232-001771-00 rev c sonicos combined log event...

| 1

SonicOS CombinedLog Event Reference Guide

Notes, Cautions, and Warnings

© 2013 Dell Inc.

Trademarks: Dell™, the DELL logo, SonicWALL™, SonicWALL GMS™, SonicWALL Analyzer™, Reassem-bly-Free Deep Packet Inspection™, Dynamic Security for the Global Network™, SonicWALL Clean VPN™, SonicWALL Clean Wireless™, SonicWALL Comprehensive Gateway Security Suite™, SonicWALL Mobile Connect™, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc.

2013 – 09 P/N 232-001771-00 Rev. C

NOTE: A NOTE indicates important information that helps you make better use of your system.

CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

OverviewThis reference guide lists and describes SonicOS log event messages for SonicOS 5.8.1, 6.0.1, and 6.1. Reference a log event message by using the alphabetical index from the Log Event Message Index table of this document.

This document contains the following sections: • Log > Monitor on page 1

• Log > Categories on page 2

• Index of Log Event Messages on page 2

• Log > Syslog on page 67

• Index of Syslog Tag Field Descriptions on page 68

• Table of Values on page 79

Log > MonitorThe Dell SonicWALL security appliance maintains an Event log for tracking potential security threats. This log can be viewed by navigating to the Dashboard > Log Monitor or Log > View page, or it can be automatically sent to an email address for convenience and archiving. The log is displayed in a table and can be sorted by column.

For more information on configuring the Log Monitor page, refer to the SonicOS Administrator’s Guide.

| 1

P

e

Log > CategoriesThe Log > Categories page allows you to categorize and customize the logging functions on your Dell SonicWALL security appliance for troubleshooting and diagnostics.

For more information on configuring and managing the Log > Categories page, refer to the SonicOS Administrator’s Guide.

Index of Log Event MessagesThe following table is the Log Event Message Index, which is an alphabetical list of log event messages for the SonicOS 5.8.1,

, and 6.1 firmware.

Each log event message described in the following table provides the following log event details:

• Log Event Messages—Displays the name of the event message.

• SonicOS Category—Displays the SonicOS category type. This is the same category as Table 2: Expanded Categories on page 80.

• Legacy Category—Displays the category event type. This is the same category as Table 1: Legacy Category on page 79.

• Priority Level—Displays the level of urgency of the log event message. For additional information, you can also reference Table 3: Priority Leve on page 83.

• Log Event Message ID Number—Displays the ID number of the log event message.

• SNMP Trap Type—Displays the SNMP Trap ID number of the log event message.

Log Event Messages SonicOS Category Legacy Category Priority Level

Log

Message

ID

Number

SNM

Trap

Typ

DOS protection on WAN %s Intrusion Prevention Network Debug ALERT 1181 ‐‐‐

DOS protection on WAN begins

%s Intrusion Prevention Network Debug ALERT 1180 ‐‐‐

"As per Diagnostic Auto‐restart

configuration request, restarting

system" Firewall Event ‐‐‐ INFO 1047 ‐‐‐

2 |

01

02

3

#Web site hit Network Traffic

Syslog only – for

traffic reporting INFO 97 ‐‐‐

%s auto‐dial failed: Current

Connection Model is configured

as Ethernet Only PPP Dial‐Up System Errors ALERT 1028 ‐‐‐

%s Ethernet Port Down Firewall Event System Errors ERROR 333 641

%s Ethernet Port Up Firewall Event System Errors WARNING 332 640

%s is operational Anti‐Spam Service ‐‐‐ WARNING 1082 138

%s is unavailable Anti‐Spam Service ‐‐‐ WARNING 1083 138

Registration Update

Needed: Restore your

existing security service

subscriptions by clicking <a

href="/Security_Services/

enable_services.html">here</a> Security Services

System

Maintenance WARNING 496 ‐‐‐

3G/4G %s device detected Firewall Hardware

System

Environment INFO 1017 ‐‐‐

3G/4G Dial‐up: %s PPP Dial‐Up User Activity ALERT 1026 ‐‐‐

3G/4G Dial‐up: data usage limit

reached for the '%s' billing cycle.

Disconnecting the 3G/4G session. PPP Dial‐Up User Activity ALERT 1027 764

3G/4G: No SIM detected Firewall Hardware ‐‐‐ ALERT 1055 ‐‐‐

802.11 Management Wireless

802.11

Management INFO 518 ‐‐‐

A high percentage of the system

packet buffers are held waiting

for SSO

SSO Agent

Authentication User Activity ALERT 1178 ‐‐‐

A prior version of preferences

was loaded because the most

recent preferences file was

inaccessible Firewall Event System Errors WARNING 572 648

| 3

7

A SonicOS Standard to Enhanced

Upgrade was performed Firewall Event

System

Maintenance INFO 611 ‐‐‐

A user has a very high number of

connections waiting for SSO

SSO Agent


Access attempt from host out of

compliance with GSC policy Security Services

System


Access attempt from host

without Anti‐Virus agent installed Security Services

System


Access attempt from host

without GSC installed Security Services

System

Maintenance INFO 763 862

Access rule added Firewall Rule User Activity INFO 440 ‐‐‐

Access rule deleted Firewall Rule User Activity INFO 442 ‐‐‐

Access rule modified Firewall Rule User Activity INFO 441 ‐‐‐

Access rules restored to defaults Firewall Rule User Activity INFO 443 ‐‐‐

Access to proxy server denied Network Access Blocked Web Sites NOTICE 60 705

Active Backup detects Active

Primary: Backup going Idle High Availability

System


Active/Active Clustering license is

not activated on the following

cluster units: %s High Availability ‐‐‐ ERROR 1152 ‐‐‐

ActiveX access denied Network Access Blocked Java Etc NOTICE 18 ‐‐‐

ActiveX or Java archive access

denied Network Access Blocked Java Etc NOTICE 20 ‐‐‐

ADConnector %s response timed‐

out; applying caching policy

Microsoft Active

Directory ‐‐‐ ERROR 769 ‐‐‐

Add an attack message Firewall Event Attacks ERROR 143 525

Added a new member to an LDAP

mirror user group

Remote

Authentication User Activity INFO 1192 ‐‐‐

Added host entry to dynamic

address object

Dynamic Address

Objects

System


Added new LDAP mirror user

group: %s

Remote


4 |

04

03

07

08

8

7

Adding Dynamic Entry for Bound

MAC Address Network ‐‐‐ INFO 813 ‐‐‐

Adding L2TP IP pool Address

object Failed. L2TP Server System Errors ERROR 603 661

Adding to multicast policyList ,

interface : %s Multicast ‐‐‐ DEBUG 697 ‐‐‐

Adding to Multicast policyList ,

VPN SPI : %s Multicast ‐‐‐ DEBUG 699 ‐‐‐

Administrator logged out

Authenticated

Access User Activity INFO 261 ‐‐‐

Administrator logged out ‐

inactivity timer expired

Authenticated


Administrator login allowed

Authenticated


Administrator login denied due

to bad credentials

Authenticated

Access Attacks ALERT 30 560

Administrator login denied from

%s; logins disabled from this

interface

Authenticated

Access Attacks ALERT 35 506

Administrator name changed

Authenticated

Access

System


All DDNS associations have been

deleted DDNS

System


All preference values have been

set to factory default values Firewall Event System Errors WARNING 574 650

Allowed LDAP server certificate

with wrong host name

Remote

Authentication User Activity WARNING 752 ‐‐‐

An LDAP user group nesting is not

being mirrored

Remote


Anti‐Spam service is disabled by

administrator. Anti‐Spam Service ‐‐‐ INFO 1085 138

Anti‐Spam service is enabled by

administrator. Anti‐Spam Service ‐‐‐ INFO 1084 138

Anti‐Spam Startup Failure ‐ %s Anti‐Spam Service ‐‐‐ WARNING 1088 138

Anti‐Spam Teardown Failure ‐ %s Anti‐Spam Service ‐‐‐ WARNING 1089 138

Anti‐Spyware Detection Alert: %s Intrusion Prevention Attacks ALERT 795 643

Anti‐Spyware Prevention Alert:

%s Intrusion Prevention Attacks ALERT 794 643

| 5

1

01

02

01

Anti‐Spyware Service Expired Security Services

System

Maintenance WARNING 796 863

Anti‐Virus agent out‐of‐date on

host Security Services

System


Anti‐Virus Licenses Exceeded Security Services

System


Appflow Server Event App Flow Server ‐‐‐ INFO 1263 ‐‐‐

Application Control Detection

Alert: %s Application Control ‐‐‐ ALERT 1154 150

Application Control Prevention

Alert: %s Application Control ‐‐‐ ALERT 1155 150

Application Filter Detection Alert:

%s Intrusion Prevention Attacks ALERT 650 ‐‐‐

Application Filters Block Alert: %s Intrusion Prevention Attacks ALERT 649 ‐‐‐

Application Firewall Alert: %s App Rules User Activity ALERT 793 132

ARP request packet received Network ‐‐‐ INFO 717 ‐‐‐

ARP request packet sent Network ‐‐‐ INFO 715 ‐‐‐

ARP response packet received Network ‐‐‐ INFO 716 ‐‐‐

ARP response packet sent Network ‐‐‐ INFO 718 ‐‐‐

ARP timeout Network Network Debug DEBUG 45 ‐‐‐

Assigned IP address %s DHCP Server ‐‐‐ INFO 1110 ‐‐‐

Association Flood from WLAN

station WLAN IDS

Expanded – WLAN

IDS activity ALERT 548 903

Attempt to contact Remote

backup server for upload

approval failed Firewall Event

System

Maintenance DEBUG 1160 ‐‐‐

Authentication timeout during

Remotely Triggered Dial‐out

session

Authenticated


6 |

Back Orifice attack dropped Intrusion Prevention Attacks ALERT 73 512

Backup active High Availability System Errors INFO 825 ‐‐‐

Backup firewall being preempted

by Primary High Availability System Errors ERROR 152 619

Backup firewall has transitioned

to Active High Availability

System

Maintenance ALERT 145 ‐‐‐

Backup firewall has transitioned

to Idle High Availability

System


Backup firewall rebooting itself

as it transitioned from Active to

Idle while Preempt High Availability ‐‐‐ INFO 1059 ‐‐‐

Backup going Active in preempt

mode Application Firewall reboot High Availability System Errors ERROR 170 622

Backup missed heartbeats from

Primary High Availability System Errors ERROR 149 616

Backup received error signal

from Primary High Availability System Errors ERROR 151 618

Backup received heartbeat from

wrong source High Availability

System


Backup received reboot signal

from Primary High Availability System Errors ERROR 672 666

Backup remote server did not

approve upload request Firewall Event

System

Maintenance DEBUG 1161 ‐‐‐

Backup shut down because

license is expired High Availability System Errors ERROR 824 ‐‐‐

Backup WAN link down, Primary

going Active High Availability System Errors ERROR 219 633

Backup will be shut down in %s

minutes High Availability System Errors ERROR 823 ‐‐‐

Bad CRL format VPN PKI User Activity ALERT 277 ‐‐‐

Bind to LDAP server failed

Remote

Authentication System Errors ERROR 1009 ‐‐‐

Blocked Quick Mode for Client

using Default KeyId VPN Client System Errors ERROR 505 660

BOOTP Client IP address on LAN

conflicts with remote device IP,

deleting IP address from remote

table BOOTP

System


BOOTP reply relayed to local

device BOOTP

System


| 7

BOOTP Request received from

remote device BOOTP Network Debug DEBUG 621 ‐‐‐

BOOTP server response relayed

to remote device BOOTP Network Debug DEBUG 618 ‐‐‐

Broadcast packet dropped Network Access Network Debug DEBUG 46 ‐‐‐

Cannot connect to the CRL server VPN PKI User Activity ALERT 274 ‐‐‐

Cannot Validate Issuer Path VPN PKI User Activity ALERT 878 ‐‐‐

Certificate on Revoked list(CRL) VPN PKI User Activity ALERT 279 ‐‐‐

CFL auto‐download disabled,

time problem detected Security Services

System


Chat %s PPP Dial‐Up User Activity INFO 1022 ‐‐‐

Chat completed PPP Dial‐Up User Activity INFO 1020 ‐‐‐

Chat failed: %s PPP Dial‐Up User Activity INFO 1023 ‐‐‐

Chat started PPP Dial‐Up User Activity INFO 1019 ‐‐‐

Chat started by '%s' PPP Dial‐Up User Activity INFO 1032 ‐‐‐

Chat wrote '%s' PPP Dial‐Up User Activity INFO 1021 ‐‐‐

CLI administrator logged out

Authenticated


CLI administrator login allowed

Authenticated


CLI administrator login denied

due to bad credentials

Authenticated

Access User Activity WARNING 200 ‐‐‐

Computed hash does not match

hash received from peer;

preshared key mismatch VPN IKE User Activity WARNING 410 ‐‐‐

Configuration mode

administration session ended

Authenticated


Configuration mode

administration session started

Authenticated


8 |

02

Connection Closed Network Traffic

Syslog only ‐ for


Connection Opened Network Traffic

Syslog only ‐ for


Connection timed out VPN PKI User Activity ALERT 273 ‐‐‐

Content filter subscription

expired. Security Services System Errors ERROR 197 631

Cookie removed Network Access Blocked Java Etc NOTICE 21 ‐‐‐

CPU reaches 80% utilization for

more than 10 seconds. Firewall Hardware ‐‐‐ ALERT 1248 170

CRL has expired VPN PKI User Activity ALERT 874 ‐‐‐

CRL loaded from VPN PKI User Activity INFO 270 ‐‐‐

CRL missing ‐ Issuer requires CRL

checking. VPN PKI User Activity ALERT 876 ‐‐‐

CRL validation failure for Root

Certificate VPN PKI User Activity ALERT 877 ‐‐‐

Crypto DES test failed Crypto Test

System

Maintenance ERROR 360 ‐‐‐

Crypto DH test failed Crypto Test

System


Crypto hardware 3DES test failed Crypto Test

System


Crypto Hardware 3DES with SHA

test failed Crypto Test

System


Crypto Hardware AES test failed Crypto Test

System


Crypto hardware DES test failed Crypto Test

System


Crypto hardware DES with SHA

test failed Crypto Test

System


Crypto Hmac‐MD5 fest failed Crypto Test

System


Crypto Hmac‐Sha1 test failed Crypto Test

System


| 9

04

03

Crypto MD5 test failed Crypto Test

System


Crypto RSA test failed Crypto Test

System


Crypto SHA1 based DRNG KAT

test failed Crypto Test ‐‐‐ ERROR 1060 ‐‐‐

Crypto Sha1 test failed Crypto Test

System


CSR Generation: %s VPN PKI ‐‐‐ INFO 1109 ‐‐‐

Current dynamic NAT translation

count is more than 50% of the

configured maximum. Firewall Hardware ‐‐‐ ALERT 1250 170

Current session count is more

than 50% of the supported

maximum. Firewall Hardware ‐‐‐ ALERT 1249 170

DDNS association %s disabled DDNS

System


DDNS association %s enabled DDNS

System


DDNS association %s added DDNS

System


DDNS association %s deactivated DDNS

System


DDNS association %s deleted DDNS

System


DDNS Association %s put on line DDNS

System


DDNS association %s taken

Offline locally DDNS

System


DDNS association %s updated DDNS ‐‐‐ INFO 786 ‐‐‐

DDNS Failure: Provider %s DDNS System Errors ERROR 774 ‐‐‐



DDNS Update success for domain

%s DDNS

System


DDNS Warning: Provider %s DDNS System Errors WARNING 777 ‐‐‐

10 |

Default to not blacklisted Anti‐Spam Service ‐‐‐ DEBUG 1144 ‐‐‐

Delete invalid scope because port

ip in the range of this DHCP

scope. DHCP Server ‐‐‐ WARNING 1184 ‐‐‐

Deleted LDAP mirror user group:

%s

Remote


Deleting from Multicast policy

list, interface : %s Multicast ‐‐‐ DEBUG 698 ‐‐‐

Deleting from Multicast policy

list, VPN SPI : %s Multicast ‐‐‐ DEBUG 700 ‐‐‐

Deleting IPsec SA VPN IKE User Activity INFO 92 ‐‐‐

Deleting IPsec SA for destination VPN IKE User Activity INFO 91 ‐‐‐

Deleting IPsec SA. (Phase 2) VPN IKE User Activity DEBUG 1183 ‐‐‐

Destination IP address

connection status: %s Firewall Event ‐‐‐ INFO 735 ‐‐‐

DHCP client enabled but not

ready DHCP Client

System


DHCP Client did not get DHCP

ACK. DHCP Client

System


DHCP Client failed to verify and

lease has expired. Go to INIT

state. DHCP Client

System


DHCP Client failed to verify and

lease is still valid. Go to BOUND

state. DHCP Client

System


DHCP Client got a new IP address

lease. DHCP Client

System


DHCP Client got ACK from server. DHCP Client

System


DHCP Client got NACK. DHCP Client

System


DHCP Client is declining address

offered by the server. DHCP Client

System


DHCP Client sending REQUEST

and going to REBIND state. DHCP Client

System


DHCP Client sending REQUEST

and going to RENEW state. DHCP Client

System


| 11

DHCP DECLINE received from

remote device DHCP Relay Network Debug INFO 475 ‐‐‐

DHCP DISCOVER received from

local device DHCP Relay Network Debug INFO 479 ‐‐‐

DHCP DISCOVER received from


DHCP INFORM received from


DHCP lease dropped. Lease from

Central Gateway conflicts with

Relay IP DHCP Relay

System


DHCP lease dropped. Lease from

Central Gateway conflicts with

Remote Management IP DHCP Relay

System


DHCP lease file in the flash is

corrupted; read failed Firewall Event System Errors WARNING 833 ‐‐‐

DHCP lease relayed to local

device DHCP Relay

System


DHCP lease relayed to remote

device DHCP Relay Network Debug INFO 225 ‐‐‐

DHCP lease to LAN device

conflicts with remote device,

deleting remote IP entry DHCP Relay

System


DHCP leases written to flash Firewall Event

System


DHCP NACK received from server DHCP Relay Network Debug INFO 477 ‐‐‐

DHCP OFFER received from

server DHCP Relay Network Debug INFO 476 ‐‐‐

DHCP RELEASE received from


DHCP RELEASE relayed to Central

Gateway DHCP Relay

System


DHCP REQUEST received from

local device DHCP Relay Network Debug INFO 480 ‐‐‐

DHCP REQUEST received from


DHCP Scopes altered

automatically due to change in

network settings for interface %s Firewall Event ‐‐‐ INFO 832 ‐‐‐

12 |

3

DHCP Server not available. Did

not get any DHCP OFFER. DHCP Client

System


DHCP Server sanity check failed

%s Firewall Event ‐‐‐ CRITICAL 1072 ‐‐‐

DHCP Server sanity check passed

%s Firewall Event ‐‐‐ CRITICAL 1071 ‐‐‐

DHCP Server: IP conflict detected Firewall Event ‐‐‐ ALERT 1040 ‐‐‐

DHCP Server: Received DHCP

decline from client Firewall Event ‐‐‐ ALERT 1041 ‐‐‐

DHCP Server: Received DHCP

message from untrusted relay

agent Firewall Event ‐‐‐ NOTICE 1090 ‐‐‐

DHCPv6 lease file in the flash is

corrupted; read failed Network ‐‐‐ WARNING 1259 ‐‐‐

DHCPv6 leases written to flash Network ‐‐‐ INFO 1261 ‐‐‐

Diagnostic Auto‐restart canceled Firewall Event ‐‐‐ INFO 1046 ‐‐‐

Diagnostic Auto‐restart

scheduled for %s minutes from

now Firewall Event ‐‐‐ INFO 1045 ‐‐‐

Diagnostic Code A Firewall Hardware System Errors ERROR 93 611

Diagnostic Code B Firewall Hardware System Errors ERROR 94 612

Diagnostic Code C Firewall Hardware System Errors ERROR 95 613

Diagnostic Code D Firewall Hardware System Errors ERROR 64 610

Diagnostic Code E VPN IPSec System Errors ERROR 61 609

Diagnostic Code F Firewall Hardware System Errors ERROR 164 621

Diagnostic Code G Firewall Hardware System Errors ERROR 599 655

Diagnostic Code H Firewall Hardware System Errors ERROR 600 656

Diagnostic Code I Firewall Hardware System Errors ERROR 601 657

Diagnostic Code J Firewall Hardware System Errors ERROR 1025 542

| 13

6

4

Dial‐up: Session initiated by data

packet PPP Dial‐Up ‐‐‐ INFO 1039 ‐‐‐

Dial‐up: Traffic generated by '%s' PPP Dial‐Up ‐‐‐ INFO 1038 ‐‐‐

Disconnecting L2TP Tunnel due

to traffic timeout L2TP Client

System


Disconnecting PPPoE due to

traffic timeout PPPoE

System


Disconnecting PPTP Tunnel due

to traffic timeout PPTP

System


Discovered HA %s Firewall High Availability ‐‐‐ INFO 1044 ‐‐‐

Discovered HA Backup Firewall High Availability

System


DNS packet allowed Network Access Network Debug INFO 602 ‐‐‐

DNS rebind attack blocked Intrusion Prevention ‐‐‐ ALERT 1099 646

DOS protection on WAN %s Intrusion Prevention Network Debug ALERT 1182 ‐‐‐

DPI‐SSL: %s DPI‐SSL Network Access INFO 791 ‐‐‐

Drop WLAN traffic from non‐

SonicPoint devices Intrusion Prevention Attack ERROR 662 643

DSL: %s Device Down DSL ‐‐‐ ALERT 1186 ‐‐‐

DSL: %s Device Up DSL ‐‐‐ ALERT 1185 ‐‐‐

DSL: %s WAN is connected DSL ‐‐‐ ALERT 1187 ‐‐‐

DSL: %s WAN is initializing DSL ‐‐‐ ALERT 1188 ‐‐‐

Duplicate packet dropped Network Access Network Debug DEBUG 51 ‐‐‐

Dynamic IPsec client connected VPN IPSec User Activity INFO 62 ‐‐‐

E1 T1 Layer 1 status: Controlled

slip E1‐T1 ‐‐‐ INFO 1167 ‐‐‐

E1 T1 Layer 1 status: No frame

synchronization E1‐T1 ‐‐‐ INFO 1164 ‐‐‐

14 |

E1 T1 Layer 1 status: No

multiframe synchronization E1‐T1 ‐‐‐ INFO 1165 ‐‐‐

E1 T1 Layer 1 status: No signal E1‐T1 ‐‐‐ INFO 1163 ‐‐‐

E1 T1 Layer 1 status: OK E1‐T1 ‐‐‐ INFO 1168 ‐‐‐

E1 T1 Layer 1 status: Remote

alarm detected E1‐T1 ‐‐‐ INFO 1166 ‐‐‐

EIGRP packet dropped Network Access Network Debug NOTICE 714 ‐‐‐

E‐Mail fragment dropped Intrusion Prevention Attacks ERROR 437 550

Entering FIPS ERROR state Crypto Test

System


Entering FIPS Error State. Crypto Test System Errors ERROR 497 659

Error initializing Hardware

acceleration for VPN Firewall Hardware

System


Error Rebooting HA Peer Firewall High Availability System Errors ERROR 669 663

Error setting the IP address of the

backup, please manually set to

backup LAN IP High Availability System Errors ERROR 191 629

Error synchronizing HA peer

firewall (%s) High Availability System Errors ERROR 158 662

Error updating HA peer

configuration High Availability System Errors ERROR 192 630

ERROR: DHCP over VPN policy is

not defined. Cannot start IKE. DHCP Relay

System


Exceeded Max multicast address

limit Multicast ‐‐‐ WARNING 703 ‐‐‐

External Web Server Host

Resolution Failed %s

Authenticated

Access ‐‐‐ ERROR 1069 ‐‐‐

Failed on updating time from NTP

server System ‐‐‐ NOTICE 1230 ‐‐‐

Failed payload validation VPN IKE User Activity WARNING 405 ‐‐‐

Failed payload verification

Application Firewall decryption;

possible preshared key mismatch VPN IKE User Activity WARNING 404 ‐‐‐

Failed to add a member to an

LDAP mirror user group

Remote


| 15

8

4

Failed to add an LDAP mirror user

group

Remote


Failed to find certificate VPN PKI User Activity ALERT 875 ‐‐‐

Failed to get CRL from VPN PKI User Activity ALERT 271 ‐‐‐

Failed to insert entry into GRID

result IP cached table Anti‐Spam Service ‐‐‐ DEBUG 1145 ‐‐‐

Failed to Process CRL from VPN PKI User Activity ALERT 276 ‐‐‐

Failed to resolve name Network

System


Failed to send file to remote

backup server, Error: %s Firewall Event

System


Failed to send Preference file to

remote backup server, Error: %s Firewall Event

System


Failed to send TSR file to remote

backup server, Error: %s Firewall Event

System


Failed to synchronize license

information with Licensing

Server. %s Security Services

System


Failed to synchronize Relay IP

Table DHCP Relay System Errors WARNING 234 632

Failed to write DHCP leases to

flash Firewall Event System Errors WARNING 834 ‐‐‐

Failed to write DHCPv6 leases to

flash Network ‐‐‐ WARNING 1260 ‐‐‐

Failed VPN I/O processing VPN IKE User Activity ERROR 1234 ‐‐‐

Failure to reach Interface %s

probe High Availability System Errors ERROR 675 623

Fan Failure Firewall Hardware

System

Environment ALERT 576 102

FIN Flood Blacklist on IF %s

continues Intrusion Prevention Network Debug WARNING 902 ‐‐‐

FIN‐Flooding machine %s

blacklisted Intrusion Prevention Network Debug ALERT 901 ‐‐‐

Forbidden E‐Mail attachment

deleted Intrusion Prevention Attacks ERROR 248 534

Forbidden E‐Mail attachment

disabled Intrusion Prevention Attacks ALERT 165 527

16 |

04

2

3

Found Rogue Access Point WLAN IDS WLAN IDS ALERT 546 901

Found Rogue Access Point WLAN IDS WLAN IDS ALERT 556 108

Fragmented packet dropped Network

Dropped TCP |

Dropped UDP |

Dropped ICMP NOTICE 28 ‐‐‐

Fraudulent Microsoft certificate

found; access denied Intrusion Prevention Attacks ERROR 193 532

FTP client user logged in failed FTP ‐‐‐ DEBUG 1115 ‐‐‐

FTP client user logged in

successfully FTP ‐‐‐ DEBUG 1114 ‐‐‐

FTP client user logged out FTP ‐‐‐ DEBUG 1116 ‐‐‐

FTP client user name was sent FTP ‐‐‐ DEBUG 1113 ‐‐‐

FTP server accepted the

connection FTP ‐‐‐ DEBUG 1112 ‐‐‐

FTP: Data connection from non

default port dropped Network Access Attacks ALERT 538 557

FTP: PASV response bounce

attack dropped Intrusion Prevention Attacks ALERT 528 556

FTP: PASV response spoof attack

dropped Intrusion Prevention Attacks ERROR 446 551

FTP: PORT bounce attack

dropped. Intrusion Prevention Attacks ALERT 527 555

Gateway Anti‐Virus Alert: %s Security Services Attacks ALERT 809 863

Gateway Anti‐Virus Service

expired Security Services

System


Global VPN Client connection is

not allowed. Appliance is not

registered. VPN Client System Errors INFO 529 643

Global VPN Client License

Exceeded: Connection denied. VPN Client System Errors INFO 494 658

Global VPN Client version cannot

enforce personal firewall.

Minimum Version required is 2.1 VPN Client User Activity INFO 604 ‐‐‐

| 17

GMS or syslog server name

lookup failed ‐ try again in 60

secs. Firewall Event ‐‐‐ ERROR 1156 ‐‐‐

Got DHCP OFFER. Selecting. DHCP Client

System


GSC policy out‐of‐date on host Security Services

System


Guest account '%s' created

Authenticated


Guest account '%s' deleted

Authenticated


Guest account '%s' disabled

Authenticated


Guest account '%s' pruned

Authenticated


Guest account '%s' re‐enabled

Authenticated


Guest account '%s' re‐generated

Authenticated


Guest Account Timeout

Authenticated


Guest Idle Timeout

Authenticated


Guest login denied. Guest '%s' is

already logged in. Please try

again later.

Authenticated


Guest policy accepted User Activity ‐‐‐ INFO 1228 ‐‐‐

Guest Services drop traffic to

deny network Network Access ‐‐‐ INFO 724 ‐‐‐

Guest Services pass traffic to

access allow network Network Access ‐‐‐ INFO 725 ‐‐‐

Guest Session Timeout

Authenticated


Guest traffic quota exceeded User Activity ‐‐‐ INFO 1227 ‐‐‐

GUI administration session

ended

Authenticated


H.323/H.225 Connect VoIP

Expanded – VoIP

activity DEBUG 634 ‐‐‐

18 |

H.323/H.225 Setup VoIP

Expanded – VoIP


H.323/H.245 Address VoIP

Expanded – VoIP


H.323/H.245 End Session VoIP

Expanded – VoIP


H.323/RAS Admission Confirm VoIP

Expanded – VoIP


H.323/RAS Admission Reject VoIP

Expanded – VoIP


H.323/RAS Admission Request VoIP

Expanded – VoIP


H.323/RAS Bandwidth Reject VoIP

Expanded – VoIP


H.323/RAS Disengage Confirm VoIP

Expanded – VoIP


H.323/RAS Disengage Reject VoIP

Expanded – VoIP


H.323/RAS Gatekeeper Reject VoIP

Expanded – VoIP


H.323/RAS Location Confirm VoIP

Expanded – VoIP


H.323/RAS Location Reject VoIP

Expanded – VoIP


H.323/RAS Registration Reject VoIP

Expanded – VoIP


H.323/RAS Unknown Message

Response VoIP

Expanded – VoIP


H.323/RAS Unregistration Reject VoIP

Expanded – VoIP


HA packet processing error High Availability

System


HA Peer Firewall Rebooted High Availability

System


HA Peer Firewall Synchronized High Availability

System


Hardware Failover settings were

not upgraded Firewall Event

System


Header verification failed VPN IKE User Activity WARNING 587 ‐‐‐

Heartbeat received from

incompatible source High Availability

System


| 19

High Availability has been

enabled and Dial‐Up device(s) are

not supported in High Availability

processing High Availability ‐‐‐ INFO 1125 ‐‐‐

Host IP address not in GRID List Anti‐Spam Service ‐‐‐ DEBUG 1141 ‐‐‐

HTTP management port has

changed Firewall Event

System


HTTP method detected;

examining stream for host

header Network Access Dropped TCP DEBUG 882 ‐‐‐

HTTPS Handshake: %s Network ‐‐‐ INFO 1226 ‐‐‐

HTTPS management port has

changed Firewall Event

System


ICMP checksum error; packet

dropped Network Access Dropped UDP NOTICE 886 ‐‐‐

ICMP packet allowed Network Access Network Debug INFO 597 ‐‐‐

ICMP packet dropped due to

policy Network Access Dropped ICMP NOTICE 38 ‐‐‐

ICMP packet dropped no match Network Access Dropped ICMP NOTICE 523 ‐‐‐

ICMP packet from LAN allowed Network Access Network Debug INFO 598 ‐‐‐

ICMP packet from LAN dropped Network Access

Dropped LAN

ICMP | Dropped

LAN TCP NOTICE 175 ‐‐‐

ICMPv6 packet allowed Network ‐‐‐ INFO 1256 ‐‐‐

ICMPv6 packet dropped due to

policy Network ‐‐‐ NOTICE 1257 ‐‐‐

ICMPv6 packet from LAN allowed Network ‐‐‐ INFO 1255 ‐‐‐

ICMPv6 packet from LAN

dropped Network ‐‐‐ NOTICE 1254 ‐‐‐

If not already enabled, enabling

NTP is recommended Firewall Hardware System Errors WARNING 540 645

IGMP packet dropped, wrong

checksum received on interface

%s Multicast ‐‐‐ NOTICE 683 ‐‐‐

20 |

IGMP Leave group message

Received on interface %s Multicast ‐‐‐ INFO 682 ‐‐‐

IGMP packet dropped, decoding

error Multicast ‐‐‐ NOTICE 686 ‐‐‐

IGMP Packet Not handled. Packet

type : %s Multicast ‐‐‐ NOTICE 687 ‐‐‐

IGMP querier Router detected on

interface %s Multicast ‐‐‐ DEBUG 701 ‐‐‐

IGMP querier Router detected on

VPN tunnel , SPI %S Multicast ‐‐‐ DEBUG 702 ‐‐‐

IGMP state table entry time

out,deleting interface : %s for

multicast address : %s Multicast ‐‐‐ DEBUG 692 ‐‐‐

IGMP state table entry time

out,deleting VPN SPI :%s for

Multicast address : %s Multicast ‐‐‐ DEBUG 693 ‐‐‐

IGMP V2 client joined multicast

Group : %s Multicast ‐‐‐ INFO 676 ‐‐‐

IGMP V2 Membership report

received from interface %s Multicast ‐‐‐ DEBUG 679 ‐‐‐

IGMP V3 client joined multicast

Group : %s Multicast ‐‐‐ INFO 677 ‐‐‐

IGMP V3 Membership report

received from interface %s Multicast ‐‐‐ DEBUG 678 ‐‐‐

IGMP V3 packet dropped,

unsupported Record type : %s Multicast ‐‐‐ NOTICE 688 ‐‐‐

IGMP V3 record type : %s not

Handled Multicast ‐‐‐ DEBUG 689 ‐‐‐

IKE Initiator drop: VPN tunnel

end point does not match

configured VPN Policy Bound to

scope VPN IKE User Activity INFO 544 ‐‐‐

IKE Initiator: Accepting IPsec

proposal (Phase 2) VPN IKE User Activity INFO 372 ‐‐‐

IKE Initiator: Accepting peer

lifetime. (Phase 1) VPN IKE User Activity INFO 445 ‐‐‐

IKE Initiator: Aggressive Mode

complete (Phase 1). VPN IKE User Activity INFO 354 ‐‐‐

IKE Initiator: IKE proposal does

not match (Phase 1) VPN IKE User Activity WARNING 937 ‐‐‐

| 21

IKE Initiator: Main Mode

complete (Phase 1) VPN IKE User Activity INFO 353 ‐‐‐

IKE Initiator: Proposed IKE ID

mismatch VPN IKE User Activity WARNING 933 ‐‐‐

IKE Initiator: Remote party

timeout ‐ Retransmitting IKE

request. VPN IKE User Activity INFO 930 ‐‐‐

IKE Initiator: Start Aggressive

Mode negotiation (Phase 1) VPN IKE User Activity INFO 358 ‐‐‐

IKE Initiator: Start Main Mode

negotiation (Phase 1) VPN IKE User Activity INFO 351 ‐‐‐

IKE Initiator: Start Quick Mode

(Phase 2). VPN IKE User Activity INFO 346 ‐‐‐

IKE Initiator: Using secondary

gateway to negotiate VPN IKE User Activity INFO 543 ‐‐‐

IKE negotiation aborted due to

timeout VPN IKE User Activity INFO 403 ‐‐‐

IKE negotiation complete. Adding

IPsec SA. (Phase 2) VPN IKE User Activity INFO 89 ‐‐‐

IKE Responder drop: VPN tunnel

end point does not match

configured VPN Policy Bound to

scope VPN IKE User Activity INFO 545 ‐‐‐

IKE Responder: %s policy does

not allow static IP for Virtual

Adapter. VPN Client System Errors ERROR 660 ‐‐‐

IKE Responder: Accepting IPsec

proposal (Phase 2) VPN IKE User Activity INFO 87 ‐‐‐

IKE Responder: Aggressive Mode


IKE Responder: AH

authentication algorithm does

not match VPN IKE User Activity WARNING 920 ‐‐‐

IKE Responder: AH

authentication key length does


IKE Responder: AH

authentication key rounds does


IKE Responder: AH Perfect

Forward Secrecy mismatch VPN IKE User Activity WARNING 258 544

22 |

IKE Responder: Algorithms and/

or keys do not match VPN IKE User Activity WARNING 260 546

IKE Responder: Client Policy has

no VPN Access Networks

assigned. Check Configuration. VPN IKE System Errors ERROR 965 ‐‐‐

IKE Responder: Default LAN

gateway is not set but peer is

proposing to use this SA as a

default route VPN IKE Attacks ERROR 516 553

IKE Responder: Default LAN

gateway is set but peer is not

proposing to use this SA as a

default route VPN IKE User Activity WARNING 253 539

IKE Responder: ESP

authentication algorithm does


IKE Responder: ESP

authentication key length does


IKE Responder: ESP

authentication key rounds does


IKE Responder: ESP encryption

algorithm does not match VPN IKE User Activity WARNING 921 ‐‐‐


key length does not match VPN IKE User Activity WARNING 924 ‐‐‐


key rounds does not match VPN IKE User Activity WARNING 927 ‐‐‐

IKE Responder: ESP mode

mismatch Local ‐ Transport

Remote ‐ Tunnel VPN IKE User Activity WARNING 1128 ‐‐‐

IKE Responder: ESP mode

mismatch Local ‐ Tunnel Remote

‐ Transport VPN IKE User Activity WARNING 1127 ‐‐‐

IKE Responder: ESP Perfect

Forward Secrecy mismatch VPN IKE User Activity WARNING 259 545

IKE Responder: IKE Phase 1

exchange does not match VPN IKE User Activity ERROR 1036 ‐‐‐

IKE Responder: IKE proposal does

not match (Phase 1) VPN IKE User Activity WARNING 402 ‐‐‐

| 23

IKE Responder: IP Address

already exists in the DHCP relay

table. Client traffic not allowed. VPN Client System Errors ERROR 659 ‐‐‐

IKE Responder: IP Compression


IKE Responder: IPsec proposal

does not match (Phase 2) VPN IKE User Activity WARNING 88 523

IKE Responder: IPsec protocol


IKE Responder: Main Mode


IKE Responder: Mode %d ‐ not

transport mode. Xauth is

required but not supported by

peer. VPN IKE Network Debug WARNING 342 ‐‐‐

IKE Responder: Mode %d ‐ not

tunnel mode VPN IKE User Activity WARNING 249 535

IKE Responder: No match for

proposed remote network

address VPN IKE User Activity WARNING 252 538

IKE Responder: No matching

Phase 1 ID found for proposed

remote network VPN IKE User Activity WARNING 250 536

IKE Responder: Peer's destination

network does not match VPN

policy's Local Network VPN IKE User Activity WARNING 935 ‐‐‐

IKE Responder: Peer's local


policy's Destination

Network VPN IKE User Activity WARNING 934 ‐‐‐

IKE Responder: Peer's network

does not match VPN policy's

Network VPN IKE User Activity WARNING 1189 ‐‐‐

IKE Responder: Phase 1

Authentication Method does not

match VPN IKE User Activity WARNING 913 ‐‐‐

24 |

IKE Responder: Phase 1 DH

Group does not match VPN IKE User Activity WARNING 919 ‐‐‐


encryption algorithm does not



encryption algorithm keylength

does not match VPN IKE User Activity WARNING 915 ‐‐‐

IKE Responder: Phase 1 hash


IKE Responder: Phase 1 XAUTH

required but policy has no user

name VPN IKE User Activity WARNING 917 ‐‐‐

IKE Responder: Phase 1 XAUTH

required but policy has no user

password VPN IKE User Activity WARNING 918 ‐‐‐

IKE Responder: Proposed IKE ID

mismatch VPN IKE System Errors WARNING 658 ‐‐‐

IKE Responder: Proposed local

network is 0.0.0.0 but SA has no

LAN Default Gateway VPN IKE User Activity WARNING 418 549

IKE Responder: Proposed remote

network is 0.0.0.0 but not DHCP

relay nor default route VPN IKE User Activity WARNING 251 537

IKE Responder: Received

Aggressive Mode request (Phase

1) VPN IKE User Activity INFO 356 ‐‐‐

IKE Responder: Received Main

Mode request (Phase 1) VPN IKE User Activity INFO 355 ‐‐‐

IKE Responder: Received Quick

Mode Request (Phase 2) VPN IKE User Activity INFO 352 ‐‐‐

IKE Responder: Remote party

timeout ‐ Retransmitting IKE


IKE Responder: Route table

overrides VPN policy VPN IKE User Activity WARNING 936 ‐‐‐

| 25

IKE Responder: Tunnel

terminates inside firewall but

proposed local network is not

inside firewall VPN IKE User Activity WARNING 255 541


terminates on DMZ but proposed

local network is on LAN VPN IKE User Activity WARNING 256 542


terminates on LAN but proposed

local network is on DMZ VPN IKE User Activity WARNING 257 543


terminates outside firewall but

proposed local network is not

NAT public address VPN IKE User Activity WARNING 254 540


terminates outside firewall but

proposed remote network is not

NAT public address VPN IKE User Activity WARNING 345 548

IKE SA lifetime expired. VPN IKE User Activity INFO 350 ‐‐‐

IKEv2 Accept IKE SA Proposal VPN IKE User Activity INFO 943 ‐‐‐

IKEv2 Accept IPsec SA Proposal VPN IKE User Activity INFO 944 ‐‐‐

IKEv2 Authentication successful VPN IKE User Activity INFO 942 ‐‐‐

IKEv2 Decrypt packet failed VPN IKE User Activity WARNING 960 ‐‐‐

IKEv2 Function sendto() failed to

transmit packet. VPN IKE User Activity ERROR 979 ‐‐‐

IKEv2 IKE attribute not found VPN IKE User Activity WARNING 970 ‐‐‐

IKEv2 IKE proposal does not


IKEv2 Initiator: Negotiations

failed. Extra payloads present. VPN IKE User Activity WARNING 954 ‐‐‐


failed. Invalid input state. VPN IKE User Activity WARNING 956 ‐‐‐


failed. Invalid output state. VPN IKE User Activity WARNING 957 ‐‐‐

26 |


failed. Missing required payloads. VPN IKE User Activity WARNING 955 ‐‐‐

IKEv2 Initiator: Proposed IKE ID


IKEv2 Initiator: Received

CREATE_CHILD_SA response VPN IKE User Activity INFO 975 ‐‐‐


IKE_AUTH response VPN IKE User Activity INFO 974 ‐‐‐


IKE_SA_INT response VPN IKE User Activity INFO 973 ‐‐‐

IKEv2 Initiator: Remote party

timeout ‐ Retransmitting IKEv2


IKEv2 Initiator: Send

CREATE_CHILD_SA request VPN IKE User Activity INFO 945 ‐‐‐

IKEv2 Initiator: Send IKE_AUTH

request VPN IKE User Activity INFO 940 ‐‐‐

IKEv2 Initiator: Send IKE_SA_INIT


IKEv2 Invalid SPI size VPN IKE User Activity WARNING 966 ‐‐‐

IKEv2 Invalid state VPN IKE User Activity WARNING 964 ‐‐‐

IKEv2 IPsec attribute not found VPN IKE User Activity WARNING 969 ‐‐‐

IKEv2 IPsec proposal does not


IKEv2 NAT device detected

between negotiating peers VPN IKE User Activity INFO 985 ‐‐‐

IKEv2 negotiation complete VPN IKE User Activity INFO 978 ‐‐‐

IKEv2 No NAT device detected

between negotiating peers VPN IKE User Activity INFO 984 ‐‐‐

IKEv2 Out of memory VPN IKE User Activity WARNING 961 ‐‐‐

IKEv2 Payload processing error VPN IKE User Activity WARNING 953 ‐‐‐

IKEv2 Payload validation failed. VPN IKE User Activity WARNING 958 ‐‐‐

| 27

IKEv2 Peer is not responding.

Negotiation aborted. VPN IKE User Activity WARNING 971 ‐‐‐

IKEv2 Process Message queue

failed VPN IKE User Activity WARNING 963 ‐‐‐

IKEv2 Received delete IKE SA


IKEv2 Received delete IKE SA

response VPN IKE User Activity INFO 1015 ‐‐‐

IKEv2 Received delete IPsec SA


IKEv2 Received delete IPsec SA


IKEv2 Received notify error

payload VPN IKE User Activity WARNING 983 ‐‐‐

IKEv2 Received notify status

payload VPN IKE User Activity INFO 982 ‐‐‐

IKEv2 Responder: Peer's

destination network does not

match VPN policy's Local

Network VPN IKE User Activity INFO 951 ‐‐‐

IKEv2 Responder: Peer's local


policy's Destination

Network VPN IKE User Activity INFO 952 ‐‐‐

IKEv2 Responder: Policy for

remote IKE ID not found VPN IKE User Activity ERROR 962 ‐‐‐

IKEv2 Responder: Received

CREATE_CHILD_SA request VPN IKE User Activity INFO 946 ‐‐‐


IKE_AUTH request VPN IKE User Activity INFO 941 ‐‐‐


IKE_SA_INIT request VPN IKE User Activity INFO 939 ‐‐‐

IKEv2 Responder: Send

CREATE_CHILD_SA response VPN IKE User Activity INFO 1012 ‐‐‐

IKEv2 Responder: Send IKE_AUTH


IKEv2 Responder: Send

IKE_SA_INIT response VPN IKE User Activity INFO 976 ‐‐‐

IKEv2 Send delete IKE SA request VPN IKE User Activity INFO 947 ‐‐‐

IKEv2 Send delete IKE SA


28 |

10

IKEv2 Send delete IPsec SA


IKEv2 Send delete IPsec SA


IKEv2 Unable to find IKE SA VPN IKE User Activity WARNING 959 ‐‐‐

IKEv2 VPN Policy not found VPN IKE User Activity WARNING 967 ‐‐‐

Illegal IPsec SPI VPN IPSec User Activity INFO 65 ‐‐‐

Imported HA hardware ID did not

match this firewall High Availability

System


Imported VPN SA is invalid ‐

disabled Firewall Event

System


Inbound connection from GRID‐

listed SMTP server dropped Anti‐Spam Service ‐‐‐ NOTICE 1092 138

Inbound connection from RBL‐

listed SMTP server dropped RBL ‐‐‐ NOTICE 798 ‐‐‐

Incoming call received for


session

Authenticated


Incompatible IPsec Security

Association VPN IPSec User Activity INFO 69 ‐‐‐

Incorrect authentication received

for Remotely Triggered Dial‐out

Authenticated


Ini Killer attack dropped Intrusion Prevention Attacks ALERT 80 519

Initiator from country blocked:

%s Geolocation ‐‐‐ ALERT 1198 ‐‐‐

Interface %s Link Is Down Firewall Event System Errors ALERT 566 647

Interface %s Link Is Up Firewall Event System Errors ALERT 565 646

Interface IP Assignment : Binding

and initializing %s Firewall Event

System


Interface IP Assignment changed:

Shutting down %s Firewall Event

System


Interface statistics report GMS ‐‐‐ INFO 805 ‐‐‐

| 29

Internet Access restricted to

authorized users. Dropped

packet received in the clear. Wireless

Dropped TCP |

Dropped UDP |

Dropped ICMP WARNING 532 ‐‐‐

Invalid DNS Server will not be

accepted by the dynamic client Firewall Event ‐‐‐ INFO 1070 ‐‐‐

Invalid key or serial number used

for GRID response Anti‐Spam Service ‐‐‐ DEBUG 1139 ‐‐‐

Invalid key version used for GRID

response Anti‐Spam Service ‐‐‐ DEBUG 1140 ‐‐‐

Invalid Product Code Upgrade

request received: %s Firewall Event ‐‐‐ ERROR 704 ‐‐‐

Invalid SNMP packet SNMP ‐‐‐ WARNING 1220 ‐‐‐

Invalid SNMPv3 engineID SNMP ‐‐‐ WARNING 1221 ‐‐‐

Invalid SNMPv3 Time Window SNMP ‐‐‐ WARNING 1223 ‐‐‐

Invalid SNMPv3 User SNMP ‐‐‐ WARNING 1222 ‐‐‐

Invalid VLAN packet dropped Network ‐‐‐ ALERT 836 ‐‐‐

IP address conflict detected from

Ethernet address %s Network

System


IP Address is allocated for Client VPN IKE ‐‐‐ INFO 1219 ‐‐‐

IP Header checksum error;

packet dropped Network Access

Dropped TCP|

Dropped UDP NOTICE 883 ‐‐‐

IP Pool of the VPN Policy is Full VPN IKE ‐‐‐ DEBUG 1216 ‐‐‐

IP Pool of the VPN Policy is Not

Configured VPN IKE ‐‐‐ DEBUG 1217 ‐‐‐

IP spoof detected on packet to

Central Gateway, packet dropped DHCP Relay Attacks ERROR 229 533

IP spoof dropped Intrusion Prevention Attacks ALERT 23 502

IP type %s packet dropped Network Access

Dropped LAN UDP

| Dropped LAN

TCP NOTICE 590 ‐‐‐

IP Comp connection interrupt IPcomp Network Debug DEBUG 651 ‐‐‐

30 |

5

6

IP Comp packet dropped IPcomp

Dropped TCP |

Dropped UDP |


IP Comp packet dropped; waiting

for pending IP Comp connection IPcomp Network Debug DEBUG 653 ‐‐‐

IPS Detection Alert: %s Intrusion Prevention Attacks ALERT 608 569

IPS Detection Alert: %s Intrusion Prevention Attacks ALERT 789 643

IPS Prevention Alert: %s Intrusion Prevention Attacks ALERT 609 570

IPS Prevention Alert: %s Intrusion Prevention Attacks ALERT 790 643

IPsec (AH) packet dropped VPN IPSec

Dropped TCP |

Dropped UDP |


IPsec (AH) packet dropped;

waiting for pending IPsec

connection VPN IPSec Network Debug DEBUG 536 ‐‐‐

IPsec (ESP) packet dropped VPN IPSec

Dropped TCP |

Dropped UDP |


IPsec (ESP) packet dropped;

waiting for pending IPsec

connection VPN IPSec Network Debug DEBUG 535 ‐‐‐

IPsec Authentication Failed VPN IPSec Attacks ERROR 67 508

IPsec connection interrupt Network Access Network Debug DEBUG 43 ‐‐‐

IPsec Decryption Failed VPN IPSec Attacks ERROR 68 509

IPsec packet dropped Network Access

Dropped TCP |

Dropped UDP |


IPsec packet dropped; waiting for

pending IPsec connection Network Access Network Debug DEBUG 42 ‐‐‐

IPsec packet from an illegal host VPN IPSec

System


IPsec packet from or to an illegal

host VPN IPSec Attacks ERROR 70 510

IPsec Replay Detected VPN IPSec Attacks ALERT 180 531

IPsec SA lifetime expired. VPN IPSec User Activity INFO 349 ‐‐‐

| 31

IPsecTunnel status changed VPN VPN Tunnel Status INFO 427 801

IPv6 Tunnel packet dropped VPN IKE ‐‐‐ NOTICE 1253 ‐‐‐

IPv6 VPN only support IKEv2

mode VPN IKE ‐‐‐ INFO 1252 ‐‐‐

ISDN Driver Firmware

successfully updated Firewall Event

System


Issuer match failed VPN PKI User Activity ALERT 278 ‐‐‐

Java access denied Network Access Blocked Java Etc NOTICE 19 ‐‐‐

L2TP Connect Initiated by the

User L2TP Client

System


L2TP Disconnect Initiated by the

User L2TP Client

System


L2TP LCP Down L2TP Client

System


L2TP LCP Up L2TP Client

System


L2TP Max Retransmission

Exceeded L2TP Client

System


L2TP PPP Authentication Failed L2TP Client

System


L2TP PPP Down L2TP Client

System


L2TP PPP link down L2TP Client

System


L2TP PPP Negotiation Started L2TP Client

System


L2TP PPP Session Up L2TP Client

System


L2TP Server : Access from L2TP

VPN Client Privilege not enabled

for RADIUS Users. L2TP Server

System


L2TP Server : Deleting the L2TP

active Session L2TP Server

System


L2TP Server : Deleting the Tunnel L2TP Server

System


L2TP Server : L2TP PPP Session

Established. L2TP Server

System


L2TP Server : L2TP Session


System


32 |

L2TP Server : L2TP Tunnel


System


L2TP Server : Retransmission

Timeout, Deleting the Tunnel L2TP Server

System


L2TP Server : User Name

authentication Failure locally. L2TP Server

System


L2TP Server: Keep alive Failure.

Closing Tunnel L2TP Server

System


L2TP Server: L2TP Remote

terminated the PPP session L2TP Server

System


L2TP Server: L2TP Session

Disconnect from the Remote. L2TP Server

System


L2TP Server: L2TP Tunnel

Disconnect from the Remote. L2TP Server

System


L2TP Server: Local

Authentication Failure L2TP Server

System


L2TP Server: Local

Authentication Success. L2TP Server

System


L2TP Server: No IP address

available in the Local IP Pool L2TP Server

System


L2TP Server: RADIUS/LDAP

Authentication Success L2TP Server

System



reports Authentication Failure L2TP Server

System



server not assigned IP address L2TP Server

System


L2TP Server: Call Disconnect from

Remote. L2TP Server

System


L2TP Server: Tunnel Disconnect

from Remote. L2TP Server

System


L2TP Session Disconnect from

Remote L2TP Client

System


L2TP Session Established L2TP Client

System


L2TP Session Negotiation Started L2TP Client

System


| 33

L2TP Tunnel Disconnect from

Remote L2TP Client

System


L2TP Tunnel Established L2TP Client

System


L2TP Tunnel Negotiation %s L2TP Client ‐‐‐ INFO 1074 ‐‐‐

L2TP Tunnel Negotiation Started L2TP Client

System


LAN Subnet configurations were

not upgraded. Firewall Event

System


Land attack dropped Intrusion Prevention Attacks ALERT 27 505

LDAP server does not allow CHAP

Remote


LDAP using non‐administrative

account ‐ VPN client user will not

be able to change passwords

Remote

Authentication System Errors WARNING 1011 ‐‐‐

License exceeded: Connection

dropped because too many IP

addresses are in use on your LAN Firewall Event System Errors ERROR 58 608

License of HA pair doesn't match:

%s High Availability System Errors ERROR 670 664

Locked‐out user logins allowed ‐

lockout period expired

Authenticated


Locked‐out user logins allowed

by administrator

Authenticated


Log Cleared Firewall Logging

System


Log Debug Firewall Event Network Debug ERROR 142 ‐‐‐

Log full; deactivating Network

Security Appliance Firewall Logging System Errors ERROR 7 601

Log successfully sent via email Firewall Logging

System


Login screen timed out

Authenticated


MAC address collides with Static

ARP Entry with Bound MAC

address; packet dropped Network ‐‐‐ NOTICE 814 ‐‐‐

34 |

Machine %s removed from FIN

flood blacklist Intrusion Prevention Network Debug ALERT 903 ‐‐‐

Machine %s removed from RST


Machine %s removed from SYN


MAC‐IP Anti‐Spoof cache found,

but it is blacklisted device. MAC‐IP Anti‐Spoof ‐‐‐ ALERT 1212 ‐‐‐

MAC‐IP Anti‐spoof cache found,

but it is not a router. MAC‐IP Anti‐Spoof ‐‐‐ ALERT 1211 ‐‐‐

MAC‐IP Anti‐spoof cache not

found for this router. Mac IP Spoof ‐‐‐ ALERT 1210 ‐‐‐

MAC‐IP Anti‐spoof check

enforced for hosts. MAC‐IP Anti‐Spoof ‐‐‐ ALERT 1209 ‐‐‐

Malformed DNS packet detected Network Access Network Debug ALERT 1177 ‐‐‐

Malformed or unhandled IP

packet dropped Network Access Network Debug ALERT 522 554

Maximum events per second

threshold exceeded Firewall Logging System Errors CRITICAL 654 ‐‐‐

Maximum number of Bandwidth

Managed rules exceeded upon

upgrade to this version. Some

Bandwidth settings ignored. Firewall Event

System

Maintenance NOTICE 541 ‐‐‐

Maximum sequential failed dial

attempts (10) to a single dial‐up

number: %s PPP Dial‐Up Attacks ERROR 591 566

Maximum syslog data per second

threshold exceeded Firewall Logging System Errors CRITICAL 655 ‐‐‐

Message blocked by Real‐Time

Email Scanner Anti‐Spam Service ‐‐‐ INFO 1108 ‐‐‐

MOBIKE: Update Peer Gateway

IP VPN IKE ‐‐‐ INFO 1218 ‐‐‐

Modules attached to HA units do

not match: %s High Availability System Errors ALERT 1162 664

Monitoring probe out interface

mismatch %s High Availability ‐‐‐ ERROR 1194 ‐‐‐

Multicast application %s not

supported Multicast ‐‐‐ INFO 696 ‐‐‐

Multicast packet dropped, Invalid

src IP received on interface : %s Multicast ‐‐‐ ALERT 685 ‐‐‐

| 35

Multicast packet dropped, wrong

MAC address received on

interface : %s Multicast ‐‐‐ ALERT 684 ‐‐‐

Multicast TCP packet dropped Multicast ‐‐‐ NOTICE 691 ‐‐‐

Multicast UDP packet dropped,

no state entry Multicast ‐‐‐ NOTICE 690 ‐‐‐


RTCP stateful failed Multicast ‐‐‐ WARNING 695 ‐‐‐


RTP stateful failed Multicast ‐‐‐ WARNING 694 ‐‐‐

Multiple DHCP Servers are

detected on network Firewall Event ‐‐‐ WARNING 1068 ‐‐‐

NAT device may not support

IPsec AH passthrough VPN IPSec

System


NAT Discovery : No NAT/NAPT

device detected between IPsec

Security gateways VPN IKE User Activity INFO 241 ‐‐‐

NAT Discovery : Local IPsec

Security Gateway behind a NAT/

NAPT Device VPN IKE User Activity INFO 240 ‐‐‐

NAT Discovery : Peer IPsec

Security Gateway behind a NAT/

NAPT Device VPN IKE User Activity INFO 239 ‐‐‐

NAT Discovery : Peer IPsec

Security Gateway doesn't

support VPN NAT Traversal VPN IKE User Activity INFO 242 ‐‐‐

Nat Mapping Network Access ‐‐‐ NOTICE 1197 ‐‐‐

NAT translated packet exceeds

size limit, packet dropped Network Network Debug DEBUG 339 ‐‐‐

Net Spy attack dropped Intrusion Prevention Attacks ALERT 74 513

NetBIOS settings were not

upgraded. Use Network>IP

Helper to configure NetBIOS

support Firewall Event

System


NetBus attack dropped Intrusion Prevention Attacks ALERT 72 511

36 |

05

06

04

02

03

01

Network for interface %s

overlaps with another interface. Firewall Event

System


Network Modem Mode Disabled:

re‐enabling NAT PPP Dial‐Up

System


Network Modem Mode Enabled:

turning off NAT PPP Dial‐Up

System


Network Monitor Policy %s

Added Network Monitor ‐‐‐ INFO 1104 ‐‐‐


Deleted Network Monitor ‐‐‐ INFO 1105 ‐‐‐


Modified Network Monitor ‐‐‐ INFO 1106 ‐‐‐

Network Monitor: Host %s is

offline Network Monitor ‐‐‐ ALERT 706 140

Network Monitor: Host %s is

online Network Monitor ‐‐‐ ALERT 707 140

Network Monitor: Host %s status

is UNKNOWN Network Monitor ‐‐‐ ALERT 1103 140

Network Monitor: Policy %s

status is DOWN Network Monitor ‐‐‐ ALERT 1101 140


status is UNKNOWN Network Monitor ‐‐‐ ALERT 1102 140


status is UP Network Monitor ‐‐‐ ALERT 1100 140

Network Security Appliance

activated Firewall Event

System


Network Security Appliance

initializing Firewall Event

System


New firmware available. Firewall Event

System


New URL List loaded Security Services

System


Newsgroup access allowed Network Access Blocked Web Sites NOTICE 17 704

Newsgroup access denied Network Access

Blocked Web

Sites NOTICE 15 702

No Certificate for VPN PKI User Activity ALERT 280 ‐‐‐

No DNS response to domain ‐ %s Security Services ‐‐‐ DEBUG 1238 ‐‐‐

No HOST tag found in HTTP

request Network Access Network Debug DEBUG 52 ‐‐‐

| 37

12

No new URL List available Security Services

System


No response from ISP

Disconnecting PPPoE. PPPoE

System


No response from PPTP server to

call requests PPTP

System


No response from PPTP server to

control connection requests PPTP

System


No response from server to Echo

Requests, disconnecting PPTP

Tunnel PPTP

System


No response received from DNS

server Anti‐Spam Service ‐‐‐ DEBUG 1142 ‐‐‐

No valid DNS server specified for

GRID lookups Anti‐Spam Service ‐‐‐ ERROR 1094 138

No valid DNS server specified for

RBL lookups RBL ‐‐‐ ERROR 800 ‐‐‐

Non‐config mode GUI


Authenticated


Not all configurations may have

been completely upgraded Firewall Event

System


Not blacklisted as per

configuration Anti‐Spam Service ‐‐‐ DEBUG 1143 ‐‐‐

Not Blacklisted by domain ‐ %s Security Services ‐‐‐ DEBUG 1237 ‐‐‐

Not enough memory to hold the

CRL VPN PKI User Activity WARNING 272 ‐‐‐

NTP Request sent System ‐‐‐ NOTICE 1232 ‐‐‐

Obtained Relay IP Table from

Remote Gateway DHCP Relay

System


OCSP Failed to Resolve Domain

Name. VPN PKI User Activity ERROR 853 ‐‐‐

OCSP Internal error handling

received response. VPN PKI User Activity ERROR 854 ‐‐‐

OCSP received response error. VPN PKI User Activity ERROR 851 ‐‐‐

OCSP received response. VPN PKI User Activity INFO 850 ‐‐‐

38 |

09

9

OCSP Resolved Domain Name. VPN PKI User Activity INFO 852 ‐‐‐

OCSP send request message

failed. VPN PKI User Activity ERROR 849 ‐‐‐

OCSP sending request. VPN PKI User Activity INFO 848 ‐‐‐

On HA peer firewall, Interface %s

Link Is Down High Availability System Errors ALERT 1206 ‐‐‐

On HA peer firewall, Interface %s

Link Is Up High Availability System Errors ALERT 1205 ‐‐‐

Outbound connection to GRID‐

listed SMTP server dropped Anti‐Spam Service ‐‐‐ NOTICE 1091 138

Outbound connection to RBL‐

listed SMTP server dropped RBL ‐‐‐ NOTICE 797 ‐‐‐

Out‐of‐order command packet

dropped Network Access Network Debug DEBUG 48 ‐‐‐

Overriding Product Code

Upgrade to: %s Firewall Event ‐‐‐ ERROR 705 ‐‐‐

Packet allowed by ACL Network ‐‐‐ INFO 1235 ‐‐‐

Packet destination not in VPN

Access list VPN IPSec Attacks ERROR 648 572

Packet Dropped ‐ IP TTL expired Network Network Debug WARNING 910 ‐‐‐

Packet dropped by guest check Network Access

Dropped TCP |

Dropped UDP |


Packet dropped by wireless

Advanced IDP Wireless ‐‐‐ WARNING 1229 ‐‐‐

Packet dropped by WLAN SSL‐

VPN enforcement check Wireless

Dropped TCP |

Dropped UDP |


Packet dropped by WLAN VPN

traversal check Wireless

Dropped TCP |

Dropped UDP |


Packet dropped. No firewall rule

associated with VPN policy. VPN System Errors ALERT 739 ‐‐‐

Packet dropped; connection limit

for this destination IP address has

been reached Firewall Event System Errors ALERT 647 523

| 39

8

9

8

4

01

Packet dropped; connection limit

for this source IP address has

been reached Firewall Event System Errors ALERT 646 523

Payload processing failed VPN IKE Network Debug ERROR 616 ‐‐‐

PC Card inserted. Firewall Hardware ‐‐‐ ALERT 1054 541

PC Card removed. Firewall Hardware ‐‐‐ ALERT 1053 541

PC Card: No device detected Firewall Hardware ‐‐‐ ALERT 1056 ‐‐‐

Peer firewall has equivalent link

status. In event of failover, it will

operate with equal capability. High Availability

System


Peer firewall has reduced link

status. In event of failover, it will

operate with limited capability. High Availability

System


Peer firewall rebooting (%s) High Availability ‐‐‐ INFO 1057 ‐‐‐

Peer HA firewall has stateful

license but this firewall is not yet

registered High Availability System Errors ALERT 1136 ‐‐‐

Physical environment normal Firewall Hardware ‐‐‐ INFO 1042 542

Physical interface utilization is

greater than 80% of the

maximum rated tolerance(for the

interface)for more than 10

seconds. Firewall Hardware ‐‐‐ ALERT 1247 170

Ping of death dropped Intrusion Prevention Attacks ALERT 22 501

PKI Error: VPN PKI

System


PKI Failure VPN PKI

System


PKI Failure: CA certificates store

exceeded. Cannot verify this

Local Certificate VPN PKI

System


PKI Failure: Cannot allocate

memory VPN PKI

System


40 |

PKI Failure: Certificate's ID does

not match this Network Security

Appliance VPN PKI

System


PKI Failure: Duplicate local

certificate VPN PKI

System


PKI Failure: Duplicate local

certificate name VPN PKI

System


PKI Failure: Import failed VPN PKI

System


PKI Failure: Improper file format.

Please select PKCS#12 (*.p12) file VPN PKI

System


PKI Failure: Incorrect admin

password VPN PKI

System


PKI Failure: Internal error VPN PKI

System


PKI Failure: Loaded but could not

verify certificate VPN PKI

System


PKI Failure: Loaded the certificate

but could not verify its chain VPN PKI

System


PKI Failure: No CA certificates yet

loaded VPN PKI

System


PKI Failure: Output buffer too

small VPN PKI

System


PKI Failure: public‐private key

mismatch VPN PKI

System


PKI Failure: Reached the limit for

local certificates, cant load any

more VPN PKI

System


PKI Failure: Temporary memory

shortage, try again VPN PKI

System


PKI Failure: The certificate chain

has no root VPN PKI

System



is circular VPN PKI

System



is incomplete VPN PKI

System


PKI Failure: The certificate or a

certificate in the chain has a bad

signature VPN PKI

System


| 41

5


certificate in the chain has a

validity period in the future VPN PKI

System



certificate in the chain has

expired VPN PKI

System



certificate in the chain is corrupt VPN PKI

System


Please connect interface %s to

another network to function

properly Firewall Event

System


Please manually check all system

configurations for correctness of

Upgrade Firewall Event

System


Port configured to receive IPsec

protocol ONLY; drop packet

received in the clear Network Access

Dropped TCP |

Dropped UDP |


Possible DNS rebind attack

detected Intrusion Prevention ‐‐‐ ALERT 1098 646

Possible FIN Flood on IF %s Intrusion Prevention Network Debug ALERT 905 ‐‐‐

Possible FIN Flood on IF %s


Possible FIN Flood on IF %s has

ceased Intrusion Prevention Network Debug ALERT 907 ‐‐‐

Possible ICMP Flood attack

detected Intrusion Prevention Attacks ALERT 1214 ‐‐‐

Possible port scan detected Intrusion Prevention Attacks ALERT 82 521

Possible RST Flood on IF %s Intrusion Prevention Network Debug ALERT 904 ‐‐‐

Possible RST Flood on IF %s


Possible RST Flood on IF %s has


Possible SYN flood attack

detected Intrusion Prevention Attacks WARNING 25 503

Possible SYN flood detected on

WAN IF %s ‐ switching to

connection‐proxy mode Intrusion Prevention Network Debug ALERT 859 ‐‐‐

Possible SYN Flood on IF %s Intrusion Prevention Network Debug ALERT 860 ‐‐‐

42 |

5

Possible SYN Flood on IF %s


Possible SYN Flood on IF %s has


Possible UDP Flood attack

detected Intrusion Prevention Attacks ALERT 1213 ‐‐‐

Power supply without

redundancy Firewall Hardware ‐‐‐ ERROR 1043 542

PPP Dial‐Up: Connect request

canceled PPP Dial‐Up User Activity INFO 306 ‐‐‐

PPP Dial‐Up: Connected at %s

bps ‐ starting PPP PPP Dial‐Up User Activity INFO 286 ‐‐‐

PPP Dial‐Up: Connection

disconnected as scheduled. PPP Dial‐Up ‐‐‐ INFO 666 ‐‐‐

PPP Dial‐Up: Dial initiated by %s PPP Dial‐Up

System


PPP Dial‐Up: Dialed number did

not answer PPP Dial‐Up User Activity INFO 285 ‐‐‐

PPP Dial‐Up: Dialed number is

busy PPP Dial‐Up User Activity INFO 284 ‐‐‐

PPP Dial‐Up: Dialing not allowed

by schedule. %s PPP Dial‐Up ‐‐‐ INFO 665 ‐‐‐

PPP Dial‐Up: Dialing: %s PPP Dial‐Up User Activity INFO 281 ‐‐‐

PPP Dial‐Up: Failed to get IP

address PPP Dial‐Up User Activity INFO 298 ‐‐‐

PPP Dial‐Up: Idle time limit

exceeded ‐ disconnecting PPP Dial‐Up User Activity INFO 297 ‐‐‐

PPP Dial‐Up: Initialization : %s PPP Dial‐Up User Activity INFO 303 ‐‐‐

PPP Dial‐Up: Invalid DNS IP

address returned from Dial‐Up

ISP; overriding using dial‐up

profile settings PPP Dial‐Up

System


PPP Dial‐Up: Link carrier lost PPP Dial‐Up User Activity INFO 288 ‐‐‐

PPP Dial‐Up: Manual intervention

needed. Check Primary Profile or

Profile details PPP Dial‐Up User Activity INFO 321 ‐‐‐

PPP Dial‐Up: Maximum

connection time exceeded ‐

disconnecting PPP Dial‐Up User Activity INFO 327 ‐‐‐

| 43

PPP Dial‐Up: No dial tone

detected ‐ check phone‐line

connection PPP Dial‐Up User Activity INFO 282 ‐‐‐

PPP Dial‐Up: No link carrier

detected ‐ check phone number PPP Dial‐Up User Activity INFO 283 ‐‐‐

PPP Dial‐Up: No peer IP address

from Dial‐Up ISP, local and

remote IPs will be the same PPP Dial‐Up

System


PPP Dial‐Up: PPP link down PPP Dial‐Up User Activity INFO 301 ‐‐‐

PPP Dial‐Up: PPP link established PPP Dial‐Up User Activity INFO 300 ‐‐‐

PPP Dial‐Up: PPP negotiation

failed ‐ disconnecting PPP Dial‐Up User Activity INFO 296 ‐‐‐

PPP Dial‐Up: Previous session

was connected for %s PPP Dial‐Up User Activity INFO 542 ‐‐‐

PPP Dial‐Up: Received new IP

address PPP Dial‐Up User Activity INFO 299 ‐‐‐

PPP Dial‐Up: Shutting down link PPP Dial‐Up User Activity INFO 302 ‐‐‐

PPP Dial‐Up: Starting PPP PPP Dial‐Up ‐‐‐ INFO 1037 ‐‐‐

PPP Dial‐Up: Startup without

Ethernet cable, will try to dial on

outbound traffic PPP Dial‐Up User Activity INFO 323 ‐‐‐

PPP Dial‐Up: The profile in use

disabled VPN networking. PPP Dial‐Up

System


PPP Dial‐Up: Trying to failover

but Alternate Profile is manual WAN Availability User Activity INFO 434 ‐‐‐

PPP Dial‐Up: Trying to failover

but Primary Profile is manual PPP Dial‐Up User Activity INFO 322 ‐‐‐

PPP Dial‐Up: Unknown dialing

failure PPP Dial‐Up User Activity INFO 287 ‐‐‐

PPP Dial‐Up: User requested

connect PPP Dial‐Up User Activity INFO 305 ‐‐‐

PPP Dial‐Up: User requested

disconnect PPP Dial‐Up User Activity INFO 304 ‐‐‐

44 |

PPP Dial‐Up: VPN networking

restored. PPP Dial‐Up

System


PPP message: %s PPP ‐‐‐ INFO 1018 ‐‐‐

PPP: Authentication successful PPP ‐‐‐ INFO 289 ‐‐‐

PPP: CHAP authentication failed ‐

check username / password PPP ‐‐‐ INFO 291 ‐‐‐

PPP: MS‐CHAP authentication

failed ‐ check username /

password PPP ‐‐‐ INFO 292 ‐‐‐

PPP: PAP Authentication failed ‐

check username / password PPP ‐‐‐ INFO 290 ‐‐‐

PPP: Starting CHAP

authentication PPP ‐‐‐ INFO 294 ‐‐‐

PPP: Starting MS‐CHAP

authentication PPP ‐‐‐ INFO 293 ‐‐‐

PPP: Starting PAP authentication PPP ‐‐‐ INFO 295 ‐‐‐

PPPoE terminated PPPoE

System


PPPoE CHAP Authentication

Failed PPPoE

System


PPPoE Client: Previous session

was connected for %s PPPoE

System


PPPoE discovery process

complete PPPoE

System


PPPoE enabled but not ready PPPoE

System


PPPoE LCP Link Down PPPoE

System


PPPoE LCP Link Up PPPoE

System


PPPoE Network Connected PPPoE

System


PPPoE Network Disconnected PPPoE

System


PPPoE PAP Authentication Failed PPPoE

System


| 45

PPPoE PAP Authentication Failed.

Please verify PPPoE username

and password PPPoE

System


PPPoE PAP Authentication

success. PPPoE

System


PPPoE password changed by

Administrator

Authenticated


PPPoE starting CHAP

Authentication PPPoE

System


PPPoE starting PAP

Authentication PPPoE

System


PPPoE user name changed by

Administrator

Authenticated


PPTP enabled but not ready PPTP

System


PPTP CHAP Authentication

Failed. Please verify PPTP

username and password PPTP

System


PPTP Connect Initiated by the

User PPTP

System


PPTP Control Connection

Established PPTP

System


PPTP Control Connection

Negotiation Started PPTP

System


PPTP decode failure PPTP Network Debug DEBUG 596 ‐‐‐

PPTP Disconnect Initiated by the

User PPTP

System


PPTP LCP Down PPTP

System


PPTP LCP Up PPTP

System


PPTP Max Retransmission

Exceeded PPTP

System


PPTP packet dropped Network Access

Dropped TCP |

Dropped UDP |


PPTP PAP Authentication Failed PPTP

System


PPTP PAP Authentication Failed.

Please verify PPTP username and

password PPTP

System


PPTP PAP Authentication

success. PPTP

System


46 |

PPTP PPP Authentication Failed PPTP

System


PPTP PPP Down PPTP

System


PPTP PPP link down PPTP

System


PPTP PPP Link down PPTP

System


PPTP PPP Link Finished PPTP

System


PPTP PPP Link Up PPTP

System


PPTP PPP Negotiation Started PPTP

System


PPTP PPP Session Up PPTP

System


PPTP Server is not responding,

check if the server is UP and

running. PPTP

System


PPTP server rejected control

connection PPTP

System


PPTP server rejected the call

request PPTP

System


PPTP Session Disconnect from

Remote PPTP

System


PPTP Session Established PPTP

System


PPTP Session Negotiation Started PPTP

System


PPTP starting CHAP

Authentication PPTP

System


PPTP starting PAP Authentication PPTP

System


PPTP Tunnel Disconnect from

Remote PPTP

System


Primary firewall has transitioned

to Active High Availability

System


Primary firewall has transitioned

to Idle High Availability System Errors ALERT 146 614

Primary firewall preempting

Backup High Availability System Errors ERROR 153 620

| 47

Primary firewall rebooting itself

as it transitioned from Active to

Idle while Preempt High Availability ‐‐‐ INFO 1058 ‐‐‐

Primary missed heartbeats from

Backup High Availability System Errors ERROR 148 615

Primary received error signal

from Backup High Availability System Errors ERROR 150 617

Primary received heartbeat from

wrong source High Availability

System


Primary received reboot signal

from Backup High Availability System Errors ERROR 671 665

Primary WAN link down, Backup

going Active High Availability System Errors ERROR 220 634

Primary WAN link down, Primary

going Idle High Availability

System


Primary WAN link up, preempting

Backup High Availability

System


Priority attack dropped Intrusion Prevention Attacks ALERT 79 518

Probable port scan detected Intrusion Prevention Attacks ALERT 83 522

Probable TCP FIN scan detected Intrusion Prevention Attacks ALERT 177 528

Probable TCP NULL scan detected Intrusion Prevention Attacks ALERT 179 530

Probable TCP XMAS scan

detected Intrusion Prevention Attacks ALERT 178 529

Probe Response Failure ‐ %s Anti‐Spam Service ‐‐‐ DEBUG 1132 ‐‐‐

Probe Response Success ‐ %s Anti‐Spam Service ‐‐‐ DEBUG 1131 ‐‐‐

Probing failure on %s WAN Availability System Errors ALERT 326 637

Probing succeeded on %s WAN Availability System Errors ALERT 436 638

Problem loading the URL List;

Appliance not registered. Security Services System Errors ERROR 183 623


check Filter settings Security Services System Errors ERROR 10 602


check your DNS server Security Services System Errors ERROR 11 603

48 |

14

5


Flash write failure. Security Services System Errors ERROR 187 627


Retrying later. Security Services System Errors ERROR 186 626


Subscription expired. Security Services System Errors ERROR 184 624

Problem loading the URL List; Try

loading it again. Security Services System Errors ERROR 185 625

Problem occurred during user

group membership retrieval

Authenticated


Problem sending log email; check

log settings Firewall Logging System Errors WARNING 12 604

Processed Email received from

Email Security Service Anti‐Spam Service ‐‐‐ INFO 1096 138

Product maximum entries

reached ‐ %s Firewall Event ‐‐‐ WARNING 1196 ‐‐‐

RADIUS user cannot use One

Time Password ‐ no mail address

set for equivalent local user

Authenticated


RBL DNS server responded with

error code ‐ %s Security Services ‐‐‐ DEBUG 1239 ‐‐‐

Read‐only mode GUI


Authenticated


Real time clock battery failure

Time values may be incorrect Firewall Hardware System Errors WARNING 539 644

Received a path MTU ICMP

message from router/gateway Network User Activity INFO 182 ‐‐‐

Received a path MTU ICMP

message from router/gateway Network User Activity INFO 188 ‐‐‐

Received Application Firewall

Alert: Your Application Firewall

(Application Firewall)

subscription has expired. Security Services

System


Received Alert: Your Firewall

Botnet Filter subscription has

expired. Security Services ‐‐‐ WARNING 1195 ‐‐‐

| 49

Received Alert: Your Firewall

Visualization Control subscription

has expired. Security Services ‐‐‐ WARNING 1159 ‐‐‐

Received AV Alert: %s Security Services

System


Received AV Alert: Your Network

Anti‐Virus subscription has

expired. %s Security Services

System


Received AV Alert: Your Network

Anti‐Virus subscription will expire

in 7 days. %s Security Services

System


Received Blacklisted Directive

from ‐ %s Security Services ‐‐‐ DEBUG 1236 ‐‐‐

Received CFS Alert: Your Content

Filtering subscription has

expired. Security Services

System


Received CFS Alert: Your Content

Filtering subscription will expire

in 7 days. Security Services

System


Received DHCP offer packet has

errors DHCP Client

System


Received E‐Mail Filter Alert: Your

E‐Mail Filtering subscription has


System


Received E‐Mail Filter Alert: Your

E‐Mail Filtering subscription will

expire in 7 days. Security Services

System


Received fragmented packet or

fragmentation needed Network Network Debug DEBUG 63 ‐‐‐

Received IKE SA delete request VPN IKE User Activity INFO 413 ‐‐‐

Received IPS Alert: Your Intrusion

Prevention (IDP) subscription has


System


Received IPsec SA delete request VPN IKE User Activity INFO 412 ‐‐‐

Received ISAKMP packet

destined to port %s VPN IKE

Network Debug |

Dropped UDP INFO 607 ‐‐‐

50 |

06

Received LCP Echo Reply PPPoE

System


Received LCP Echo Request PPPoE

System


Received notify.

NO_PROPOSAL_CHOSEN VPN IKE User Activity WARNING 401 ‐‐‐

Received notify:

INVALID_COOKIES VPN IKE User Activity INFO 414 ‐‐‐

Received notify:

INVALID_ID_INFO VPN IPSec User Activity WARNING 483 ‐‐‐

Received notify:

INVALID_PAYLOAD VPN IKE User Activity ERROR 661 ‐‐‐

Received notify: INVALID_SPI VPN IKE User Activity INFO 416 ‐‐‐

Received notify:

ISAKMP_AUTH_FAILED VPN IKE User Activity WARNING 409 ‐‐‐

Received notify:

PAYLOAD_MALFORMED VPN IKE User Activity WARNING 411 ‐‐‐

Received notify:

RESPONDER_LIFETIME VPN IKE User Activity INFO 415 ‐‐‐

Received packet retransmission.

Drop duplicate packet VPN IKE User Activity WARNING 406 ‐‐‐

Received PPPoE Active Discovery

Offer PPPoE

System


Received PPPoE Active Discovery

Session_confirmation PPPoE

System


Received response packet for

DHCP request has errors DHCP Client

System


Received unauthenticated GRID

response Anti‐Spam Service ‐‐‐ DEBUG 1138 ‐‐‐

Received unencrypted packet in

crypto active state VPN IKE User Activity WARNING 605 ‐‐‐

Regulatory requirements prohibit

%s from being re‐dialed for 30

minutes PPP Dial‐Up Attacks ERROR 592 567

Released IP address %s DHCP Server ‐‐‐ INFO 1111 ‐‐‐

Remote WAN Acceleration

device started responding to

probes WAN Acceleration ‐‐‐ ALERT 1175 160

| 51

05

3

Remote WAN Acceleration

device stopped responding to

probes WAN Acceleration ‐‐‐ ALERT 1174 160


session ended. Valid WAN bound

data found. Normal dial‐up

sequence will commence

Authenticated



session started. Requesting

authentication

Authenticated


Removed a member from an

LDAP mirror user group

Remote


Removed host entry from

dynamic address object

Dynamic Address

Objects

System


Request for Relay IP Table from

Central Gateway DHCP Relay

System


Requesting CRL from VPN PKI User Activity INFO 269 ‐‐‐

Requesting Relay IP Table from

Remote Gateway DHCP Relay

System


Resolved ES Cloud ‐ %s Anti‐Spam Service ‐‐‐ DEBUG 1146 ‐‐‐

Responder from country blocked:

%s Geolocation ‐‐‐ ALERT 1199 ‐‐‐

Restarting Network Security

Appliance; dumping log to email Firewall Event

System


Retransmitting DHCP DISCOVER. DHCP Client

System


Retransmitting DHCP REQUEST

(Rebinding). DHCP Client

System



(Rebooting). DHCP Client

System



(Renewing). DHCP Client

System



(Requesting). DHCP Client

System



(Verifying). DHCP Client

System


RIP Broadcasts for LAN Network

%s are being broadcast over

dialup‐connection RIP

System


52 |

5

1

9

6

2

0

8

4

2

7

3

1

RIP disabled on DMZ interface RIP

System


RIP disabled on interface %s RIP

System


RIP disabled on WAN interface RIP

System


Ripper attack dropped Intrusion Prevention Attacks ALERT 76 515

RIPv1 enabled on DMZ interface RIP

System


RIPv1 enabled on interface %s RIP

System


RIPv1 enabled on WAN interface RIP

System


RIPv2 compatibility (broadcast)

mode enabled on DMZ interface RIP

System



mode enabled on interface %s RIP

System



mode enabled on WAN interface RIP

System


RIPv2 enabled on DMZ interface RIP

System


RIPv2 enabled on interface %s RIP

System


RIPv2 enabled on WAN interface RIP

System


Router IGMP General query

received on interface %s Multicast ‐‐‐ DEBUG 680 ‐‐‐

Router IGMP Membership query

received on interface %s Multicast ‐‐‐ DEBUG 681 ‐‐‐

RST Flood Blacklist on IF %s


RST‐Flooding machine %s


SA is disabled. Check VPN SA

settings VPN IKE User Activity INFO 407 ‐‐‐

SCEP Client: %s VPN PKI ‐‐‐ NOTICE 1097 ‐‐‐

Sending DHCP DISCOVER. DHCP Client

System


| 53

06

11

Sending DHCP RELEASE. DHCP Client

System


Sending DHCP REQUEST

(Rebinding). DHCP Client

System



(Rebooting). DHCP Client

System



(Renewing). DHCP Client

System



(Verifying). DHCP Client

System


Sending DHCP REQUEST. DHCP Client

System


Sending LCP Echo Reply PPPoE

System


Sending LCP Echo Request PPPoE

System


Sending PPPoE Active Discovery

Request PPPoE

System


Senna Spy attack dropped Intrusion Prevention Attacks ALERT 78 517

Sent Relay IP Table to Central

Gateway DHCP Relay

System


Settings Import: %s Firewall Event ‐‐‐ INFO 1049 ‐‐‐

SIP Register expiration exceeds

configured Signaling inactivity

time out VoIP

Expanded – VoIP

Activity WARNING 645 ‐‐‐

SIP Request VoIP

Expanded – VoIP

Activity DEBUG 643 ‐‐‐

SIP Response VoIP

Expanded – VoIP


SMTP authentication problem:%s Firewall Logging System Errors WARNING 737 ‐‐‐

SMTP connection limit is

reached. Connection is dropped. Anti‐Spam Service ‐‐‐ WARNING 1087 138

SMTP POP‐Before‐SMTP

authentication failed Firewall Logging System Errors WARNING 656 ‐‐‐

SMTP server found on RBL

blacklist RBL ‐‐‐ NOTICE 799 ‐‐‐

SMTP server found on Reject List Anti‐Spam Service ‐‐‐ NOTICE 1093 138

Smurf Amplification attack

dropped Intrusion Prevention Attacks ALERT 81 520

54 |

SNMP Packet Dropped Unused ‐‐‐ INFO 1225 ‐‐‐

SonicPoint association posted

successfully to License Manager Firewall Event ‐‐‐ INFO 1266 ‐‐‐

SonicPoint association request to

License Manager failed: %s Firewall Event ‐‐‐ WARNING 1265 ‐‐‐

SonicPoint Provision SonicPoint

Expanded –

SonicPoint Activity INFO 727 ‐‐‐

SonicPoint statistics report GMS ‐‐‐ INFO 806 ‐‐‐

SonicPoint Status SonicPoint

Expanded –

SonicPoint Activity INFO 667 ‐‐‐

SonicPointN Provision SonicPointN ‐‐‐ INFO 1078 ‐‐‐

SonicPointN Status SonicPointN ‐‐‐ INFO 1077 ‐‐‐

Source IP address connection

status: %s Firewall Event ‐‐‐ INFO 734 ‐‐‐

Source routed IP packet dropped Intrusion Prevention Network Debug WARNING 428 ‐‐‐

Spank attack multicast packet

dropped Intrusion Prevention Attacks ALERT 606 568

SSL Control: Certificate chain not

complete Network Access Blocked Web Sites INFO 1006 ‐‐‐

SSL Control: Certificate with

invalid date Network Access Blocked Web Sites INFO 1002 ‐‐‐

SSL Control: Certificate with MD5

Digest Signature Algorithm Network Access Blocked Web Sites INFO 1081 ‐‐‐

SSL Control: Failed to decode

Server Hello Network Access Blocked Web Sites INFO 1007 ‐‐‐

SSL Control: HTTPS via SSL2 Network Access Blocked Web Sites INFO 1001 ‐‐‐

SSL Control: Self‐signed

certificate Network Access Blocked Web Sites INFO 1003 ‐‐‐

SSL Control: Untrusted CA Network Access Blocked Web Sites INFO 1005 ‐‐‐

SSL Control: Weak cipher being

used Network Access Blocked Web Sites INFO 1004 ‐‐‐

SSL Control: Website found in

blacklist Network Access Blocked Web Sites INFO 999 ‐‐‐

| 55

SSL Control: Website found in

whitelist Network Access Blocked Web Sites INFO 1000 ‐‐‐

SSLVPN enforcement Wireless

System


SSLVPN Traffic SSLVPN

Syslog only ‐ for


SSLVPN zone remote user login

allowed

Authenticated


SSO agent is down

SSO Agent


SSO agent is up

SSO Agent


SSO agent returned error

SSO Agent


SSO returned a domain name

that is too long

SSO Agent


SSO returned a user name that is

too long

SSO Agent


Starting IKE negotiation VPN IKE User Activity INFO 90 ‐‐‐

Starting PPPoE discovery PPPoE

System


Status GMS

System

Maintenance EMERGENCY 96 ‐‐‐

Striker attack dropped Intrusion Prevention Attacks ALERT 77 516

Sub Seven attack dropped Intrusion Prevention Attacks ALERT 75 514

Succeed in updating time from

NTP server System ‐‐‐ NOTICE 1231 ‐‐‐

Success to reach Interface %s

probe High Availability System Errors INFO 674 ‐‐‐

Successful authentication

received for Remotely Triggered

Dial‐out

Authenticated


Successfully sent %s file to

remote backup server Firewall Event

System


Successfully sent Preference file

to remote backup server Firewall Event

System


56 |

2

Successfully sent TSR file to

remote backup server Firewall Event

System


Suspected Botnet initiator

blocked: %s Botnet Blocking ‐‐‐ ALERT 1200 ‐‐‐

Suspected Botnet responder

blocked: %s Botnet Blocking ‐‐‐ ALERT 1201 ‐‐‐

SYN Flood Blacklist on IF %s


SYN Flood blacklisting disabled by

user Intrusion Prevention Network Debug WARNING 863 ‐‐‐

SYN Flood blacklisting enabled by

user Intrusion Prevention Network Debug WARNING 862 ‐‐‐

SYN flood ceased or flooding

machines blacklisted ‐

connection proxy disabled Intrusion Prevention Network Debug ALERT 861 ‐‐‐

SYN Flood Mode changed by user

to: Always proxy WAN

connections Intrusion Prevention Network Debug WARNING 858 ‐‐‐


to: Watch and proxy WAN

connections when under attack Intrusion Prevention Network Debug WARNING 857 ‐‐‐


to: Watch and report possible

SYN floods Intrusion Prevention Network Debug WARNING 856 ‐‐‐

Synchronizing preferences to HA

Peer Firewall High Availability

System


SYN‐Flooding machine %s


Syslog Server cannot be reached Network

System


System clock manually updated Firewall Logging ‐‐‐ NOTICE 881 ‐‐‐

System shutdown by

administrator. Power cycle

required. Firewall Event ‐‐‐ ALERT 1067 524

TCP checksum error; packet

dropped Network Access Dropped TCP NOTICE 884 ‐‐‐

TCP connection abort received;

TCP connection dropped Network Network Debug DEBUG 713 ‐‐‐

TCP connection dropped Network Access Dropped TCP NOTICE 36 ‐‐‐

| 57

TCP connection from LAN denied Network Access Dropped LAN TCP NOTICE 173 ‐‐‐

TCP connection reject received;

TCP connection dropped Network Network Debug DEBUG 712 ‐‐‐

TCP FIN packet dropped Network Network Debug DEBUG 181 ‐‐‐

TCP handshake violation

detected; TCP connection

dropped Network Access ‐‐‐ NOTICE 760 ‐‐‐

TCP packet received on a closing

connection; TCP packet dropped Network Network Debug DEBUG 891 ‐‐‐

TCP packet received on non‐

existent/closed connection; TCP

packet dropped Network Network Debug DEBUG 888 ‐‐‐

TCP packet received with invalid

ACK number; TCP packet

dropped Network Network Debug DEBUG 709 ‐‐‐


header length; TCP packet



MSS option length; TCP packet



option length; TCP packet



SACK option length; TCP packet



SEQ number; TCP packet



source port; TCP packet dropped Network Network Debug DEBUG 896 ‐‐‐


SYN Flood cookie; TCP packet

dropped Network Network Debug INFO 897 ‐‐‐


Window Scale option length; TCP


58 |


Window Scale option value; TCP


TCP packet received with non‐

permitted option; TCP packet


TCP packet received with SYN

flag on an existing connection;

TCP packet dropped Network Network Debug INFO 892 ‐‐‐

TCP packet received without

mandatory ACK flag; TCP packet


TCP packet received without

mandatory SYN flag; TCP packet


TCP stateful inspection: Bad

header; TCP packet dropped Network Network Debug DEBUG 711 ‐‐‐

TCP stateful inspection: Invalid

flag; TCP packet dropped Network Network Debug INFO 710 ‐‐‐

TCP SYN received Intrusion Prevention Network Debug DEBUG 869 ‐‐‐

TCP Syn/Fin packet dropped Network Access Attacks ALERT 580 558

TCP Xmas Tree dropped Intrusion Prevention Attacks ALERT 267 547

Terminal Services agent is down

SSO Agent


Terminal Services agent is up

SSO Agent


The cache is full; %u open

connections; some will be

dropped Firewall Event System Errors ERROR 53 607

The current WAN interface is not

ready to route packets. Firewall Event System Errors ERROR 325 635

The High Availability monitoring

IP configuration of Interface %s is

incorrect. High Availability ‐‐‐ ERROR 1126 ‐‐‐

The loaded content URL List has

expired. Security Services System Errors ERROR 190 628

| 59

05

13

The network connection in use is

%s WAN Availability System Errors WARNING 307 639

The preferences file is too large

to be saved in available flash

memory Firewall Event System Errors WARNING 573 649

The stateful license of HA peer

firewall is not activated High Availability System Errors ALERT 1137 ‐‐‐

Thermal Red Firewall Hardware

System


Thermal Red Timer Exceeded Firewall Hardware

System


Thermal Yellow Firewall Hardware

System


Time of day settings for firewall

policies were not upgraded. Firewall Event

System


Too many gratuitous ARPs

detected Network ‐‐‐ WARNING 815 ‐‐‐

Total firewall throughput is

greater than 50% of the

maximum rated tolerance for

more than 10 seconds. Firewall Hardware ‐‐‐ ALERT 1251 170

UDP checksum error; packet

dropped Network Access Dropped UDP NOTICE 885 ‐‐‐

UDP packet dropped Network Access Dropped UDP NOTICE 37 ‐‐‐

UDP packet from LAN dropped Network Access

Dropped LAN UDP

| Dropped LAN

TCP NOTICE 174 ‐‐‐

Unable to resolve dynamic

address object

Dynamic Address

Objects

System


Unable to send message to dial‐

up task PPP Dial‐Up System Errors ERROR 1024 ‐‐‐

Unhandled link‐local or multicast

IPv6 packet dropped Multicast ‐‐‐ ALERT 1233 ‐‐‐

Unknown IPsec SPI VPN IPSec Attacks ERROR 66 507

Unknown protocol dropped Network Access Network Debug NOTICE 41 ‐‐‐

Unknown reason VPN PKI User Activity ERROR 275 ‐‐‐

Unprocessed email received from

MTA on Inbound SMTP port Anti‐Spam Service ‐‐‐ INFO 1095 138

60 |

Updated ES Cloud Address ‐ %s Anti‐Spam Service ‐‐‐ DEBUG 1147 ‐‐‐

User account '%s' expired and

disabled

Authenticated


User account '%s' expired and

pruned

Authenticated


User logged out

Authenticated


User logged out ‐ inactivity timer

expired

Authenticated


User logged out ‐ logout detected

by SSO

Authenticated


User logged out ‐ logout reported

by Terminal Services agent

Authenticated

Access User Activity INFO 1124 ‐‐‐User logged out ‐ max session

time exceeded

Authenticated


User logged out ‐ user disconnect

detected (heartbeat timer

expired)

Authenticated


User login denied ‐ insufficient

access on LDAP server

Remote


User login denied ‐ invalid

credentials on LDAP server

Remote


User login denied ‐ LDAP

authentication failure

Remote



communication problem

Remote



directory mismatch

Remote


User login denied ‐ LDAP schema

mismatch

Remote


User login denied ‐ LDAP server

certificate not valid

Remote



down or misconfigured

Remote



name resolution failed

Remote



timeout

Remote


| 61

User login denied ‐ Mail

Address(From/to) or SMTP

Server is not configured

Authenticated


User login denied ‐ No name

received from Terminal Services

agent

Authenticated


User login denied ‐ not allowed

by policy rule

Authenticated


User login denied ‐ not found

locally

Authenticated


User login denied ‐ password

doesn't meet constraints

Authenticated

Access ‐‐‐ INFO 1048 ‐‐‐

User login denied ‐ password

expired

Authenticated


User login denied ‐ RADIUS

authentication failure

Remote




Remote



configuration error

Remote



server name resolution failed

Remote



server timeout

Remote


User login denied ‐ SSO agent


Authenticated



configuration error

Authenticated



name resolution failed

Authenticated



timeout

Authenticated


User login denied ‐ SSO probe

failed

Authenticated


User login denied ‐ Terminal

Services agent communication

problem

Authenticated



Services agent name resolution

failed

Authenticated


62 |


Services agent timeout

Authenticated


User login denied ‐ TLS or local

certificate problem

Remote


User login denied ‐ user already

logged in

Authenticated


User login denied ‐ User has no

privileges for guest service

Authenticated


User login denied ‐ User has no

privileges for login from that

location

Authenticated


User login denied due to bad

credentials

Authenticated


User login denied due to bad

credentials

Authenticated


User login disabled from %s

Authenticated

Access Attacks ERROR 583 559

User login Failed ‐ An error has

occurred while sending your one‐

time password

Authenticated


User login failed ‐ Guest service

limit reached

Authenticated


User login failure rate exceeded ‐

logins from user IP address

denied

Authenticated

Access Attacks ERROR 329 561

User login from an internal zone

allowed

Authenticated


Using LDAP without TLS ‐ highly

insecure

Remote

Authentication System Errors ALERT 1010 ‐‐‐

Virtual Access Point is disabled SonicPoint

802.11


Virtual Access Point is enabled SonicPoint

802.11


VoIP %s Endpoint added VoIP

Expanded – VoIP


VoIP %s Endpoint not added ‐

configured 'public' endpoint limit

reached VoIP

Expanded – VoIP

Activity WARNING 639 ‐‐‐

VoIP %s Endpoint removed VoIP

Expanded – VoIP


VoIP Call Connected VoIP

Expanded – VoIP

Activity INFO 622 ‐‐‐

| 63

03

04

02

01

VoIP Call Disconnected VoIP

Expanded – VoIP

Activity INFO 623 ‐‐‐

Voltages Out of Tolerance Firewall Hardware

System

Environment ERROR 575 101

VPN Cleanup: Dynamic network

settings change VPN User Activity INFO 471 ‐‐‐

VPN Client Policy Provisioning VPN Client User Activity INFO 371 ‐‐‐

VPN disabled by administrator

Authenticated

Access

System


VPN enabled by administrator

Authenticated

Access

System


VPN Log Debug VPN IKE Network Debug INFO 172 ‐‐‐

VPN Policy Added VPN ‐‐‐ INFO 1050 ‐‐‐

VPN policy count received

exceeds the limit; %s VPN System Errors ERROR 719 ‐‐‐

VPN Policy Deleted VPN ‐‐‐ INFO 1051 ‐‐‐

VPN Policy Modified VPN ‐‐‐ INFO 1052 ‐‐‐

VPN TCP FIN VPN

Syslog Only – VPN

Statistics INFO 195 ‐‐‐

VPN TCP PSH VPN

Syslog Only – VPN


VPN TCP SYN VPN

Syslog Only – VPN


VPN zone administrator login

allowed

Authenticated


VPN zone remote user login

allowed

Authenticated


WAN Acceleration device %s

found WAN Acceleration ‐‐‐ INFO 1169 ‐‐‐

WAN Acceleration device %s is

being used WAN Acceleration ‐‐‐ ALERT 1172 160


no longer being used WAN Acceleration ‐‐‐ ALERT 1173 160


no longer operational WAN Acceleration ‐‐‐ ALERT 1171 160


operational WAN Acceleration ‐‐‐ ALERT 1170 160

WAN DHCPC IP Changed Firewall Event System Errors WARNING 1129 ‐‐‐

64 |

WAN Interface not setup Firewall Event

System


Wan IP Changed Firewall Event System Errors WARNING 138 636

WAN node exceeded:

Connection dropped because too

many IP addresses are in use on

your LAN Firewall Event System Errors ERROR 812 ‐‐‐

WAN not ready Firewall Event

System


WAN zone administrator login

allowed

Authenticated


WAN zone remote user login

allowed

Authenticated


WARNING: Central Gateway does

not have a Relay IP Address.

DHCP message dropped. DHCP Relay

System


WARNING: DHCP lease relayed

from Central Gateway conflicts

with IP in Static Devices list DHCP Relay

System


Web access request dropped Network Access Dropped TCP NOTICE 524 ‐‐‐

Web management request

allowed Network Access User Activity NOTICE 526 ‐‐‐

Web site access allowed Network Access Blocked Web Sites NOTICE 16 703

Web site access denied Network Access Blocked Web Sites ERROR 14 701

WiFiSec Enforcement disabled by

administrator

Authenticated

Access

System


WiFiSec Enforcement enabled by

administrator

Authenticated

Access

System


Wireless MAC Filter List disabled

by administrator

Authenticated

Access

System


Wireless MAC Filter List enabled

by administrator

Authenticated

Access

System


WLAN client null probing WLAN IDS

Expanded ‐ WLAN

IDS Activity WARNING 615 904

WLAN DHCPC IP Changed Firewall Event System Errors WARNING 1130 ‐‐‐

WLAN disabled by administrator

Authenticated

Access

System


| 65

WLAN disabled by schedule

Authenticated

Access

System


WLAN enabled by administrator

Authenticated

Access

System


WLAN enabled by schedule

Authenticated

Access

System


WLAN firmware image has been

updated Wireless

System


WLAN HTTP traffic not being sent

to WXA WebCache; zone conflict. WAN Acceleration ‐‐‐ INFO 1264 ‐‐‐

WLAN max concurrent users

reached already Network Access ‐‐‐ INFO 726 ‐‐‐

WLAN not in AP mode, DHCP

server will not provide lease to

clients on WLAN Wireless

System


WLAN radio frequency threat

detected RF Monitoring ‐‐‐ WARNING 879 ‐‐‐

WLAN Reboot Firewall Hardware System Errors ERROR 517 642

WLAN recovery Wireless

System


WLAN sequence number out of

order. WLAN IDS

Expanded ‐ WLAN

IDS Activity WARNING 547 902

WLB Failback initiated by %s. WAN Availability System Errors ALERT 435 652

WLB Failover in progress. WAN Availability System Errors ALERT 584 651

WLB Resource failed. WAN Availability System Errors ALERT 586 654

WLB Resource is now available. WAN Availability System Errors ALERT 585 653

WLB Spill‐over started,

configured threshold exceeded. WAN Availability

System


WLB Spill‐over stopped. WAN Availability

System


WPA MIC Failure. Wireless

802.11

Management WARNING 663 ‐‐‐

WPA RADIUS Server Timeout. Wireless

802.11


XAUTH Failed with VPN client,

Authentication failure. VPN Client User Activity ERROR 140 ‐‐‐

66 |

07

05

Log > SyslogIn addition to the standard event log, the Dell SonicWALL security appliance can send a detailed log to an external Syslog server. The Dell SonicWALL Syslog captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. Syslog Analyzers such as Dell SonicWALL ViewPoint, Analyzer, or WebTrends Firewall Suite can be used to sort, analyze, and graph the Syslog data.

For more information on configuring the Log > Syslog page, refer to the SonicOS Administrator’s Guide.

XAUTH Failed with VPN client,

Cannot Contact RADIUS Server. VPN Client User Activity INFO 141 ‐‐‐

XAUTH Succeeded with VPN

client. VPN Client User Activity INFO 139 ‐‐‐

Your WAN Acceleration Service

subscription has expired. WAN Acceleration ‐‐‐ ALERT 1176 160

Your Active/Active Clustering

subscription has expired. High Availability ‐‐‐ WARNING 1149 ‐‐‐

Your Anti‐Spam Service

subscription has expired. Anti‐Spam Service ‐‐‐ WARNING 1086 138

YouTube for school enforced. Network Access ‐‐‐ DEBUG 1262 ‐‐‐

| 67

Index of Syslog Tag Field DescriptionsThis section provides an alphabetical listing of Syslog tags and the associated field descrip-tion. For more information about the “pri” Syslog Tag, see Table 3: Priority Leve on page 83. The value here is taken from the “Priority Level” column of the Index of Log Event Messages on page 2. For more information about the “c” Syslog Tag, see Legacy Category on page 79. Note that the following table also includes Syslog information for ArcSight, which is supported on SonicOS 5.9.

Tag Tags for ArcSight

(5.9.0 only)

Field Description Versions

<ddd> Syslog message prefix

The beginning of each syslog message has a string of the form <ddd> where ddd is a decimal number indicating facility and priority of the message

5.8.15.9.06.0.16.1

af_polid Application Filter

Displays the Application Filter Policy ID

5.8.15.9.06.0.16.1

af_policy Application Filter

Displays the Application Policy name

5.8.15.9.06.0.16.1

af_type Application Filter

Displays the Application Policy type such as:SMTP Client RequestHTTP Client RequestHTTP Server ResponseFTP Client RequestFTP Client Upload FileFTP Client Download FilePOP3 Client RequestPOP3 Server ResponseFTP Data TransferIPS ContentApp Control ContentCustom Policy TypeCFS

5.8.15.9.06.0.16.1

af_service Application Filter

Displays the Application Policy service name

5.8.15.9.06.0.16.1

68 |

af_action Application Filter

Displays the Application Policy action such as: HTTP Block PageHTTP Redirect,Bandwidth ManagementDisable E-Mail AttachmentFTP Notification ReplyReset/DropBlock SMTP E-MailBypass DPICFS Block PagePacket Monitor

5.8.15.9.06.0.16.1

Af_object Application policy object name

Displays the custom Application Policy object name

5.8.15.9.06.0.16.1

ai Active Interface via GMS heartbeat

Displays the Active WAN Interface. Normally it is Primary WAN but in a failover, it displays the value of the failover default outbound WAN interface, if there’s more than one WAN. When there is only one WAN interface, it is always Primary WAN regardless of the link state

5.8.15.9.06.0.16.1

app app Numeric application ID

Indicates the application for the applied syslog. Only displays when Flow Reporting is enabled

5.8.15.9.06.1

appcat appcat Application Control

Display the application category when Application Control is enabled

5.8.15.9.06.0.16.1

appid appid Application ID

Display the application ID when Application Control is enabled

5.8.15.9.06.0.16.1

arg arg URL Used to render a URL: arg represents the URL path name part

5.8.15.9.06.0.16.1

bcastRx bcastRx Interface statistics report

Displays the broadcast packets received

5.8.15.9.06.0.16.1

| 69

bcastTx bcastTx Interface statistics report

Displays the broadcast packets transmitted

5.8.15.9.06.0.16.1

bytesRx bytesRx Interface statistics report

Displays the bytes received 5.8.15.9.06.0.16.1

bytesTx bytesTx Interface statistics report

Displays the bytes transmitted 5.8.15.9.06.0.16.1

c cat Message category (legacy only)

Indicates the legacy category number (Note: We are not currently sending new category information.)

5.8.15.9.06.0.16.1

category category Blocking code description

Applicable only when CFS is enabled, indicates the category of the blocked content such as “Gambling”. This works in conjunction with “code” Blocking code.

5.8.15.9.06.0.16.1

catid Rule category

Indicates the category id of the rule

5.9.06.0.16.1

cdur cn3Label Connection Duration

Displays the connection duration 5.9.0

change SWGMSchangeUrl

Configuration change webpage

Displays the basename of the firewall web page that performed the last configuration change

5.8.15.9.06.0.16.1

code reason Blocking code

Indicates the CFS block code category

5.8.15.9.06.0.16.1

icmpCode cn2 ICMP type and code

Indicates the ICMP code 5.9.06.1

conns Firewall status report via GMS heartbeat

Indicates the number of connections in use

5.8.15.9.06.0.16.1

70 |

contentObject

Firewall Indicates rule name 5.9.06.0.16.1

cs4 Interface Statistics

Display interface statistics 5.9.0

deviceInboundInterface

Interface Indicates interface on which the packet leaves the device

5.9.0

deviceInboundInterface

Interface Indicates interface on which the packet enters the device

5.9.0

dpt Port Display destination port 5.9.0

dnpt NAT’ed Port Display NAT’ed destination port 5.9.0

dst dst Destination Destination IP address, and optionally, port, network interface, and resolved name.

5.8.15.9.06.0.16.1

dstV6 dst Destination Destination IPv6 address, and optionally, port, network interface, and resolved name.

5.9.06.1

dstname dst URL Displays the URL of web site hit and other legacy destination strings such as the URL of the host

5.8.15.9.06.0.16.1

dur request Numeric, session duration in seconds

Indicates the duration in units of seconds that a session is connected

5.8.15.9.06.1

dyn cs6Label Firewall status report via GMS heartbeat

Displays the HA and dialup connection state (rendered as “h.d” where “h” is “n” (not enabled), “b” (backup), or “p” (primary) and “d” is “1” (enabled) or “0” (disabled))

5.8.15.9.06.0.16.1

f flowType Numeric flow type

Indicates the flow type when Flow Reporting is disabled

5.8.15.9.06.1

fw Firewall WAN IP

Indicates the WAN IP Address 5.8.15.9.06.0.16.1

| 71

fwlan Firewall status report via GMS heartbeat

Indicates the LAN zone IP address

5.8.15.9.06.0.16.1

gcat gcat Group category

Display event group category when using Enhanced Syslog

5.9.0

goodRxBytes goodRxBytes SonicPoint statistics report

Indicates the well formed bytes received

5.8.15.9.06.0.16.1

goodTxBytes goodTxBytes SonicPoint statistics report

Indicates the well formed bytes transmitted

5.8.15.9.06.0.16.1

i Firewall status report via GMS heartbeat

Displays the GMS message interval in seconds

5.8.15.9.06.0.16.1

id=firewall WebTrends prefix

Syntactic sugar for WebTrends (and GMS by habit)

5.8.15.9.06.0.16.1

if if Interface statistics report

Displays the interface on which statistics are reported

5.8.15.9.06.0.16.1

ipscat ipscat IPS message Displays the IPS category 5.8.15.9.06.0.16.1

ipspri ipspri IPS message Displays the IPS priority 5.8.15.9.06.0.16.1

lic Firewall status report via GMS heartbeat

Indicates the number of licenses for firewalls with limited modes

5.8.15.9.06.0.16.1

m Message ID Provides the message ID number

5.8.15.9.06.0.16.1

72 |

mac smac or dmac

MAC address

Provides the source or destination MAC address

5.8.15.9.06.0.16.1

mailFrom Email sender Originator of the email 5.9.06.0.16.1

msg msg Message Displays the message which is composed of either or both a predefined message and a dynamic message containing a string %s or numeric %d argument

5.8.15.9.06.0.16.1

n cnt Message count

Indicates the number of times event occurs

5.8.15.9.06.0.16.1

natDst cs2Label NAT destination IP

Displays the NAT’ed destination IP address

5.9.0

natDstV6 cs2Label NAT destination IPv6

Displays the NAT’ed destination IPv6 address

5.9.0

natSrc cs1Label NAT source IP

Displays the NAT’ed source IP address

5.9.0

natSrcV6 cs1Label NAT source IPv6

Displays the NAT’ed source IPv6 address

5.9.0

note cs6 Additional Information

Additional information that is application-dependent

5.8.15.9.06.0.16.1

npcs cs5 URL Applicable only when Network Packet Capture System (NPCS Solera) is enabled, displays URL of an NPCS object

5.8.15.9.06.0.16.1

op requestMethod

HTTP OP code

Displays the HTTP operation (GET, POST, etc.) of web site hit

5.8.15.9.06.0.16.1

| 73

pri Message priority

Displays the event priority level (0=emergency..7=debug)

5.8.15.9.06.0.16.1

proto proto Protocol and service

Displays the protocol information (rendered as “proto=[protocol]” or just “[proto]/[service]”)

5.8.15.9.06.0.16.1

pt Firewall status report via GMS heartbeat

Displays the HTTP/HTTPS management port (rendered as “hhh.sss”)

5.8.15.9.06.0.16.1

radio radio SonicPoint statistics report

Displays the SonicPoint radio on which event occurred

5.8.15.9.06.0.16.1

rcptTo recipient Indicates the email recipient 6.0.16.1

rcvd in Bytes received

Indicates the number of bytes received within connection

5.8.15.9.06.0.16.1

result outcome HTTP Result code

Displays the HTTP result code (200, 403, etc.) of web site hit

5.8.15.9.06.0.16.1

rpkt cn1Label Packet received

Display the number of packet received

5.9.0

rule cs1 Rule ID Displays the Access Rule number causing packet drop. The policy index includes Address Object names

5.8.15.9.06.0.16.1

sent out Bytes sent Displays the number of bytes sent within connection

5.8.15.9.06.0.16.1

sess cs5Label Pre-defined string indicating session type

Applies to syslogs with an associated user session being tracked by the UTM

5.8.15.9.06.1

74 |

sid sid IPS or Anti-Spyware message

Provides either IPS or Anti-Spyware signature ID

5.8.15.9.06.0.16.1

sn Firewall serial number

Indicates the device serial number

5.8.15.9.06.0.16.1

spkt cn2Label Packet sent Display the number of packets sent

5.9.0

spt Port Displays source port 5.9.0

spycat spycat Anti-Spyware message

Displays the Anti-Spyware category

5.8.15.9.06.0.16.1

spypri spypri Anti-Spyware message

Displays the Anti-Spyware priority

5.8.15.9.06.0.16.1

snpt NAT source port

Display NAT’ed source port 5.9.0

src src Source Indicates the source IP address, and optionally, port, network interface, and resolved name.

5.8.15.9.06.0.16.1

station station SonicPoint statistics report

Displays the client (station) on which event occurred

5.8.15.9.06.0.16.1

SWSPstats SonicPoint statistics report

Display SonicPoint statistics 5.9.0

time Time Reports the time of event 5.8.15.9.06.0.16.1

type cn1 ICMP type and code

Indicates the ICMP type 5.8.15.9.06.0.16.1

| 75

ucastRx ucastRx Interface statistics report

Displays the unicast packets received

5.8.15.9.06.0.16.1

ucastTx ucastTx Interface statistics report

Displays the unicast packets transmitted

5.8.15.9.06.0.16.1

unsynched Firewall status report via GMS heartbeat

Reports the time since last local change in seconds

5.8.15.9.06.0.16.1

usestandbysa

Firewall status report via GMS heartbeat

Displays whether standby SA is in use (“1” or “0”) for GMS management

5.8.15.9.06.0.16.1

usr (or user) susr User Displays the user name (“user” is the tag used by WebTrends)

5.8.15.9.06.0.16.1

vpnpolicy cs2 (source) orcs3 (destination)

Source VPN policy name

Displays the source VPN policy name of event

5.8.15.9.06.0.16.1

vpnpolicyDst cs2 (source) orcs3 (destination)

Destination VPN policy name

Displays the destination VPN policy name of event

5.9.06.1

dstZone cs3Label (source)cs4Label (destination)

Destination zone name

Displays destination zone 5.9.0

srcZone cs3Label (source)cs4Label (destination)

Source zone name

Displays source zone 5.9.0

76 |

Examples of Standard Syslogs

The following examples show the content of the Syslog packet. This type of message can be viewed on the Syslog server or any packet analyzer application. Note that this is the Default Syslog Format.

id=firewall123 sn=0017C5991784 time="2013-03-20 11:56:53" fw=10.0.203.108 pri=6 c=1024 m=97 n=1 src=1.2.3.4:5432:X0 dst=4.3.2.1:2345:X1 proto=tcp/2345 op=1 sent=9876 rcvd=6789 result=403 dstname=http: arg=//www.gui.log.eng.sonicwall.com code=20 Category="Online Banking"

id=firewall123 sn=0017C5991784 time="2013-03-20 11:57:04" fw=10.0.203.108 pri=6 c=262144 m=98 msg="Connection Opened" n=1437 usr="admin" src=192.168.168.1:61505:X0 dst=192.168.168.168:443:X0 proto=tcp/https sent=52

id=firewall123 sn=0017C5991784 time="2013-03-20 11:57:06" fw=10.0.203.108 pri=6 c=1024 m=537 msg="Connection Closed" n=3683 usr="admin" src=192.168.168.1:61505:X0 dst=192.168.168.168:443:X0 proto=tcp/https sent=1519 rcvd=951 spkt=7 rpkt=8 cdur=2133

id=firewall123 sn=0017C5991784 time="2013-03-20 11:56:53" fw=10.0.203.108 pri=1 c=32 m=609 msg="IPS Prevention Alert: P2P BitTorrent -- Peer Sync" sid=1994 ipscat=P2P ipspri=3 P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low n=1 src=1.2.3.4:5432:X0 dst=4.3.2.1:2345:X1

id=firewall123 sn=0017C5991784 time="2013-01-29 23:38:24" bid=1 fw=10.8.70.22 pri=1 c=16 m=793 msg="App Rules Alert" af_polid=1 af_policy="test" af_type="SMTP Client Request" af_service="SMTP (Send E-Mail)" af_action="No Action" n=0 src=10.10.10.245:50613:X0 dst=10.8.41.228:25:X1"

id=firewall123 sn=0017C5991784 mgmtip=10.0.203.108 time="2013-03-20 20:14:30 UTC" fw=10.0.203.108 m=96 n=25 i=60 lic=0 unsynched=893 pt=80.443 usestandbysa=0 dyn=n.n ai=1 fwlan=192.168.168.168 conns=0

| 77

Examples of ArcSight Syslog

The following examples show the content of the Syslog packet. This type of message can be viewed on the Syslog server or any packet analyzer application.

MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|97|Syslog Website Accessed|4|cat=1024 gcat=2 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 cs1Label=1.2.4.5 snpt=1 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 cs2Label=5.4.3.2 dnpt=2 proto=tcp/2345 out=9876 in=6789 requestMethod=1 outcome=403 request=http://www.gui.log.eng.sonicwall.com reason=20 Category-"Online Banking"

MAR 20 2013 19:07:49 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|98|Syslog Connection Logged|4|cat=262144 gcat=2 src=192.168.168.1 spt=61693 deviceInboundInterface=X0 dst=192.168.168.168 dpt=443 deviceOutboundInterface=X0 susr="admin" proto=tcp/https out=52 cnt=1570

MAR 20 2013 19:07:52 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|537|Syslog Close|4|cat=1024 gcat=2 smac=00:00:c5:b3:6b:e5 src=192.168.168.1 spt=61693 deviceInboundInterface=X0 cs3Label=Trusted dst=192.168.168.168 dpt=443 deviceOutboundInterface=X0 cs4Label=Trusted susr="admin" proto=tcp/https out=1519 in=967 cn2Label=7 cn1Label=8 cn3Label=2333 cnt=3815

MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|609|IDP Prevention Alert|9|cat=32 gcat=3 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 cs1Label=1.2.4.5 snpt=1 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 cs2Label=5.4.3.2 dnpt=2 msg="IPS Prevention Alert: P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low" cnt=3

MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|793|Application Firewall Alert|9|cat=16 gcat=10 src=1.2.3.4 spt=5432 deviceInboundInterface=X0 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1 msg="Application Firewall Alert: Policy: foobar, Action Type: Block SMTP E-Mail - Send Error Reply, Mail From: an unknown string of unknown length" cnt=3

78 |

Table of ValuesThis section can be used as a reference for understanding different categories and their descriptions.

Legacy Categories

The following table describes the Legacy categories shared in the SonicOS 5.8.1, 6.0.1, and 6.1 releases.

Table 1 Legacy Category

ID (used in Syslog) Name Description

0 Event is not Legacy Category, not backward compatible.

1 System Maintenance Logs general system activity, such as system activations.

2 System Errors Logs problems with DNS or Email.

4 Blocked Web Sites Logs Web sites or news groups blocked by the Content Filter List or by customized filtering.

8 Blocked Java Etc Logs Java, ActiveX, and Cookies blocked by the Dell SonicWALL security appliance.

16 User Activity Logs successful and unsuccessful log in attempts.

32 Attacks Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP Spoofing.

64 Dropped TCP Logs blocked incoming TCP connections.

128 Dropped UDP Logs blocked incoming UDP packets.

256 Dropped ICMP Logs blocked incoming ICMP packets.

512 Network Debug Logs NetBIOS broadcasts, ARP resolution problems, and NAT resolution problems. Also, detailed messages for VPN connections are displayed to assist the network administrator with troubleshooting problems with active VPN tunnels. Network Debug information is intended for experienced network administrators.

1024 Syslog Only — For Traffic Reporting

Used for Syslog only to report HTTP connections opened and closed, and bytes transferred.

| 79

Expanded Categories

The following table displays expanded category information, also known as the SonicOS Category, for all firmware releases and platforms.

Table 2 Expanded Categories

2048 Dropped LAN TCP Used for Syslog only to report that the TCP packet is dropped due to LAN management policy.

4096 Dropped LAN UDP Used for Syslog only to report that the UDP packet is dropped due to LAN management policy.

8192 Dropped LAN ICMP Used for Syslog only to report that the ICMP packet is dropped due to LAN management policy.

32768 Modem Debug Logs Modem Debug activity.

65536 VPN Tunnel Status Logs status information on VPN tunnels.

131072 802.11 Management Logs WLAN IEEE 802.11 connections.

262144 Syslog Only — For Traffic Reporting

Used for Syslog only to report that the Network Traffic is logged when connection is opened.

524288 System Environment Logs system environment activity.

2097152 Expanded — WLAN IDS Activity

Used for Syslog only to log WLAN IDS activity.

1048576 Expanded — VOIP Activity Used for Syslog only to log VoIP H.323/RAS, H.323/H.225, and H.323/H.245 activity.

4194304 Expanded — SonicPoint Activity

Used for Syslog only to log SonicPoint activity.

ID (used in Syslog) Name Description

Category Description

802.11 Management Logs 802.11 management activity

Advanced Routing Logs Advanced Routing activity

Advanced Switching Logs Advanced Switching activity

Anti-Spam Service Logs the Anti-Spam service

App Flow Server Logs App Flow Server activity

App Rules Logs App Rules activity

Application Control Logs Application Control activity

Attacks Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP Spoofing.

Authenticated Access Logs Authenticated Access activity

WAN Acceleration Logs the WAN Acceleration activity

80 |

Blocked Java Etc Logs Java, ActiveX, and Cookies blocked

Blocked WebSites Logs Websites blocked

BOOTP Logs Bootstrap Protocol (BOOTP) activity

Botnet Blocking Logs the Botnet Blocking activity

SSO Agent Authentication Logs the SSO Agent Authentication activity

Crypto Test Logs Crypto Test activity

DDNS Logs Dynamic Domain Name System (DDNS) activity

Denied LAN IP Logs LAN IP denied activity

DHCP Client Logs DHCP Client activity

DHCP Relay Logs DHCP Relay activity

DHCP Server Logs DHCP Server activity

DPI-SSL Logs the Deep Packet Inspection of Secure Socket Layer (DPI-SSL) activity

Dropped ICMP Logs blocked incoming Internet Control Message Protocol (ICMP) packet activity

Dropped TCP Logs blocked incoming Transmission Control Protocol (TCP) connection activity

Dropped UDP Logs blocked incoming User Datagram Protocol (UDP) packet activity

DSL Logs DSL activity

Dynamic Address Objects Logs Dynamic Address Object activity

E1-T1 Logs E1-T1 activity

Firewall Event Logs Firewall Event alerts and activity

Firewall Hardware Logs Firewall Hardware alerts and activity

Firewall Logging Logs other Firewall-related activity

Firewall Rule Logs Firewall Rule alerts and activity

FTP Logs File Transfer Protocol (FTP) activity

Geolocation Logs the Geolocation service activity

GMS Logs Dell SonicWALL Global Management System (GMS) activity

High Availability Logs High Availability activity

Intrusion Prevention Logs Intrusion Prevention activity

IPComp Logs IP Compression (IPComp) activity

IPNet Logs IPNet activity

IPv6 Tunnel Logs IPv6 activity

L2TP Client Logs Layer 2 Tunnel Protocol (L2TP) client activity

L2TP Server Logs Layer 2 Tunnel Protocol (L2TP) server activity

MAC-IP Anti-Spoof Logs the MAC-IP Spoofing activity

Modem Logs the Modem activity

| 81

Modem Debug Logs the Modem Debug activity

MSAD Logs Microsoft Active Directory (MSAD) activity

Multicast Logs Multicast activity

Network Logs Network activity

Network Debug Logs NetBios broadcasts, ARP resolution problems, and NAT resolution problems.

Network Access Logs successful and unsuccessful Network Access activity

Network Monitor Logs Network Monitor activity

Network Traffic Logs Network Traffic activity

PPP Logs Point-to-Point Protocol (PPP) activity

PPP Dial-Up Logs Point-to-Point Protocol (PPP) Dial-Up activity

PPPoE Logs Point-to-Point Protocol over Ethernet (PPPoE) activity

PPTP Logs Point-to-Point Tunneling Protocol (PPTP) activity

Remote Authentication Logs Remote Authentication activity

RBL Logs Realtime Black List (RBL) activity

RF Monitoring Logs RF Monitoring activity

RIP Logs Routing Information Protocol (RIP) activity

Security Services Logs Security Services activity

SNMP Logs the Simple Network Management Protocol (SNMP) activity

SonicPoint Logs the SonicPoint activity

SonicPointN Logs the SonicPointN activity

SSLVPN Logs Secure Socket Layer Virtual Private Network (SSLVPN) activity

System Environment Logs System Environment activity

System Errors Logs System Errors activity

System Maintenance Logs System Maintenance activity

User Activity Logs successful and unsuccessful log in attempts

VOIP Logs Voice over IP (VOIP) activity

VPN Logs Virtual Private Network (VPN) activity

VPN Tunnel Status Logs VPN Tunnel Status activity

VPN Client Logs VPN Client activity

VPN IKE Logs VPN IKE activity

VPN IPSec Logs VPN IP Security activity

WAN Availability Logs WAN Availability activity

82 |

Priority Level

The following table displays the Priority Number and Name for Syslog Tags. The value here is taken from the “Priority Level” column of the Index of Log Event Messages on page 2, or the “pri” tag in Index of Syslog Tag Field Descriptions on page 68. For example, a tag with “pri=0” means Emergency Priority.

Table 3 Priority Leve

Wireless Logs Wireless activity

WLAN IDS Logs Wireless LAN Intrusion Detection System (IDS) activity

Priority Number Priority Name

0 Emergency

1 Alert

2 Critical

3 Error

4 Warning

5 Notice

6 Info

7 Debug

| 83

232-001771-00 rev c sonicos combined log event...

Documents