptohardware3DEStestfailed CryptoHardware3DESwithSHA testfailed CryptoHardwareAEStestfailed CryptohardwareDEStestfailed CryptohardwareDESwithSHA testfailed CryptoHmacMD5festfailed CryptoHmacSha1testfailed
NetworkTraffic VPNPKI SecurityServices NetworkAccess FirewallHardware VPNPKI VPNPKI VPNPKI VPNPKI CryptoTest CryptoTest CryptoTest CryptoTest CryptoTest CryptoTest CryptoTest CryptoTest CryptoTest
Syslogonlyfor trafficreporting UserActivity SystemErrors BlockedJavaEtc UserActivity UserActivity UserActivity UserActivity System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance
INFO ALERT ERROR NOTICE ALERT ALERT INFO ALERT ALERT ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
98 273 197 21 1248 874 270 876 877 360 361 367 369 610 366 368 362 363
631 17002
| 9
CryptoMD5testfailed CryptoRSAtestfailed CryptoSHA1basedDRNGKAT testfailed CryptoSha1testfailed CSRGeneration:%s CurrentdynamicNATtranslation countismorethan50%ofthe configuredmaximum. Currentsessioncountismore than50%ofthesupported maximum. DDNSassociation%sdisabled DDNSassociation%senabled DDNSassociation%sadded DDNSassociation%sdeactivated DDNSassociation%sdeleted DDNSAssociation%sputonline DDNSassociation%staken Offlinelocally DDNSassociation%supdated DDNSFailure:Provider%s DDNSFailure:Provider%s
CryptoTest CryptoTest CryptoTest CryptoTest VPNPKI
System Maintenance System Maintenance System Maintenance
ERROR ERROR ERROR ERROR INFO
370 364 1060 365 1109
FirewallHardware
ALERT
1250
17004
FirewallHardware DDNS DDNS DDNS DDNS DDNS DDNS DDNS DDNS DDNS DDNS
System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance SystemErrors SystemErrors SystemErrors System Maintenance SystemErrors
ALERT INFO INFO INFO INFO INFO INFO INFO INFO ERROR ERROR ERROR INFO WARNING
1249 781 780 779 784 785 782 778 786 774 775 773 776 777
17003
DDNSFailure:Provider%s DDNS DDNSUpdatesuccessfordomain %s DDNS DDNSWarning:Provider%s DDNS
10 |
Defaulttonotblacklisted Deleteinvalidscopebecauseport ipintherangeofthisDHCP scope. DeletedLDAPmirrorusergroup: %s DeletingfromMulticastpolicy list,interface:%s DeletingfromMulticastpolicy list,VPNSPI:%s DeletingIPsecSA DeletingIPsecSAfordestination DeletingIPsecSA.(Phase2) DestinationIPaddress connectionstatus:%s DHCPclientenabledbutnot ready DHCPClientdidnotgetDHCP ACK. DHCPClientfailedtoverifyand leasehasexpired.GotoINIT state. DHCPClientfailedtoverifyand leaseisstillvalid.GotoBOUND state. DHCPClientgotanewIPaddress lease. DHCPClientgotACKfromserver. DHCPClientgotNACK. DHCPClientisdecliningaddress offeredbytheserver. DHCPClientsendingREQUEST andgoingtoREBINDstate. DHCPClientsendingREQUEST andgoingtoRENEWstate.
AntiSpamService
DEBUG
1144
DHCPServer Remote Authentication Multicast Multicast VPNIKE VPNIKE VPNIKE FirewallEvent DHCPClient DHCPClient
UserActivity UserActivity UserActivity UserActivity System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance
WARNING INFO DEBUG DEBUG INFO INFO DEBUG INFO INFO INFO
1184 1191 698 700 92 91 1183 735 504 109
DHCPClient
INFO
119
DHCPClient DHCPClient DHCPClient DHCPClient
INFO INFO INFO INFO
120 121 111 110
DHCPClient
INFO
112
DHCPClient
INFO
113
DHCPClient
INFO
114
| 11
DHCPDECLINEreceivedfrom remotedevice DHCPDISCOVERreceivedfrom localdevice DHCPDISCOVERreceivedfrom remotedevice DHCPINFORMreceivedfrom remotedevice DHCPleasedropped.Leasefrom CentralGatewayconflictswith RelayIP DHCPleasedropped.Leasefrom CentralGatewayconflictswith RemoteManagementIP DHCPleasefileintheflashis corrupted;readfailed DHCPleaserelayedtolocal device DHCPleaserelayedtoremote device DHCPleasetoLANdevice conflictswithremotedevice, deletingremoteIPentry DHCPleaseswrittentoflash DHCPNACKreceivedfromserver DHCPOFFERreceivedfrom server DHCPRELEASEreceivedfrom remotedevice DHCPRELEASErelayedtoCentral Gateway DHCPREQUESTreceivedfrom localdevice DHCPREQUESTreceivedfrom remotedevice DHCPScopesaltered automaticallyduetochangein networksettingsforinterface%s
DHCPRelay DHCPRelay DHCPRelay DHCPRelay
NetworkDebug NetworkDebug NetworkDebug NetworkDebug System Maintenance
INFO INFO INFO INFO
475 479 474 1215
DHCPRelay
WARNING
228
DHCPRelay FirewallEvent DHCPRelay DHCPRelay
System Maintenance SystemErrors System Maintenance NetworkDebug
WARNING WARNING INFO INFO
484 833 223 225
DHCPRelay FirewallEvent DHCPRelay DHCPRelay DHCPRelay DHCPRelay DHCPRelay DHCPRelay
System Maintenance System Maintenance NetworkDebug NetworkDebug NetworkDebug System Maintenance NetworkDebug NetworkDebug
INFO INFO INFO INFO INFO INFO INFO INFO
226 835 477 476 224 222 480 473
FirewallEvent
INFO
832
12 |
DHCPServernotavailable.Did notgetanyDHCPOFFER. DHCPServersanitycheckfailed %s DHCPServersanitycheckpassed %s DHCPServer:IPconflictdetected DHCPServer:ReceivedDHCP declinefromclient DHCPServer:ReceivedDHCP messagefromuntrustedrelay agent DHCPv6leasefileintheflashis corrupted;readfailed DHCPv6leaseswrittentoflash DiagnosticAutorestartcanceled DiagnosticAutorestart scheduledfor%sminutesfrom now DiagnosticCodeA DiagnosticCodeB DiagnosticCodeC DiagnosticCodeD DiagnosticCodeE DiagnosticCodeF DiagnosticCodeG DiagnosticCodeH DiagnosticCodeI DiagnosticCodeJ
DHCPClient FirewallEvent FirewallEvent FirewallEvent FirewallEvent
System Maintenance
INFO CRITICAL CRITICAL ALERT ALERT
106 1072 1071 1040 1041
FirewallEvent
NOTICE
1090
Network Network FirewallEvent
WARNING INFO INFO
1259 1261 1046
FirewallEvent FirewallHardware FirewallHardware FirewallHardware FirewallHardware VPNIPSec FirewallHardware FirewallHardware FirewallHardware FirewallHardware FirewallHardware
SystemErrors SystemErrors SystemErrors SystemErrors SystemErrors SystemErrors SystemErrors SystemErrors SystemErrors SystemErrors
INFO ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
1045 93 94 95 64 61 164 599 600 601 1025
611 612 613 610 609 621 655 656 657 5423
| 13
Dialup:Sessioninitiatedbydata packet
PPPDialUp
INFO
1039
Dialup:Trafficgeneratedby'%s' DisconnectingL2TPTunneldue totraffictimeout DisconnectingPPPoEdueto traffictimeout DisconnectingPPTPTunneldue totraffictimeout DiscoveredHA%sFirewall DiscoveredHABackupFirewall DNSpacketallowed DNSrebindattackblocked DOSprotectiononWAN%s DPISSL:%s DropWLANtrafficfromnon SonicPointdevices DSL:%sDeviceDown DSL:%sDeviceUp DSL:%sWANisconnected DSL:%sWANisinitializing Duplicatepacketdropped DynamicIPsecclientconnected E1T1Layer1status:Controlled slip E1T1Layer1status:Noframe synchronization
PPPDialUp
System Maintenance System Maintenance System Maintenance System Maintenance NetworkDebug NetworkDebug NetworkAccess
INFO
1038
L2TPClient
INFO
215
PPPoE
INFO
168
PPTP HighAvailability HighAvailability NetworkAccess IntrusionPrevention IntrusionPrevention DPISSL
INFO INFO INFO INFO ALERT ALERT INFO
389 1044 156 602 1099 1182 791
6466
IntrusionPrevention DSL DSL DSL DSL NetworkAccess VPNIPSec E1T1 E1T1
Attack NetworkDebug UserActivity
ERROR ALERT ALERT ALERT ALERT DEBUG INFO INFO INFO
662 1186 1185 1187 1188 51 62 1167 1164
6434
14 |
E1T1Layer1status:No multiframesynchronization E1T1Layer1status:Nosignal E1T1Layer1status:OK E1T1Layer1status:Remote alarmdetected EIGRPpacketdropped EMailfragmentdropped EnteringFIPSERRORstate EnteringFIPSErrorState. ErrorinitializingHardware accelerationforVPN ErrorRebootingHAPeerFirewall
E1T1 E1T1 E1T1 E1T1 NetworkAccess IntrusionPrevention CryptoTest CryptoTest FirewallHardware HighAvailability
NetworkDebug Attacks System Maintenance SystemErrors System Maintenance SystemErrors
INFO INFO INFO INFO NOTICE ERROR ERROR ERROR ERROR ERROR
1165 1163 1168 1166 714 437 359 497 374 669
550 659 663
ErrorsettingtheIPaddressofthe backup,pleasemanuallysetto backupLANIP HighAvailability ErrorsynchronizingHApeer firewall(%s) HighAvailability ErrorupdatingHApeer configuration HighAvailability ERROR:DHCPoverVPNpolicyis notdefined.CannotstartIKE. ExceededMaxmulticastaddress limit ExternalWebServerHost ResolutionFailed%s FailedonupdatingtimefromNTP server Failedpayloadvalidation Failedpayloadverification ApplicationFirewalldecryption; possiblepresharedkeymismatch Failedtoaddamembertoan LDAPmirrorusergroup
SystemErrors SystemErrors SystemErrors System Maintenance UserActivity
ERROR ERROR ERROR
191 158 192
629 662 630
DHCPRelay Multicast Authenticated Access System VPNIKE
INFO WARNING ERROR NOTICE WARNING
478 703 1069 1230 405
VPNIKE Remote Authentication
UserActivity UserActivity
WARNING WARNING
404 1245
| 15
FailedtoaddanLDAPmirroruser Remote group Authentication Failedtofindcertificate FailedtogetCRLfrom FailedtoinsertentryintoGRID resultIPcachedtable FailedtoProcessCRLfrom Failedtoresolvename Failedtosendfiletoremote backupserver,Error:%s FailedtosendPreferencefileto remotebackupserver,Error:%s FailedtosendTSRfiletoremote backupserver,Error:%s Failedtosynchronizelicense informationwithLicensing Server.%s FailedtosynchronizeRelayIP Table FailedtowriteDHCPleasesto flash FailedtowriteDHCPv6leasesto flash FailedVPNI/Oprocessing FailuretoreachInterface%s probe FanFailure FINFloodBlacklistonIF%s continues FINFloodingmachine%s blacklisted ForbiddenEMailattachment deleted ForbiddenEMailattachment disabled VPNPKI VPNPKI AntiSpamService VPNPKI Network
UserActivity UserActivity UserActivity UserActivity System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance SystemErrors SystemErrors UserActivity SystemErrors System Environment NetworkDebug NetworkDebug Attacks Attacks
WARNING ALERT ALERT DEBUG ALERT INFO
1244 875 271 1145 276 84
FirewallEvent
INFO
1066
FirewallEvent
INFO
1062
FirewallEvent
INFO
1064
SecurityServices DHCPRelay FirewallEvent Network VPNIKE HighAvailability FirewallHardware IntrusionPrevention IntrusionPrevention IntrusionPrevention IntrusionPrevention
WARNING WARNING WARNING WARNING ERROR ERROR ALERT WARNING ALERT ERROR ALERT
766 234 834 1260 1234 675 576 902 901 248 165
8628 632 6234 102 534 527
16 |
FoundRogueAccessPoint FoundRogueAccessPoint
WLANIDS WLANIDS
WLANIDS WLANIDS DroppedTCP| DroppedUDP| DroppedICMP
ALERT ALERT
546 556
901 10804
Fragmentedpacketdropped FraudulentMicrosoftcertificate found;accessdenied FTPclientuserloggedinfailed FTPclientuserloggedin successfully FTPclientuserloggedout FTPclientusernamewassent FTPserveracceptedthe connection FTP:Dataconnectionfromnon defaultportdropped FTP:PASVresponsebounce attackdropped FTP:PASVresponsespoofattack dropped FTP:PORTbounceattack dropped. GatewayAntiVirusAlert:%s GatewayAntiVirusService expired GlobalVPNClientconnectionis notallowed.Applianceisnot registered. GlobalVPNClientLicense Exceeded:Connectiondenied.
Network
NOTICE
28
IntrusionPrevention FTP FTP FTP FTP FTP NetworkAccess IntrusionPrevention IntrusionPrevention IntrusionPrevention SecurityServices SecurityServices
Attacks Attacks Attacks Attacks Attacks Attacks System Maintenance
ERROR DEBUG DEBUG DEBUG DEBUG DEBUG ALERT ALERT ERROR ALERT ALERT WARNING
193 1115 1114 1116 1113 1112 538 528 446 527 809 810
532 557 556 551 555 8632 8633
VPNClient
SystemErrors
INFO
529
643
VPNClient
SystemErrors
INFO
494
658
GlobalVPNClientversioncannot enforcepersonalfirewall. MinimumVersionrequiredis2.1 VPNClient
UserActivity
INFO
604
| 17
GMSorsyslogservername lookupfailedtryagainin60 secs. GotDHCPOFFER.Selecting. GSCpolicyoutofdateonhost Guestaccount'%s'created Guestaccount'%s'deleted
FirewallEvent DHCPClient SecurityServices Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access UserActivity
System Maintenance System Maintenance UserActivity UserActivity
ERROR INFO INFO INFO INFO
1156 107 762 558 559
Guestaccount'%s'disabled Guestaccount'%s'pruned Guestaccount'%s'reenabled Guestaccount'%s'regenerated GuestAccountTimeout GuestIdleTimeout Guestlogindenied.Guest'%s'is alreadyloggedin.Pleasetry againlater. Guestpolicyaccepted GuestServicesdroptrafficto denynetwork GuestServicespasstrafficto accessallownetwork GuestSessionTimeout Guesttrafficquotaexceeded GUIadministrationsession ended H.323/H.225Connect
UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity
INFO INFO INFO INFO INFO INFO
560 562 561 563 551 564
UserActivity
INFO INFO
557 1228
NetworkAccess
INFO
724
NetworkAccess Authenticated Access UserActivity Authenticated Access VoIP
UserActivity UserActivity ExpandedVoIP activity
INFO INFO INFO INFO DEBUG
725 550 1227 998 634
18 |
H.323/H.225Setup H.323/H.245Address H.323/H.245EndSession H.323/RASAdmissionConfirm H.323/RASAdmissionReject H.323/RASAdmissionRequest H.323/RASBandwidthReject H.323/RASDisengageConfirm H.323/RASDisengageReject H.323/RASGatekeeperReject H.323/RASLocationConfirm H.323/RASLocationReject H.323/RASRegistrationReject H.323/RASUnknownMessage Response H.323/RASUnregistrationReject HApacketprocessingerror HAPeerFirewallRebooted HAPeerFirewallSynchronized HardwareFailoversettingswere notupgraded Headerverificationfailed Heartbeatreceivedfrom incompatiblesource
VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP HighAvailability HighAvailability HighAvailability FirewallEvent VPNIKE HighAvailability
ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity ExpandedVoIP activity System Maintenance System Maintenance System Maintenance System Maintenance UserActivity System Maintenance
DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG DEBUG INFO INFO INFO INFO WARNING INFO
633 635 636 625 624 626 627 628 641 629 630 631 632 640 642 162 668 157 743 587 163
| 19
HighAvailabilityhasbeen enabledandDialUpdevice(s)are notsupportedinHighAvailability processing HighAvailability HostIPaddressnotinGRIDList HTTPmanagementporthas changed HTTPmethoddetected; examiningstreamforhost header HTTPSHandshake:%s HTTPSmanagementporthas changed ICMPchecksumerror;packet dropped ICMPpacketallowed ICMPpacketdroppeddueto policy ICMPpacketdroppednomatch ICMPpacketfromLANallowed AntiSpamService FirewallEvent
System Maintenance
INFO DEBUG INFO
1125 1141 340
NetworkAccess Network FirewallEvent NetworkAccess NetworkAccess NetworkAccess NetworkAccess NetworkAccess
DroppedTCP System Maintenance DroppedUDP NetworkDebug DroppedICMP DroppedICMP NetworkDebug DroppedLAN ICMP|Dropped LANTCP
DEBUG INFO INFO NOTICE INFO NOTICE NOTICE INFO
882 1226 341 886 597 38 523 598
ICMPpacketfromLANdropped ICMPv6packetallowed ICMPv6packetdroppeddueto policy ICMPv6packetfromLANallowed ICMPv6packetfromLAN dropped Ifnotalreadyenabled,enabling NTPisrecommended IGMPpacketdropped,wrong checksumreceivedoninterface %s
NetworkAccess Network Network Network Network
NOTICE INFO NOTICE INFO NOTICE
175 1256 1257 1255 1254
FirewallHardware
SystemErrors
WARNING
540
645
Multicast
NOTICE
683
20 |
IGMPLeavegroupmessage Receivedoninterface%s IGMPpacketdropped,decoding error IGMPPacketNothandled.Packet type:%s IGMPquerierRouterdetectedon interface%s IGMPquerierRouterdetectedon VPNtunnel,SPI%S IGMPstatetableentrytime out,deletinginterface:%sfor multicastaddress:%s IGMPstatetableentrytime out,deletingVPNSPI:%sfor Multicastaddress:%s IGMPV2clientjoinedmulticast Group:%s IGMPV2Membershipreport receivedfrominterface%s IGMPV3clientjoinedmulticast Group:%s IGMPV3Membershipreport receivedfrominterface%s IGMPV3packetdropped, unsupportedRecordtype:%s IGMPV3recordtype:%snot Handled IKEInitiatordrop:VPNtunnel endpointdoesnotmatch configuredVPNPolicyBoundto scope IKEInitiator:AcceptingIPsec proposal(Phase2) IKEInitiator:Acceptingpeer lifetime.(Phase1) IKEInitiator:AggressiveMode complete(Phase1). IKEInitiator:IKEproposaldoes notmatch(Phase1)
Multicast Multicast Multicast Multicast
INFO NOTICE NOTICE DEBUG
682 686 687 701
Multicast
DEBUG
702
Multicast
DEBUG
692
Multicast Multicast
DEBUG INFO
693 676
Multicast Multicast
DEBUG INFO
679 677
Multicast
DEBUG
678
Multicast Multicast
NOTICE DEBUG
688 689
VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE
UserActivity UserActivity UserActivity UserActivity UserActivity
INFO INFO INFO INFO WARNING
544 372 445 354 937
| 21
IKEInitiator:MainMode complete(Phase1) IKEInitiator:ProposedIKEID mismatch IKEInitiator:Remoteparty timeoutRetransmittingIKE request. IKEInitiator:StartAggressive Modenegotiation(Phase1) IKEInitiator:StartMainMode negotiation(Phase1) IKEInitiator:StartQuickMode (Phase2). IKEInitiator:Usingsecondary gatewaytonegotiate IKEnegotiationaborteddueto timeout IKEnegotiationcomplete.Adding IPsecSA.(Phase2) IKEResponderdrop:VPNtunnel endpointdoesnotmatch configuredVPNPolicyBoundto scope IKEResponder:%spolicydoes notallowstaticIPforVirtual Adapter. IKEResponder:AcceptingIPsec proposal(Phase2) IKEResponder:AggressiveMode complete(Phase1) IKEResponder:AH authenticationalgorithmdoes notmatch IKEResponder:AH authenticationkeylengthdoes notmatch IKEResponder:AH authenticationkeyroundsdoes notmatch IKEResponder:AHPerfect ForwardSecrecymismatch
VPNIKE VPNIKE
INFO WARNING
353 933
VPNIKE
UserActivity
INFO
930
VPNIKE VPNIKE VPNIKE
UserActivity UserActivity UserActivity
INFO INFO INFO
358 351 346
INFO INFO INFO
543 403 89
VPNIKE
UserActivity
INFO
545
VPNClient VPNIKE VPNIKE
SystemErrors UserActivity UserActivity
ERROR INFO INFO
660 87 373
VPNIKE
UserActivity
WARNING
920
VPNIKE
UserActivity
WARNING
923
VPNIKE VPNIKE
WARNING WARNING
926 258
544
22 |
IKEResponder:Algorithmsand/ orkeysdonotmatch IKEResponder:ClientPolicyhas noVPNAccessNetworks assigned.CheckConfiguration. IKEResponder:DefaultLAN gatewayisnotsetbutpeeris proposingtousethisSAasa defaultroute IKEResponder:DefaultLAN gatewayissetbutpeerisnot proposingtousethisSAasa defaultroute IKEResponder:ESP authenticationalgorithmdoes notmatch IKEResponder:ESP authenticationkeylengthdoes notmatch IKEResponder:ESP authenticationkeyroundsdoes notmatch IKEResponder:ESPencryption algorithmdoesnotmatch IKEResponder:ESPencryption keylengthdoesnotmatch IKEResponder:ESPencryption keyroundsdoesnotmatch IKEResponder:ESPmode mismatchLocalTransport RemoteTunnel IKEResponder:ESPmode mismatchLocalTunnelRemote Transport IKEResponder:ESPPerfect ForwardSecrecymismatch IKEResponder:IKEPhase1 exchangedoesnotmatch IKEResponder:IKEproposaldoes notmatch(Phase1)
VPNIKE
UserActivity
WARNING
260
546
VPNIKE
SystemErrors
ERROR
965
VPNIKE
Attacks
ERROR
516
553
VPNIKE
UserActivity
WARNING
253
539
VPNIKE
UserActivity
WARNING
922
VPNIKE
UserActivity
WARNING
925
VPNIKE
UserActivity
WARNING
928
VPNIKE
UserActivity
WARNING
921
VPNIKE
UserActivity
WARNING
924
VPNIKE
UserActivity
WARNING
927
VPNIKE
UserActivity
WARNING
1128
VPNIKE VPNIKE VPNIKE VPNIKE
UserActivity UserActivity UserActivity UserActivity
WARNING WARNING ERROR WARNING
1127 259 1036 402
545
| 23
IKEResponder:IPAddress alreadyexistsintheDHCPrelay table.Clienttrafficnotallowed. IKEResponder:IPCompression algorithmdoesnotmatch IKEResponder:IPsecproposal doesnotmatch(Phase2) IKEResponder:IPsecprotocol mismatch IKEResponder:MainMode complete(Phase1) IKEResponder:Mode%dnot transportmode.Xauthis requiredbutnotsupportedby peer. IKEResponder:Mode%dnot tunnelmode IKEResponder:Nomatchfor proposedremotenetwork address IKEResponder:Nomatching Phase1IDfoundforproposed remotenetwork
VPNClient
SystemErrors
ERROR
659
VPNIKE
UserActivity
WARNING
929
WARNING WARNING INFO
88 932 357
523
VPNIKE
NetworkDebug
WARNING
342
VPNIKE
UserActivity
WARNING
249
535
VPNIKE
UserActivity
WARNING
252
538
VPNIKE
UserActivity
WARNING
250
536
IKEResponder:Peer'sdestination networkdoesnotmatchVPN policy'sLocalNetwork VPNIKE IKEResponder:Peer'slocal networkdoesnotmatchVPN policy'sDestination Network VPNIKE IKEResponder:Peer'snetwork doesnotmatchVPNpolicy's Network IKEResponder:Phase1 AuthenticationMethoddoesnot match
UserActivity
WARNING
935
UserActivity
WARNING
934
VPNIKE
UserActivity
WARNING
1189
VPNIKE
UserActivity
WARNING
913
24 |
IKEResponder:Phase1DH Groupdoesnotmatch IKEResponder:Phase1 encryptionalgorithmdoesnot match IKEResponder:Phase1 encryptionalgorithmkeylength doesnotmatch IKEResponder:Phase1hash algorithmdoesnotmatch IKEResponder:Phase1XAUTH requiredbutpolicyhasnouser name IKEResponder:Phase1XAUTH requiredbutpolicyhasnouser password IKEResponder:ProposedIKEID mismatch IKEResponder:Proposedlocal networkis0.0.0.0butSAhasno LANDefaultGateway
VPNIKE
UserActivity
WARNING
919
VPNIKE
UserActivity
WARNING
914
VPNIKE
UserActivity
WARNING
915
VPNIKE
UserActivity
WARNING
916
VPNIKE
UserActivity
WARNING
917
VPNIKE VPNIKE
UserActivity SystemErrors
WARNING WARNING
918 658
VPNIKE
UserActivity
WARNING
418
549
IKEResponder:Proposedremote networkis0.0.0.0butnotDHCP relaynordefaultroute VPNIKE IKEResponder:Received AggressiveModerequest(Phase 1) VPNIKE IKEResponder:ReceivedMain Moderequest(Phase1) IKEResponder:ReceivedQuick ModeRequest(Phase2) IKEResponder:Remoteparty timeoutRetransmittingIKE request. IKEResponder:Routetable overridesVPNpolicy
UserActivity
WARNING
251
537
UserActivity
INFO
356
VPNIKE
UserActivity
INFO
355
VPNIKE
UserActivity
INFO
352
VPNIKE VPNIKE
INFO WARNING
931 936
| 25
IKEResponder:Tunnel terminatesinsidefirewallbut proposedlocalnetworkisnot insidefirewall
VPNIKE
UserActivity
WARNING
255
541
IKEResponder:Tunnel terminatesonDMZbutproposed localnetworkisonLAN VPNIKE IKEResponder:Tunnel terminatesonLANbutproposed localnetworkisonDMZ IKEResponder:Tunnel terminatesoutsidefirewallbut proposedlocalnetworkisnot NATpublicaddress IKEResponder:Tunnel terminatesoutsidefirewallbut proposedremotenetworkisnot NATpublicaddress IKESAlifetimeexpired. IKEv2AcceptIKESAProposal IKEv2AcceptIPsecSAProposal IKEv2Authenticationsuccessful IKEv2Decryptpacketfailed IKEv2Functionsendto()failedto transmitpacket. IKEv2IKEattributenotfound IKEv2IKEproposaldoesnot match IKEv2Initiator:Negotiations failed.Extrapayloadspresent. IKEv2Initiator:Negotiations failed.Invalidinputstate. IKEv2Initiator:Negotiations failed.Invalidoutputstate.
UserActivity
WARNING
256
542
VPNIKE
UserActivity
WARNING
257
543
VPNIKE
UserActivity
WARNING
254
540
VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE
UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity
WARNING INFO INFO INFO INFO WARNING ERROR WARNING WARNING
345 350 943 944 942 960 979 970 981
548
WARNING WARNING WARNING
954 956 957
26 |
IKEv2Initiator:Negotiations failed.Missingrequiredpayloads. IKEv2Initiator:ProposedIKEID mismatch IKEv2Initiator:Received CREATE_CHILD_SAresponse IKEv2Initiator:Received IKE_AUTHresponse IKEv2Initiator:Received IKE_SA_INTresponse IKEv2Initiator:Remoteparty timeoutRetransmittingIKEv2 request. IKEv2Initiator:Send CREATE_CHILD_SArequest IKEv2Initiator:SendIKE_AUTH request IKEv2Initiator:SendIKE_SA_INIT request IKEv2InvalidSPIsize IKEv2Invalidstate IKEv2IPsecattributenotfound IKEv2IPsecproposaldoesnot match IKEv2NATdevicedetected betweennegotiatingpeers IKEv2negotiationcomplete IKEv2NoNATdevicedetected betweennegotiatingpeers IKEv2Outofmemory IKEv2Payloadprocessingerror IKEv2Payloadvalidationfailed.
VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE
WARNING WARNING INFO INFO INFO
955 980 975 974 973
VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE
UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity
INFO INFO INFO INFO WARNING WARNING WARNING WARNING INFO INFO
972 945 940 938 966 964 969 968 985 978
INFO WARNING WARNING WARNING
984 961 953 958
| 27
IKEv2Peerisnotresponding. Negotiationaborted. IKEv2ProcessMessagequeue failed IKEv2ReceiveddeleteIKESA request IKEv2ReceiveddeleteIKESA response IKEv2ReceiveddeleteIPsecSA request IKEv2ReceiveddeleteIPsecSA response IKEv2Receivednotifyerror payload IKEv2Receivednotifystatus payload IKEv2Responder:Peer's destinationnetworkdoesnot matchVPNpolicy'sLocal Network IKEv2Responder:Peer'slocal networkdoesnotmatchVPN policy'sDestination Network IKEv2Responder:Policyfor remoteIKEIDnotfound IKEv2Responder:Received CREATE_CHILD_SArequest IKEv2Responder:Received IKE_AUTHrequest IKEv2Responder:Received IKE_SA_INITrequest IKEv2Responder:Send CREATE_CHILD_SAresponse IKEv2Responder:SendIKE_AUTH response IKEv2Responder:Send IKE_SA_INITresponse IKEv2SenddeleteIKESArequest IKEv2SenddeleteIKESA response
VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE
UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity
WARNING WARNING INFO INFO INFO INFO WARNING INFO
971 963 948 1015 950 1016 983 982
VPNIKE
UserActivity
INFO
951
VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE
UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity
INFO ERROR INFO INFO INFO INFO INFO INFO INFO INFO
952 962 946 941 939 1012 977 976 947 1013
28 |
IKEv2SenddeleteIPsecSA request IKEv2SenddeleteIPsecSA response IKEv2UnabletofindIKESA IKEv2VPNPolicynotfound
UserActivity UserActivity UserActivity UserActivity UserActivity System Maintenance System Maintenance
INFO INFO WARNING WARNING INFO INFO WARNING
949 1014 959 967 65 155 348
IllegalIPsecSPI VPNIPSec ImportedHAhardwareIDdidnot matchthisfirewall HighAvailability ImportedVPNSAisinvalid disabled FirewallEvent InboundconnectionfromGRID listedSMTPserverdropped InboundconnectionfromRBL listedSMTPserverdropped Incomingcallreceivedfor RemotelyTriggeredDialout session IncompatibleIPsecSecurity Association
AntiSpamService
NOTICE
1092
13810
RBL Authenticated Access VPNIPSec
NOTICE
798
INFO INFO
817 69
Incorrectauthenticationreceived Authenticated Access forRemotelyTriggeredDialout IniKillerattackdropped Initiatorfromcountryblocked: %s Interface%sLinkIsDown IntrusionPrevention Geolocation FirewallEvent
UserActivity Attacks SystemErrors SystemErrors System Maintenance System Maintenance
INFO ALERT ALERT ALERT ALERT INFO INFO
819 80 1198 566 565 568 567
519 647 646
Interface%sLinkIsUp FirewallEvent InterfaceIPAssignment:Binding andinitializing%s FirewallEvent InterfaceIPAssignmentchanged: Shuttingdown%s FirewallEvent
Interfacestatisticsreport
GMS
INFO
805
| 29
InternetAccessrestrictedto authorizedusers.Dropped packetreceivedintheclear.
Wireless
DroppedTCP| DroppedUDP| DroppedICMP
WARNING
532
InvalidDNSServerwillnotbe acceptedbythedynamicclient FirewallEvent Invalidkeyorserialnumberused forGRIDresponse AntiSpamService InvalidkeyversionusedforGRID response AntiSpamService InvalidProductCodeUpgrade requestreceived:%s InvalidSNMPpacket InvalidSNMPv3engineID InvalidSNMPv3TimeWindow InvalidSNMPv3User
INFO DEBUG DEBUG
1070 1139 1140
FirewallEvent SNMP SNMP SNMP SNMP
System Maintenance DroppedTCP| DroppedUDP
ERROR WARNING WARNING WARNING WARNING ALERT WARNING INFO NOTICE DEBUG DEBUG
704 1220 1221 1223 1222 836 847 1219 883 1216 1217
InvalidVLANpacketdropped Network IPaddressconflictdetectedfrom Ethernetaddress%s Network IPAddressisallocatedforClient IPHeaderchecksumerror; packetdropped IPPooloftheVPNPolicyisFull IPPooloftheVPNPolicyisNot Configured VPNIKE NetworkAccess VPNIKE VPNIKE
IPspoofdetectedonpacketto CentralGateway,packetdropped DHCPRelay
Attacks
ERROR
229
533
IPspoofdropped
IntrusionPrevention
IPtype%spacketdropped IPCompconnectioninterrupt
NetworkAccess IPcomp
Attacks ALERT DroppedLANUDP |DroppedLAN TCP NOTICE NetworkDebug DEBUG
23
502
590 651
30 |
IPComppacketdropped
IPcomp
DroppedTCP| DroppedUDP| DroppedICMP
NOTICE
652
IPComppacketdropped;waiting forpendingIPCompconnection IPcomp IPSDetectionAlert:%s IPSDetectionAlert:%s IPSPreventionAlert:%s IPSPreventionAlert:%s IntrusionPrevention IntrusionPrevention IntrusionPrevention IntrusionPrevention
NetworkDebug Attacks Attacks Attacks Attacks DroppedTCP| DroppedUDP| DroppedICMP
DEBUG ALERT ALERT ALERT ALERT
653 608 789 609 790
569 6435 570 6436
IPsec(AH)packetdropped IPsec(AH)packetdropped; waitingforpendingIPsec connection
VPNIPSec
NOTICE
534
VPNIPSec
IPsec(ESP)packetdropped IPsec(ESP)packetdropped; waitingforpendingIPsec connection IPsecAuthenticationFailed IPsecconnectioninterrupt IPsecDecryptionFailed
VPNIPSec
NetworkDebug DroppedTCP| DroppedUDP| DroppedICMP
DEBUG
536
NOTICE
533
VPNIPSec VPNIPSec NetworkAccess VPNIPSec
NetworkDebug Attacks NetworkDebug Attacks DroppedTCP| DroppedUDP| DroppedICMP
DEBUG ERROR DEBUG ERROR
535 67 43 68
508 509
IPsecpacketdropped
NetworkAccess
NOTICE
40
IPsecpacketdropped;waitingfor pendingIPsecconnection NetworkAccess IPsecpacketfromanillegalhost IPsecpacketfromortoanillegal host IPsecReplayDetected IPsecSAlifetimeexpired. VPNIPSec VPNIPSec VPNIPSec VPNIPSec
NetworkDebug System Maintenance Attacks Attacks UserActivity
DEBUG INFO ERROR ALERT INFO
42 247 70 180 349
510 531
| 31
IPsecTunnelstatuschanged IPv6Tunnelpacketdropped IPv6VPNonlysupportIKEv2 mode ISDNDriverFirmware successfullyupdated Issuermatchfailed Javaaccessdenied L2TPConnectInitiatedbythe User L2TPDisconnectInitiatedbythe User L2TPLCPDown L2TPLCPUp L2TPMaxRetransmission Exceeded L2TPPPPAuthenticationFailed L2TPPPPDown L2TPPPPlinkdown L2TPPPPNegotiationStarted L2TPPPPSessionUp L2TPServer:AccessfromL2TP VPNClientPrivilegenotenabled forRADIUSUsers. L2TPServer:DeletingtheL2TP activeSession L2TPServer:DeletingtheTunnel L2TPServer:L2TPPPPSession Established. L2TPServer:L2TPSession Established.
VPN VPNIKE VPNIKE FirewallEvent VPNPKI NetworkAccess L2TPClient L2TPClient L2TPClient L2TPClient L2TPClient L2TPClient L2TPClient L2TPClient L2TPClient L2TPClient
VPNTunnelStatus System Maintenance UserActivity BlockedJavaEtc System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance
INFO NOTICE INFO INFO ALERT NOTICE INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO
427 1253 1252 493 278 19 216 214 209 213 203 212 211 217 208 210
801
L2TPServer L2TPServer L2TPServer L2TPServer L2TPServer
System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance
INFO INFO INFO INFO INFO
343 337 336 310 309
32 |
L2TPServer:L2TPTunnel Established. L2TPServer:Retransmission Timeout,DeletingtheTunnel L2TPServer:UserName authenticationFailurelocally. L2TPServer:KeepaliveFailure. ClosingTunnel L2TPServer:L2TPRemote terminatedthePPPsession L2TPServer:L2TPSession DisconnectfromtheRemote. L2TPServer:L2TPTunnel DisconnectfromtheRemote. L2TPServer:Local AuthenticationFailure L2TPServer:Local AuthenticationSuccess. L2TPServer:NoIPaddress availableintheLocalIPPool L2TPServer:RADIUS/LDAP AuthenticationSuccess L2TPServer:RADIUS/LDAP reportsAuthenticationFailure L2TPServer:RADIUS/LDAP servernotassignedIPaddress L2TPServer:CallDisconnectfrom Remote. L2TPServer:TunnelDisconnect fromRemote. L2TPSessionDisconnectfrom Remote L2TPSessionEstablished L2TPSessionNegotiationStarted
L2TPServer
System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance
INFO
308
L2TPServer
INFO
338
L2TPServer L2TPServer L2TPServer
INFO INFO INFO
344 320 317
L2TPServer
INFO
316
L2TPServer L2TPServer L2TPServer
INFO INFO INFO
315 312 318
L2TPServer L2TPServer
INFO INFO
314 319
L2TPServer
INFO
311
L2TPServer L2TPServer L2TPServer L2TPClient L2TPClient L2TPClient
313 334 335 207 206 202
| 33
L2TPTunnelDisconnectfrom Remote L2TPTunnelEstablished L2TPTunnelNegotiation%s L2TPTunnelNegotiationStarted LANSubnetconfigurationswere notupgraded. Landattackdropped LDAPserverdoesnotallowCHAP
L2TPClient L2TPClient L2TPClient L2TPClient FirewallEvent IntrusionPrevention Remote Authentication
System Maintenance System Maintenance System Maintenance System Maintenance Attacks UserActivity
INFO INFO INFO INFO INFO ALERT WARNING
205 204 1074 201 741 27 758
505
LDAPusingnonadministrative accountVPNclientuserwillnot Remote beabletochangepasswords Authentication
SystemErrors
WARNING
1011
Licenseexceeded:Connection droppedbecausetoomanyIP addressesareinuseonyourLAN FirewallEvent LicenseofHApairdoesn'tmatch: %s HighAvailability Lockedoutuserloginsallowed lockoutperiodexpired Lockedoutuserloginsallowed byadministrator LogCleared LogDebug Logfull;deactivatingNetwork SecurityAppliance Logsuccessfullysentviaemail Loginscreentimedout MACaddresscollideswithStatic ARPEntrywithBoundMAC address;packetdropped Authenticated Access Authenticated Access FirewallLogging FirewallEvent FirewallLogging FirewallLogging Authenticated Access
SystemErrors SystemErrors
ERROR ERROR
58 670
608 664
UserActivity UserActivity System Maintenance NetworkDebug SystemErrors System Maintenance UserActivity
INFO INFO INFO ERROR ERROR INFO INFO
438 439 5 142 7 6 34
601
Network
NOTICE
814
34 |
Machine%sremovedfromFIN floodblacklist Machine%sremovedfromRST floodblacklist Machine%sremovedfromSYN floodblacklist MACIPAntiSpoofcachefound, butitisblacklisteddevice. MACIPAntispoofcachefound, butitisnotarouter. MACIPAntispoofcachenot foundforthisrouter. MACIPAntispoofcheck enforcedforhosts. MalformedDNSpacketdetected MalformedorunhandledIP packetdropped Maximumeventspersecond thresholdexceeded MaximumnumberofBandwidth Managedrulesexceededupon upgradetothisversion.Some Bandwidthsettingsignored. Maximumsequentialfaileddial attempts(10)toasingledialup number:%s Maximumsyslogdatapersecond thresholdexceeded MessageblockedbyRealTime EmailScanner MOBIKE:UpdatePeerGateway IP ModulesattachedtoHAunitsdo notmatch:%s Monitoringprobeoutinterface mismatch%s Multicastapplication%snot supported
IntrusionPrevention IntrusionPrevention IntrusionPrevention
NetworkDebug NetworkDebug NetworkDebug
ALERT ALERT ALERT
903 900 865
MACIPAntiSpoof MACIPAntiSpoof MacIPSpoof MACIPAntiSpoof NetworkAccess NetworkAccess FirewallLogging
NetworkDebug NetworkDebug SystemErrors
ALERT ALERT ALERT ALERT ALERT ALERT CRITICAL
1212 1211 1210 1209 1177 522 654
554
FirewallEvent
System Maintenance
NOTICE
541
PPPDialUp FirewallLogging AntiSpamService VPNIKE HighAvailability HighAvailability Multicast
Attacks SystemErrors SystemErrors
ERROR CRITICAL INFO INFO ALERT ERROR INFO
591 655 1108 1218 1162 1194 696
566 664
Multicastpacketdropped,Invalid srcIPreceivedoninterface:%s Multicast
ALERT
685
| 35
Multicastpacketdropped,wrong MACaddressreceivedon interface:%s Multicast MulticastTCPpacketdropped MulticastUDPpacketdropped, nostateentry MulticastUDPpacketdropped, RTCPstatefulfailed MulticastUDPpacketdropped, RTPstatefulfailed MultipleDHCPServersare detectedonnetwork NATdevicemaynotsupport IPsecAHpassthrough NATDiscovery:NoNAT/NAPT devicedetectedbetweenIPsec Securitygateways NATDiscovery:LocalIPsec SecurityGatewaybehindaNAT/ NAPTDevice NATDiscovery:PeerIPsec SecurityGatewaybehindaNAT/ NAPTDevice NATDiscovery:PeerIPsec SecurityGatewaydoesn't supportVPNNATTraversal NatMapping NATtranslatedpacketexceeds sizelimit,packetdropped NetSpyattackdropped NetBIOSsettingswerenot upgraded.UseNetwork>IP HelpertoconfigureNetBIOS support NetBusattackdropped Multicast Multicast
ALERT NOTICE NOTICE
684 691 690
Multicast Multicast FirewallEvent VPNIPSec
System Maintenance
WARNING WARNING WARNING INFO
695 694 1068 266
VPNIKE
UserActivity
INFO
241
VPNIKE
UserActivity
INFO
240
VPNIKE
UserActivity
INFO
239
VPNIKE NetworkAccess
UserActivity
INFO NOTICE
242 1197
Network IntrusionPrevention
NetworkDebug Attacks
DEBUG ALERT
339 74
513
FirewallEvent IntrusionPrevention
System Maintenance Attacks
INFO ALERT
740 72
511
36 |
Networkforinterface%s overlapswithanotherinterface. NetworkModemModeDisabled: reenablingNAT NetworkModemModeEnabled: turningoffNAT NetworkMonitorPolicy%s Added NetworkMonitorPolicy%s Deleted NetworkMonitorPolicy%s Modified NetworkMonitor:Host%sis offline NetworkMonitor:Host%sis online NetworkMonitor:Host%sstatus isUNKNOWN NetworkMonitor:Policy%s statusisDOWN NetworkMonitor:Policy%s statusisUNKNOWN NetworkMonitor:Policy%s statusisUP NetworkSecurityAppliance activated NetworkSecurityAppliance initializing Newfirmwareavailable. NewURLListloaded Newsgroupaccessallowed Newsgroupaccessdenied NoCertificatefor NoDNSresponsetodomain%s NoHOSTtagfoundinHTTP request
FirewallEvent PPPDialUp PPPDialUp NetworkMonitor NetworkMonitor NetworkMonitor NetworkMonitor NetworkMonitor NetworkMonitor NetworkMonitor NetworkMonitor NetworkMonitor FirewallEvent FirewallEvent FirewallEvent SecurityServices NetworkAccess NetworkAccess VPNPKI SecurityServices NetworkAccess
System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance BlockedWebSites BlockedWeb Sites UserActivity NetworkDebug
INFO INFO INFO INFO INFO INFO ALERT ALERT ALERT ALERT ALERT ALERT ALERT INFO INFO INFO NOTICE NOTICE ALERT DEBUG DEBUG
569 531 530 1104 1105 1106 706 707 1103 1101 1102 1100 4 521 198 8 17 15 280 1238 52
14005 14006 14004 14002 14003 14001 704 702
| 37
NonewURLListavailable SecurityServices NoresponsefromISP DisconnectingPPPoE. PPPoE NoresponsefromPPTPserverto callrequests PPTP NoresponsefromPPTPserverto controlconnectionrequests NoresponsefromservertoEcho Requests,disconnectingPPTP Tunnel NoresponsereceivedfromDNS server NovalidDNSserverspecifiedfor GRIDlookups NovalidDNSserverspecifiedfor RBLlookups NonconfigmodeGUI administrationsessionstarted Notallconfigurationsmayhave beencompletelyupgraded Notblacklistedasper configuration NotBlacklistedbydomain%s Notenoughmemorytoholdthe CRL NTPRequestsent ObtainedRelayIPTablefrom RemoteGateway OCSPFailedtoResolveDomain Name. OCSPInternalerrorhandling receivedresponse. OCSPreceivedresponseerror. OCSPreceivedresponse.
System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance
INFO INFO INFO
9 169 431
PPTP
INFO
430
PPTP AntiSpamService AntiSpamService RBL Authenticated Access
INFO DEBUG ERROR ERROR
429 1142 1094 800
13812
UserActivity System Maintenance UserActivity System Maintenance UserActivity
INFO
997
FirewallEvent AntiSpamService SecurityServices VPNPKI System DHCPRelay VPNPKI
INFO DEBUG DEBUG WARNING NOTICE INFO ERROR
612 1143 1237 272 1232 233 853
VPNPKI VPNPKI VPNPKI
ERROR ERROR INFO
854 851 850
38 |
OCSPResolvedDomainName. OCSPsendrequestmessage failed.
VPNPKI VPNPKI
UserActivity UserActivity UserActivity SystemErrors SystemErrors
INFO ERROR INFO ALERT ALERT
852 849 848 1206 1205
OCSPsendingrequest. VPNPKI OnHApeerfirewall,Interface%s LinkIsDown HighAvailability OnHApeerfirewall,Interface%s LinkIsUp HighAvailability OutboundconnectiontoGRID listedSMTPserverdropped OutboundconnectiontoRBL listedSMTPserverdropped Outofordercommandpacket dropped OverridingProductCode Upgradeto:%s PacketallowedbyACL PacketdestinationnotinVPN Accesslist PacketDroppedIPTTLexpired
AntiSpamService
NOTICE
1091
13809
RBL NetworkAccess FirewallEvent Network VPNIPSec Network
NetworkDebug Attacks NetworkDebug DroppedTCP| DroppedUDP| DroppedICMP DroppedTCP| DroppedUDP| DroppedICMP DroppedTCP| DroppedUDP| DroppedICMP
NOTICE DEBUG ERROR INFO ERROR WARNING
797 48 705 1235 648 910
572
Packetdroppedbyguestcheck Packetdroppedbywireless AdvancedIDP PacketdroppedbyWLANSSL VPNenforcementcheck PacketdroppedbyWLANVPN traversalcheck
NetworkAccess Wireless
WARNING WARNING
488 1229
Wireless
WARNING
732
Wireless
WARNING
495
Packetdropped.Nofirewallrule VPN associatedwithVPNpolicy. Packetdropped;connectionlimit forthisdestinationIPaddresshas beenreached FirewallEvent
SystemErrors
ALERT
739
SystemErrors
ALERT
647
5239
| 39
Packetdropped;connectionlimit forthissourceIPaddresshas beenreached FirewallEvent Payloadprocessingfailed PCCardinserted. PCCardremoved. PCCard:Nodevicedetected Peerfirewallhasequivalentlink status.Ineventoffailover,itwill operatewithequalcapability. Peerfirewallhasreducedlink status.Ineventoffailover,itwill operatewithlimitedcapability. Peerfirewallrebooting(%s) PeerHAfirewallhasstateful licensebutthisfirewallisnotyet registered Physicalenvironmentnormal VPNIKE FirewallHardware FirewallHardware FirewallHardware
SystemErrors NetworkDebug
ALERT ERROR ALERT ALERT ALERT
646 616 1054 1053 1056
5238 5419 5418
HighAvailability
System Maintenance
INFO
1208
HighAvailability HighAvailability
System Maintenance
INFO INFO
1207 1057
HighAvailability FirewallHardware
SystemErrors
ALERT INFO
1136 1042
5424
Physicalinterfaceutilizationis greaterthan80%ofthe maximumratedtolerance(forthe interface)formorethan10 seconds. FirewallHardware Pingofdeathdropped PKIError: PKIFailure PKIFailure:CAcertificatesstore exceeded.Cannotverifythis LocalCertificate PKIFailure:Cannotallocate memory IntrusionPrevention VPNPKI VPNPKI
Attacks System Maintenance System Maintenance System Maintenance System Maintenance
ALERT ALERT ERROR ERROR
1247 22 417 447
17001 501
VPNPKI VPNPKI
ERROR ERROR
453 449
40 |
PKIFailure:Certificate'sIDdoes notmatchthisNetworkSecurity Appliance PKIFailure:Duplicatelocal certificate PKIFailure:Duplicatelocal certificatename PKIFailure:Importfailed PKIFailure:Improperfileformat. PleaseselectPKCS#12(*.p12)file PKIFailure:Incorrectadmin password
VPNPKI VPNPKI VPNPKI VPNPKI
System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance
ERROR ERROR ERROR ERROR
455 458 457 451
VPNPKI VPNPKI
454 452 460 469
PKIFailure:Internalerror VPNPKI PKIFailure:Loadedbutcouldnot verifycertificate VPNPKI PKIFailure:Loadedthecertificate butcouldnotverifyitschain PKIFailure:NoCAcertificatesyet loaded PKIFailure:Outputbuffertoo small PKIFailure:publicprivatekey mismatch PKIFailure:Reachedthelimitfor localcertificates,cantloadany more PKIFailure:Temporarymemory shortage,tryagain PKIFailure:Thecertificatechain hasnoroot PKIFailure:Thecertificatechain iscircular PKIFailure:Thecertificatechain isincomplete PKIFailure:Thecertificateora certificateinthechainhasabad signature
VPNPKI VPNPKI VPNPKI VPNPKI
470 459 448 456
VPNPKI VPNPKI VPNPKI VPNPKI VPNPKI
ERROR ERROR ERROR ERROR ERROR
450 461 464 462 463
VPNPKI
ERROR
468
| 41
PKIFailure:Thecertificateora certificateinthechainhasa validityperiodinthefuture PKIFailure:Thecertificateora certificateinthechainhas expired PKIFailure:Thecertificateora certificateinthechainiscorrupt Pleaseconnectinterface%sto anothernetworktofunction properly Pleasemanuallycheckallsystem configurationsforcorrectnessof Upgrade PortconfiguredtoreceiveIPsec protocolONLY;droppacket receivedintheclear PossibleDNSrebindattack detected PossibleFINFloodonIF%s PossibleFINFloodonIF%s continues PossibleFINFloodonIF%shas ceased PossibleICMPFloodattack detected Possibleportscandetected PossibleRSTFloodonIF%s PossibleRSTFloodonIF%s continues PossibleRSTFloodonIF%shas ceased PossibleSYNfloodattack detected PossibleSYNflooddetectedon WANIF%sswitchingto connectionproxymode PossibleSYNFloodonIF%s
VPNPKI
System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance DroppedTCP| DroppedUDP| DroppedICMP NetworkDebug NetworkDebug NetworkDebug Attacks Attacks NetworkDebug NetworkDebug NetworkDebug Attacks
ERROR
466
VPNPKI
ERROR
465
VPNPKI
ERROR
467
FirewallEvent
INFO
570
FirewallEvent
INFO
613
NetworkAccess IntrusionPrevention IntrusionPrevention IntrusionPrevention IntrusionPrevention IntrusionPrevention IntrusionPrevention IntrusionPrevention IntrusionPrevention IntrusionPrevention IntrusionPrevention
WARNING ALERT ALERT WARNING ALERT ALERT ALERT ALERT WARNING ALERT WARNING
347 1098 905 909 907 1214 82 904 908 906 25
6465 521 503
IntrusionPrevention IntrusionPrevention
NetworkDebug NetworkDebug
ALERT ALERT
859 860
42 |
PossibleSYNFloodonIF%s continues PossibleSYNFloodonIF%shas ceased PossibleUDPFloodattack detected Powersupplywithout redundancy PPPDialUp:Connectrequest canceled PPPDialUp:Connectedat%s bpsstartingPPP PPPDialUp:Connection disconnectedasscheduled. PPPDialUp:Dialinitiatedby%s PPPDialUp:Dialednumberdid notanswer PPPDialUp:Dialednumberis busy PPPDialUp:Dialingnotallowed byschedule.%s PPPDialUp:Dialing:%s PPPDialUp:FailedtogetIP address PPPDialUp:Idletimelimit exceededdisconnecting PPPDialUp:Initialization:%s PPPDialUp:InvalidDNSIP addressreturnedfromDialUp ISP;overridingusingdialup profilesettings PPPDialUp:Linkcarrierlost
IntrusionPrevention IntrusionPrevention IntrusionPrevention FirewallHardware PPPDialUp PPPDialUp PPPDialUp PPPDialUp PPPDialUp PPPDialUp PPPDialUp PPPDialUp PPPDialUp PPPDialUp PPPDialUp
NetworkDebug NetworkDebug Attacks UserActivity UserActivity System Maintenance UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity
WARNING ALERT ALERT ERROR INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO INFO
866 867 1213 1043 306 286 666 324 285 284 665 281 298 297 303
5425
PPPDialUp PPPDialUp
System Maintenance UserActivity
INFO INFO
811 288
PPPDialUp:Manualintervention needed.CheckPrimaryProfileor Profiledetails PPPDialUp PPPDialUp:Maximum connectiontimeexceeded disconnecting PPPDialUp
UserActivity
INFO
321
UserActivity
INFO
327
| 43
PPPDialUp:Nodialtone detectedcheckphoneline connection PPPDialUp:Nolinkcarrier detectedcheckphonenumber PPPDialUp:NopeerIPaddress fromDialUpISP,localand remoteIPswillbethesame PPPDialUp:PPPlinkdown PPPDialUp:PPPlinkestablished PPPDialUp:PPPnegotiation faileddisconnecting PPPDialUp:Previoussession wasconnectedfor%s PPPDialUp:ReceivednewIP address PPPDialUp:Shuttingdownlink PPPDialUp:StartingPPP PPPDialUp:Startupwithout Ethernetcable,willtrytodialon outboundtraffic PPPDialUp:Theprofileinuse disabledVPNnetworking. PPPDialUp:Tryingtofailover butAlternateProfileismanual PPPDialUp:Tryingtofailover butPrimaryProfileismanual PPPDialUp:Unknowndialing failure PPPDialUp:Userrequested connect PPPDialUp:Userrequested disconnect
PPPDialUp
UserActivity
INFO
282
PPPDialUp
UserActivity
INFO
283
PPPDialUp PPPDialUp PPPDialUp
System Maintenance UserActivity UserActivity
INFO INFO INFO
481 301 300
PPPDialUp
UserActivity
INFO
296
PPPDialUp PPPDialUp PPPDialUp PPPDialUp
INFO INFO INFO INFO
542 299 302 1037
PPPDialUp
UserActivity System Maintenance
INFO
323
PPPDialUp
INFO
330
WANAvailability
UserActivity
INFO
434
PPPDialUp PPPDialUp PPPDialUp PPPDialUp
INFO INFO INFO INFO
322 287 305 304
44 |
PPPDialUp:VPNnetworking restored. PPPmessage:%s PPP:Authenticationsuccessful
PPPDialUp PPP PPP
System Maintenance
INFO INFO INFO
331 1018 289
PPP:CHAPauthenticationfailed checkusername/password PPP PPP:MSCHAPauthentication failedcheckusername/ password PPP PPP:PAPAuthenticationfailed checkusername/password PPP:StartingCHAP authentication PPP:StartingMSCHAP authentication PPP:StartingPAPauthentication PPPoEterminated PPPoECHAPAuthentication Failed PPPoEClient:Previoussession wasconnectedfor%s PPPoEdiscoveryprocess complete PPPoEenabledbutnotready PPPoELCPLinkDown PPPoELCPLinkUp PPPoENetworkConnected PPPoENetworkDisconnected PPPoEPAPAuthenticationFailed
INFO
291
INFO
292
PPP PPP PPP PPP PPPoE PPPoE
System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance
290 294 293 295 130 136
PPPoE PPPoE PPPoE PPPoE PPPoE PPPoE PPPoE PPPoE
738 133 499 129 128 131 132 137
| 45
PPPoEPAPAuthenticationFailed. PleaseverifyPPPoEusername andpassword PPPoEPAPAuthentication success. PPPoEpasswordchangedby Administrator PPPoEstartingCHAP Authentication PPPoEstartingPAP Authentication PPPoEusernamechangedby Administrator PPTPenabledbutnotready PPTPCHAPAuthentication Failed.PleaseverifyPPTP usernameandpassword PPTPConnectInitiatedbythe User PPTPControlConnection Established PPTPControlConnection NegotiationStarted PPTPdecodefailure PPTPDisconnectInitiatedbythe User PPTPLCPDown PPTPLCPUp PPTPMaxRetransmission Exceeded
PPPoE PPPoE Authenticated Access PPPoE PPPoE Authenticated Access PPTP
System Maintenance System Maintenance UserActivity System Maintenance System Maintenance UserActivity System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance NetworkDebug System Maintenance System Maintenance System Maintenance System Maintenance DroppedTCP| DroppedUDP| DroppedICMP System Maintenance System Maintenance System Maintenance
INFO INFO INFO INFO INFO INFO INFO
167 166 515 134 135 514 501
PPTP PPTP PPTP PPTP PPTP PPTP PPTP PPTP PPTP
INFO INFO INFO INFO DEBUG INFO INFO INFO INFO
394 390 378 375 596 388 383 387 377
PPTPpacketdropped
NetworkAccess
NOTICE INFO
39 395
PPTPPAPAuthenticationFailed PPTP PPTPPAPAuthenticationFailed. PleaseverifyPPTPusernameand password PPTP PPTPPAPAuthentication success. PPTP
INFO INFO
397 396
46 |
PPTPPPPAuthenticationFailed PPTPPPPDown PPTPPPPlinkdown PPTPPPPLinkdown PPTPPPPLinkFinished PPTPPPPLinkUp PPTPPPPNegotiationStarted PPTPPPPSessionUp PPTPServerisnotresponding, checkiftheserverisUPand running. PPTPserverrejectedcontrol connection PPTPserverrejectedthecall request PPTPSessionDisconnectfrom Remote PPTPSessionEstablished PPTPSessionNegotiationStarted PPTPstartingCHAP Authentication PPTPstartingPAPAuthentication PPTPTunnelDisconnectfrom Remote Primaryfirewallhastransitioned toActive Primaryfirewallhastransitioned toIdle Primaryfirewallpreempting Backup
PPTP PPTP PPTP PPTP PPTP PPTP PPTP PPTP
System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance SystemErrors SystemErrors
386 385 391 399 400 398 382 384
PPTP PPTP PPTP PPTP PPTP PPTP PPTP PPTP PPTP HighAvailability HighAvailability HighAvailability
INFO INFO INFO INFO INFO INFO INFO INFO INFO ALERT ALERT ERROR
444 432 433 381 380 376 392 393 379 144 146 153
614 620
| 47
Primaryfirewallrebootingitself asittransitionedfromActiveto IdlewhilePreempt Primarymissedheartbeatsfrom Backup Primaryreceivederrorsignal fromBackup Primaryreceivedheartbeatfrom wrongsource Primaryreceivedrebootsignal fromBackup PrimaryWANlinkdown,Backup goingActive PrimaryWANlinkdown,Primary goingIdle PrimaryWANlinkup,preempting Backup Priorityattackdropped Probableportscandetected ProbableTCPFINscandetected
HighAvailability HighAvailability HighAvailability HighAvailability HighAvailability HighAvailability HighAvailability HighAvailability IntrusionPrevention IntrusionPrevention IntrusionPrevention
SystemErrors SystemErrors System Maintenance SystemErrors SystemErrors System Maintenance System Maintenance Attacks Attacks Attacks Attacks Attacks SystemErrors SystemErrors
INFO ERROR ERROR INFO ERROR ERROR INFO INFO ALERT ALERT ALERT ALERT ALERT DEBUG DEBUG ALERT ALERT
1058 148 150 160 671 220 218 221 79 83 177 179 178 1132 1131 326 436
615 617 665 634 518 522 528 530 529 637 638
ProbableTCPNULLscandetected IntrusionPrevention ProbableTCPXMASscan detected IntrusionPrevention ProbeResponseFailure%s ProbeResponseSuccess%s Probingfailureon%s Probingsucceededon%s ProblemloadingtheURLList; Appliancenotregistered. ProblemloadingtheURLList; checkFiltersettings ProblemloadingtheURLList; checkyourDNSserver AntiSpamService AntiSpamService WANAvailability WANAvailability
SecurityServices SecurityServices SecurityServices
SystemErrors SystemErrors SystemErrors
ERROR ERROR ERROR
183 10 11
623 602 603
48 |
ProblemloadingtheURLList; Flashwritefailure. ProblemloadingtheURLList; Retryinglater. ProblemloadingtheURLList; Subscriptionexpired. ProblemloadingtheURLList;Try loadingitagain. Problemoccurredduringuser groupmembershipretrieval Problemsendinglogemail;check logsettings ProcessedEmailreceivedfrom EmailSecurityService Productmaximumentries reached%s RADIUSusercannotuseOne TimePasswordnomailaddress setforequivalentlocaluser RBLDNSserverrespondedwith errorcode%s ReadonlymodeGUI administrationsessionstarted Realtimeclockbatteryfailure Timevaluesmaybeincorrect ReceivedapathMTUICMP messagefromrouter/gateway ReceivedapathMTUICMP messagefromrouter/gateway ReceivedApplicationFirewall Alert:YourApplicationFirewall (ApplicationFirewall) subscriptionhasexpired. ReceivedAlert:YourFirewall BotnetFiltersubscriptionhas expired.
SecurityServices SecurityServices SecurityServices SecurityServices Authenticated Access FirewallLogging AntiSpamService FirewallEvent
SystemErrors SystemErrors SystemErrors SystemErrors
187 186 184 185
627 626 624 625
UserActivity SystemErrors
WARNING WARNING INFO WARNING
1033 12 1096 1196
604 13814
Authenticated Access SecurityServices Authenticated Access
UserActivity
INFO DEBUG
1119 1239
UserActivity
INFO
996
FirewallHardware
SystemErrors
WARNING
539
644
Network
UserActivity
INFO
182
Network
UserActivity
INFO
188
SecurityServices
System Maintenance
WARNING
1034
8635
SecurityServices
WARNING
1195
| 49
ReceivedAlert:YourFirewall VisualizationControlsubscription hasexpired. SecurityServices ReceivedAVAlert:%s SecurityServices
System Maintenance
WARNING WARNING
1159 125
524
ReceivedAVAlert:YourNetwork AntiVirussubscriptionhas expired.%s SecurityServices ReceivedAVAlert:YourNetwork AntiVirussubscriptionwillexpire in7days.%s SecurityServices ReceivedBlacklistedDirective from%s SecurityServices ReceivedCFSAlert:YourContent Filteringsubscriptionhas expired. SecurityServices ReceivedCFSAlert:YourContent Filteringsubscriptionwillexpire in7days. SecurityServices ReceivedDHCPofferpackethas errors DHCPClient ReceivedEMailFilterAlert:Your EMailFilteringsubscriptionhas expired. SecurityServices ReceivedEMailFilterAlert:Your EMailFilteringsubscriptionwill expirein7days. SecurityServices Receivedfragmentedpacketor fragmentationneeded
System Maintenance
WARNING
159
526
System Maintenance System Maintenance
WARNING DEBUG
482 1236
552
WARNING
490
563
System Maintenance System Maintenance System Maintenance
WARNING INFO
489 588
562
WARNING
492
565
System Maintenance
WARNING
491
564
Network
NetworkDebug UserActivity System Maintenance UserActivity NetworkDebug| DroppedUDP
DEBUG INFO
63 413
ReceivedIKESAdeleterequest VPNIKE ReceivedIPSAlert:YourIntrusion Prevention(IDP)subscriptionhas expired. SecurityServices ReceivedIPsecSAdeleterequest ReceivedISAKMPpacket destinedtoport%s VPNIKE VPNIKE
WARNING INFO INFO
614 412 607
571
50 |
ReceivedLCPEchoReply ReceivedLCPEchoRequest Receivednotify. NO_PROPOSAL_CHOSEN Receivednotify: INVALID_COOKIES Receivednotify: INVALID_ID_INFO Receivednotify: INVALID_PAYLOAD Receivednotify:INVALID_SPI Receivednotify: ISAKMP_AUTH_FAILED Receivednotify: PAYLOAD_MALFORMED Receivednotify: RESPONDER_LIFETIME Receivedpacketretransmission. Dropduplicatepacket ReceivedPPPoEActiveDiscovery Offer ReceivedPPPoEActiveDiscovery Session_confirmation Receivedresponsepacketfor DHCPrequesthaserrors ReceivedunauthenticatedGRID response Receivedunencryptedpacketin cryptoactivestate Regulatoryrequirementsprohibit %sfrombeingredialedfor30 minutes ReleasedIPaddress%s RemoteWANAcceleration devicestartedrespondingto probes
PPPoE PPPoE VPNIKE VPNIKE VPNIPSec VPNIKE VPNIKE VPNIKE VPNIKE VPNIKE
System Maintenance System Maintenance UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity
INFO INFO WARNING INFO WARNING ERROR INFO WARNING WARNING INFO
723 721 401 414 483 661 416 409 411 415
VPNIKE PPPoE
UserActivity System Maintenance System Maintenance System Maintenance UserActivity
WARNING INFO
406 593
PPPoE DHCPClient AntiSpamService VPNIKE
INFO INFO DEBUG WARNING
594 589 1138 605
PPPDialUp DHCPServer
Attacks
ERROR INFO
592 1111
567
WANAcceleration
ALERT
1175
16006
| 51
RemoteWANAcceleration devicestoppedrespondingto probes RemotelyTriggeredDialout sessionended.ValidWANbound datafound.Normaldialup sequencewillcommence RemotelyTriggeredDialout sessionstarted.Requesting authentication Removedamemberfroman LDAPmirrorusergroup Removedhostentryfrom dynamicaddressobject RequestforRelayIPTablefrom CentralGateway RequestingCRLfrom RequestingRelayIPTablefrom RemoteGateway
WANAcceleration
ALERT
1174
16005
Authenticated Access Authenticated Access Remote Authentication DynamicAddress Objects DHCPRelay VPNPKI DHCPRelay
UserActivity
INFO
822
UserActivity UserActivity System Maintenance System Maintenance UserActivity System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance
INFO INFO INFO INFO INFO INFO DEBUG ALERT
818 1193 912 230 269 231 1146 1199
ResolvedESCloud%s AntiSpamService Responderfromcountryblocked: %s Geolocation RestartingNetworkSecurity Appliance;dumpinglogtoemail RetransmittingDHCPDISCOVER. RetransmittingDHCPREQUEST (Rebinding). RetransmittingDHCPREQUEST (Rebooting). RetransmittingDHCPREQUEST (Renewing). RetransmittingDHCPREQUEST (Requesting). RetransmittingDHCPREQUEST (Verifying). RIPBroadcastsforLANNetwork %sarebeingbroadcastover dialupconnection
FirewallEvent DHCPClient DHCPClient DHCPClient DHCPClient DHCPClient DHCPClient
13 99 102 103 101 100 104
RIP
System Maintenance
INFO
571
8413
52 |
RIPdisabledonDMZinterface RIPdisabledoninterface%s RIPdisabledonWANinterface Ripperattackdropped RIPv1enabledonDMZinterface RIPv1enabledoninterface%s RIPv1enabledonWANinterface RIPv2compatibility(broadcast) modeenabledonDMZinterface RIPv2compatibility(broadcast) modeenabledoninterface%s RIPv2compatibility(broadcast) modeenabledonWANinterface RIPv2enabledonDMZinterface RIPv2enabledoninterface%s RIPv2enabledonWANinterface RouterIGMPGeneralquery receivedoninterface%s RouterIGMPMembershipquery receivedoninterface%s RSTFloodBlacklistonIF%s continues RSTFloodingmachine%s blacklisted SAisdisabled.CheckVPNSA settings SCEPClient:%s SendingDHCPDISCOVER.
RIP RIP RIP IntrusionPrevention RIP RIP RIP
System Maintenance System Maintenance System Maintenance Attacks System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance
INFO INFO INFO ALERT INFO INFO INFO
423 419 552 76 424 420 553
8405 8401 8409 515 8406 8402 8410
RIP
INFO
426
8408
RIP
INFO
422
8404
RIP RIP RIP RIP Multicast
INFO INFO INFO INFO DEBUG
555 425 421 554 680
8412 8407 8403 8411
Multicast IntrusionPrevention IntrusionPrevention VPNIKE VPNPKI DHCPClient
NetworkDebug NetworkDebug UserActivity System Maintenance
DEBUG WARNING ALERT INFO NOTICE INFO
681 899 898 407 1097 105
| 53
SendingDHCPRELEASE. SendingDHCPREQUEST (Rebinding). SendingDHCPREQUEST (Rebooting). SendingDHCPREQUEST (Renewing). SendingDHCPREQUEST (Verifying). SendingDHCPREQUEST. SendingLCPEchoReply SendingLCPEchoRequest SendingPPPoEActiveDiscovery Request SennaSpyattackdropped SentRelayIPTabletoCentral Gateway SettingsImport:%s SIPRegisterexpirationexceeds configuredSignalinginactivity timeout SIPRequest SIPResponse SMTPauthenticationproblem:%s SMTPconnectionlimitis reached.Connectionisdropped. SMTPPOPBeforeSMTP authenticationfailed SMTPserverfoundonRBL blacklist SMTPserverfoundonRejectList SmurfAmplificationattack dropped
DHCPClient DHCPClient DHCPClient DHCPClient DHCPClient DHCPClient PPPoE PPPoE PPPoE IntrusionPrevention DHCPRelay FirewallEvent
System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance System Maintenance Attacks System Maintenance ExpandedVoIP Activity ExpandedVoIP Activity ExpandedVoIP Activity SystemErrors
INFO INFO INFO INFO INFO INFO INFO INFO INFO ALERT INFO INFO
122 116 117 115 118 108 722 720 595 78 232 1049
517
VoIP VoIP VoIP FirewallLogging
WARNING DEBUG DEBUG WARNING
645 643 644 737
AntiSpamService FirewallLogging RBL AntiSpamService IntrusionPrevention
SystemErrors Attacks
WARNING WARNING NOTICE NOTICE ALERT
1087 656 799 1093 81
13806 13811 520
54 |
SNMPPacketDropped SonicPointassociationposted successfullytoLicenseManager
Unused
INFO
1225
FirewallEvent
INFO
1266
SonicPointassociationrequestto LicenseManagerfailed:%s FirewallEvent SonicPointProvision SonicPoint
Expanded SonicPointActivity
WARNING INFO
1265 727
SonicPointstatisticsreport SonicPointStatus SonicPointNProvision SonicPointNStatus SourceIPaddressconnection status:%s SourceroutedIPpacketdropped Spankattackmulticastpacket dropped SSLControl:Certificatechainnot complete SSLControl:Certificatewith invaliddate
GMS SonicPoint SonicPointN SonicPointN FirewallEvent IntrusionPrevention IntrusionPrevention NetworkAccess NetworkAccess
Expanded SonicPointActivity NetworkDebug Attacks BlockedWebSites BlockedWebSites
INFO INFO INFO INFO INFO WARNING ALERT INFO INFO
806 667 1078 1077 734 428 606 1006 1002
568
SSLControl:CertificatewithMD5 DigestSignatureAlgorithm NetworkAccess SSLControl:Failedtodecode NetworkAccess ServerHello SSLControl:HTTPSviaSSL2 SSLControl:Selfsigned certificate SSLControl:UntrustedCA SSLControl:Weakcipherbeing used SSLControl:Websitefoundin blacklist NetworkAccess NetworkAccess NetworkAccess NetworkAccess NetworkAccess
BlockedWebSites BlockedWebSites BlockedWebSites BlockedWebSites BlockedWebSites BlockedWebSites BlockedWebSites
1081 1007 1001 1003 1005 1004 999
| 55
SSLControl:Websitefoundin whitelist SSLVPNenforcement
NetworkAccess Wireless
BlockedWebSites System Maintenance
INFO INFO
1000 733
SSLVPN Authenticated Access SSOAgent SSOagentisdown Authentication SSOAgent SSOagentisup Authentication SSOAgent SSOagentreturnederror Authentication SSOreturnedadomainname SSOAgent thatistoolong Authentication SSOreturnedausernamethatis SSOAgent toolong Authentication StartingIKEnegotiation StartingPPPoEdiscovery Status Strikerattackdropped SubSevenattackdropped Succeedinupdatingtimefrom NTPserver SuccesstoreachInterface%s probe Successfulauthentication receivedforRemotelyTriggered Dialout Successfullysent%sfileto remotebackupserver SuccessfullysentPreferencefile toremotebackupserver VPNIKE PPPoE GMS IntrusionPrevention IntrusionPrevention System HighAvailability Authenticated Access FirewallEvent
SSLVPNTraffic SSLVPNzoneremoteuserlogin allowed
Syslogonlyfor trafficreporting UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity System Maintenance System Maintenance Attacks Attacks SystemErrors
INFO INFO ALERT ALERT WARNING WARNING WARNING INFO INFO EMERGENCY ALERT ALERT NOTICE INFO
1153 1080 1075 1076 1073 993 992 90 127 96 77 75 1231 674
516 514
UserActivity System Maintenance System Maintenance
INFO INFO
820 1065
FirewallEvent
INFO
1061
56 |
SuccessfullysentTSRfileto remotebackupserver SuspectedBotnetinitiator blocked:%s SuspectedBotnetresponder blocked:%s SYNFloodBlacklistonIF%s continues SYNFloodblacklistingdisabledby user SYNFloodblacklistingenabledby user
FirewallEvent BotnetBlocking BotnetBlocking IntrusionPrevention IntrusionPrevention IntrusionPrevention
System Maintenance NetworkDebug NetworkDebug NetworkDebug
INFO ALERT ALERT WARNING WARNING WARNING
1063 1200 1201 868 863 862
SYNfloodceasedorflooding machinesblacklisted connectionproxydisabled IntrusionPrevention SYNFloodModechangedbyuser to:AlwaysproxyWAN connections IntrusionPrevention SYNFloodModechangedbyuser to:WatchandproxyWAN connectionswhenunderattack SYNFloodModechangedbyuser to:Watchandreportpossible SYNfloods SynchronizingpreferencestoHA PeerFirewall SYNFloodingmachine%s blacklisted SyslogServercannotbereached Systemclockmanuallyupdated Systemshutdownby administrator.Powercycle required. TCPchecksumerror;packet dropped TCPconnectionabortreceived; TCPconnectiondropped TCPconnectiondropped
NetworkDebug
ALERT
861
NetworkDebug
WARNING
858
IntrusionPrevention
NetworkDebug
WARNING
857
IntrusionPrevention HighAvailability IntrusionPrevention Network FirewallLogging
NetworkDebug System Maintenance NetworkDebug System Maintenance
WARNING INFO ALERT INFO NOTICE
856 673 864 657 881
FirewallEvent NetworkAccess
DroppedTCP
ALERT NOTICE
1067 884
5242
Network NetworkAccess
NetworkDebug DroppedTCP
DEBUG NOTICE
713 36
| 57
TCPconnectionfromLANdenied TCPconnectionrejectreceived; TCPconnectiondropped TCPFINpacketdropped TCPhandshakeviolation detected;TCPconnection dropped TCPpacketreceivedonaclosing connection;TCPpacketdropped TCPpacketreceivedonnon existent/closedconnection;TCP packetdropped TCPpacketreceivedwithinvalid ACKnumber;TCPpacket dropped TCPpacketreceivedwithinvalid headerlength;TCPpacket dropped TCPpacketreceivedwithinvalid MSSoptionlength;TCPpacket dropped TCPpacketreceivedwithinvalid optionlength;TCPpacket dropped TCPpacketreceivedwithinvalid SACKoptionlength;TCPpacket dropped TCPpacketreceivedwithinvalid SEQnumber;TCPpacket dropped TCPpacketreceivedwithinvalid sourceport;TCPpacketdropped TCPpacketreceivedwithinvalid SYNFloodcookie;TCPpacket dropped
NetworkAccess
DroppedLANTCP
NOTICE
173
Network Network
DEBUG DEBUG
712 181
NetworkAccess
NOTICE
760
Network
NetworkDebug
DEBUG
891
Network
NetworkDebug
DEBUG
888
Network
NetworkDebug
DEBUG
709
Network
NetworkDebug
DEBUG
887
Network
NetworkDebug
DEBUG
894
Network
NetworkDebug
DEBUG
895
Network
NetworkDebug
DEBUG
893
Network
NetworkDebug
DEBUG
708
Network
NetworkDebug
DEBUG
896
Network
NetworkDebug
INFO
897
TCPpacketreceivedwithinvalid WindowScaleoptionlength;TCP packetdropped Network
NetworkDebug
DEBUG
1030
58 |
TCPpacketreceivedwithinvalid WindowScaleoptionvalue;TCP packetdropped TCPpacketreceivedwithnon permittedoption;TCPpacket dropped TCPpacketreceivedwithSYN flagonanexistingconnection; TCPpacketdropped TCPpacketreceivedwithout mandatoryACKflag;TCPpacket dropped TCPpacketreceivedwithout mandatorySYNflag;TCPpacket dropped TCPstatefulinspection:Bad header;TCPpacketdropped TCPstatefulinspection:Invalid flag;TCPpacketdropped TCPSYNreceived TCPSyn/Finpacketdropped TCPXmasTreedropped TerminalServicesagentisdown TerminalServicesagentisup Thecacheisfull;%uopen connections;somewillbe dropped
Network
NetworkDebug
DEBUG
1031
Network
NetworkDebug
DEBUG
1029
Network
NetworkDebug
INFO
892
Network
NetworkDebug
DEBUG
890
Network Network
DEBUG DEBUG
889 711
Network IntrusionPrevention NetworkAccess IntrusionPrevention SSOAgent Authentication SSOAgent Authentication
NetworkDebug NetworkDebug Attacks Attacks UserActivity UserActivity
INFO DEBUG ALERT ALERT ALERT ALERT
710 869 580 267 1150 1151
558 547
FirewallEvent
SystemErrors
ERROR
53
607
ThecurrentWANinterfaceisnot readytoroutepackets. FirewallEvent TheHighAvailabilitymonitoring IPconfigurationofInterface%sis incorrect. HighAvailability TheloadedcontentURLListhas expired. SecurityServices
SystemErrors
ERROR
325
635
SystemErrors
ERROR ERROR
1126 190
628
| 59
Thenetworkconnectioninuseis %s WANAvailability Thepreferencesfileistoolarge tobesavedinavailableflash memory FirewallEvent ThestatefullicenseofHApeer firewallisnotactivated ThermalRed ThermalRedTimerExceeded ThermalYellow Timeofdaysettingsforfirewall policieswerenotupgraded. ToomanygratuitousARPs detected Totalfirewallthroughputis greaterthan50%ofthe maximumratedtolerancefor morethan10seconds. UDPchecksumerror;packet dropped UDPpacketdropped
SystemErrors
WARNING
307
639
SystemErrors
WARNING
573
649
HighAvailability FirewallHardware FirewallHardware FirewallHardware
SystemErrors System Environment System Environment System Environment System Maintenance
ALERT ALERT ALERT ALERT
1137 578 579 577
104 105 103
FirewallEvent Network
INFO WARNING
742 815
FirewallHardware NetworkAccess NetworkAccess
DroppedUDP
ALERT NOTICE
1251 885 37
17005
UDPpacketfromLANdropped Unabletoresolvedynamic addressobject Unabletosendmessagetodial uptask
NetworkAccess DynamicAddress Objects PPPDialUp
DroppedUDP NOTICE DroppedLANUDP |DroppedLAN TCP NOTICE System Maintenance INFO SystemErrors ERROR
174 880 1024
Unhandledlinklocalormulticast IPv6packetdropped Multicast UnknownIPsecSPI VPNIPSec Unknownprotocoldropped Unknownreason NetworkAccess VPNPKI
Attacks NetworkDebug UserActivity
ALERT ERROR NOTICE ERROR
1233 66 41 275
507
Unprocessedemailreceivedfrom MTAonInboundSMTPport AntiSpamService
INFO
1095
13813
60 |
AntiSpamService Authenticated Access Authenticated Access Authenticated Userloggedout Access Userloggedoutinactivitytimer Authenticated expired Access Userloggedoutlogoutdetected Authenticated bySSO Access Userloggedoutlogoutreported byTerminalServicesagent Userloggedoutmaxsession timeexceeded Userloggedoutuserdisconnect detected(heartbeattimer expired) Userlogindeniedinsufficient accessonLDAPserver Userlogindeniedinvalid credentialsonLDAPserver UserlogindeniedLDAP authenticationfailure UserlogindeniedLDAP communicationproblem UserlogindeniedLDAP directorymismatch UserlogindeniedLDAPschema mismatch UserlogindeniedLDAPserver certificatenotvalid UserlogindeniedLDAPserver downormisconfigured UserlogindeniedLDAPserver nameresolutionfailed UserlogindeniedLDAPserver timeout Authenticated Access Authenticated Access Authenticated Access Remote Authentication Remote Authentication Remote Authentication Remote Authentication Remote Authentication Remote Authentication Remote Authentication Remote Authentication Remote Authentication Remote Authentication
UpdatedESCloudAddress%s Useraccount'%s'expiredand disabled Useraccount'%s'expiredand pruned
DEBUG INFO INFO INFO INFO INFO
1147 1157 1158 263 265 1008
INFO INFO
1124 264
UserActivity
INFO
24
UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity UserActivity
WARNING WARNING INFO WARNING WARNING WARNING WARNING
750 749 745 748 757 751 755
UserActivity
WARNING
747
WARNING WARNING
753 746
| 61
UserlogindeniedMail Address(From/to)orSMTP Serverisnotconfigured UserlogindeniedNoname receivedfromTerminalServices agent Userlogindeniednotallowed bypolicyrule Userlogindeniednotfound locally Userlogindeniedpassword doesn'tmeetconstraints Userlogindeniedpassword expired UserlogindeniedRADIUS authenticationfailure UserlogindeniedRADIUS communicationproblem UserlogindeniedRADIUS configurationerror UserlogindeniedRADIUS servernameresolutionfailed UserlogindeniedRADIUS servertimeout UserlogindeniedSSOagent communicationproblem UserlogindeniedSSOagent configurationerror UserlogindeniedSSOagent nameresolutionfailed UserlogindeniedSSOagent timeout UserlogindeniedSSOprobe failed UserlogindeniedTerminal Servicesagentcommunication problem UserlogindeniedTerminal Servicesagentnameresolution failed
Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Remote Authentication Remote Authentication Remote Authentication Remote Authentication Remote Authentication Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access
UserActivity
INFO
1118
WARNING INFO INFO
1122 986 987
INFO INFO INFO WARNING WARNING
1048 1035 243 744 245
WARNING WARNING
754 244
WARNING WARNING
990 989
WARNING WARNING WARNING
991 988 1117
UserActivity
WARNING
1123
UserActivity
WARNING
1121
62 |
UserlogindeniedTerminal Servicesagenttimeout UserlogindeniedTLSorlocal certificateproblem Userlogindenieduseralready loggedin UserlogindeniedUserhasno privilegesforguestservice UserlogindeniedUserhasno privilegesforloginfromthat location Userlogindeniedduetobad credentials Userlogindeniedduetobad credentials Userlogindisabledfrom%s UserloginFailedAnerrorhas occurredwhilesendingyourone timepassword UserloginfailedGuestservice limitreached Userloginfailurerateexceeded loginsfromuserIPaddress denied Userloginfromaninternalzone allowed UsingLDAPwithoutTLShighly insecure VirtualAccessPointisdisabled VirtualAccessPointisenabled
Authenticated Access Remote Authentication Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Authenticated Access Remote Authentication SonicPoint SonicPoint
WARNING WARNING INFO
1120 756 759
UserActivity
INFO
486
UserActivity UserActivity UserActivity Attacks
INFO INFO INFO ERROR
246 32 33 583
559
INFO INFO
1243 549
Attacks UserActivity SystemErrors 802.11 Management 802.11 Management ExpandedVoIP Activity ExpandedVoIP Activity ExpandedVoIP Activity ExpandedVoIP Activity
ERROR INFO ALERT INFO INFO DEBUG
329 31 1010 731 730 637
561
VoIP%sEndpointadded VoIP VoIP%sEndpointnotadded configured'public'endpointlimit reached VoIP VoIP%sEndpointremoved VoIPCallConnected VoIP VoIP
WARNING DEBUG INFO
639 638 622
| 63
VoIPCallDisconnected VoltagesOutofTolerance VPNCleanup:Dynamicnetwork settingschange VPNClientPolicyProvisioning VPNdisabledbyadministrator VPNenabledbyadministrator VPNLogDebug VPNPolicyAdded VPNpolicycountreceived exceedsthelimit;%s VPNPolicyDeleted VPNPolicyModified VPNTCPFIN VPNTCPPSH VPNTCPSYN VPNzoneadministratorlogin allowed VPNzoneremoteuserlogin allowed WANAccelerationdevice%s found WANAccelerationdevice%sis beingused WANAccelerationdevice%sis nolongerbeingused WANAccelerationdevice%sis nolongeroperational WANAccelerationdevice%sis operational WANDHCPCIPChanged
VoIP FirewallHardware VPN VPNClient Authenticated Access Authenticated Access VPNIKE VPN VPN VPN VPN VPN VPN VPN Authenticated Access Authenticated Access WANAcceleration WANAcceleration WANAcceleration WANAcceleration WANAcceleration FirewallEvent
ExpandedVoIP Activity System Environment UserActivity UserActivity System Maintenance System Maintenance NetworkDebug SystemErrors SyslogOnlyVPN Statistics SyslogOnlyVPN Statistics SyslogOnlyVPN Statistics UserActivity UserActivity SystemErrors
INFO ERROR INFO INFO INFO INFO INFO INFO ERROR INFO INFO INFO INFO INFO INFO INFO INFO ALERT ALERT ALERT ALERT WARNING
623 575 471 371 506 507 172 1050 719 1051 1052 195 196 194 235 237 1169 1172 1173 1171 1170 1129
101 16003 16004 16002 16001
64 |
WANInterfacenotsetup WanIPChanged
FirewallEvent FirewallEvent
System Maintenance SystemErrors
INFO WARNING
498 138
636
WANnodeexceeded: Connectiondroppedbecausetoo manyIPaddressesareinuseon yourLAN FirewallEvent WANnotready WANzoneadministratorlogin allowed WANzoneremoteuserlogin allowed FirewallEvent Authenticated Access Authenticated Access
SystemErrors System Maintenance UserActivity UserActivity
ERROR INFO INFO INFO
812 502 236 238
WARNING:CentralGatewaydoes nothaveaRelayIPAddress. DHCPmessagedropped. DHCPRelay WARNING:DHCPleaserelayed fromCentralGatewayconflicts withIPinStaticDeviceslist Webaccessrequestdropped Webmanagementrequest allowed Websiteaccessallowed Websiteaccessdenied WiFiSecEnforcementdisabledby administrator WiFiSecEnforcementenabledby administrator WirelessMACFilterListdisabled byadministrator WirelessMACFilterListenabled byadministrator WLANclientnullprobing WLANDHCPCIPChanged WLANdisabledbyadministrator
System Maintenance
INFO
472
DHCPRelay NetworkAccess NetworkAccess NetworkAccess NetworkAccess Authenticated Access Authenticated Access Authenticated Access Authenticated Access WLANIDS FirewallEvent Authenticated Access
System Maintenance DroppedTCP UserActivity BlockedWebSites BlockedWebSites System Maintenance System Maintenance System Maintenance System Maintenance ExpandedWLAN IDSActivity SystemErrors System Maintenance
INFO NOTICE NOTICE NOTICE ERROR INFO INFO INFO INFO WARNING WARNING INFO
227 524 526 16 14 510 511 513 512 615 1130 508
703 701 904
| 65
WLANdisabledbyschedule WLANenabledbyadministrator WLANenabledbyschedule WLANfirmwareimagehasbeen updated
Authenticated Access Authenticated Access Authenticated Access Wireless
System Maintenance System Maintenance System Maintenance System Maintenance
INFO INFO INFO INFO
728 509 729 487
WLANHTTPtrafficnotbeingsent toWXAWebCache;zoneconflict. WANAcceleration WLANmaxconcurrentusers reachedalready NetworkAccess WLANnotinAPmode,DHCP serverwillnotprovideleaseto clientsonWLAN WLANradiofrequencythreat detected WLANReboot WLANrecovery WLANsequencenumberoutof order. WLBFailbackinitiatedby%s. WLBFailoverinprogress. WLBResourcefailed. WLBResourceisnowavailable. WLBSpilloverstarted, configuredthresholdexceeded. WLBSpilloverstopped. WPAMICFailure. WPARADIUSServerTimeout. XAUTHFailedwithVPNclient, Authenticationfailure.
INFO INFO
1264 726
Wireless RFMonitoring FirewallHardware Wireless WLANIDS WANAvailability WANAvailability WANAvailability WANAvailability
System Maintenance SystemErrors System Maintenance ExpandedWLAN IDSActivity SystemErrors SystemErrors SystemErrors SystemErrors System Maintenance System Maintenance 802.11 Management 802.11 Management
INFO WARNING ERROR INFO WARNING ALERT ALERT ALERT ALERT
617 879 517 519 547 435 584 586 585
642 902 652 651 654 653
WANAvailability WANAvailability Wireless Wireless
WARNING WARNING WARNING INFO
581 582 663 664
VPNClient
UserActivity
ERROR
140
66 |
XAUTHFailedwithVPNclient, CannotContactRADIUSServer. XAUTHSucceededwithVPN client. YourWANAccelerationService subscriptionhasexpired. YourActive/ActiveClustering subscriptionhasexpired. YourAntiSpamService subscriptionhasexpired. YouTubeforschoolenforced.
VPNClient VPNClient
INFO INFO
141 139
WANAcceleration
ALERT
1176
16007
HighAvailability AntiSpamService NetworkAccess
WARNING WARNING DEBUG
1149 1086 1262
13805
Log > Syslog

In addition to the standard event log, the Dell SonicWALL security appliance can send a detailed log to an external Syslog server. The Dell SonicWALL Syslog captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. Syslog Analyzers such as Dell SonicWALL ViewPoint, Analyzer, or WebTrends Firewall Suite can be used to sort, analyze, and graph the Syslog data. For more information on configuring the Log > Syslog page, refer to the SonicOS Administrators Guide.
| 67
Index of Syslog Tag Field Descriptions

This section provides an alphabetical listing of Syslog tags and the associated field description. For more information about the pri Syslog Tag, see Table 3: Priority Leve on page 83. The value here is taken from the Priority Level column of the Index of Log Event Messages on page 2. For more information about the c Syslog Tag, see Legacy Category on page 79. Note that the following table also includes Syslog information for ArcSight, which is supported on SonicOS 5.9.
Tag
Tags for ArcSight (5.9.0 only)
Field
Description
Versions
<ddd>
Syslog message prefix
The beginning of each syslog message has a string of the form <ddd> where ddd is a decimal number indicating facility and priority of the message Displays the Application Filter Policy ID
5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1
af_polid
Application Filter
af_policy
Application Filter
Displays the Application Policy name
af_type
Application Filter
Displays the Application Policy type such as:

SMTP Client Request HTTP Client Request HTTP Server Response FTP Client Request FTP Client Upload File FTP Client Download File POP3 Client Request POP3 Server Response FTP Data Transfer IPS Content App Control Content Custom Policy Type CFS
af_service
Application Filter
Displays the Application Policy service name
5.8.1 5.9.0 6.0.1 6.1
68 |
af_action
Application Filter
Displays the Application Policy action such as:

HTTP Block Page HTTP Redirect, Bandwidth Management Disable E-Mail Attachment FTP Notification Reply Reset/Drop Block SMTP E-Mail Bypass DPI CFS Block Page Packet Monitor
5.8.1 5.9.0 6.0.1 6.1
Af_object
Application policy object name
Displays the custom Application Policy object name
5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1
ai
Active Interface via GMS heartbeat
Displays the Active WAN Interface. Normally it is Primary WAN but in a failover, it displays the value of the failover default outbound WAN interface, if theres more than one WAN. When there is only one WAN interface, it is always Primary WAN regardless of the link state Indicates the application for the applied syslog. Only displays when Flow Reporting is enabled Display the application category when Application Control is enabled Display the application ID when Application Control is enabled
app
app
Numeric application ID Application Control
5.8.1 5.9.0 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1
appcat
appcat
appid
appid
Application ID
arg
arg
URL
Used to render a URL: arg represents the URL path name part Displays the broadcast packets received
bcastRx
bcastRx
Interface statistics report
| 69
bcastTx
bcastTx
Interface statistics report Interface statistics report Interface statistics report Message category (legacy only)
Displays the broadcast packets transmitted
5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1
bytesRx
bytesRx
Displays the bytes received
bytesTx
bytesTx
Displays the bytes transmitted
cat
Indicates the legacy category number (Note: We are not currently sending new category information.) Applicable only when CFS is enabled, indicates the category of the blocked content such as Gambling. This works in conjunction with code Blocking code. Indicates the category id of the rule Displays the connection duration Displays the basename of the firewall web page that performed the last configuration change Indicates the CFS block code category
category
category
Blocking code description
catid
Rule category cn3Label SWGMSchan geUrl Connection Duration Configuration change webpage Blocking code
5.9.0 6.0.1 6.1 5.9.0 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.9.0 6.1 5.8.1 5.9.0 6.0.1 6.1
cdur change
code
reason
icmpCode conns
cn2
ICMP type and code Firewall status report via GMS heartbeat
Indicates the ICMP code Indicates the number of connections in use
70 |
contentObjec t cs4 deviceInboun dInterface deviceInboun dInterface dpt dnpt dst dst
Firewall
Indicates rule name
5.9.0 6.0.1 6.1 5.9.0 5.9.0 5.9.0 5.9.0 5.9.0 5.8.1 5.9.0 6.0.1 6.1 5.9.0 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.1 5.8.1 5.9.0 6.0.1 6.1
Interface Statistics Interface Interface Port NATed Port Destination
Display interface statistics Indicates interface on which the packet leaves the device Indicates interface on which the packet enters the device Display destination port Display NATed destination port Destination IP address, and optionally, port, network interface, and resolved name. Destination IPv6 address, and optionally, port, network interface, and resolved name. Displays the URL of web site hit and other legacy destination strings such as the URL of the host Indicates the duration in units of seconds that a session is connected Displays the HA and dialup connection state (rendered as h.d where h is n (not enabled), b (backup), or p (primary) and d is 1 (enabled) or 0 (disabled)) Indicates the flow type when Flow Reporting is disabled Indicates the WAN IP Address
dstV6
dst
Destination
dstname
dst
URL
dur
request
Numeric, session duration in seconds Firewall status report via GMS heartbeat
dyn
cs6Label
flowType
Numeric flow type Firewall WAN IP
5.8.1 5.9.0 6.1 5.8.1 5.9.0 6.0.1 6.1
fw
| 71
fwlan
Firewall status report via GMS heartbeat gcat goodRxBytes Group category SonicPoint statistics report SonicPoint statistics report Firewall status report via GMS heartbeat WebTrends prefix
Indicates the LAN zone IP address
5.8.1 5.9.0 6.0.1 6.1 5.9.0 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1
gcat goodRxBytes
Display event group category when using Enhanced Syslog Indicates the well formed bytes received
goodTxBytes
goodTxBytes
Indicates the well formed bytes transmitted
Displays the GMS message interval in seconds
id=firewall
Syntactic sugar for WebTrends (and GMS by habit)
if
if
Interface statistics report IPS message
Displays the interface on which statistics are reported
ipscat
ipscat
Displays the IPS category
ipspri
ipspri
IPS message
Displays the IPS priority
lic
Firewall status report via GMS heartbeat Message ID
Indicates the number of licenses for firewalls with limited modes
Provides the message ID number
72 |
mac
smac or dmac
MAC address
Provides the source or destination MAC address
5.8.1 5.9.0 6.0.1 6.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1
mailFrom
Email sender
Originator of the email
msg
msg
Message
Displays the message which is composed of either or both a predefined message and a dynamic message containing a string %s or numeric %d argument Indicates the number of times event occurs
cnt
Message count
5.8.1 5.9.0 6.0.1 6.1 5.9.0
natDst
cs2Label
NAT destination IP NAT destination IPv6 NAT source IP NAT source IPv6 Additional Information
Displays the NATed destination IP address
natDstV6
cs2Label
Displays the NATed destination IPv6 address
5.9.0
natSrc
cs1Label
Displays the NATed source IP address Displays the NATed source IPv6 address Additional information that is application-dependent
5.9.0
natSrcV6
cs1Label
5.9.0
note
cs6
5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1
npcs
cs5
URL
Applicable only when Network Packet Capture System (NPCS Solera) is enabled, displays URL of an NPCS object Displays the HTTP operation (GET, POST, etc.) of web site hit
op
requestMeth od
HTTP OP code
| 73
pri
Message priority
Displays the event priority level (0=emergency..7=debug)
5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.9.0 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.1
proto
proto
Protocol and service
Displays the protocol information (rendered as proto=[protocol] or just [proto]/[service]) Displays the HTTP/HTTPS management port (rendered as hhh.sss) Displays the SonicPoint radio on which event occurred
pt
Firewall status report via GMS heartbeat radio SonicPoint statistics report recipient in Bytes received
radio
rcptTo rcvd
Indicates the email recipient Indicates the number of bytes received within connection
result
outcome
HTTP Result code
Displays the HTTP result code (200, 403, etc.) of web site hit
rpkt rule
cn1Label cs1
Packet received Rule ID
Display the number of packet received Displays the Access Rule number causing packet drop. The policy index includes Address Object names Displays the number of bytes sent within connection
sent
out
Bytes sent
sess
cs5Label
Pre-defined string indicating session type
Applies to syslogs with an associated user session being tracked by the UTM
74 |
sid
sid
IPS or AntiSpyware message Firewall serial number
Provides either IPS or AntiSpyware signature ID
5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.9.0 5.9.0 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.9.0 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.9.0
sn
Indicates the device serial number
spkt
cn2Label spt
Packet sent Port Anti-Spyware message
Display the number of packets sent Displays source port Displays the Anti-Spyware category
spycat
spycat
spypri
spypri
Anti-Spyware message
Displays the Anti-Spyware priority
snpt src src
NAT source port Source
Display NATed source port Indicates the source IP address, and optionally, port, network interface, and resolved name. Displays the client (station) on which event occurred
station
station
SonicPoint statistics report SonicPoint statistics report Time
SWSPstats
Display SonicPoint statistics
time
Reports the time of event
5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1
type
cn1
ICMP type and code
Indicates the ICMP type
| 75
ucastRx
ucastRx
Interface statistics report Interface statistics report Firewall status report via GMS heartbeat Firewall status report via GMS heartbeat
Displays the unicast packets received
5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.8.1 5.9.0 6.0.1 6.1 5.9.0 6.1
ucastTx
ucastTx
Displays the unicast packets transmitted
unsynched
Reports the time since last local change in seconds
usestandbys a
Displays whether standby SA is in use (1 or 0) for GMS management Displays the user name (user is the tag used by WebTrends)
usr (or user)
susr
User
vpnpolicy
cs2 (source) or cs3 (destination) cs2 (source) or cs3 (destination) cs3Label (source) cs4Label (destination) cs3Label (source) cs4Label (destination)
Source VPN policy name
Displays the source VPN policy name of event
vpnpolicyDst
Destination VPN policy name Destination zone name
Displays the destination VPN policy name of event
dstZone
Displays destination zone
5.9.0
srcZone
Source zone name
Displays source zone
5.9.0
76 |
Examples of Standard Syslogs

The following examples show the content of the Syslog packet. This type of message can be viewed on the Syslog server or any packet analyzer application. Note that this is the Default Syslog Format.
id=firewall123 sn=0017C5991784 time="2013-03-20 11:56:53" fw=10.0.203.108 pri=6 c=1024 m=97 n=1 src=1.2.3.4:5432:X0 dst=4.3.2.1:2345:X1 proto=tcp/2345 op=1 sent=9876 rcvd=6789 result=403 dstname=http: arg=//www.gui.log.eng.sonicwall.com code=20 Category="Online Banking"
id=firewall123 sn=0017C5991784 time="2013-03-20 11:57:04" fw=10.0.203.108 pri=6 c=262144 m=98 msg="Connection Opened" n=1437 usr="admin" src=192.168.168.1:61505:X0 dst=192.168.168.168:443:X0 proto=tcp/https sent=52
id=firewall123 sn=0017C5991784 time="2013-03-20 11:57:06" fw=10.0.203.108 pri=6 c=1024 m=537 msg="Connection Closed" n=3683 usr="admin" src=192.168.168.1:61505:X0 dst=192.168.168.168:443:X0 proto=tcp/https sent=1519 rcvd=951 spkt=7 rpkt=8 cdur=2133
id=firewall123 sn=0017C5991784 time="2013-03-20 11:56:53" fw=10.0.203.108 pri=1 c=32 m=609 msg="IPS Prevention Alert: P2P BitTorrent -- Peer Sync" sid=1994 ipscat=P2P ipspri=3 P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low n=1 src=1.2.3.4:5432:X0 dst=4.3.2.1:2345:X1
id=firewall123 sn=0017C5991784 time="2013-01-29 23:38:24" bid=1 fw=10.8.70.22 pri=1 c=16 m=793 msg="App Rules Alert" af_polid=1 af_policy="test" af_type="SMTP Client Request" af_service="SMTP (Send E-Mail)" af_action="No Action" n=0 src=10.10.10.245:50613:X0 dst=10.8.41.228:25:X1"
id=firewall123 sn=0017C5991784 mgmtip=10.0.203.108 time="2013-03-20 20:14:30 UTC" fw=10.0.203.108 m=96 n=25 i=60 lic=0 unsynched=893 pt=80.443 usestandbysa=0 dyn=n.n ai=1 fwlan=192.168.168.168 conns=0
| 77
Examples of ArcSight Syslog

The following examples show the content of the Syslog packet. This type of message can be viewed on the Syslog server or any packet analyzer application.
MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0d_75o|97|Syslog Website Accessed|4|cat=1024 gcat=2 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 cs1Label=1.2.4.5 snpt=1 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 cs2Label=5.4.3.2 dnpt=2 proto=tcp/2345 out=9876 in=6789 requestMethod=1 outcome=403 request=http://www.gui.log.eng.sonicwall.com reason=20 Category-"Online Banking" MAR 20 2013 19:07:49 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0d_75o|98|Syslog Connection Logged|4|cat=262144 gcat=2 src=192.168.168.1 spt=61693 deviceInboundInterface=X0 dst=192.168.168.168 dpt=443 deviceOutboundInterface=X0 susr="admin" proto=tcp/https out=52 cnt=1570 MAR 20 2013 19:07:52 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0d_75o|537|Syslog Close|4|cat=1024 gcat=2 smac=00:00:c5:b3:6b:e5 src=192.168.168.1 spt=61693 deviceInboundInterface=X0 cs3Label=Trusted dst=192.168.168.168 dpt=443 deviceOutboundInterface=X0 cs4Label=Trusted susr="admin" proto=tcp/https out=1519 in=967 cn2Label=7 cn1Label=8 cn3Label=2333 cnt=3815
MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|609|IDP Prevention Alert|9|cat=32 gcat=3 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 cs1Label=1.2.4.5 snpt=1 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 cs2Label=5.4.3.2 dnpt=2 msg="IPS Prevention Alert: P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low" cnt=3
MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0d_75o|793|Application Firewall Alert|9|cat=16 gcat=10 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 msg="Application Firewall Alert: Policy: foobar, Action Type: Block SMTP E-Mail Send Error Reply, Mail From: an unknown string of unknown length" cnt=3
78 |
Table of Values
This section can be used as a reference for understanding different categories and their descriptions.
Legacy Categories
The following table describes the Legacy categories shared in the SonicOS 5.8.1, 6.0.1, and 6.1 releases.
Table 1 Legacy Category
ID (used in Syslog) Name 0 1 2 4 System Maintenance System Errors Blocked Web Sites
Description Event is not Legacy Category, not backward compatible. Logs general system activity, such as system activations. Logs problems with DNS or Email. Logs Web sites or news groups blocked by the Content Filter List or by customized filtering. Logs Java, ActiveX, and Cookies blocked by the Dell SonicWALL security appliance. Logs successful and unsuccessful log in attempts. Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP Spoofing. Logs blocked incoming TCP connections. Logs blocked incoming UDP packets. Logs blocked incoming ICMP packets. Logs NetBIOS broadcasts, ARP resolution problems, and NAT resolution problems. Also, detailed messages for VPN connections are displayed to assist the network administrator with troubleshooting problems with active VPN tunnels. Network Debug information is intended for experienced network administrators. Used for Syslog only to report HTTP connections opened and closed, and bytes transferred.
Blocked Java Etc
16 32
User Activity Attacks
64 128 256 512
Dropped TCP Dropped UDP Dropped ICMP Network Debug
1024
Syslog Only For Traffic Reporting
| 79
ID (used in Syslog) Name 2048 Dropped LAN TCP
Description Used for Syslog only to report that the TCP packet is dropped due to LAN management policy. Used for Syslog only to report that the UDP packet is dropped due to LAN management policy. Used for Syslog only to report that the ICMP packet is dropped due to LAN management policy. Logs Modem Debug activity. Logs status information on VPN tunnels. Logs WLAN IEEE 802.11 connections. Used for Syslog only to report that the Network Traffic is logged when connection is opened. Logs system environment activity. Used for Syslog only to log WLAN IDS activity. Used for Syslog only to log VoIP H.323/ RAS, H.323/H.225, and H.323/H.245 activity. Used for Syslog only to log SonicPoint activity.
4096
Dropped LAN UDP
8192
Dropped LAN ICMP
32768 65536 131072 262144
Modem Debug VPN Tunnel Status 802.11 Management Syslog Only For Traffic Reporting System Environment Expanded WLAN IDS Activity Expanded VOIP Activity
524288 2097152 1048576
4194304
Expanded SonicPoint Activity
Expanded Categories
The following table displays expanded category information, also known as the SonicOS Category, for all firmware releases and platforms.
Table 2 Expanded Categories
Category 802.11 Management Advanced Routing Advanced Switching Anti-Spam Service App Flow Server App Rules Application Control Attacks
Description Logs 802.11 management activity Logs Advanced Routing activity Logs Advanced Switching activity Logs the Anti-Spam service Logs App Flow Server activity Logs App Rules activity Logs Application Control activity Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP Spoofing. Logs Authenticated Access activity Logs the WAN Acceleration activity
Authenticated Access WAN Acceleration
80 |
Blocked Java Etc Blocked WebSites BOOTP Botnet Blocking SSO Agent Authentication Crypto Test DDNS Denied LAN IP DHCP Client DHCP Relay DHCP Server DPI-SSL Dropped ICMP Dropped TCP Dropped UDP DSL Dynamic Address Objects E1-T1 Firewall Event Firewall Hardware Firewall Logging Firewall Rule FTP Geolocation GMS High Availability Intrusion Prevention IPComp IPNet IPv6 Tunnel L2TP Client L2TP Server MAC-IP Anti-Spoof Modem
Logs Java, ActiveX, and Cookies blocked Logs Websites blocked Logs Bootstrap Protocol (BOOTP) activity Logs the Botnet Blocking activity Logs the SSO Agent Authentication activity Logs Crypto Test activity Logs Dynamic Domain Name System (DDNS) activity Logs LAN IP denied activity Logs DHCP Client activity Logs DHCP Relay activity Logs DHCP Server activity Logs the Deep Packet Inspection of Secure Socket Layer (DPI-SSL) activity Logs blocked incoming Internet Control Message Protocol (ICMP) packet activity Logs blocked incoming Transmission Control Protocol (TCP) connection activity Logs blocked incoming User Datagram Protocol (UDP) packet activity Logs DSL activity Logs Dynamic Address Object activity Logs E1-T1 activity Logs Firewall Event alerts and activity Logs Firewall Hardware alerts and activity Logs other Firewall-related activity Logs Firewall Rule alerts and activity Logs File Transfer Protocol (FTP) activity Logs the Geolocation service activity Logs Dell SonicWALL Global Management System (GMS) activity Logs High Availability activity Logs Intrusion Prevention activity Logs IP Compression (IPComp) activity Logs IPNet activity Logs IPv6 activity Logs Layer 2 Tunnel Protocol (L2TP) client activity Logs Layer 2 Tunnel Protocol (L2TP) server activity Logs the MAC-IP Spoofing activity Logs the Modem activity
| 81
Modem Debug MSAD Multicast Network Network Debug Network Access Network Monitor Network Traffic PPP PPP Dial-Up PPPoE PPTP Remote Authentication RBL RF Monitoring RIP Security Services SNMP SonicPoint SonicPointN SSLVPN System Environment System Errors System Maintenance User Activity VOIP VPN VPN Tunnel Status VPN Client VPN IKE VPN IPSec WAN Availability
Logs the Modem Debug activity Logs Microsoft Active Directory (MSAD) activity Logs Multicast activity Logs Network activity Logs NetBios broadcasts, ARP resolution problems, and NAT resolution problems. Logs successful and unsuccessful Network Access activity Logs Network Monitor activity Logs Network Traffic activity Logs Point-to-Point Protocol (PPP) activity Logs Point-to-Point Protocol (PPP) Dial-Up activity Logs Point-to-Point Protocol over Ethernet (PPPoE) activity Logs Point-to-Point Tunneling Protocol (PPTP) activity Logs Remote Authentication activity Logs Realtime Black List (RBL) activity Logs RF Monitoring activity Logs Routing Information Protocol (RIP) activity Logs Security Services activity Logs the Simple Network Management Protocol (SNMP) activity Logs the SonicPoint activity Logs the SonicPointN activity Logs Secure Socket Layer Virtual Private Network (SSLVPN) activity Logs System Environment activity Logs System Errors activity Logs System Maintenance activity Logs successful and unsuccessful log in attempts Logs Voice over IP (VOIP) activity Logs Virtual Private Network (VPN) activity Logs VPN Tunnel Status activity Logs VPN Client activity Logs VPN IKE activity Logs VPN IP Security activity Logs WAN Availability activity
82 |
Wireless WLAN IDS
Logs Wireless activity Logs Wireless LAN Intrusion Detection System (IDS) activity
Priority Level
The following table displays the Priority Number and Name for Syslog Tags. The value here is taken from the Priority Level column of the Index of Log Event Messages on page 2, or the pri tag in Index of Syslog Tag Field Descriptions on page 68. For example, a tag with pri=0 means Emergency Priority.
Table 3 Priority Leve
Priority Number 0 1 2 3 4 5 6 7
Priority Name Emergency Alert Critical Error Warning Notice Info Debug
| 83
84 |
| 85

Rev C SonicOS Combined Log Event Reference Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Rev C SonicOS Combined Log Event Reference Guide

Uploaded by

Copyright:

Available Formats

SonicOS Combined Log Event Reference Guide

Notes, Cautions, and Warnings

2013 Dell Inc.

Log > Monitor

Log > Categories

Index of Log Event Messages

LogEventMessages DOSprotectiononWAN%s DOSprotectiononWANbegins %s "AsperDiagnosticAutorestart configurationrequest,restarting system"

SonicOSCategory IntrusionPrevention IntrusionPrevention

LegacyCategory NetworkDebug NetworkDebug

PriorityLevel ALERT ALERT

Log Message ID Number 1181 1180

SNMP Trap Type

PPPDialUp FirewallEvent FirewallEvent AntiSpamService AntiSpamService

SystemErrors SystemErrors SystemErrors

ALERT ERROR WARNING WARNING WARNING

1028 333 332 1082 1083

641 640 13801 13802

SecurityServices FirewallHardware PPPDialUp

System Maintenance System Environment UserActivity

WARNING INFO ALERT

496 1017 1026

UserActivity 802.11 Management

ALERT ALERT INFO

1027 1055 518

ASonicOSStandardtoEnhanced Upgradewasperformed Auserhasaveryhighnumberof connectionswaitingforSSO Accessattemptfromhostoutof compliancewithGSCpolicy

FirewallEvent SSOAgent Authentication

INFO INFO INFO INFO INFO INFO NOTICE

123 763 440 442 441 443 60

ERROR NOTICE NOTICE

Attacks UserActivity System Maintenance UserActivity

ERROR ERROR INFO INFO INFO

769 143 1192 911 1190

SystemErrors UserActivity UserActivity UserActivity Attacks

INFO ERROR DEBUG DEBUG INFO INFO INFO ALERT

813 603 697 699 261 262 29 30

Attacks System Maintenance System Maintenance

ALERT INFO INFO

UserActivity UserActivity Attacks Attacks

WARNING WARNING INFO INFO WARNING WARNING ALERT ALERT

752 1246 1085 1084 1088 1089 795 794

13804 13803 13807 13808 6438 6437

SecurityServices SecurityServices SecurityServices AppFlowServer ApplicationControl ApplicationControl IntrusionPrevention IntrusionPrevention

System Maintenance System Maintenance System Maintenance Attacks Attacks

WARNING INFO INFO INFO ALERT ALERT ALERT ALERT

796 124 408 1263 1154 1155 650 649

8631 15001 15002

Network Network DHCPServer WLANIDS

718 45 1110 548

INFO ExpandedWLAN IDSactivity ALERT System Maintenance

FirewallEvent Authenticated Access

IntrusionPrevention HighAvailability HighAvailability HighAvailability HighAvailability

Attacks SystemErrors SystemErrors System Maintenance System Maintenance

ALERT INFO ERROR ALERT ALERT

73 825 152 145 147

622 616 618 666 633 660

System Maintenance System Maintenance

BOOTP BOOTP NetworkAccess VPNPKI VPNPKI VPNPKI

DEBUG DEBUG DEBUG ALERT ALERT ALERT

621 618 46 274 878 279

INFO INFO INFO INFO INFO INFO INFO INFO INFO

268 1022 1020 1023 1019 1032 1021 520 199

VPNIKE Authenticated Access Authenticated Access

CryptoTest CryptoTest CryptoTest CryptoTest VPNPKI

System Maintenance System Maintenance System Maintenance