D-link DFL-800, DFL-1600, DFL-260, DFL-210, DFL-860 Reference Guide
...
Security
Security
Network Security Firewall
Log Reference Guide
DFL-210/ 800/1600/ 2500
DFL-260/ 860
Ver. 1.01
Network Security Solution http://www.dlink.com
Log Reference Guide
DFL-210/260/800/860/1600/2500
NetDefendOS version 2.12
No. 289, Sinhu 3rd Rd, Neihu District, Taipei City 114, Taiwan R.O.C.
D-Link Corporation
http://www.DLink.com
Published 2007-04-16
Copyright © 2007
Log Reference Guide
DFL-210/260/800/860/1600/2500
NetDefendOS version 2.12
Published 2007-04-16
Copyright © 2007
Copyright Notice
This publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manual, nor any of the material contained
herein, may be reproduced without written consent of the author.
Disclaimer
The information in this document is subject to change without notice. The manufacturer makes no
representations or warranties with respect to the contents hereof and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. The manufacturer reserves
the right to revise this publication and to make changes from time to time in the content hereof
without obligation of the manufacturer to notify any person of such revision or changes.
Limitations of Liability
UNDER NO CIRCUMSTANCES SHALL D-LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL
DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF
THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D-LINK IS INFORMED
OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, D-LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES.
D-LINK WILL IN NO EVENT BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE
AMOUNT D-LINK RECEIVED FROM THE END-USER FOR THE PRODUCT.
Table of Contents
Preface ............................................................................................................ xxiv
1. Introduction ...................................................................................................... 1
1.1. Log Message Structure ............................................................................. 1
1.2. Context Parameters .................................................................................. 3
1.3. Statistics (usage) ..................................................................................... 7
1.4. Severity levels ........................................................................................ 8
2. Log Message Reference .....................................................................................10
2.1. ALG ....................................................................................................11
2.1.1. illegal_ip_address (ID: 00200216) ..................................................11
2.1.2. illegal_port_number (ID: 00200217) ...............................................12
2.1.3. bad_port (ID: 00200233) ...............................................................12
2.1.4. bad_ip (ID: 00200234) ..................................................................13
2.1.5. max_line_length_exceeded (ID: 00200003) ......................................13
2.1.6. invalid_url_format (ID: 00200101) .................................................13
2.1.7. compressed_data_received (ID: 00200109) .......................................14
2.1.8. failure_connect_http_server (ID: 00200112) .....................................14
2.1.9. wcf_server_unreachable (ID: 00200119) ..........................................15
2.1.10. virus_scan_failure (ID: 00200120) ................................................15
2.1.11. virus_scan_failure (ID: 00200121) ................................................15
2.1.12. avse_out_of_memory (ID: 00200122) ............................................16
2.1.13. avse_out_of_memory (ID: 00200127) ............................................16
2.1.14. failed_connect_smtp_server (ID: 00200153) ...................................16
2.1.15. failed_to_check_response_code_values (ID: 00200155) ....................17
2.1.16. virus_scan_failure (ID: 00200162) ................................................17
2.1.17. virus_scan_failure (ID: 00200163) ................................................17
2.1.18. base64_decode_failed (ID: 00200164) ...........................................18
2.1.19. avse_out_of_memory (ID: 00200169) ............................................18
2.1.20. avse_out_of_memory (ID: 00200170) ............................................19
2.1.21. out_of_memory (ID: 00200175) ....................................................19
2.1.22. illegal_data_direction (ID: 00200202) ............................................19
2.1.23. failed_to_create_connection1 (ID: 00200218) ..................................20
2.1.24. failed_to_create_connection2 (ID: 00200235) ..................................20
2.1.25. failed_to_create_server_data_connection (ID: 00200236) ..................21
2.1.26. failed_to_register_rawconn (ID: 00200238) ....................................21
2.1.27. failed_to_merge_conns (ID: 00200239) ..........................................21
2.1.28. failed_create_new_session (ID: 00200242) .....................................22
2.1.29. failure_connect_ftp_server (ID: 00200243) .....................................22
2.1.30. virus_scan_failure (ID: 00200257) ................................................22
2.1.31. virus_scan_failure (ID: 00200258) ................................................23
2.1.32. avse_decompression_failed (ID: 00200264) ....................................23
2.1.33. avse_out_of_memory (ID: 00200266) ............................................23
2.1.34. avse_out_of_memory (ID: 00200268) ............................................24
2.1.35. failure_connect_h323_server (ID: 00200316) ..................................24
2.1.36. invalid_client_http_header_received (ID: 00200100) ........................24
2.1.37. unknown_client_data_received (ID: 00200105) ...............................25
2.1.38. suspicious_data_received (ID: 00200106) .......................................25
2.1.39. invalid_chunked_encoding (ID: 00200107) .....................................26
2.1.40. invalid_server_http_header_received (ID: 00200108) ........................26
2.1.41. max_http_sessions_reached (ID: 00200110) ....................................26
2.1.42. failed_create_new_session (ID: 00200111) .....................................27
2.1.43. virus_found (ID: 00200114) .........................................................27
2.1.44. content_filtering_disabled (ID: 00200115) ......................................28
2.1.45. max_download_size_reached (ID: 00200116) ..................................28
2.1.46. avse_decompression_failed (ID: 00200123) ....................................28
2.1.47. avse_decompression_failed (ID: 00200124) ....................................29
2.1.48. restricted_site_notice (ID: 00200132) ............................................29
2.1.49. url_reclassification_request (ID: 00200133) ....................................30
iv
Log Reference Guide
2.1.50. max_smtp_sessions_reached (ID: 00200150) ..................................30
2.1.51. maximum_email_per_minute_reached (ID: 00200151) ......................30
2.1.52. failed_create_new_session (ID: 00200152) .....................................31
2.1.53. avse_decompression_failed (ID: 00200154) ....................................31
2.1.54. sender_email_id_is_in_blacklist (ID: 00200158) ..............................31
2.1.55. recipient_email_id_in_blacklist (ID: 00200159) ...............................32
2.1.56. some_recipient_email_ids_are_in_blocklist (ID: 00200160) ...............32
2.1.57. virus_found (ID: 00200165) .........................................................33
2.1.58. avse_decompression_failed (ID: 00200168) ....................................33
2.1.59. all_recipient_email_ids_are_in_blocklist (ID: 00200172) ...................33
2.1.60. virus_found_in_audit_mode (ID: 00200173) ...................................34
2.1.61. invalid_end_of_mail (ID: 00200176) .............................................34
2.1.62. virus_found_in_audit_mode (ID: 00200200) ...................................35
2.1.63. illegal_chars (ID: 00200210) ........................................................35
2.1.64. control_chars (ID: 00200211) .......................................................36
2.1.65. illegal_command (ID: 00200212) ..................................................36
2.1.66. illegal_command (ID: 00200213) ..................................................36
2.1.67. port_command_disabled (ID: 00200214) ........................................37
2.1.68. illegal_command (ID: 00200215) ..................................................37
2.1.69. illegal_command (ID: 00200219) ..................................................38
2.1.70. illegal_direction1 (ID: 00200220) .................................................38
2.1.71. illegal_direction2 (ID: 00200221) .................................................38
2.1.72. illegal_option (ID: 00200222) ......................................................39
2.1.73. illegal_option (ID: 00200223) ......................................................39
2.1.74. unknown_option (ID: 00200224) ..................................................40
2.1.75. illegal_command (ID: 00200225) ..................................................40
2.1.76. unknown_command (ID: 00200226) ..............................................40
2.1.77. illegal_reply (ID: 00200228) ........................................................41
2.1.78. illegal_reply (ID: 00200230) ........................................................41
2.1.79. illegal_reply (ID: 00200231) ........................................................42
2.1.80. illegal_reply (ID: 00200232) ........................................................42
2.1.81. failed_to_send_port (ID: 00200237) ..............................................43
2.1.82. max_ftp_sessions_reached (ID: 00200241) .....................................43
2.1.83. resumed_compressed_file_transfer (ID: 00200252) ..........................43
2.1.84. resumed_compressed_file_transfer (ID: 00200254) ..........................44
2.1.85. virus_found (ID: 00200259) .........................................................44
2.1.86. illegal_command (ID: 00200267) ..................................................45
2.1.87. compression_ratio_violation (ID: 00200269) ...................................45
2.1.88. compression_ratio_violation (ID: 00200270) ...................................45
2.1.89. compression_ratio_violation (ID: 00200271) ...................................46
2.1.90. virus_found_in_audit_mode (ID: 00200272) ...................................46
2.1.91. compression_ratio_violation (ID: 00200273) ...................................47
2.1.92. compression_ratio_violation (ID: 00200274) ...................................47
2.1.93. compression_ratio_violation (ID: 00200275) ...................................48
2.1.94. compression_ratio_violation (ID: 00200276) ...................................48
2.1.95. compression_ratio_violation (ID: 00200277) ...................................48
2.1.96. compression_ratio_violation (ID: 00200278) ...................................49
2.1.97. unknown_state (ID: 00200300) .....................................................49
2.1.98. invalid_message (ID: 00200301) ...................................................50
2.1.99. decode_failed (ID: 00200302) ......................................................50
2.1.100. encode_failed (ID: 00200303) .....................................................50
2.1.101. encode_failed (ID: 00200304) .....................................................51
2.1.102. encode_failed (ID: 00200305) .....................................................51
2.1.103. decode_failed (ID: 00200306) .....................................................52
2.1.104. encode_failed (ID: 00200307) .....................................................52
2.1.105. max_tcp_data_connections_exceeded (ID: 00200308) .....................52
2.1.106. max_connections_per_call_exceeded (ID: 00200309) ......................53
2.1.107. ignoring_channel (ID: 00200310) ................................................53
2.1.108. com_mode_response_message_not_translated (ID: 00200311) ..........54
2.1.109. max_h323_session_reached (ID: 00200312) ..................................54
2.1.110. failed_create_new_session (ID: 00200313) ....................................54
2.1.111. max_h323_gk_sessions_reached (ID: 00200314) ............................55
2.1.112. failed_create_new_session (ID: 00200315) ....................................55
v
Log Reference Guide
2.1.113. com_mode_command_message_not_translated (ID: 00200317) ........55
2.1.114. content_type_mismatch (ID: 00200113) .......................................56
2.1.115. blocked_filetype (ID: 00200117) .................................................56
2.1.116. avscan_excluded_file (ID: 00200118) ..........................................57
2.1.117. request_url (ID: 00200125) ........................................................57
2.1.118. request_url (ID: 00200126) ........................................................57
2.1.119. sender_email_id_mismatched (ID: 00200157) ................................58
2.1.120. avscan_excluded_file (ID: 00200161) ..........................................58
2.1.121. blocked_filetype (ID: 00200166) .................................................59
2.1.122. content_type_mismatch (ID: 00200167) .......................................59
2.1.123. content_type_mismatch_mimecheck_disabled (ID: 00200171) ..........60
2.1.124. unknown_encoding (ID: 00200181) .............................................60
2.1.125. unknown_encoding (ID: 00200182) .............................................60
2.1.126. content_type_mismatch (ID: 00200250) .......................................61
2.1.127. failed_to_send_command (ID: 00200251) .....................................61
2.1.128. blocked_filetype (ID: 00200253) .................................................62
2.1.129. failed_to_send_response_code (ID: 00200255) ..............................62
2.1.130. avscan_excluded_file (ID: 00200256) ..........................................62
2.1.131. avse_decompression_failed (ID: 00200262) ..................................63
2.1.132. alg_session_open (ID: 00200001) ................................................63
2.1.133. alg_session_closed (ID: 00200002) ..............................................63
2.1.134. hybrid_data (ID: 00200205) .......................................................64
2.1.135. hybrid_data (ID: 00200206) .......................................................64
2.1.136. hybrid_data (ID: 00200209) .......................................................64
2.2. ARP ....................................................................................................66
2.2.1. invalid_arp_sender_ip_address (ID: 00300049) .................................66
2.2.2. arp_response_broadcast_drop (ID: 00300052) ...................................66
2.2.3. arp_collides_with_static (ID: 00300054) ..........................................66
2.2.4. already_exists (ID: 00300001) ........................................................67
2.2.5. no_sender_ip (ID: 00300002) .........................................................67
2.2.6. no_sender_ip (ID: 00300003) .........................................................67
2.2.7. arp_response_broadcast (ID: 00300004) ...........................................68
2.2.8. arp_response_multicast (ID: 00300005) ...........................................68
2.2.9. mismatching_hwaddrs (ID: 00300006) ............................................68
2.2.10. mismatching_hwaddrs_drop (ID: 00300007) ...................................69
2.2.11. hwaddr_change (ID: 00300008) ....................................................69
2.2.12. arp_cache_size_limit_reached (ID: 00300030) .................................69
2.2.13. arp_access_allowed_expect (ID: 00300050) ....................................70
2.2.14. impossible_hw_address (ID: 00300051) .........................................70
2.2.15. arp_response_multicast_drop (ID: 00300053) ..................................70
2.2.16. hwaddr_change_drop (ID: 00300055) ............................................71
2.3. AVSE ..................................................................................................72
2.3.1. failed_to_allocate_memory (ID: 05100304) ......................................72
2.3.2. no_signature_database (ID: 05100306) ............................................72
2.3.3. general_engine_error (ID: 05100307) ..............................................72
2.3.4. out_of_memory (ID: 05100308) .....................................................73
2.3.5. failed_to_allocate_memory (ID: 05100303) ......................................73
2.3.6. no_valid_license (ID: 05100305) ....................................................73
2.4. AVUPDATE .........................................................................................74
2.4.1. av_db_update_failure (ID: 05000001) ..............................................74
2.4.2. av_detects_invalid_system_time (ID: 05000005) ...............................74
2.4.3. av_database_downloaded (ID: 05000002) ........................................74
2.4.4. av_db_already_up_to_date (ID: 05000003) .......................................75
2.4.5. av_db_update_denied (ID: 05000004) .............................................75
2.4.6. downloading_new_database (ID: 05000007) .....................................75
2.5. BLACKLIST .........................................................................................76
2.5.1. failed_to_write_list_of_blocked_hosts_to_media (ID: 04600001) .........76
2.5.2. unable_to_allocate_static_entry (ID: 04600002) ................................76
2.5.3. unable_to_allocate_host_entry (ID: 04600003) ..................................76
2.5.4. connection_blacklisted (ID: 04600004) ............................................77
2.5.5. packet_blacklisted (ID: 04600005) ..................................................77
2.5.6. packet_blacklisted (ID: 04600006) ..................................................77
2.6. BUFFERS ............................................................................................79
vi
Log Reference Guide
2.6.1. buffers_flooded (ID: 00500001) .....................................................79
2.7. CONN .................................................................................................80
2.7.1. connection_table_full (ID: 00600003) ..............................................80
2.7.2. out_of_connections (ID: 00600010) ................................................80
2.7.3. out_of_connections (ID: 00600011) ................................................80
2.7.4. no_new_conn_for_this_packet (ID: 00600012) ..................................81
2.7.5. no_new_conn_for_this_packet (ID: 00600013) ..................................81
2.7.6. no_return_route (ID: 00600014) .....................................................81
2.7.7. reverse_connect_attempt (ID: 00600015) .........................................82
2.7.8. port_0_illegal (ID: 00600020) ........................................................82
2.7.9. udp_src_port_0_illegal (ID: 00600021) ............................................82
2.7.10. udp_src_port_0_forwarded (ID: 00600022) .....................................83
2.7.11. conn_open (ID: 00600001) ..........................................................83
2.7.12. conn_close (ID: 00600002) ..........................................................83
2.7.13. conn_usage (ID: 00600023) .........................................................84
2.7.14. active_data (ID: 00600100) ..........................................................84
2.7.15. passive_data (ID: 00600101) ........................................................84
2.7.16. active_data (ID: 00600102) ..........................................................85
2.7.17. passive_data (ID: 00600103) ........................................................85
2.8. DHCP ..................................................................................................86
2.8.1. lease_changed (ID: 00700002) .......................................................86
2.8.2. invalid_lease_time (ID: 00700007) .................................................86
2.8.3. invalid_server_id (ID: 00700008) ...................................................86
2.8.4. invalid_netmask (ID: 00700009) .....................................................87
2.8.5. invalid_broadcast (ID: 00700010) ...................................................87
2.8.6. invalid_offered_ip (ID: 00700011) ..................................................87
2.8.7. invalid_gateway (ID: 00700012) .....................................................88
2.8.8. offered_broadcast_equals_gateway (ID: 00700013) ............................88
2.8.9. ip_collision (ID: 00700014) ...........................................................89
2.8.10. route_collision (ID: 00700015) .....................................................89
2.8.11. offered_ip_occupied (ID: 00700001) .............................................89
2.8.12. lease_acquired (ID: 00700003) .....................................................90
2.8.13. renewed_lease (ID: 00700004) .....................................................90
2.8.14. lease_expired (ID: 00700005) .......................................................90
2.9. DHCPRELAY .......................................................................................92
2.9.1. unable_to_add_relay_route_since_out_of_memory (ID: 00800011) .......92
2.9.2. unable_to_save_dhcp_relay_list (ID: 00800001) ................................92
2.9.3. incorrect_bootp_dhcp_cookie (ID: 00800004) ...................................92
2.9.4. maximum_ppm_for_relayer_reached (ID: 00800005) .........................92
2.9.5. hop_limit_exceeded (ID: 00800007) ................................................93
2.9.6. client_release (ID: 00800008) ........................................................93
2.9.7. got_reply_without_transaction_state (ID: 00800009) ..........................93
2.9.8. maximum_dhcp_client_relay_routes_reached (ID: 00800010) ..............94
2.9.9. ignored_relay_request (ID: 00800012) .............................................94
2.9.10. no_message_type (ID: 00800013) .................................................94
2.9.11. bad_inform_pkt_with_mismatching_source_ip_and_client_ip (ID:
00800014) ..........................................................................................95
2.9.12. received_relayed_inform_packet_without_client_ip (ID: 00800015) ....95
2.9.13. maximum_current_dhcp_relays_for_iface (ID: 00800016) .................96
2.9.14. dhcp_server_is_unroutable (ID: 00800017) .....................................96
2.9.15. unable_to_get_free_transaction_state (ID: 00800018) .......................96
2.9.16. invalid_gateway (ID: 00800019) ...................................................97
2.9.17. got_reply_on_a_non_security_equivalent_interface (ID: 00800022) ....97
2.9.18. assigned_ip_not_allowed (ID: 00800023) .......................................97
2.9.19. illegal_client_ip_assignment (ID: 00800024) ...................................98
2.9.20. ambiguous_host_route (ID: 00800025) ...........................................98
2.9.21. dhcp_relay_list_saved (ID: 00800002) ...........................................99
2.9.22. dhcp_pkt_too_small (ID: 00800003) ..............................................99
2.9.23. relayer_resuming (ID: 00800006) ..................................................99
2.9.24. relayed_request (ID: 00800020) ....................................................99
2.9.25. relayed_request (ID: 00800021) .................................................. 100
2.9.26. relayed_dhcp_reply (ID: 00800026) ............................................. 100
2.9.27. relayed_bootp_reply (ID: 00800027) ........................................... 101
vii
Log Reference Guide
2.9.28. relayed_dhcp_reply (ID: 00800028) ............................................. 101
2.9.29. relayed_bootp_reply (ID: 00800029) ........................................... 101
2.10. DHCPSERVER ................................................................................. 103
2.10.1. unable_to_send_response (ID: 00900001) ..................................... 103
2.10.2. option_section_is_too_big_unable_to_reply (ID: 00900002) ............ 103
2.10.3. unable_to_save_lease_db (ID: 00900003) ..................................... 103
2.10.4. dhcp_packet_too_small (ID: 00900005) ....................................... 103
2.10.5. request_for_ip_from_non_bound_client_without_state (ID: 00900006) 104
2.10.6. request_for_ip_from_bound_client_without_state (ID: 00900007) ..... 104
2.10.7. request_for_ip_from_non_bound_client_without_state (ID: 00900008) 105
2.10.8. all_ip_pools_depleted (ID: 00900010) .......................................... 105
2.10.9. request_with_bad_udp_checksum (ID: 00900011) .......................... 105
2.10.10. pool_depleted (ID: 00900014) .................................................. 106
2.10.11. request_for_non_offered_ip (ID: 00900017) ................................ 106
2.10.12. request_for_non_bound_ip (ID: 00900018) ................................. 106
2.10.13. declined_by_client (ID: 00900024) ............................................ 107
2.10.14. request_for_ip_from_bound_client_without_state (ID: 00900025) ... 107
2.10.15. lease_db_successfully_saved (ID: 00900004) ..............................107
2.10.16. lease_timeout (ID: 00900012) ................................................... 108
2.10.17. lease_timeout (ID: 00900013) ................................................... 108
2.10.18. sending_offer (ID: 00900015) ................................................... 108
2.10.19. pool_depleted (ID: 00900016) .................................................. 109
2.10.20. client_bound (ID: 00900019) .................................................... 109
2.10.21. client_renewed (ID: 00900020) ................................................. 109
2.10.22. got_inform_request (ID: 00900021) ........................................... 110
2.10.23. decline_for_ip_on_wrong_iface (ID: 00900022) ........................... 110
2.10.24. decline_for_non_offered_ip (ID: 00900023) ................................ 111
2.11. DYNROUTING .................................................................................112
2.11.1. failed_to_export_route_to_ospf_process_failed_to_alloc (ID: 01100001)
........................................................................................................ 112
2.11.2. failed_to_add_route_unable_to_alloc (ID: 01100004) ..................... 112
2.11.3. route_exported_to_ospf_as (ID: 01100002) ................................... 112
2.11.4. route_unexported_from_ospf_as (ID: 01100003) ...........................113
2.11.5. route_added (ID: 01100005) ....................................................... 113
2.11.6. route_removed (ID: 01100006) ................................................... 113
2.12. FRAG .............................................................................................. 115
2.12.1. fragact_contains_frags (ID: 02000002) ......................................... 115
2.12.2. fail_suspect_out_of_resources (ID: 02000003) ..............................115
2.12.3. fail_out_of_resources (ID: 02000004) .......................................... 115
2.12.4. fail_suspect_timeout (ID: 02000005) ........................................... 116
2.12.5. fail_timeout (ID: 02000006) ....................................................... 116
2.12.6. fragments_available_freeing (ID: 02000100) ................................. 117
2.12.7. learn_state (ID: 02000011) ......................................................... 117
2.12.8. frag_offset_plus_length_not_in_range (ID: 02000014) ....................117
2.12.9. bad_ipdatalen (ID: 02000016) .................................................... 118
2.12.10. bad_ipdatalen (ID: 02000017) ...................................................118
2.12.11. overlapping_frag (ID: 02000018) .............................................. 119
2.12.12. bad_offs (ID: 02000019) .......................................................... 119
2.12.13. duplicate_frag_with_different_length (ID: 02000020) ................... 119
2.12.14. duplicate_frag_with_different_data (ID: 02000021) ...................... 120
2.12.15. partial_overlap (ID: 02000022) ................................................. 120
2.12.16. already_completed (ID: 02000025) ............................................ 120
2.12.17. individual_frag_timeout (ID: 02000001) ..................................... 121
2.12.18. disallowed_suspect (ID: 02000007) ........................................... 121
2.12.19. drop_frags_of_disallowed_packet (ID: 02000008) ........................ 121
2.12.20. drop_frags_of_illegal_packet (ID: 02000009) ..............................122
2.12.21. drop_extraneous_frags_of_completed_packet (ID: 02000010) ........ 122
2.12.22. drop_duplicate_frag_suspect_packet (ID: 02000012) .................... 123
2.12.23. drop_duplicate_frag (ID: 02000013) .......................................... 123
2.12.24. no_available_fragacts (ID: 02000015) ........................................ 123
2.12.25. drop_frag_disallowed_suspect_packet (ID: 02000023) .................. 124
2.12.26. drop_frag_disallowed_packet (ID: 02000024) ..............................124
2.12.27. drop_frag_failed_suspect_packet (ID: 02000026) ......................... 124
viii
Log Reference Guide
2.12.28. drop_frag_failed_packet (ID: 02000027) ..................................... 125
2.12.29. drop_frag_illegal_packet (ID: 02000028) .................................... 125
2.13. GRE .................................................................................................126
2.13.1. failed_to_setup_gre_tunnel (ID: 02200001) ................................... 126
2.13.2. gre_bad_flags (ID: 02200002) .................................................... 126
2.13.3. gre_bad_version (ID: 02200003) ................................................. 126
2.13.4. gre_checksum_error (ID: 02200004) ............................................ 127
2.13.5. gre_length_error (ID: 02200005) ................................................. 127
2.13.6. gre_send_routing_loop_detected (ID: 02200006) ........................... 127
2.13.7. unmatched_session_key (ID: 02200007) ....................................... 127
2.13.8. gre_routing_flag_set (ID: 02200008) ........................................... 128
2.14. HA ..................................................................................................129
2.14.1. config_sync_failure (ID: 01200500) ............................................ 129
2.14.2. heartbeat_from_unknown (ID: 01200043) ..................................... 129
2.14.3. should_have_arrived_on_sync_iface (ID: 01200044) ...................... 129
2.14.4. activate_failed (ID: 01200050) ...................................................130
2.14.5. merge_failed (ID: 01200051) ..................................................... 130
2.14.6. ha_commit_error (ID: 01200052) ................................................ 130
2.14.7. ha_write_failed (ID: 01200053) .................................................. 130
2.14.8. ha_commit_unknown_error (ID: 01200054) .................................. 131
2.14.9. resync_conns_to_peer (ID: 01200100) .........................................131
2.14.10. disallowed_on_sync_iface (ID: 01200400) .................................. 131
2.14.11. sync_packet_on_nonsync_iface (ID: 01200410) ........................... 132
2.14.12. ttl_too_low (ID: 01200411) ......................................................132
2.14.13. heartbeat_from_myself (ID: 01200412) ......................................132
2.14.14. peer_gone (ID: 01200001) ....................................................... 133
2.14.15. peer_gone (ID: 01200002) ....................................................... 133
2.14.16. conflict_both_peers_active (ID: 01200003) ................................. 133
2.14.17. peer_has_higher_local_load (ID: 01200004) ................................134
2.14.18. peer_has_lower_local_load (ID: 01200005) ................................. 134
2.14.19. peer_has_more_connections (ID: 01200006) ............................... 134
2.14.20. peer_has_fewer_connections (ID: 01200007) ............................... 134
2.14.21. conflict_both_peers_inactive (ID: 01200008) ............................... 135
2.14.22. peer_has_more_connections (ID: 01200009) ............................... 135
2.14.23. peer_has_fewer_connections (ID: 01200010) ............................... 135
2.14.24. peer_alive (ID: 01200011) ....................................................... 136
2.14.25. hasync_connection_established (ID: 01200200) ........................... 136
2.14.26. hasync_connection_disconnected_lifetime_expired (ID: 01200201) . 136
2.14.27. hasync_connection_failed_timeout (ID: 01200202) ....................... 136
2.14.28. resync_conns_to_peer_complete (ID: 01200300) .......................... 137
2.14.29. action=deactivate reason=requested (ID: 01200616) ...................... 137
2.15. HWM ............................................................................................... 138
2.15.1. temperature_alarm (ID: 04000011) .............................................. 138
2.15.2. temperature_normal (ID: 04000012) ............................................ 138
2.15.3. voltage_alarm (ID: 04000021) .................................................... 138
2.15.4. voltage_normal (ID: 04000022) .................................................. 139
2.15.5. fanrpm_alarm (ID: 04000031) .................................................... 139
2.15.6. fanrpm_normal (ID: 04000032) .................................................. 140
2.15.7. gpio_alarm (ID: 04000041) ........................................................ 140
2.15.8. gpio_normal (ID: 04000042) ......................................................141
2.15.9. free_memory_warning_level (ID: 04000101) ................................ 141
2.15.10. free_memory_warning_level (ID: 04000102) ............................... 141
2.15.11. free_memory_normal_level (ID: 04000103) ................................142
2.16. IDP .................................................................................................. 143
2.16.1. invalid_url_format (ID: 01300009) .............................................. 143
2.16.2. idp_evasion (ID: 01300011) ....................................................... 143
2.16.3. idp_evasion (ID: 01300012) ....................................................... 144
2.16.4. idp_outofmem (ID: 01300013) ...................................................144
2.16.5. idp_outofmem (ID: 01300014) ...................................................144
2.16.6. idp_failscan (ID: 01300015) ....................................................... 145
2.16.7. idp_failscan (ID: 01300016) ....................................................... 145
2.16.8. idp_notice (ID: 01300002) ......................................................... 146
2.16.9. intrusion_detected (ID: 01300003) .............................................. 146
ix
Log Reference Guide
2.16.10. virus_detected (ID: 01300004) .................................................. 147
2.16.11. invalid_url_format (ID: 01300010) ............................................147
2.16.12. scan_detected (ID: 01300001) ...................................................148
2.16.13. scan_detected (ID: 01300005) ...................................................148
2.16.14. idp_notice (ID: 01300006) ....................................................... 149
2.16.15. intrusion_detected (ID: 01300007) .............................................149
2.16.16. virus_detected (ID: 01300008) .................................................. 150
2.17. IDPUPDATE ..................................................................................... 151
2.17.1. idp_db_update_failure (ID: 01400001) .........................................151
2.17.2. idp_detects_invalid_system_time (ID: 01400005) .......................... 151
2.17.3. idp_database_downloaded (ID: 01400002) .................................... 151
2.17.4. idp_db_already_up_to_date (ID: 01400003) .................................. 152
2.17.5. idp_db_update_denied (ID: 01400004) ......................................... 152
2.17.6. downloading_new_database (ID: 01400007) ................................. 152
2.18. IFACEMON ...................................................................................... 153
2.18.1. ifacemon_status_bad (ID: 03900003) ........................................... 153
2.18.2. ifacemon_status_bad (ID: 03900004) ........................................... 153
2.18.3. ifacemon_status_bad_rereport (ID: 03900001) ............................... 153
2.19. IPPOOL ............................................................................................ 155
2.19.1. no_offer_received (ID: 01900001) ............................................... 155
2.19.2. no_valid_dhcp_offer_received (ID: 01900002) ..............................155
2.19.3. pool_reached_max_dhcp_clients (ID: 01900014) ........................... 155
2.19.4. macrange_depleted (ID: 01900015) .............................................156
2.19.5. too_many_dhcp_offers_received (ID: 01900003) ........................... 156
2.19.6. lease_disallowed_by_lease_filter (ID: 01900004) ........................... 156
2.19.7. lease_disallowed_by_server_filter (ID: 01900005) ......................... 156
2.19.8. lease_have_bad_dhcp_server (ID: 01900006) ................................ 157
2.19.9. lease_have_bad_netmask (ID: 01900007) ..................................... 157
2.19.10. lease_have_bad_offered_broadcast (ID: 01900008) .......................157
2.19.11. lease_have_bad_offered_ip (ID: 01900009) ................................. 158
2.19.12. lease_have_bad_gateway_ip (ID: 01900010) ............................... 158
2.19.13. lease_ip_is_already_occupied (ID: 01900011) ............................. 158
2.19.14. lease_rejected_by_server (ID: 01900012) .................................... 159
2.19.15. ip_offer_already_exist_in_the_pool (ID: 01900013) ...................... 159
2.19.16. ip_fetched_pool (ID: 01900016) ................................................159
2.19.17. ip_returned_to_pool (ID: 01900017) .......................................... 160
2.20. IPSEC ..............................................................................................161
2.20.1. fatal_ipsec_event (ID: 01800100) ................................................161
2.20.2. maximum_allowed_tunnels_limit_reached (ID: 01800900) .............. 161
2.20.3. commit_failed (ID: 01800200) .................................................... 161
2.20.4. x509_init_failed (ID: 01800203) ................................................. 162
2.20.5. failed_to_configure_IPsec (ID: 01800210) .................................... 162
2.20.6. IPsec_init_failed (ID: 01800213) ................................................162
2.20.7. no_policymanager (ID: 01800316) .............................................. 162
2.20.8. failed_to_add_key_provider (ID: 01800321) ................................. 163
2.20.9. failed_to_create_authorization (ID: 01800327) .............................. 163
2.20.10. Failed_to_create_xauth_group (ID: 01800329) ............................. 163
2.20.11. SAs_not_killed_for_remote_peer (ID: 01800901) ......................... 163
2.20.12. max_number_of_policy_rules_reached (ID: 01802110) ................. 164
2.20.13. outofmem_create_engine (ID: 01802901) ................................... 164
2.20.14. init_rulelooklup_failed (ID: 01802903) ....................................... 164
2.20.15. init_rule_looklup_failed (ID: 01802904) ..................................... 165
2.20.16. init_rule_looklup_failed (ID: 01802905) ..................................... 165
2.20.17. init_mutexes_failed (ID: 01802906) ........................................... 165
2.20.18. init_interface_table_failed (ID: 01802907) .................................. 165
2.20.19. init_flow_id_table_failed (ID: 01802908) ................................... 166
2.20.20. init_flow_table_failed (ID: 01802909) ........................................ 166
2.20.21. init_next_hop_table_failed (ID: 01802910) .................................166
2.20.22. init_transform_table_failed (ID: 01802911) ................................. 166
2.20.23. init_peer_hash_failed (ID: 01802912) ........................................ 167
2.20.24. init_peer_id_hash_failed (ID: 01802913) .................................... 167
2.20.25. init_rule_table_failed (ID: 01802914) ......................................... 167
2.20.26. init_inbound_spi_hash_failed (ID: 01802915) ..............................168
x
Log Reference Guide
2.20.27. init_transform_context_hash_failed (ID: 01802916) ...................... 168
2.20.28. init_packet_context_cache_failed (ID: 01802917) ......................... 168
2.20.29. init_transform_context_table_failed (ID: 01802918) ..................... 168
2.20.30. init_nat_table_failed (ID: 01802919) .......................................... 169
2.20.31. init_frag_table_failed (ID: 01802920) ........................................ 169
2.20.32. init_engine_tables_failed (ID: 01802921) .................................... 169
2.20.33. init_interceptor_failed (ID: 01802922) ........................................ 169
2.20.34. pm_create_failed (ID: 01800204) .............................................. 170
2.20.35. failed_to_start_ipsec (ID: 01800206) .......................................... 170
2.20.36. failed_create_audit_module (ID: 01800207) ................................170
2.20.37. Failed_to_add_certificate (ID: 01800302) ................................... 171
2.20.38. failed_to_set_algorithm_properties (ID: 01800304) ...................... 171
2.20.39. failed_to_set_algorithm_properties (ID: 01800305) ...................... 171
2.20.40. failed_to_add_root_certificate (ID: 01800306) ............................. 172
2.20.41. failed_to_add_peer (ID: 01800312) ............................................ 172
2.20.42. failed_to_add_rules (ID: 01800313) ........................................... 172
2.20.43. failed_to_add_rules (ID: 01800314) ........................................... 173
2.20.44. failed_to_set_dpd_cb (ID: 01800318) ......................................... 173
2.20.45. failed_to_add_certificate (ID: 01800322) .................................... 173
2.20.46. failed_to_set_remote_ID (ID: 01800323) .................................... 173
2.20.47. Failed_to_set_xauth (ID: 01800328) .......................................... 174
2.20.48. no_remote_gateway (ID: 01800503) .......................................... 174
2.20.49. no_route (ID: 01800504) ......................................................... 174
2.20.50. ping_keepalive_failed_in_tunnel (ID: 01800505) ......................... 175
2.20.51. ipsec_interface_disabled (ID: 01800506) .................................... 175
2.20.52. ipsec_invalid_protocol (ID: 01802059) ....................................... 175
2.20.53. ipsec_sa_negotiation_aborted (ID: 01802060) ..............................176
2.20.54. create_rules_failed (ID: 01802080) ............................................ 176
2.20.55. create_rules_failed (ID: 01802081) ............................................ 176
2.20.56. no_authentication_method_specified (ID: 01802100) .................... 176
2.20.57. no_key_method_configured_for tunnel (ID: 01802102) .................177
2.20.58. invalid_configuration_of_force_open (ID: 01802104) ................... 177
2.20.59. invalid_rule_setting (ID: 01802105) ........................................... 177
2.20.60. invalid_rule_setting (ID: 01802106) ........................................... 178
2.20.61. invalid_rule_setting (ID: 01802107) ........................................... 178
2.20.62. invalid_rule_setting (ID: 01802108) ........................................... 178
2.20.63. invalid_rule_setting (ID: 01802109) ........................................... 178
2.20.64. suspicious_outbound_rule (ID: 01802114) .................................. 179
2.20.65. no_algorithms_configured_for_tunnel (ID: 01802200) .................. 179
2.20.66. no_encryption_algorithm_configured_for_tunnel (ID: 01802201) .... 179
2.20.67. no_authentication_algorithm_specified (ID: 01802203) .................180
2.20.68. AH_not_supported (ID: 01802204) ............................................180
2.20.69. invalid_tunnel_configuration (ID: 01802208) ..............................180
2.20.70. invalid_tunnel_configuration (ID: 01802209) ..............................181
2.20.71. invalid_tunnel_configuration (ID: 01802210) ..............................181
2.20.72. out_of_memory_for_tunnel (ID: 01802211) ................................ 181
2.20.73. invalid_key_size (ID: 01802214) ...............................................181
2.20.74. invalid_key_size (ID: 01802215) ...............................................182
2.20.75. invalid_key_size (ID: 01802216) ...............................................182
2.20.76. invalid_key_size (ID: 01802217) ...............................................182
2.20.77. invalid_cipher_keysize (ID: 01802218) ...................................... 183
2.20.78. invalid_key_size (ID: 01802219) ...............................................183
2.20.79. invalid_cipher_keysize (ID: 01802220) ...................................... 183
2.20.80. malformed_tunnel_id_configured (ID: 01802225) ........................ 184
2.20.81. malformed_psk_configured (ID: 01802229) ................................ 184
2.20.82. could_not_insert_cert_to_db (ID: 01802606) ............................... 184
2.20.83. could_not_insert_cert_to_db (ID: 01802609) ............................... 184
2.20.84. warning_ipsec_event (ID: 01800101) ......................................... 185
2.20.85. ike_invalid_payload (ID: 01800106) .......................................... 185
2.20.86. ike_invalid_proposal (ID: 01800107) .........................................185
2.20.87. ike_quickmode_failed (ID: 01800109) ........................................ 186
2.20.88. dns_resolve_failed (ID: 01800308) ............................................186
2.20.89. dns_resolve_failed (ID: 01800309) ............................................186
xi
Log Reference Guide
2.20.90. ippool_does_not_exist (ID: 01800400) ....................................... 187
2.20.91. Recieved_plaintext_packet_for_disabled_IPsec_interface (ID: 01800502)
........................................................................................................ 187
2.20.92. trigger_non_ip_packet (ID: 01802001) ....................................... 187
2.20.93. rule_not_active (ID: 01802002) ................................................. 188
2.20.94. malformed_packet (ID: 01802003) ............................................ 188
2.20.95. max_ipsec_sa_negotiations_reached (ID: 01802004) ..................... 188
2.20.96. max_number_of_tunnels_reached (ID: 01802011) ........................ 189
2.20.97. ike_sa_failed (ID: 01802022) .................................................... 189
2.20.98. ike_sa_negotiation_failed (ID: 01802031) ................................... 189
2.20.99. could_not_decode_certificate (ID: 01802600) .............................. 190
2.20.100. could_not_convert_certificate (ID: 01802601) ............................ 190
2.20.101. could_not_get_subject_nam_from_ca_cert (ID: 01802602) ........... 190
2.20.102. could_not_set_cert_to_non_CRL_issuer (ID: 01802603) ..............190
2.20.103. could_not_force_cert_to_be_trusted (ID: 01802604) ................... 191
2.20.104. could_not_trusted_set_for_cert (ID: 01802605) .......................... 191
2.20.105. could_not_decode_certificate (ID: 01802607) ............................ 191
2.20.106. could_not_loack_certificate (ID: 01802608) ..............................192
2.20.107. could_not_decode_crl (ID: 01802610) ...................................... 192
2.20.108. Certificate_contains_bad_IP_address (ID: 01802705) .................. 192
2.20.109. dn_name_as_subject_alt_name (ID: 01802706) .......................... 192
2.20.110. could_not_decode_certificate (ID: 01802707) ............................ 193
2.20.111. event_on_ike_sa (ID: 01802715) ............................................. 193
2.20.112. ipsec_sa_selection_failed (ID: 01802717) .................................. 193
2.20.113. certificate_search_failed (ID: 01802718) ...................................194
2.20.114. ipsec_sa_event (ID: 01802730) ............................................... 194
2.20.115. ipsec_sa_event (ID: 01802731) ............................................... 194
2.20.116. malformed_ike_sa_proposal (ID: 01803000) ..............................195
2.20.117. ike_phase1_notification (ID: 01803003) .................................... 195
2.20.118. ipsec_sa_failed (ID: 01803020) ...............................................195
2.20.119. rejecting_ipsec_sa_delete (ID: 01803027) ................................. 196
2.20.120. rejecting_ipsec_sa_delete (ID: 01803028) ................................. 196
2.20.121. ike_phase2_notification (ID: 01803029) .................................... 196
2.20.122. ike_qm_notification (ID: 01803030) ......................................... 197
2.20.123. malformed_ipsec_sa_proposal (ID: 01803050) ........................... 197
2.20.124. malformed_ipsec_esp_proposal (ID: 01803051) ......................... 198
2.20.125. malformed_ipsec_ah_proposal (ID: 01803052) ........................... 198
2.20.126. failed_to_select_ipsec_proposal (ID: 01803053) ......................... 198
2.20.127. audit_event (ID: 01800103) .................................................... 198
2.20.128. audit_flood (ID: 01800104) .................................................... 199
2.20.129. ike_delete_notification (ID: 01800105) ..................................... 199
2.20.130. ike_retry_limit_reached (ID: 01800108) .................................... 199
2.20.131. packet_corrupt (ID: 01800110) ................................................200
2.20.132. icv_failure (ID: 01800111) ..................................................... 200
2.20.133. sequence_number_failure (ID: 01800112) ................................. 201
2.20.134. sa_lookup_failure (ID: 01800113) ............................................ 201
2.20.135. ip_fragment (ID: 01800114) ...................................................201
2.20.136. sequence_number_overflow (ID: 01800115) .............................. 202
2.20.137. bad_padding (ID: 01800116) .................................................. 202
2.20.138. hardware_accelerator_congested (ID: 01800117) ........................ 203
2.20.139. hardware_acceleration_failure (ID: 01800118) ........................... 203
2.20.140. cfgmode_ip_freed (ID: 01800402) ........................................... 203
2.20.141. recieved_packet_to_disabled_IPsec (ID: 01800500) .................... 204
2.20.142. recieved_packet_to_disabled_IPsec (ID: 01800501) .................... 204
2.20.143. rule_selection_failed (ID: 01802300) ........................................ 204
2.20.144. max_phase1_sa_reached (ID: 01802400) ...................................205
2.20.145. max_phase1_negotiations_reached (ID: 01802402) ..................... 205
2.20.146. max_active_quickmode_negotiation_reached (ID: 01802403) ....... 205
2.20.147. ike_responder_mode_not_available (ID: 01803101) .................... 206
2.20.148. commit suceeded (ID: 01800201) ............................................ 206
2.20.149. IPsec_succesfully_started (ID: 01800202) ................................. 206
2.20.150. reconfig_IPsec (ID: 01800211) ................................................206
2.20.151. ipsec_started_suceessfully (ID: 01800214) ................................ 207
xii
Log Reference Guide
2.20.152. Default_IKE_DH_groups_will_be_used (ID: 01800303) ..............207
2.20.153. new_remote_gw_ip (ID: 01800315) .........................................207
2.20.154. peer_is_dead (ID: 01800317) .................................................. 208
2.20.155. ike_sa_negotiation_completed (ID: 01802024) ........................... 208
2.20.156. ike_sa_negotiation_failed (ID: 01802030) ................................. 208
2.20.157. ipsec_sa_negotiation_completed (ID: 01802040) ........................ 209
2.20.158. ipsec_sa_informal (ID: 01802041) ........................................... 209
2.20.159. ipsec_sa_informal (ID: 01802043) ........................................... 209
2.20.160. ipsec_sa_informal (ID: 01802044) ........................................... 210
2.20.161. ipsec_sa_lifetime (ID: 01802045) ............................................ 210
2.20.162. ipsec_sa_lifetime (ID: 01802046) ............................................ 210
2.20.163. ipsec_sa_lifetime (ID: 01802047) ............................................ 211
2.20.164. ipsec_sa_lifetime (ID: 01802048) ............................................ 211
2.20.165. ipsec_sa_informal (ID: 01802058) ........................................... 211
2.20.166. ike_sa_negotiation_completed (ID: 01802703) ........................... 212
2.20.167. ike_sa_negotiation_completed (ID: 01802704) ........................... 212
2.20.168. ike_sa_destroyed (ID: 01802708) ............................................. 212
2.20.169. cfgmode_exchange_event (ID: 01802709) ................................. 213
2.20.170. remote_access_address (ID: 01802710) ..................................... 213
2.20.171. remote_access_dns (ID: 01802711) .......................................... 213
2.20.172. remote_access_wins (ID: 01802712) ........................................ 214
2.20.173. remote_access_dhcp (ID: 01802713) ........................................ 214
2.20.174. remote_access_subnets (ID: 01802714) ..................................... 214
2.20.175. ipsec_sa_destroyed (ID: 01802732) .......................................... 215
2.20.176. (ID: 01802735) ..................................................................... 215
2.20.177. (ID: 01802736) ..................................................................... 215
2.20.178. failed_to_select_policy_rule (ID: 01803001) ..............................216
2.20.179. failed_to_select_ike_sa (ID: 01803002) .................................... 216
2.20.180. ipsec_sa_statistics (ID: 01803021) ........................................... 216
2.20.181. config_mode_exchange_event (ID: 01803022) ........................... 217
2.20.182. config_mode_exchange_event (ID: 01803023) ........................... 217
2.20.183. xauth_exchange_done (ID: 01803024) ......................................217
2.20.184. config_mode_exchange_event (ID: 01803025) ........................... 217
2.20.185. config_mode_exchange_event (ID: 01803026) ........................... 218
2.20.186. failed_to_verify_peer_identity (ID: 01803040) ........................... 218
2.20.187. failed_to_select_ipsec_sa (ID: 01803054) .................................. 218
2.21. IP_ERROR ....................................................................................... 220
2.21.1. too_small_packet (ID: 01500001) ............................................... 220
2.21.2. disallwed_ip_ver (ID: 01500002) ................................................220
2.21.3. invalid_ip_length (ID: 01500003) ............................................... 220
2.21.4. invalid_ip_length (ID: 01500004) ............................................... 221
2.21.5. invalid_ip_checksum (ID: 01500005) ..........................................221
2.22. IP_FLAG .......................................................................................... 222
2.22.1. ttl_low (ID: 01600001) .............................................................. 222
2.22.2. ip_rsv_flag_set (ID: 01600003) .................................................. 222
2.22.3. ip_rsv_flag_set (ID: 01600002) .................................................. 222
2.23. IP_OPT ............................................................................................ 224
2.23.1. ipoptlen_too_small (ID: 01700010) ............................................. 224
2.23.2. ipoptlen_invalid (ID: 01700011) ................................................. 224
2.23.3. multiple_ip_option_routes (ID: 01700012) ....................................224
2.23.4. bad_length (ID: 01700013) ........................................................ 225
2.23.5. bad_route_pointer (ID: 01700014) ............................................... 225
2.23.6. source_route_disallowed (ID: 01700015) ...................................... 225
2.23.7. multiple_ip_option_timestamps (ID: 01700016) ............................. 226
2.23.8. bad_timestamp_len (ID: 01700017) ............................................. 226
2.23.9. bad_timestamp_pointer (ID: 01700018) ........................................ 227
2.23.10. bad_timestamp_pointer (ID: 01700019) ...................................... 227
2.23.11. timestamp_disallowed (ID: 01700020) ....................................... 227
2.23.12. router_alert_bad_len (ID: 01700021) .......................................... 228
2.23.13. router_alert_disallowed (ID: 01700022) ...................................... 228
2.23.14. ipopt_present_disallowed (ID: 01700023) ................................... 228
2.23.15. source_route (ID: 01700001) .................................................... 229
2.23.16. timestamp (ID: 01700002) ....................................................... 229
xiii
Log Reference Guide
2.23.17. router_alert (ID: 01700003) ...................................................... 229
2.23.18. ipopt_present (ID: 01700004) ................................................... 230
2.24. IP_PROTO ........................................................................................ 231
2.24.1. multicast_ethernet_ip_address_missmatch (ID: 07000011) ............... 231
2.24.2. invalid_ip4_header_length (ID: 07000012) ................................... 231
2.24.3. ttl_zero (ID: 07000013) ............................................................. 231
2.24.4. ttl_low (ID: 07000014) .............................................................. 232
2.24.5. ip_rsv_flag_set (ID: 07000015) .................................................. 232
2.24.6. oversize_tcp (ID: 07000018) ...................................................... 232
2.24.7. invalid_tcp_header (ID: 07000019) .............................................233
2.24.8. oversize_udp (ID: 07000021) ..................................................... 233
2.24.9. invalid_udp_header (ID: 07000022) ............................................. 234
2.24.10. oversize_icmp (ID: 07000023) .................................................. 234
2.24.11. invalid_icmp_header (ID: 07000024) .........................................234
2.24.12. oversize_gre (ID: 07000050) .................................................... 235
2.24.13. oversize_esp (ID: 07000051) .................................................... 235
2.24.14. oversize_ah (ID: 07000052) ..................................................... 235
2.24.15. oversize_skip (ID: 07000053) ...................................................236
2.24.16. oversize_ospf (ID: 07000054) ................................................... 236
2.24.17. oversize_ipip (ID: 07000055) ...................................................237
2.24.18. oversize_ipcomp (ID: 07000056) ............................................... 237
2.24.19. oversize_l2tp (ID: 07000057) ...................................................237
2.24.20. oversize_ip (ID: 07000058) ...................................................... 238
2.24.21. fragmented_icmp (ID: 07000070) .............................................. 238
2.24.22. invalid_icmp_data_too_small (ID: 07000071) ..............................238
2.24.23. invalid_icmp_data_ip_ver (ID: 07000072) .................................. 239
2.24.24. invalid_icmp_data_too_small (ID: 07000073) ..............................239
2.24.25. invalid_icmp_data_invalid_ip_length (ID: 07000074) ................... 239
2.24.26. invalid_icmp_data_invalid_paramprob (ID: 07000075) ................. 240
2.25. L2TP ................................................................................................ 241
2.25.1. l2tpclient_resolve_failed (ID: 02800002) ......................................241
2.25.2. unknown_l2tp_auth_source (ID: 02800005) .................................. 241
2.25.3. only_routes_set_up_by_server_iface_allowed (ID: 02800006) .......... 241
2.25.4. session_closed (ID: 02800009) ................................................... 242
2.25.5. l2tp_no_userauth_rule_found (ID: 02800014) ................................ 242
2.25.6. failure_init_radius_accounting (ID: 02800017) ..............................242
2.25.7. malformed_packet (ID: 02800019) .............................................. 243
2.25.8. l2tpclient_resolve_successful (ID: 02800001) ................................243
2.25.9. l2tpclient_init (ID: 02800003) .................................................... 243
2.25.10. l2tp_connection_disallowed (ID: 02800004) ................................244
2.25.11. l2tp_session_closed (ID: 02800007) ........................................... 244
2.25.12. l2tp_tunnel_closed (ID: 02800008) ............................................ 244
2.25.13. l2tp_session_request (ID: 02800010) .......................................... 245
2.25.14. l2tp_session_up (ID: 02800011) ................................................ 245
2.25.15. l2tp_session_request (ID: 02800015) .......................................... 245
2.25.16. l2tp_session_up (ID: 02800016) ................................................ 246
2.25.17. l2tpclient_tunnel_up (ID: 02800018) .......................................... 246
2.25.18. waiting_for_ip_to_listen_on (ID: 02800050) ............................... 246
2.26. LICUPDATE ..................................................................................... 248
2.26.1. license_update_failure (ID: 05500001) .........................................248
2.26.2. license_downloaded (ID: 05500002) ............................................248
2.26.3. license_already_up_to_date (ID: 05500003) .................................. 248
2.27. NETCON .......................................................................................... 249
2.27.1. cert_upload_failed (ID: 02300201) .............................................. 249
2.27.2. upload_fail_disk_out_of_space (ID: 02300250) .............................249
2.27.3. upload_fail_disk_cannot_remove (ID: 02300251) .......................... 249
2.27.4. netcon_init_fail_listen_socket_fail (ID: 02300500) ......................... 250
2.27.5. netcon_init_fail_security_file_corrupt (ID: 02300501) ....................250
2.27.6. disk_cannot_write (ID: 02300505) .............................................. 250
2.27.7. keychange_fail (ID: 02300507) ...................................................251
2.27.8. disk_cannot_read_old_keys (ID: 02300508) .................................. 251
2.27.9. download_fail (ID: 02300509) .................................................... 251
2.27.10. concurrent_netcon_processing (ID: 02300510) ............................. 252
xiv
Log Reference Guide
2.27.11. disk_cannot_write (ID: 02300511) .............................................252
2.27.12. disk_cannot_read_download_fail (ID: 02300514) ......................... 252
2.27.13. netcon_connect_reject_shutdown_running (ID: 02300002) ............. 253
2.27.14. disallowed_netcon_ping (ID: 02300003) ..................................... 253
2.27.15. netcon_sessionmanager_error (ID: 02300101) .............................. 254
2.27.16. disk_write_error (ID: 02300300) ...............................................254
2.27.17. concurrent_processing_limit_reached (ID: 02300400) ................... 254
2.27.18. disallowed_netcon_connect (ID: 02300502) ................................ 255
2.27.19. upload_fail (ID: 02300517) ...................................................... 255
2.27.20. cert_upload_aborted (ID: 02300200) .......................................... 255
2.27.21. disk_out_of_space (ID: 02300252) ............................................ 256
2.27.22. upload_complete (ID: 02300350) .............................................. 256
2.27.23. netcon_connect (ID: 02300503) ................................................256
2.27.24. netcon_disconnect (ID: 02300504) ............................................. 257
2.27.25. keychange_successful (ID: 02300506) ........................................ 257
2.27.26. upload_begin (ID: 02300512) ................................................... 257
2.27.27. upload_begin (ID: 02300513) ................................................... 258
2.27.28. download_begin (ID: 02300515) ...............................................258
2.27.29. upload_abort (ID: 02300516) .................................................... 258
2.27.30. download_complete (ID: 02300518) .......................................... 259
2.27.31. init_complete (ID: 02300001) ...................................................259
2.27.32. cert_upload_begin (ID: 02300202) ............................................. 259
2.28. OSPF ............................................................................................... 261
2.28.1. failed_to_create_replacement_lsa (ID: 02400161) ..........................261
2.28.2. unable_to_send_ack (ID: 02400162) ............................................261
2.28.3. as_disabled_due_to_mem_alloc_fail (ID: 02400305) ...................... 261
2.28.4. internal_lsa_chksum_error (ID: 02400306) ................................... 262
2.28.5. memory_allocation_failure (ID: 02400500) ................................... 262
2.28.6. unable_to_send (ID: 02400501) .................................................. 262
2.28.7. failed_to_add_route (ID: 02400502) ............................................262
2.28.8. internal_error (ID: 02400001) ..................................................... 263
2.28.9. internal_error (ID: 02400002) ..................................................... 263
2.28.10. unable_to_map_ptp_neighbor (ID: 02400003) ............................. 264
2.28.11. bad_packet_len (ID: 02400004) ................................................264
2.28.12. bad_ospf_version (ID: 02400005) .............................................. 264
2.28.13. sender_not_in_iface_range (ID: 02400006) ................................. 265
2.28.14. area_mismatch (ID: 02400007) ................................................. 265
2.28.15. hello_netmask_mismatch (ID: 02400008) ................................... 265
2.28.16. hello_interval_mismatch (ID: 02400009) .................................... 266
2.28.17. hello_rtr_dead_mismatch (ID: 02400010) ................................... 266
2.28.18. hello_e_flag_mismatch (ID: 02400011) ...................................... 267
2.28.19. hello_n_flag_mismatch (ID: 02400012) ...................................... 267
2.28.20. both_np_and_e_flag_set (ID: 02400013) ..................................... 267
2.28.21. unknown_lsa_type (ID: 02400014) ............................................268
2.28.22. auth_mismatch (ID: 02400050) ................................................. 268
2.28.23. bad_auth_password (ID: 02400051) ........................................... 269
2.28.24. bad_auth_crypto_key_id (ID: 02400052) .................................... 269
2.28.25. bad_auth_crypto_seq_number (ID: 02400053) ............................. 269
2.28.26. bad_auth_crypto_digest (ID: 02400054) ..................................... 270
2.28.27. checksum_mismatch (ID: 02400055) ......................................... 270
2.28.28. dd_mtu_exceeds_interface_mtu (ID: 02400100) ........................... 270
2.28.29. m_ms_mismatch (ID: 02400101) ............................................... 271
2.28.30. i_flag_misuse (ID: 02400102) ...................................................271
2.28.31. opt_change (ID: 02400103) ...................................................... 271
2.28.32. bad_seq_num (ID: 02400104) ................................................... 272
2.28.33. non_dup_dd (ID: 02400105) ..................................................... 272
2.28.34. as_ext_on_stub (ID: 02400106) ................................................. 272
2.28.35. unknown_lsa (ID: 02400107) .................................................... 273
2.28.36. bad_lsa_sequencenumber (ID: 02400108) ................................... 273
2.28.37. bad_lsa_maxage (ID: 02400109) ...............................................273
2.28.38. lsa_checksum_mismatch (ID: 02400150) .................................... 274
2.28.39. unknown_lsa_type (ID: 02400151) ............................................274
2.28.40. bad_lsa_sequencenumber (ID: 02400152) ................................... 274
xv
Log Reference Guide
2.28.41. bad_lsa_maxage (ID: 02400153) ...............................................275
2.28.42. received_as_ext_on_stub (ID: 02400154) .................................... 275
2.28.43. received_selforg_for_unknown_lsa_type (ID: 02400155) ............... 275
2.28.44. db_copy_more_recent_then_received (ID: 02400156) ................... 276
2.28.45. got_ack_mismatched_lsa (ID: 02400157) .................................... 276
2.28.46. upd_packet_lsa_size_mismatch (ID: 02400158) ........................... 276
2.28.47. req_packet_lsa_size_mismatch (ID: 02400159) ............................ 277
2.28.48. ack_packet_lsa_size_mismatch (ID: 02400160) ...........................277
2.28.49. unknown_neighbor (ID: 02400200) ........................................... 277
2.28.50. too_many_neighbors (ID: 02400201) .........................................278
2.28.51. neighbor_died (ID: 02400202) .................................................. 278
2.28.52. unable_to_find_transport_area (ID: 02400300) ............................ 278
2.28.53. internal_error_unable_to_map_identifier (ID: 02400301) ............... 279
2.28.54. lsa_size_too_big (ID: 02400302) ............................................... 279
2.28.55. memory_usage_exceeded_70_percent_of_max_allowed (ID: 02400303)
........................................................................................................ 280
2.28.56. memory_usage_exceeded_90_percent_of_max_allowed (ID: 02400304)
........................................................................................................ 280
2.28.57. unable_to_find_iface_to_stub_net (ID: 02400400) ........................ 280
2.28.58. internal_error_unable_to_find_lnk_connecting_to_lsa (ID: 02400401) 281
2.28.59. internal_error_unable_to_find_iface_connecting_to_lsa (ID: 02400402)
........................................................................................................ 281
2.28.60. internal_error_unable_to_find_lnk_connecting_to_lsa (ID: 02400403) 281
2.28.61. internal_error_unable_to_find_iface_connecting_to_lsa (ID: 02400404)
........................................................................................................ 282
2.28.62. internal_error_unable_neighbor_iface_attached_back_to_me (ID:
02400405) ........................................................................................ 282
2.28.63. bad_iface_type_mapping_rtr_to_rtr_link (ID: 02400406) ............... 283
2.28.64. internal_error_unable_to_find_lnk_connecting_to_lsa (ID: 02400407) 283
2.29. PPP .................................................................................................. 284
2.29.1. ppp_tunnel_limit_exceeded (ID: 02500100) .................................. 284
2.29.2. failed_to_agree_on_authentication_protocol (ID: 02500050) ............ 284
2.29.3. peer_refuses_to_use_authentication (ID: 02500051) .......................284
2.29.4. lcp_negotiation_stalled (ID: 02500052) ........................................ 285
2.29.5. unsupported_auth_server (ID: 02500500) ..................................... 285
2.29.6. radius_error (ID: 02500501) ....................................................... 285
2.29.7. authdb_error (ID: 02500502) ...................................................... 286
2.29.8. MPPE_decrypt_fail (ID: 02500600) ............................................. 286
2.29.9. ip_pool_empty (ID: 02500001) ................................................... 286
2.29.10. ip_address_required_but_not_received (ID: 02500002) ................. 287
2.29.11. primary_dns_address_required_but_not_received (ID: 02500003) ... 287
2.29.12. seconday_dns_address_required_but_not_received (ID: 02500004) . 287
2.29.13. primary_nbns_address_required_but_not_received (ID: 02500005) ..288
2.29.14. seconday_nbns_address_required_but_not_received (ID: 02500006) 288
2.29.15. authentication_failed (ID: 02500101) .........................................288
2.29.16. response_value_too_long (ID: 02500150) ................................... 289
2.29.17. username_too_long (ID: 02500151) ........................................... 289
2.29.18. username_too_long (ID: 02500201) ........................................... 289
2.29.19. username_too_long (ID: 02500301) ........................................... 290
2.29.20. username_too_long (ID: 02500350) ........................................... 290
2.29.21. password_too_long (ID: 02500351) ........................................... 290
2.30. PPPOE ............................................................................................. 291
2.30.1. pppoe_tunnel_up (ID: 02600001) ................................................ 291
2.30.2. pppoe_tunnel_closed (ID: 02600002) ........................................... 291
2.31. PPTP ................................................................................................ 292
2.31.1. pptpclient_resolve_failed (ID: 02700002) ..................................... 292
2.31.2. pptp_connection_disallowed (ID: 02700003) .................................292
2.31.3. unknown_pptp_auth_source (ID: 02700004) ................................. 292
2.31.4. user_disconnected (ID: 02700005) .............................................. 293
2.31.5. only_routes_set_up_by_server_iface_allowed (ID: 02700006) .......... 293
2.31.6. mppe_required (ID: 02700007) ................................................... 293
2.31.7. unsupported_message (ID: 02700010) .......................................... 294
2.31.8. failure_init_radius_accounting (ID: 02700011) ..............................294
xvi
Log Reference Guide
2.31.9. pptp_session_up (ID: 02700012) ................................................. 295
2.31.10. pptp_session_up (ID: 02700013) ...............................................295
2.31.11. tunnel_idle_timeout (ID: 02700014) .......................................... 295
2.31.12. session_idle_timeout (ID: 02700015) .........................................296
2.31.13. ctrlconn_refused (ID: 02700020) ............................................... 296
2.31.14. pptp_connection_disallowed (ID: 02700024) ............................... 297
2.31.15. unknown_pptp_auth_source (ID: 02700025) ................................ 297
2.31.16. pptp_no_userauth_rule_found (ID: 02700026) .............................297
2.31.17. malformed_packet (ID: 02700027) ............................................ 298
2.31.18. waiting_for_ip_to_listen_on (ID: 02700050) ............................... 298
2.31.19. pptpclient_resolve_successful (ID: 02700001) ............................. 298
2.31.20. pptp_session_closed (ID: 02700008) .......................................... 299
2.31.21. pptp_session_request (ID: 02700009) .........................................299
2.31.22. pptpclient_start (ID: 02700017) ................................................. 299
2.31.23. pptpclient_connected (ID: 02700018) .........................................300
2.31.24. pptp_tunnel_up (ID: 02700019) ................................................300
2.31.25. pptp_tunnel_up (ID: 02700021) ................................................300
2.31.26. pptp_tunnel_closed (ID: 02700022) ........................................... 301
2.32. REASSEMBLY ................................................................................. 302
2.32.1. mismatching_data_in_overlapping_tcp_segment (ID: 04800004) ...... 302
2.32.2. memory_allocation_failure (ID: 04800005) ................................... 302
2.32.3. drop_due_to_buffer_starvation (ID: 04800007) .............................. 302
2.32.4. failed_to_send_ack (ID: 04800008) .............................................303
2.32.5. state_memory_allocation_failed (ID: 04800011) ............................ 303
2.32.6. invalid_tcp_checksum (ID: 04800003) ......................................... 303
2.32.7. processing_memory_limit_reached (ID: 04800009) ........................ 304
2.32.8. maximum_connections_limit_reached (ID: 04800010) ....................304
2.32.9. ack_of_not_transmitted_data (ID: 04800002) ................................304
2.33. RFO .................................................................................................305
2.33.1. no_ping (ID: 04100003) ............................................................305
2.33.2. unable_to_register_pingmon (ID: 04100005) .................................305
2.33.3. no_arp (ID: 04100007) ..............................................................305
2.33.4. unable_to_register_arp_monitor (ID: 04100008) ............................ 306
2.33.5. no_link (ID: 04100010) ............................................................. 306
2.33.6. unable_to_register_interface_monitor (ID: 04100012) ..................... 306
2.33.7. unable_to_register_interface_monitor (ID: 04100013) ..................... 307
2.33.8. no_ping (ID: 04100002) ............................................................307
2.33.9. unable_to_register_pingmon (ID: 04100004) .................................308
2.33.10. unable_to_register_arp_monitor (ID: 04100009) .......................... 308
2.33.11. have_ping (ID: 04100001) ....................................................... 308
2.33.12. have_arp (ID: 04100006) ......................................................... 309
2.33.13. have_link (ID: 04100011) ........................................................ 309
2.33.14. hostmon_failed (ID: 04100014) ................................................. 309
2.33.15. hostmon_successful (ID: 04100015) ..........................................310
2.34. RULE .............................................................................................. 311
2.34.1. block0net (ID: 06000010) .......................................................... 311
2.34.2. block0net (ID: 06000011) .......................................................... 311
2.34.3. block127net (ID: 06000012) ....................................................... 311
2.34.4. block127net (ID: 06000013) ....................................................... 312
2.34.5. unknown_vlandid (ID: 06000040) ............................................... 312
2.34.6. ruleset_reject_packet (ID: 06000050) ........................................... 312
2.34.7. ruleset_drop_packet (ID: 06000051) ............................................ 313
2.34.8. ruleset_fwdfast (ID: 06000003) .................................................. 313
2.34.9. ip_verified_access (ID: 06000005) .............................................. 313
2.34.10. directed_broadcasts (ID: 06000030) ........................................... 314
2.34.11. directed_broadcasts (ID: 06000031) ........................................... 314
2.34.12. unhandled_local (ID: 06000060) ............................................... 314
2.35. SESMGR .......................................................................................... 316
2.35.1. sesmgr_allocate_error (ID: 04900009) ......................................... 316
2.35.2. sesmgr_console_denied_init (ID: 04900012) .................................316
2.35.3. sesmgr_file_error (ID: 04900017) ............................................... 316
2.35.4. sesmgr_session_denied (ID: 04900002) ........................................ 316
2.35.5. sesmgr_console_denied (ID: 04900007) ....................................... 317
xvii
Log Reference Guide
2.35.6. sesmgr_session_maximum_reached (ID: 04900008) ....................... 317
2.35.7. sesmgr_session_access_missing (ID: 04900015) ............................ 317
2.35.8. sesmgr_session_created (ID: 04900001) ....................................... 318
2.35.9. sesmgr_session_removed (ID: 04900003) ..................................... 318
2.35.10. sesmgr_access_set (ID: 04900004) ............................................ 319
2.35.11. sesmgr_session_timeout (ID: 04900005) ..................................... 319
2.35.12. sesmgr_upload_denied (ID: 04900006) ....................................... 319
2.35.13. sesmgr_session_activate (ID: 04900010) ..................................... 320
2.35.14. sesmgr_session_disabled (ID: 04900011) .................................... 320
2.35.15. sesmgr_session_previous_removed (ID: 04900014) ...................... 320
2.35.16. sesmgr_session_old_removed (ID: 04900016) ............................. 321
2.35.17. sesmgr_techsupport (ID: 04900018) ........................................... 321
2.36. SLB .................................................................................................322
2.36.1. server_offline (ID: 02900002) .................................................... 322
2.36.2. server_online (ID: 02900001) ..................................................... 322
2.37. SMTPLOG ........................................................................................ 323
2.37.1. unable_to_establish_connection (ID: 03000001) ............................ 323
2.37.2. connect_timeout (ID: 03000002) ................................................. 323
2.37.3. send_failure (ID: 03000004) ....................................................... 323
2.37.4. receive_timeout (ID: 03000005) .................................................. 324
2.37.5. rejected_connect (ID: 03000006) ................................................324
2.37.6. rejected_ehlo_helo (ID: 03000007) .............................................. 324
2.37.7. rejected_sender (ID: 03000008) .................................................. 325
2.37.8. rejected_recipient (ID: 03000009) ...............................................325
2.37.9. rejected_all_recipients (ID: 03000010) .........................................325
2.37.10. rejected_data (ID: 03000011) .................................................... 325
2.37.11. rejected_message_text (ID: 03000012) ....................................... 326
2.38. SNMP ..............................................................................................327
2.38.1. disallowed_sender (ID: 03100001) .............................................. 327
2.38.2. invalid_snmp_community (ID: 03100002) ....................................327
2.39. SSHD ............................................................................................... 328
2.39.1. out_of_mem (ID: 04700001) ......................................................328
2.39.2. dh_key_exchange_failure (ID: 04700002) ..................................... 328
2.39.3. illegal_version_string (ID: 04700004) .......................................... 328
2.39.4. error_occurred (ID: 04700005) ................................................... 328
2.39.5. max_auth_tries_reached (ID: 04700030) ...................................... 329
2.39.6. rsa_sign_verification_failed (ID: 04700050) .................................. 329
2.39.7. dsa_sign_verification_failed (ID: 04700051) .................................329
2.39.8. key_algo_not_supported. (ID: 04700055) ..................................... 330
2.39.9. invalid_mac (ID: 04700007) ....................................................... 330
2.39.10. invalid_service_request (ID: 04700015) ...................................... 330
2.39.11. invalid_username_change (ID: 04700020) ................................... 331
2.39.12. invalid_username_change (ID: 04700025) ................................... 331
2.39.13. ssh_login_timeout_expired (ID: 04700035) .................................331
2.39.14. ssh_inactive_timeout_expired (ID: 04700036) ............................. 332
2.39.15. max_ssh_clients_reached (ID: 04700060) ................................... 332
2.39.16. client_disallowed (ID: 04700061) .............................................. 332
2.39.17. unsupported_pubkey_algo (ID: 04700057) .................................. 333
2.39.18. ssh_force_conn_close (ID: 04700105) ........................................ 333
2.40. SYSTEM .......................................................................................... 334
2.40.1. demo_expired (ID: 03200020) .................................................... 334
2.40.2. demo_mode (ID: 03200021) ....................................................... 334
2.40.3. port_bind_failed (ID: 03200300) ................................................. 334
2.40.4. bidir_fail (ID: 03200600) ........................................................... 335
2.40.5. disk_cannot_remove_file (ID: 03200601) ..................................... 335
2.40.6. cfg_switch_fail (ID: 03200605) .................................................. 335
2.40.7. core_switch_fail (ID: 03200606) ................................................. 336
2.40.8. file_open_failed (ID: 03200602) ................................................. 336
2.40.9. disk_cannot_remove (ID: 03200603) ........................................... 336
2.40.10. disk_cannot_rename (ID: 03200604) .......................................... 337
2.40.11. invalid_ip_match_access_section (ID: 03200110) ......................... 337
2.40.12. port_bind_failed (ID: 03200301) ...............................................337
2.40.13. admin_login_failed (ID: 03203002) ........................................... 338
xviii
Log Reference Guide
2.40.14. admin_login_group_mismatch (ID: 03206001) ............................ 338
2.40.15. admin_login_internal_error (ID: 03206002) ................................ 338
2.40.16. reset_clock (ID: 03200100) ...................................................... 339
2.40.17. reset_clock (ID: 03200101) ...................................................... 339
2.40.18. bidir_ok (ID: 03200607) .......................................................... 340
2.40.19. shutdown (ID: 03201000) ........................................................ 340
2.40.20. shutdown (ID: 03201010) ........................................................ 340
2.40.21. shutdown (ID: 03201011) ........................................................ 340
2.40.22. config_activation (ID: 03201020) .............................................. 341
2.40.23. reconfiguration (ID: 03201021) ................................................. 341
2.40.24. startup_normal (ID: 03202000) ................................................. 341
2.40.25. startup_echo (ID: 03202001) .................................................... 342
2.40.26. shutdown (ID: 03202500) ........................................................ 342
2.40.27. admin_login (ID: 03203000) .................................................... 343
2.40.28. admin_logout (ID: 03203001) ................................................... 343
2.40.29. activate_changes_failed (ID: 03204000) ..................................... 343
2.40.30. accept_configuration (ID: 03204001) .........................................344
2.40.31. reject_configuration (ID: 03204002) .......................................... 344
2.40.32. date_time_modified (ID: 03205000) ..........................................344
2.40.33. admin_timeout (ID: 03206000) ................................................. 345
2.41. TCP_FLAG ....................................................................................... 346
2.41.1. tcp_flags_set (ID: 03300002) ..................................................... 346
2.41.2. tcp_flags_set (ID: 03300008) ..................................................... 346
2.41.3. tcp_flag_set (ID: 03300009) ....................................................... 346
2.41.4. unexpected_tcp_flags (ID: 03300010) .......................................... 347
2.41.5. mismatched_syn_resent (ID: 03300011) ....................................... 347
2.41.6. mismatched_first_ack_seqno (ID: 03300012) ................................348
2.41.7. mismatched_first_ack_seqno (ID: 03300013) ................................348
2.41.8. rst_out_of_bounds (ID: 03300015) .............................................. 348
2.41.9. tcp_flags_set (ID: 03300001) ..................................................... 349
2.41.10. tcp_flag_set (ID: 03300003) ..................................................... 349
2.41.11. tcp_flag_set (ID: 03300004) ..................................................... 350
2.41.12. tcp_null_flags (ID: 03300005) .................................................. 350
2.41.13. unacceptable_ack (ID: 03300017) .............................................. 350
2.41.14. rst_without_ack (ID: 03300018) ................................................ 351
2.41.15. unacceptable_seqno (ID: 03300016) ..........................................351
2.42. TCP_OPT ......................................................................................... 352
2.42.1. bad_tcpopt_length (ID: 03400010) .............................................. 352
2.42.2. bad_tcpopt_length (ID: 03400011) .............................................. 352
2.42.3. bad_tcpopt_length (ID: 03400012) .............................................. 352
2.42.4. tcp_mss_too_low (ID: 03400013) ............................................... 353
2.42.5. tcp_mss_too_high (ID: 03400014) ............................................... 353
2.42.6. tcp_option_disallowed (ID: 03400015) ......................................... 354
2.42.7. tcp_null_flags (ID: 03400016) .................................................... 354
2.42.8. multiple_tcp_ws_options (ID: 03400017) ..................................... 354
2.42.9. too_large_tcp_window_scale (ID: 03400018) ................................ 355
2.42.10. mismatching_tcp_window_scale (ID: 03400019) .......................... 355
2.42.11. tcp_mss_too_low (ID: 03400001) .............................................. 355
2.42.12. tcp_mss_too_low (ID: 03400002) .............................................. 356
2.42.13. tcp_mss_too_high (ID: 03400003) ............................................. 356
2.42.14. tcp_mss_too_high (ID: 03400004) ............................................. 357
2.42.15. tcp_mss_above_log_level (ID: 03400005) ................................... 357
2.42.16. tcp_option (ID: 03400006) ....................................................... 357
2.42.17. tcp_option_strip (ID: 03400007) ............................................... 358
2.43. THRESHOLD ................................................................................... 359
2.43.1. failed_to_keep_connection_count (ID: 05300200) ..........................359
2.43.2. failed_to_keep_connection_count (ID: 05300201) ..........................359
2.43.3. conn_threshold_exceeded (ID: 05300100) .................................... 359
2.43.4. conn_threshold_exceeded (ID: 05300102) .................................... 360
2.43.5. threshold_conns_from_srcip_exceeded (ID: 05300210) ................... 360
2.43.6. threshold_conns_from_srcip_exceeded (ID: 05300211) ................... 361
2.43.7. threshold_conns_from_filter_exceeded (ID: 05300212) ................... 361
2.43.8. threshold_conns_from_filter_exceeded (ID: 05300213) ................... 361
xix
Log Reference Guide
2.43.9. reminder_conn_threshold (ID: 05300101) ..................................... 362
2.44. TIMESYNC ...................................................................................... 363
2.44.1. failure_communicate_with_timeservers (ID: 03500002) .................. 363
2.44.2. clockdrift_too_high (ID: 03500003) ............................................. 363
2.44.3. synced_clock (ID: 03500001) ..................................................... 363
2.45. TRANSPARENCY ............................................................................. 365
2.45.1. impossible_hw_sender_address (ID: 04400410) .............................365
2.45.2. enet_hw_sender_broadcast (ID: 04400413) ...................................365
2.45.3. enet_hw_sender_multicast (ID: 04400416) ................................... 365
2.45.4. invalid_stp_frame (ID: 04400419) ...............................................366
2.45.5. enet_hw_sender_broadcast (ID: 04400411) ...................................366
2.45.6. enet_hw_sender_broadcast (ID: 04400412) ...................................366
2.45.7. enet_hw_sender_multicast (ID: 04400414) ................................... 367
2.45.8. enet_hw_sender_multicast (ID: 04400415) ................................... 367
2.45.9. relay_stp_frame (ID: 04400417) ................................................. 367
2.45.10. dropped_stp_frame (ID: 04400418) ........................................... 368
2.46. USERAUTH ..................................................................................... 369
2.46.1. no_accounting_start_server_response (ID: 03700003) ..................... 369
2.46.2. invalid_accounting_start_server_response (ID: 03700004) ............... 369
2.46.3. failed_to_send_accounting_stop (ID: 03700007) ............................ 369
2.46.4. no_accounting_stop_server_response (ID: 03700010) ..................... 370
2.46.5. invalid_accounting_stop_server_response (ID: 03700011) ............... 370
2.46.6. failure_init_radius_accounting (ID: 03700012) ..............................370
2.46.7. no_accounting_start_server_response (ID: 03700014) ..................... 371
2.46.8. accounting_interim_failure (ID: 03700051) ................................... 371
2.46.9. no_accounting_interim_server_response (ID: 03700052) .................372
2.46.10. invalid_accounting_interim_server_response (ID: 03700053) ......... 372
2.46.11. radius_auth_timeout (ID: 03700105) .......................................... 372
2.46.12. no_shared_ciphers (ID: 03700500) ............................................ 373
2.46.13. disallow_clientkeyexchange (ID: 03700501) ................................ 373
2.46.14. bad_packet_order (ID: 03700502) .............................................373
2.46.15. bad_clienthello_msg (ID: 03700503) .......................................... 374
2.46.16. bad_changecipher_msg (ID: 03700504) ......................................374
2.46.17. bad_clientkeyexchange_msg (ID: 03700505) ............................... 374
2.46.18. bad_clientfinished_msg (ID: 03700506) ..................................... 375
2.46.19. bad_alert_msg (ID: 03700507) .................................................. 375
2.46.20. unknown_ssl_error (ID: 03700508) ............................................ 375
2.46.21. negotiated_cipher_does_not_permit_the_chosen_certificate_size (ID:
03700509) ........................................................................................ 376
2.46.22. received_sslalert (ID: 03700510) ............................................... 376
2.46.23. sent_sslalert (ID: 03700511) ..................................................... 376
2.46.24. invalid_accounting_start_server_response (ID: 03700002) ............. 377
2.46.25. no_accounting_start_server_response (ID: 03700005) ................... 377
2.46.26. invalid_accounting_start_server_response (ID: 03700006) ............. 378
2.46.27. invalid_accounting_stop_server_response (ID: 03700009) ............. 378
2.46.28. invalid_accounting_start_request (ID: 03700013) ......................... 378
2.46.29. group_list_too_long (ID: 03700030) .......................................... 379
2.46.30. invalid_accounting_interim_server_response (ID: 03700054) ......... 379
2.46.31. relogin_from_new_srcip (ID: 03700100) .................................... 379
2.46.32. already_logged_in (ID: 03700101) ............................................. 380
2.46.33. userauthrules_disallowed (ID: 03700107) ................................... 380
2.46.34. accounting_stop (ID: 03700008) ............................................... 380
2.46.35. user_timeout (ID: 03700020) .................................................... 381
2.46.36. accounting_alive (ID: 03700050) ............................................... 381
2.46.37. user_login (ID: 03700102) ....................................................... 382
2.46.38. bad_user_credentials (ID: 03700104) .........................................382
2.46.39. manual_logout (ID: 03700106) ................................................. 382
2.46.40. challenges_not_supported (ID: 03700108) ................................... 383
2.46.41. accounting_start (ID: 03700001) ............................................... 383
2.47. VFS .................................................................................................384
2.47.1. pkg_execute_fail (ID: 05200005) ................................................384
2.47.2. odm_execute_action (ID: 05200002) ........................................... 384
2.47.3. odm_execute_action (ID: 05200003) ........................................... 384
xx
Log Reference Guide
2.47.4. odm_no_execute_action (ID: 05200004) ...................................... 385
2.47.5. upload_certificate_fail (ID: 05200006) .........................................385
2.47.6. upload_certificate_fail (ID: 05200007) .........................................385
2.48. ZONEDEFENSE ................................................................................ 387
2.48.1. failed_to_create_profile (ID: 03800006) ....................................... 387
2.48.2. no_response_trying_to_create_rule (ID: 03800007) ........................ 387
2.48.3. failed_writing_zonededense_state_to_media (ID: 03800008) ............ 387
2.48.4. failed_to_create_access_rule (ID: 03800009) ................................. 388
2.48.5. no_response_trying_to_erase_profile (ID: 03800010) ..................... 388
2.48.6. failed_to_erase_profile (ID: 03800011) ........................................ 388
2.48.7. failed_to_save_configuration (ID: 03800012) ................................ 389
2.48.8. timeout_saving_configuration (ID: 03800013) ............................... 389
2.48.9. unable_to_allocate_send_entries (ID: 03800001) ...........................389
2.48.10. unable_to_allocate_exclude_entry (ID: 03800002) ........................ 390
2.48.11. unable_to_allocate_block_entry (ID: 03800003) ........................... 390
2.48.12. switch_out_of_ip_profiles (ID: 03800004) .................................. 390
2.48.13. out_of_mac_profiles (ID: 03800005) .......................................... 390
xxi
List of Tables
1. Abbreviations ................................................................................................xxv
xxii
List of Examples
1. Parameters to a log message ............................................................................. xxiv
2. Conditional parameters to a log message ............................................................ xxiv
xxiii
Preface
Audience
The target audience for this reference guide consists of:
• Administrators that are responsible for configuring and managing the D-Link Firewall.
• Administrators that are responsible for troubleshooting the D-Link Firewall.
This guide assumes that the reader is familiar with the D-Link Firewall, and has the necessary basic
knowledge in network security.
Notation
The following notation is used throughout this reference guide when specifying parameters to a log
message:
Angle Brackets <name>
Square Brackets [name]
Used for specifying the name of a parameter to a log message.
Used for specifying the name of a conditional parameter to a log
message.
Example 1. Parameters to a log message
Log Message New configuration activated by user <username>, and committed via <authsystem>
Parameters authsystem
Both the authsystem and the username parameters will be included.
Example 2. Conditional parameters to a log message
Log Message Administrative user <username> logged in via <authsystem>. Access level: <access_level>
Parameters authsystem
The authsystem, username and the access_level parameters will be included. The other parameters, userdb,
server_ip, server_port, client_ip and client_port may or may not be included, depending on the context of the log
message.
username
username
access_level
[userdb]
[server_ip]
[server_port]
[client_ip]
[client_port]
xxiv
Abbreviations Preface
Abbreviations
The following abbreviations are used throughout this reference guide:
Table 1. Abbreviations
Abbreviation Full name
ALG Application Layer Gateway
ARP Address Resolution Protocol
DHCP Dynamic Host Configuration Protocol
DNS Domain Name System
ESP Encapsulating Security Payload
FTP File Transfer Protocol
HA High Availability
HTTP Hyper Text Transfer Protocol
ICMP Internet Control Message Protocol
IDS Intrusion Detection System
IP Internet Protocol
IPSec Internet Protocol Security
L2TP Layer 2 Tunneling Protocol
NAT Network Address Translation
OSPF Open Shortest Path First
PPP Point to Point Protocol
PPPoE Point to Point Protocol over Ethernet
RADIUS Remote Authentication Dial In User Service
SAT Static Address Translation
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SSL Secure Socket Layer
TCP Transport Control Protocol
TLS Transport Layer Security
UDP User Datagram Protocol
URL Uniform Resource Locator
UTF Unicode Transformation Format
VLAN Virtual Local Area Network
VPN Virtual Private Network
xxv
Chapter 1. Introduction
• Log Message Structure, page 1
• Context Parameters, page 3
• Statistics (usage), page 7
• Severity levels, page 8
This guide is a reference to all log messages generated by NetDefendOS. This guide is a valuable
source when managing and troubleshooting your system.
1.1. Log Message Structure
All log messages have a common design, with attributes like category, severity, recommended actions and so forth. These attributes enables you to easily filter the log messages, either within NetDefendOS prior to sending them to a log receiver, or as part of the analysis taking place after logging and storing the messages on an external log server.
The following information about a specific log message is available:
Name
ID
Category
Default Severity
Log Message
The name of the log message, which is a short string, 1-6 words separated by _. Please note that the name cannot be used as a unique identification of the log message, as several log messages might share the
same name.
The ID is a number which uniquely identifies the log message.
Note
In this guide, the Name and the ID of the log message
form the title of the section describing the log message.
Log messages are grouped into categories, where each category maps
to a specific subsystem in NetDefendOS. For instance, the IPSEC category includes some houndreds of log messages, all related to IPSec
VPN activities. Other examples of categories include ARP, DHCP, IGMP and USERAUTH.
In this guide, categories are listed as sections in Chapter 2, Log Mes-
sage Reference.
The default severity level for this log message. For a list of severity
levels, please see section Section 1.4, “Severity levels”.
A brief explanation of the event that took place. This explanation often
features references to parameters, enclosed in angle brackets. Example:
Explanation
Administrative user <username> logged in via <authsystem>. Access
level: <access_level>
Note that this information is only featured in this reference guide, and
is never actually included in the log message.
A detailed explanation of the event.
1
1.1. Log Message Structure Chapter 1. Introduction
Note that this information is only featured in this reference guide, and
is never actually included in the log message.
Gateway Action
Recommended Action
Revision
Depending on the log message, the following information may also be included:
Parameters
Context Parameters
A short string, 1-3 words separated by _, of what action the D-Link
Firewall will take. If the log message is purely informative, this is set
to "None".
A detailed recommendation of what the administrator should do if this
log message is received. If the log message is purely informative, this
is set to "None".
Note that this information is only featured in this reference guide, and
is never actually included in the log message.
The current revision of the log message. This is increased each time an
log message is changed between two releases.
The name of the parameters that are included in this log message. If a
parameter is specified within square brackets (for example
[username]), then the parameter is optional and may or may not be included in the log message.
The name of the context parameters that are included in this log message. Please see Section 1.2, “Context Parameters” for a description of
all available context parameters.
2
1.2. Context Parameters Chapter 1. Introduction
1.2. Context Parameters
In many cases, information regarding a certain object is featured in the log message. This can be information about, for example, a connection. In this case, the log message should, besides all the normal log message attributes, also include information about which protocol is used, source and destination IP addresses and ports (if applicable), and so on.
As the same information will be included in many log messages, these are referenced as a Context
Parameter. So whenever a log message includes information about a connection, it will feature the
CONN parameter in the Context Parameter list. This means that additional information about the
connection will also be included in the log message.
Here follows a description of all available context parameters and an explanation to all the additional parameters. The name of the additional parameters are specified in the Syslog format.
ALG Module Name
An ALG is always of a certain type, for example FTP, H323 or HTTP. This parameter specifies the
name of the ALG sub-module, in order to quickly distinguish which type of ALG this is.
algmod
ALG Session ID
Each ALG session has its own session ID, which uniquely identifies an ALG session. This is useful,
for example, when matching the opening of an ALG session with the closure of the same ALG session.
algsesid
Packet Buffer
Information about the packet buffer, which in turn contains a large number of additional objects.
Certain parameters may or may not be included, depending on the type of the packet buffer. For example, the TCP flags are only included if the buffer contains a TCP protocol, and the ICMP-specific
parameters are only included if the buffer contains a ICMP protocol.
recvif
[hwsender]
[hwdest]
The name of the ALG sub-module.
The session ID of an ALG session.
The name of the receiving interface.
The sender hardware address. Valid if the protocol is ARP.
The destination hardware address. Valid if the protocol is ARP.
[arp]
[srcip]
[destip]
iphdrlen
[fragoffs]
[fragid]
ipproto
The ARP state. Valid if the protocol is ARP. Possible values: request|reply.
The source IP Address. Valid if the protocol is not ARP.
The destination IP Address. Valid if the protocol is not ARP.
The IP header length.
Fragmentation offset. Valid if the IP packet is fragmented.
Fragmentation ID. Valid if the IP packet is fragmented.
The IP Protocol.
3
Connection Chapter 1. Introduction
ipdatalen
[srcport]
[destport]
[tcphdrlen]
[udptotlen]
[[tcpflag]=1]
[icmptype]
[echoid]
[echoseq]
[unreach]
[redirect]
[icmpcode]
The IP data length.
The source port. Valid if the protocol is TCP or UDP.
The destination port. Valid if the protocol is TCP or UDP.
The TCP header length. Valid if the protocol is TCP.
The total UDP data length. Valid if the protocol is UDP.
The specific TCP flag is set. Valid if the protocol is TCP. Possible values for
tcpflag: syn, rst, ack, psh, fin, urg, ece, cwr and ns.
The ICMP sub-protocol name. Valid if the protocol is ICMP.
The ICMP echo ID. Valid if the protocol is ICMP and sub-protocol is echo.
The ICMP echo sequence number. Valid if the protocol is ICMP and sub-
protocol is echo.
The ICMP destination unreachable code. Valid if the protocol is ICMP and sub-
protocol is destination unreachable.
The ICMP redirect code. Valid if the protocol is ICMP and sub-protocol is redir-
ect.
The ICMP sub-protocol code. Valid if the protocol is ICMP and sub-protocol is
not echo, destination unreachable or redirect.
Connection
Additional information about a connection. Certain parameters may or may not be included, depending on the type and status of the connection. For example, the number of bytes sent by the originator
and terminator is only included if the connection is closed.
conn
connipproto
connrecvif
connsrcip
[connsrcport]
[connsrcidt]
conndestif
conndestip
[conndestport]
[conndestidt]
[origsent]
The status of the connection. Possible values: open, close, closing and unknown.
The IP protocol used in this connection.
The name of the receive interface.
The source IP address.
The source port. Valid if the protocol is TCP or UDP.
The source ID. Valid if the protocol is not TCP or UDP.
The name of the destination interface.
The destination IP address.
The destination port. Valid if the protocol is TCP or UDP.
The destination ID. Valid if the protocol is not TCP or UDP.
The number of bytes sent by the originator in this connection. Valid if the con-
nection is closing or closed.
[termsent]
The number of bytes sent by the terminator in this connection. Valid if the connection is closing or closed.
4
Dropped Fragments Chapter 1. Introduction
Deep Inspection
Specifies the name and a description of the signature that triggered this event.
Note
For Deep Inspection log messages an additional log receiver, an SMTP log receiver,
can be configured. This information is only sent to log receives of that kind, and not
included in the Syslog format
Dropped Fragments
Specifies detailed information about dropped fragments in a packet.
Rule Name
Specifies the name of the rule that was used when this event was triggered.
rule
The name of the rule.
Rule Information
Additional information about the rule that was used when this event was triggered. Certain parameters may or may not be included, depending on the type of the rule. For example, the name of an authenticated user is only included if this rule contains network objects that has user authentication information in them.
rule
[satsrcrule]
[satdestrule]
[srcusername]
[destusername]
The name of the rule.
The name of the SAT source rule. Valid if the rule action is SAT.
The name of the SAT destination rule. Valid if the rule action is SAT.
The name of the authenticated user in the source network object. Valid if the
source network object has user authentication information.
The name of the authenticated user in the destination network object. Valid if the
destination network object has user authentication information.
User Authentication
Additional information about a user authentication event.
OSPF
authrule
authagent
authevent
username
srcip
The name of the user authentication rule.
The name of the user authentication agent.
The user authentication event that occurred. Possible values: login, logout,
timedout, disallowed_login, accounting and unknown.
The name of the user that triggered this event.
The source IP address of the user that triggered this event.
5
Loading...