Page 1
Security
Security
Network Security Firewall
Log Reference Guide
DFL-210/ 800/1600/ 2500
DFL-260/ 860
Ver. 1.01
Network Security Solution http://www.dlink.com
Page 2
Log Reference Guide
DFL-210/260/800/860/1600/2500
NetDefendOS version 2.12
No. 289, Sinhu 3rd Rd, Neihu District, Taipei City 114, Taiwan R.O.C.
D-Link Corporation
http://www.DLink.com
Published 2007-04-16
Copyright © 2007
Page 3
Log Reference Guide
DFL-210/260/800/860/1600/2500
NetDefendOS version 2.12
Published 2007-04-16
Copyright © 2007
Copyright Notice
This publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manual, nor any of the material contained
herein, may be reproduced without written consent of the author.
Disclaimer
The information in this document is subject to change without notice. The manufacturer makes no
representations or warranties with respect to the contents hereof and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. The manufacturer reserves
the right to revise this publication and to make changes from time to time in the content hereof
without obligation of the manufacturer to notify any person of such revision or changes.
Limitations of Liability
UNDER NO CIRCUMSTANCES SHALL D-LINK OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL
DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF
THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D-LINK IS INFORMED
OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, D-LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES.
D-LINK WILL IN NO EVENT BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE
AMOUNT D-LINK RECEIVED FROM THE END-USER FOR THE PRODUCT.
Page 4
Table of Contents
Preface ............................................................................................................ xxiv
1. Introduction ...................................................................................................... 1
1.1. Log Message Structure ............................................................................. 1
1.2. Context Parameters .................................................................................. 3
1.3. Statistics (usage) ..................................................................................... 7
1.4. Severity levels ........................................................................................ 8
2. Log Message Reference .....................................................................................10
2.1. ALG ....................................................................................................11
2.1.1. illegal_ip_address (ID: 00200216) ..................................................11
2.1.2. illegal_port_number (ID: 00200217) ...............................................12
2.1.3. bad_port (ID: 00200233) ...............................................................12
2.1.4. bad_ip (ID: 00200234) ..................................................................13
2.1.5. max_line_length_exceeded (ID: 00200003) ......................................13
2.1.6. invalid_url_format (ID: 00200101) .................................................13
2.1.7. compressed_data_received (ID: 00200109) .......................................14
2.1.8. failure_connect_http_server (ID: 00200112) .....................................14
2.1.9. wcf_server_unreachable (ID: 00200119) ..........................................15
2.1.10. virus_scan_failure (ID: 00200120) ................................................15
2.1.11. virus_scan_failure (ID: 00200121) ................................................15
2.1.12. avse_out_of_memory (ID: 00200122) ............................................16
2.1.13. avse_out_of_memory (ID: 00200127) ............................................16
2.1.14. failed_connect_smtp_server (ID: 00200153) ...................................16
2.1.15. failed_to_check_response_code_values (ID: 00200155) ....................17
2.1.16. virus_scan_failure (ID: 00200162) ................................................17
2.1.17. virus_scan_failure (ID: 00200163) ................................................17
2.1.18. base64_decode_failed (ID: 00200164) ...........................................18
2.1.19. avse_out_of_memory (ID: 00200169) ............................................18
2.1.20. avse_out_of_memory (ID: 00200170) ............................................19
2.1.21. out_of_memory (ID: 00200175) ....................................................19
2.1.22. illegal_data_direction (ID: 00200202) ............................................19
2.1.23. failed_to_create_connection1 (ID: 00200218) ..................................20
2.1.24. failed_to_create_connection2 (ID: 00200235) ..................................20
2.1.25. failed_to_create_server_data_connection (ID: 00200236) ..................21
2.1.26. failed_to_register_rawconn (ID: 00200238) ....................................21
2.1.27. failed_to_merge_conns (ID: 00200239) ..........................................21
2.1.28. failed_create_new_session (ID: 00200242) .....................................22
2.1.29. failure_connect_ftp_server (ID: 00200243) .....................................22
2.1.30. virus_scan_failure (ID: 00200257) ................................................22
2.1.31. virus_scan_failure (ID: 00200258) ................................................23
2.1.32. avse_decompression_failed (ID: 00200264) ....................................23
2.1.33. avse_out_of_memory (ID: 00200266) ............................................23
2.1.34. avse_out_of_memory (ID: 00200268) ............................................24
2.1.35. failure_connect_h323_server (ID: 00200316) ..................................24
2.1.36. invalid_client_http_header_received (ID: 00200100) ........................24
2.1.37. unknown_client_data_received (ID: 00200105) ...............................25
2.1.38. suspicious_data_received (ID: 00200106) .......................................25
2.1.39. invalid_chunked_encoding (ID: 00200107) .....................................26
2.1.40. invalid_server_http_header_received (ID: 00200108) ........................26
2.1.41. max_http_sessions_reached (ID: 00200110) ....................................26
2.1.42. failed_create_new_session (ID: 00200111) .....................................27
2.1.43. virus_found (ID: 00200114) .........................................................27
2.1.44. content_filtering_disabled (ID: 00200115) ......................................28
2.1.45. max_download_size_reached (ID: 00200116) ..................................28
2.1.46. avse_decompression_failed (ID: 00200123) ....................................28
2.1.47. avse_decompression_failed (ID: 00200124) ....................................29
2.1.48. restricted_site_notice (ID: 00200132) ............................................29
2.1.49. url_reclassification_request (ID: 00200133) ....................................30
iv
Page 5
Log Reference Guide
2.1.50. max_smtp_sessions_reached (ID: 00200150) ..................................30
2.1.51. maximum_email_per_minute_reached (ID: 00200151) ......................30
2.1.52. failed_create_new_session (ID: 00200152) .....................................31
2.1.53. avse_decompression_failed (ID: 00200154) ....................................31
2.1.54. sender_email_id_is_in_blacklist (ID: 00200158) ..............................31
2.1.55. recipient_email_id_in_blacklist (ID: 00200159) ...............................32
2.1.56. some_recipient_email_ids_are_in_blocklist (ID: 00200160) ...............32
2.1.57. virus_found (ID: 00200165) .........................................................33
2.1.58. avse_decompression_failed (ID: 00200168) ....................................33
2.1.59. all_recipient_email_ids_are_in_blocklist (ID: 00200172) ...................33
2.1.60. virus_found_in_audit_mode (ID: 00200173) ...................................34
2.1.61. invalid_end_of_mail (ID: 00200176) .............................................34
2.1.62. virus_found_in_audit_mode (ID: 00200200) ...................................35
2.1.63. illegal_chars (ID: 00200210) ........................................................35
2.1.64. control_chars (ID: 00200211) .......................................................36
2.1.65. illegal_command (ID: 00200212) ..................................................36
2.1.66. illegal_command (ID: 00200213) ..................................................36
2.1.67. port_command_disabled (ID: 00200214) ........................................37
2.1.68. illegal_command (ID: 00200215) ..................................................37
2.1.69. illegal_command (ID: 00200219) ..................................................38
2.1.70. illegal_direction1 (ID: 00200220) .................................................38
2.1.71. illegal_direction2 (ID: 00200221) .................................................38
2.1.72. illegal_option (ID: 00200222) ......................................................39
2.1.73. illegal_option (ID: 00200223) ......................................................39
2.1.74. unknown_option (ID: 00200224) ..................................................40
2.1.75. illegal_command (ID: 00200225) ..................................................40
2.1.76. unknown_command (ID: 00200226) ..............................................40
2.1.77. illegal_reply (ID: 00200228) ........................................................41
2.1.78. illegal_reply (ID: 00200230) ........................................................41
2.1.79. illegal_reply (ID: 00200231) ........................................................42
2.1.80. illegal_reply (ID: 00200232) ........................................................42
2.1.81. failed_to_send_port (ID: 00200237) ..............................................43
2.1.82. max_ftp_sessions_reached (ID: 00200241) .....................................43
2.1.83. resumed_compressed_file_transfer (ID: 00200252) ..........................43
2.1.84. resumed_compressed_file_transfer (ID: 00200254) ..........................44
2.1.85. virus_found (ID: 00200259) .........................................................44
2.1.86. illegal_command (ID: 00200267) ..................................................45
2.1.87. compression_ratio_violation (ID: 00200269) ...................................45
2.1.88. compression_ratio_violation (ID: 00200270) ...................................45
2.1.89. compression_ratio_violation (ID: 00200271) ...................................46
2.1.90. virus_found_in_audit_mode (ID: 00200272) ...................................46
2.1.91. compression_ratio_violation (ID: 00200273) ...................................47
2.1.92. compression_ratio_violation (ID: 00200274) ...................................47
2.1.93. compression_ratio_violation (ID: 00200275) ...................................48
2.1.94. compression_ratio_violation (ID: 00200276) ...................................48
2.1.95. compression_ratio_violation (ID: 00200277) ...................................48
2.1.96. compression_ratio_violation (ID: 00200278) ...................................49
2.1.97. unknown_state (ID: 00200300) .....................................................49
2.1.98. invalid_message (ID: 00200301) ...................................................50
2.1.99. decode_failed (ID: 00200302) ......................................................50
2.1.100. encode_failed (ID: 00200303) .....................................................50
2.1.101. encode_failed (ID: 00200304) .....................................................51
2.1.102. encode_failed (ID: 00200305) .....................................................51
2.1.103. decode_failed (ID: 00200306) .....................................................52
2.1.104. encode_failed (ID: 00200307) .....................................................52
2.1.105. max_tcp_data_connections_exceeded (ID: 00200308) .....................52
2.1.106. max_connections_per_call_exceeded (ID: 00200309) ......................53
2.1.107. ignoring_channel (ID: 00200310) ................................................53
2.1.108. com_mode_response_message_not_translated (ID: 00200311) ..........54
2.1.109. max_h323_session_reached (ID: 00200312) ..................................54
2.1.110. failed_create_new_session (ID: 00200313) ....................................54
2.1.111. max_h323_gk_sessions_reached (ID: 00200314) ............................55
2.1.112. failed_create_new_session (ID: 00200315) ....................................55
v
Page 6
Log Reference Guide
2.1.113. com_mode_command_message_not_translated (ID: 00200317) ........55
2.1.114. content_type_mismatch (ID: 00200113) .......................................56
2.1.115. blocked_filetype (ID: 00200117) .................................................56
2.1.116. avscan_excluded_file (ID: 00200118) ..........................................57
2.1.117. request_url (ID: 00200125) ........................................................57
2.1.118. request_url (ID: 00200126) ........................................................57
2.1.119. sender_email_id_mismatched (ID: 00200157) ................................58
2.1.120. avscan_excluded_file (ID: 00200161) ..........................................58
2.1.121. blocked_filetype (ID: 00200166) .................................................59
2.1.122. content_type_mismatch (ID: 00200167) .......................................59
2.1.123. content_type_mismatch_mimecheck_disabled (ID: 00200171) ..........60
2.1.124. unknown_encoding (ID: 00200181) .............................................60
2.1.125. unknown_encoding (ID: 00200182) .............................................60
2.1.126. content_type_mismatch (ID: 00200250) .......................................61
2.1.127. failed_to_send_command (ID: 00200251) .....................................61
2.1.128. blocked_filetype (ID: 00200253) .................................................62
2.1.129. failed_to_send_response_code (ID: 00200255) ..............................62
2.1.130. avscan_excluded_file (ID: 00200256) ..........................................62
2.1.131. avse_decompression_failed (ID: 00200262) ..................................63
2.1.132. alg_session_open (ID: 00200001) ................................................63
2.1.133. alg_session_closed (ID: 00200002) ..............................................63
2.1.134. hybrid_data (ID: 00200205) .......................................................64
2.1.135. hybrid_data (ID: 00200206) .......................................................64
2.1.136. hybrid_data (ID: 00200209) .......................................................64
2.2. ARP ....................................................................................................66
2.2.1. invalid_arp_sender_ip_address (ID: 00300049) .................................66
2.2.2. arp_response_broadcast_drop (ID: 00300052) ...................................66
2.2.3. arp_collides_with_static (ID: 00300054) ..........................................66
2.2.4. already_exists (ID: 00300001) ........................................................67
2.2.5. no_sender_ip (ID: 00300002) .........................................................67
2.2.6. no_sender_ip (ID: 00300003) .........................................................67
2.2.7. arp_response_broadcast (ID: 00300004) ...........................................68
2.2.8. arp_response_multicast (ID: 00300005) ...........................................68
2.2.9. mismatching_hwaddrs (ID: 00300006) ............................................68
2.2.10. mismatching_hwaddrs_drop (ID: 00300007) ...................................69
2.2.11. hwaddr_change (ID: 00300008) ....................................................69
2.2.12. arp_cache_size_limit_reached (ID: 00300030) .................................69
2.2.13. arp_access_allowed_expect (ID: 00300050) ....................................70
2.2.14. impossible_hw_address (ID: 00300051) .........................................70
2.2.15. arp_response_multicast_drop (ID: 00300053) ..................................70
2.2.16. hwaddr_change_drop (ID: 00300055) ............................................71
2.3. AVSE ..................................................................................................72
2.3.1. failed_to_allocate_memory (ID: 05100304) ......................................72
2.3.2. no_signature_database (ID: 05100306) ............................................72
2.3.3. general_engine_error (ID: 05100307) ..............................................72
2.3.4. out_of_memory (ID: 05100308) .....................................................73
2.3.5. failed_to_allocate_memory (ID: 05100303) ......................................73
2.3.6. no_valid_license (ID: 05100305) ....................................................73
2.4. AVUPDATE .........................................................................................74
2.4.1. av_db_update_failure (ID: 05000001) ..............................................74
2.4.2. av_detects_invalid_system_time (ID: 05000005) ...............................74
2.4.3. av_database_downloaded (ID: 05000002) ........................................74
2.4.4. av_db_already_up_to_date (ID: 05000003) .......................................75
2.4.5. av_db_update_denied (ID: 05000004) .............................................75
2.4.6. downloading_new_database (ID: 05000007) .....................................75
2.5. BLACKLIST .........................................................................................76
2.5.1. failed_to_write_list_of_blocked_hosts_to_media (ID: 04600001) .........76
2.5.2. unable_to_allocate_static_entry (ID: 04600002) ................................76
2.5.3. unable_to_allocate_host_entry (ID: 04600003) ..................................76
2.5.4. connection_blacklisted (ID: 04600004) ............................................77
2.5.5. packet_blacklisted (ID: 04600005) ..................................................77
2.5.6. packet_blacklisted (ID: 04600006) ..................................................77
2.6. BUFFERS ............................................................................................79
vi
Page 7
Log Reference Guide
2.6.1. buffers_flooded (ID: 00500001) .....................................................79
2.7. CONN .................................................................................................80
2.7.1. connection_table_full (ID: 00600003) ..............................................80
2.7.2. out_of_connections (ID: 00600010) ................................................80
2.7.3. out_of_connections (ID: 00600011) ................................................80
2.7.4. no_new_conn_for_this_packet (ID: 00600012) ..................................81
2.7.5. no_new_conn_for_this_packet (ID: 00600013) ..................................81
2.7.6. no_return_route (ID: 00600014) .....................................................81
2.7.7. reverse_connect_attempt (ID: 00600015) .........................................82
2.7.8. port_0_illegal (ID: 00600020) ........................................................82
2.7.9. udp_src_port_0_illegal (ID: 00600021) ............................................82
2.7.10. udp_src_port_0_forwarded (ID: 00600022) .....................................83
2.7.11. conn_open (ID: 00600001) ..........................................................83
2.7.12. conn_close (ID: 00600002) ..........................................................83
2.7.13. conn_usage (ID: 00600023) .........................................................84
2.7.14. active_data (ID: 00600100) ..........................................................84
2.7.15. passive_data (ID: 00600101) ........................................................84
2.7.16. active_data (ID: 00600102) ..........................................................85
2.7.17. passive_data (ID: 00600103) ........................................................85
2.8. DHCP ..................................................................................................86
2.8.1. lease_changed (ID: 00700002) .......................................................86
2.8.2. invalid_lease_time (ID: 00700007) .................................................86
2.8.3. invalid_server_id (ID: 00700008) ...................................................86
2.8.4. invalid_netmask (ID: 00700009) .....................................................87
2.8.5. invalid_broadcast (ID: 00700010) ...................................................87
2.8.6. invalid_offered_ip (ID: 00700011) ..................................................87
2.8.7. invalid_gateway (ID: 00700012) .....................................................88
2.8.8. offered_broadcast_equals_gateway (ID: 00700013) ............................88
2.8.9. ip_collision (ID: 00700014) ...........................................................89
2.8.10. route_collision (ID: 00700015) .....................................................89
2.8.11. offered_ip_occupied (ID: 00700001) .............................................89
2.8.12. lease_acquired (ID: 00700003) .....................................................90
2.8.13. renewed_lease (ID: 00700004) .....................................................90
2.8.14. lease_expired (ID: 00700005) .......................................................90
2.9. DHCPRELAY .......................................................................................92
2.9.1. unable_to_add_relay_route_since_out_of_memory (ID: 00800011) .......92
2.9.2. unable_to_save_dhcp_relay_list (ID: 00800001) ................................92
2.9.3. incorrect_bootp_dhcp_cookie (ID: 00800004) ...................................92
2.9.4. maximum_ppm_for_relayer_reached (ID: 00800005) .........................92
2.9.5. hop_limit_exceeded (ID: 00800007) ................................................93
2.9.6. client_release (ID: 00800008) ........................................................93
2.9.7. got_reply_without_transaction_state (ID: 00800009) ..........................93
2.9.8. maximum_dhcp_client_relay_routes_reached (ID: 00800010) ..............94
2.9.9. ignored_relay_request (ID: 00800012) .............................................94
2.9.10. no_message_type (ID: 00800013) .................................................94
2.9.11. bad_inform_pkt_with_mismatching_source_ip_and_client_ip (ID:
00800014) ..........................................................................................95
2.9.12. received_relayed_inform_packet_without_client_ip (ID: 00800015) ....95
2.9.13. maximum_current_dhcp_relays_for_iface (ID: 00800016) .................96
2.9.14. dhcp_server_is_unroutable (ID: 00800017) .....................................96
2.9.15. unable_to_get_free_transaction_state (ID: 00800018) .......................96
2.9.16. invalid_gateway (ID: 00800019) ...................................................97
2.9.17. got_reply_on_a_non_security_equivalent_interface (ID: 00800022) ....97
2.9.18. assigned_ip_not_allowed (ID: 00800023) .......................................97
2.9.19. illegal_client_ip_assignment (ID: 00800024) ...................................98
2.9.20. ambiguous_host_route (ID: 00800025) ...........................................98
2.9.21. dhcp_relay_list_saved (ID: 00800002) ...........................................99
2.9.22. dhcp_pkt_too_small (ID: 00800003) ..............................................99
2.9.23. relayer_resuming (ID: 00800006) ..................................................99
2.9.24. relayed_request (ID: 00800020) ....................................................99
2.9.25. relayed_request (ID: 00800021) .................................................. 100
2.9.26. relayed_dhcp_reply (ID: 00800026) ............................................. 100
2.9.27. relayed_bootp_reply (ID: 00800027) ........................................... 101
vii
Page 8
Log Reference Guide
2.9.28. relayed_dhcp_reply (ID: 00800028) ............................................. 101
2.9.29. relayed_bootp_reply (ID: 00800029) ........................................... 101
2.10. DHCPSERVER ................................................................................. 103
2.10.1. unable_to_send_response (ID: 00900001) ..................................... 103
2.10.2. option_section_is_too_big_unable_to_reply (ID: 00900002) ............ 103
2.10.3. unable_to_save_lease_db (ID: 00900003) ..................................... 103
2.10.4. dhcp_packet_too_small (ID: 00900005) ....................................... 103
2.10.5. request_for_ip_from_non_bound_client_without_state (ID: 00900006) 104
2.10.6. request_for_ip_from_bound_client_without_state (ID: 00900007) ..... 104
2.10.7. request_for_ip_from_non_bound_client_without_state (ID: 00900008) 105
2.10.8. all_ip_pools_depleted (ID: 00900010) .......................................... 105
2.10.9. request_with_bad_udp_checksum (ID: 00900011) .......................... 105
2.10.10. pool_depleted (ID: 00900014) .................................................. 106
2.10.11. request_for_non_offered_ip (ID: 00900017) ................................ 106
2.10.12. request_for_non_bound_ip (ID: 00900018) ................................. 106
2.10.13. declined_by_client (ID: 00900024) ............................................ 107
2.10.14. request_for_ip_from_bound_client_without_state (ID: 00900025) ... 107
2.10.15. lease_db_successfully_saved (ID: 00900004) ..............................107
2.10.16. lease_timeout (ID: 00900012) ................................................... 108
2.10.17. lease_timeout (ID: 00900013) ................................................... 108
2.10.18. sending_offer (ID: 00900015) ................................................... 108
2.10.19. pool_depleted (ID: 00900016) .................................................. 109
2.10.20. client_bound (ID: 00900019) .................................................... 109
2.10.21. client_renewed (ID: 00900020) ................................................. 109
2.10.22. got_inform_request (ID: 00900021) ........................................... 110
2.10.23. decline_for_ip_on_wrong_iface (ID: 00900022) ........................... 110
2.10.24. decline_for_non_offered_ip (ID: 00900023) ................................ 111
2.11. DYNROUTING .................................................................................112
2.11.1. failed_to_export_route_to_ospf_process_failed_to_alloc (ID: 01100001)
........................................................................................................ 112
2.11.2. failed_to_add_route_unable_to_alloc (ID: 01100004) ..................... 112
2.11.3. route_exported_to_ospf_as (ID: 01100002) ................................... 112
2.11.4. route_unexported_from_ospf_as (ID: 01100003) ...........................113
2.11.5. route_added (ID: 01100005) ....................................................... 113
2.11.6. route_removed (ID: 01100006) ................................................... 113
2.12. FRAG .............................................................................................. 115
2.12.1. fragact_contains_frags (ID: 02000002) ......................................... 115
2.12.2. fail_suspect_out_of_resources (ID: 02000003) ..............................115
2.12.3. fail_out_of_resources (ID: 02000004) .......................................... 115
2.12.4. fail_suspect_timeout (ID: 02000005) ........................................... 116
2.12.5. fail_timeout (ID: 02000006) ....................................................... 116
2.12.6. fragments_available_freeing (ID: 02000100) ................................. 117
2.12.7. learn_state (ID: 02000011) ......................................................... 117
2.12.8. frag_offset_plus_length_not_in_range (ID: 02000014) ....................117
2.12.9. bad_ipdatalen (ID: 02000016) .................................................... 118
2.12.10. bad_ipdatalen (ID: 02000017) ...................................................118
2.12.11. overlapping_frag (ID: 02000018) .............................................. 119
2.12.12. bad_offs (ID: 02000019) .......................................................... 119
2.12.13. duplicate_frag_with_different_length (ID: 02000020) ................... 119
2.12.14. duplicate_frag_with_different_data (ID: 02000021) ...................... 120
2.12.15. partial_overlap (ID: 02000022) ................................................. 120
2.12.16. already_completed (ID: 02000025) ............................................ 120
2.12.17. individual_frag_timeout (ID: 02000001) ..................................... 121
2.12.18. disallowed_suspect (ID: 02000007) ........................................... 121
2.12.19. drop_frags_of_disallowed_packet (ID: 02000008) ........................ 121
2.12.20. drop_frags_of_illegal_packet (ID: 02000009) ..............................122
2.12.21. drop_extraneous_frags_of_completed_packet (ID: 02000010) ........ 122
2.12.22. drop_duplicate_frag_suspect_packet (ID: 02000012) .................... 123
2.12.23. drop_duplicate_frag (ID: 02000013) .......................................... 123
2.12.24. no_available_fragacts (ID: 02000015) ........................................ 123
2.12.25. drop_frag_disallowed_suspect_packet (ID: 02000023) .................. 124
2.12.26. drop_frag_disallowed_packet (ID: 02000024) ..............................124
2.12.27. drop_frag_failed_suspect_packet (ID: 02000026) ......................... 124
viii
Page 9
Log Reference Guide
2.12.28. drop_frag_failed_packet (ID: 02000027) ..................................... 125
2.12.29. drop_frag_illegal_packet (ID: 02000028) .................................... 125
2.13. GRE .................................................................................................126
2.13.1. failed_to_setup_gre_tunnel (ID: 02200001) ................................... 126
2.13.2. gre_bad_flags (ID: 02200002) .................................................... 126
2.13.3. gre_bad_version (ID: 02200003) ................................................. 126
2.13.4. gre_checksum_error (ID: 02200004) ............................................ 127
2.13.5. gre_length_error (ID: 02200005) ................................................. 127
2.13.6. gre_send_routing_loop_detected (ID: 02200006) ........................... 127
2.13.7. unmatched_session_key (ID: 02200007) ....................................... 127
2.13.8. gre_routing_flag_set (ID: 02200008) ........................................... 128
2.14. HA ..................................................................................................129
2.14.1. config_sync_failure (ID: 01200500) ............................................ 129
2.14.2. heartbeat_from_unknown (ID: 01200043) ..................................... 129
2.14.3. should_have_arrived_on_sync_iface (ID: 01200044) ...................... 129
2.14.4. activate_failed (ID: 01200050) ...................................................130
2.14.5. merge_failed (ID: 01200051) ..................................................... 130
2.14.6. ha_commit_error (ID: 01200052) ................................................ 130
2.14.7. ha_write_failed (ID: 01200053) .................................................. 130
2.14.8. ha_commit_unknown_error (ID: 01200054) .................................. 131
2.14.9. resync_conns_to_peer (ID: 01200100) .........................................131
2.14.10. disallowed_on_sync_iface (ID: 01200400) .................................. 131
2.14.11. sync_packet_on_nonsync_iface (ID: 01200410) ........................... 132
2.14.12. ttl_too_low (ID: 01200411) ......................................................132
2.14.13. heartbeat_from_myself (ID: 01200412) ......................................132
2.14.14. peer_gone (ID: 01200001) ....................................................... 133
2.14.15. peer_gone (ID: 01200002) ....................................................... 133
2.14.16. conflict_both_peers_active (ID: 01200003) ................................. 133
2.14.17. peer_has_higher_local_load (ID: 01200004) ................................134
2.14.18. peer_has_lower_local_load (ID: 01200005) ................................. 134
2.14.19. peer_has_more_connections (ID: 01200006) ............................... 134
2.14.20. peer_has_fewer_connections (ID: 01200007) ............................... 134
2.14.21. conflict_both_peers_inactive (ID: 01200008) ............................... 135
2.14.22. peer_has_more_connections (ID: 01200009) ............................... 135
2.14.23. peer_has_fewer_connections (ID: 01200010) ............................... 135
2.14.24. peer_alive (ID: 01200011) ....................................................... 136
2.14.25. hasync_connection_established (ID: 01200200) ........................... 136
2.14.26. hasync_connection_disconnected_lifetime_expired (ID: 01200201) . 136
2.14.27. hasync_connection_failed_timeout (ID: 01200202) ....................... 136
2.14.28. resync_conns_to_peer_complete (ID: 01200300) .......................... 137
2.14.29. action=deactivate reason=requested (ID: 01200616) ...................... 137
2.15. HWM ............................................................................................... 138
2.15.1. temperature_alarm (ID: 04000011) .............................................. 138
2.15.2. temperature_normal (ID: 04000012) ............................................ 138
2.15.3. voltage_alarm (ID: 04000021) .................................................... 138
2.15.4. voltage_normal (ID: 04000022) .................................................. 139
2.15.5. fanrpm_alarm (ID: 04000031) .................................................... 139
2.15.6. fanrpm_normal (ID: 04000032) .................................................. 140
2.15.7. gpio_alarm (ID: 04000041) ........................................................ 140
2.15.8. gpio_normal (ID: 04000042) ......................................................141
2.15.9. free_memory_warning_level (ID: 04000101) ................................ 141
2.15.10. free_memory_warning_level (ID: 04000102) ............................... 141
2.15.11. free_memory_normal_level (ID: 04000103) ................................142
2.16. IDP .................................................................................................. 143
2.16.1. invalid_url_format (ID: 01300009) .............................................. 143
2.16.2. idp_evasion (ID: 01300011) ....................................................... 143
2.16.3. idp_evasion (ID: 01300012) ....................................................... 144
2.16.4. idp_outofmem (ID: 01300013) ...................................................144
2.16.5. idp_outofmem (ID: 01300014) ...................................................144
2.16.6. idp_failscan (ID: 01300015) ....................................................... 145
2.16.7. idp_failscan (ID: 01300016) ....................................................... 145
2.16.8. idp_notice (ID: 01300002) ......................................................... 146
2.16.9. intrusion_detected (ID: 01300003) .............................................. 146
ix
Page 10
Log Reference Guide
2.16.10. virus_detected (ID: 01300004) .................................................. 147
2.16.11. invalid_url_format (ID: 01300010) ............................................147
2.16.12. scan_detected (ID: 01300001) ...................................................148
2.16.13. scan_detected (ID: 01300005) ...................................................148
2.16.14. idp_notice (ID: 01300006) ....................................................... 149
2.16.15. intrusion_detected (ID: 01300007) .............................................149
2.16.16. virus_detected (ID: 01300008) .................................................. 150
2.17. IDPUPDATE ..................................................................................... 151
2.17.1. idp_db_update_failure (ID: 01400001) .........................................151
2.17.2. idp_detects_invalid_system_time (ID: 01400005) .......................... 151
2.17.3. idp_database_downloaded (ID: 01400002) .................................... 151
2.17.4. idp_db_already_up_to_date (ID: 01400003) .................................. 152
2.17.5. idp_db_update_denied (ID: 01400004) ......................................... 152
2.17.6. downloading_new_database (ID: 01400007) ................................. 152
2.18. IFACEMON ...................................................................................... 153
2.18.1. ifacemon_status_bad (ID: 03900003) ........................................... 153
2.18.2. ifacemon_status_bad (ID: 03900004) ........................................... 153
2.18.3. ifacemon_status_bad_rereport (ID: 03900001) ............................... 153
2.19. IPPOOL ............................................................................................ 155
2.19.1. no_offer_received (ID: 01900001) ............................................... 155
2.19.2. no_valid_dhcp_offer_received (ID: 01900002) ..............................155
2.19.3. pool_reached_max_dhcp_clients (ID: 01900014) ........................... 155
2.19.4. macrange_depleted (ID: 01900015) .............................................156
2.19.5. too_many_dhcp_offers_received (ID: 01900003) ........................... 156
2.19.6. lease_disallowed_by_lease_filter (ID: 01900004) ........................... 156
2.19.7. lease_disallowed_by_server_filter (ID: 01900005) ......................... 156
2.19.8. lease_have_bad_dhcp_server (ID: 01900006) ................................ 157
2.19.9. lease_have_bad_netmask (ID: 01900007) ..................................... 157
2.19.10. lease_have_bad_offered_broadcast (ID: 01900008) .......................157
2.19.11. lease_have_bad_offered_ip (ID: 01900009) ................................. 158
2.19.12. lease_have_bad_gateway_ip (ID: 01900010) ............................... 158
2.19.13. lease_ip_is_already_occupied (ID: 01900011) ............................. 158
2.19.14. lease_rejected_by_server (ID: 01900012) .................................... 159
2.19.15. ip_offer_already_exist_in_the_pool (ID: 01900013) ...................... 159
2.19.16. ip_fetched_pool (ID: 01900016) ................................................159
2.19.17. ip_returned_to_pool (ID: 01900017) .......................................... 160
2.20. IPSEC ..............................................................................................161
2.20.1. fatal_ipsec_event (ID: 01800100) ................................................161
2.20.2. maximum_allowed_tunnels_limit_reached (ID: 01800900) .............. 161
2.20.3. commit_failed (ID: 01800200) .................................................... 161
2.20.4. x509_init_failed (ID: 01800203) ................................................. 162
2.20.5. failed_to_configure_IPsec (ID: 01800210) .................................... 162
2.20.6. IPsec_init_failed (ID: 01800213) ................................................162
2.20.7. no_policymanager (ID: 01800316) .............................................. 162
2.20.8. failed_to_add_key_provider (ID: 01800321) ................................. 163
2.20.9. failed_to_create_authorization (ID: 01800327) .............................. 163
2.20.10. Failed_to_create_xauth_group (ID: 01800329) ............................. 163
2.20.11. SAs_not_killed_for_remote_peer (ID: 01800901) ......................... 163
2.20.12. max_number_of_policy_rules_reached (ID: 01802110) ................. 164
2.20.13. outofmem_create_engine (ID: 01802901) ................................... 164
2.20.14. init_rulelooklup_failed (ID: 01802903) ....................................... 164
2.20.15. init_rule_looklup_failed (ID: 01802904) ..................................... 165
2.20.16. init_rule_looklup_failed (ID: 01802905) ..................................... 165
2.20.17. init_mutexes_failed (ID: 01802906) ........................................... 165
2.20.18. init_interface_table_failed (ID: 01802907) .................................. 165
2.20.19. init_flow_id_table_failed (ID: 01802908) ................................... 166
2.20.20. init_flow_table_failed (ID: 01802909) ........................................ 166
2.20.21. init_next_hop_table_failed (ID: 01802910) .................................166
2.20.22. init_transform_table_failed (ID: 01802911) ................................. 166
2.20.23. init_peer_hash_failed (ID: 01802912) ........................................ 167
2.20.24. init_peer_id_hash_failed (ID: 01802913) .................................... 167
2.20.25. init_rule_table_failed (ID: 01802914) ......................................... 167
2.20.26. init_inbound_spi_hash_failed (ID: 01802915) ..............................168
x
Page 11
Log Reference Guide
2.20.27. init_transform_context_hash_failed (ID: 01802916) ...................... 168
2.20.28. init_packet_context_cache_failed (ID: 01802917) ......................... 168
2.20.29. init_transform_context_table_failed (ID: 01802918) ..................... 168
2.20.30. init_nat_table_failed (ID: 01802919) .......................................... 169
2.20.31. init_frag_table_failed (ID: 01802920) ........................................ 169
2.20.32. init_engine_tables_failed (ID: 01802921) .................................... 169
2.20.33. init_interceptor_failed (ID: 01802922) ........................................ 169
2.20.34. pm_create_failed (ID: 01800204) .............................................. 170
2.20.35. failed_to_start_ipsec (ID: 01800206) .......................................... 170
2.20.36. failed_create_audit_module (ID: 01800207) ................................170
2.20.37. Failed_to_add_certificate (ID: 01800302) ................................... 171
2.20.38. failed_to_set_algorithm_properties (ID: 01800304) ...................... 171
2.20.39. failed_to_set_algorithm_properties (ID: 01800305) ...................... 171
2.20.40. failed_to_add_root_certificate (ID: 01800306) ............................. 172
2.20.41. failed_to_add_peer (ID: 01800312) ............................................ 172
2.20.42. failed_to_add_rules (ID: 01800313) ........................................... 172
2.20.43. failed_to_add_rules (ID: 01800314) ........................................... 173
2.20.44. failed_to_set_dpd_cb (ID: 01800318) ......................................... 173
2.20.45. failed_to_add_certificate (ID: 01800322) .................................... 173
2.20.46. failed_to_set_remote_ID (ID: 01800323) .................................... 173
2.20.47. Failed_to_set_xauth (ID: 01800328) .......................................... 174
2.20.48. no_remote_gateway (ID: 01800503) .......................................... 174
2.20.49. no_route (ID: 01800504) ......................................................... 174
2.20.50. ping_keepalive_failed_in_tunnel (ID: 01800505) ......................... 175
2.20.51. ipsec_interface_disabled (ID: 01800506) .................................... 175
2.20.52. ipsec_invalid_protocol (ID: 01802059) ....................................... 175
2.20.53. ipsec_sa_negotiation_aborted (ID: 01802060) ..............................176
2.20.54. create_rules_failed (ID: 01802080) ............................................ 176
2.20.55. create_rules_failed (ID: 01802081) ............................................ 176
2.20.56. no_authentication_method_specified (ID: 01802100) .................... 176
2.20.57. no_key_method_configured_for tunnel (ID: 01802102) .................177
2.20.58. invalid_configuration_of_force_open (ID: 01802104) ................... 177
2.20.59. invalid_rule_setting (ID: 01802105) ........................................... 177
2.20.60. invalid_rule_setting (ID: 01802106) ........................................... 178
2.20.61. invalid_rule_setting (ID: 01802107) ........................................... 178
2.20.62. invalid_rule_setting (ID: 01802108) ........................................... 178
2.20.63. invalid_rule_setting (ID: 01802109) ........................................... 178
2.20.64. suspicious_outbound_rule (ID: 01802114) .................................. 179
2.20.65. no_algorithms_configured_for_tunnel (ID: 01802200) .................. 179
2.20.66. no_encryption_algorithm_configured_for_tunnel (ID: 01802201) .... 179
2.20.67. no_authentication_algorithm_specified (ID: 01802203) .................180
2.20.68. AH_not_supported (ID: 01802204) ............................................180
2.20.69. invalid_tunnel_configuration (ID: 01802208) ..............................180
2.20.70. invalid_tunnel_configuration (ID: 01802209) ..............................181
2.20.71. invalid_tunnel_configuration (ID: 01802210) ..............................181
2.20.72. out_of_memory_for_tunnel (ID: 01802211) ................................ 181
2.20.73. invalid_key_size (ID: 01802214) ...............................................181
2.20.74. invalid_key_size (ID: 01802215) ...............................................182
2.20.75. invalid_key_size (ID: 01802216) ...............................................182
2.20.76. invalid_key_size (ID: 01802217) ...............................................182
2.20.77. invalid_cipher_keysize (ID: 01802218) ...................................... 183
2.20.78. invalid_key_size (ID: 01802219) ...............................................183
2.20.79. invalid_cipher_keysize (ID: 01802220) ...................................... 183
2.20.80. malformed_tunnel_id_configured (ID: 01802225) ........................ 184
2.20.81. malformed_psk_configured (ID: 01802229) ................................ 184
2.20.82. could_not_insert_cert_to_db (ID: 01802606) ............................... 184
2.20.83. could_not_insert_cert_to_db (ID: 01802609) ............................... 184
2.20.84. warning_ipsec_event (ID: 01800101) ......................................... 185
2.20.85. ike_invalid_payload (ID: 01800106) .......................................... 185
2.20.86. ike_invalid_proposal (ID: 01800107) .........................................185
2.20.87. ike_quickmode_failed (ID: 01800109) ........................................ 186
2.20.88. dns_resolve_failed (ID: 01800308) ............................................186
2.20.89. dns_resolve_failed (ID: 01800309) ............................................186
xi
Page 12
Log Reference Guide
2.20.90. ippool_does_not_exist (ID: 01800400) ....................................... 187
2.20.91. Recieved_plaintext_packet_for_disabled_IPsec_interface (ID: 01800502)
........................................................................................................ 187
2.20.92. trigger_non_ip_packet (ID: 01802001) ....................................... 187
2.20.93. rule_not_active (ID: 01802002) ................................................. 188
2.20.94. malformed_packet (ID: 01802003) ............................................ 188
2.20.95. max_ipsec_sa_negotiations_reached (ID: 01802004) ..................... 188
2.20.96. max_number_of_tunnels_reached (ID: 01802011) ........................ 189
2.20.97. ike_sa_failed (ID: 01802022) .................................................... 189
2.20.98. ike_sa_negotiation_failed (ID: 01802031) ................................... 189
2.20.99. could_not_decode_certificate (ID: 01802600) .............................. 190
2.20.100. could_not_convert_certificate (ID: 01802601) ............................ 190
2.20.101. could_not_get_subject_nam_from_ca_cert (ID: 01802602) ........... 190
2.20.102. could_not_set_cert_to_non_CRL_issuer (ID: 01802603) ..............190
2.20.103. could_not_force_cert_to_be_trusted (ID: 01802604) ................... 191
2.20.104. could_not_trusted_set_for_cert (ID: 01802605) .......................... 191
2.20.105. could_not_decode_certificate (ID: 01802607) ............................ 191
2.20.106. could_not_loack_certificate (ID: 01802608) ..............................192
2.20.107. could_not_decode_crl (ID: 01802610) ...................................... 192
2.20.108. Certificate_contains_bad_IP_address (ID: 01802705) .................. 192
2.20.109. dn_name_as_subject_alt_name (ID: 01802706) .......................... 192
2.20.110. could_not_decode_certificate (ID: 01802707) ............................ 193
2.20.111. event_on_ike_sa (ID: 01802715) ............................................. 193
2.20.112. ipsec_sa_selection_failed (ID: 01802717) .................................. 193
2.20.113. certificate_search_failed (ID: 01802718) ...................................194
2.20.114. ipsec_sa_event (ID: 01802730) ............................................... 194
2.20.115. ipsec_sa_event (ID: 01802731) ............................................... 194
2.20.116. malformed_ike_sa_proposal (ID: 01803000) ..............................195
2.20.117. ike_phase1_notification (ID: 01803003) .................................... 195
2.20.118. ipsec_sa_failed (ID: 01803020) ...............................................195
2.20.119. rejecting_ipsec_sa_delete (ID: 01803027) ................................. 196
2.20.120. rejecting_ipsec_sa_delete (ID: 01803028) ................................. 196
2.20.121. ike_phase2_notification (ID: 01803029) .................................... 196
2.20.122. ike_qm_notification (ID: 01803030) ......................................... 197
2.20.123. malformed_ipsec_sa_proposal (ID: 01803050) ........................... 197
2.20.124. malformed_ipsec_esp_proposal (ID: 01803051) ......................... 198
2.20.125. malformed_ipsec_ah_proposal (ID: 01803052) ........................... 198
2.20.126. failed_to_select_ipsec_proposal (ID: 01803053) ......................... 198
2.20.127. audit_event (ID: 01800103) .................................................... 198
2.20.128. audit_flood (ID: 01800104) .................................................... 199
2.20.129. ike_delete_notification (ID: 01800105) ..................................... 199
2.20.130. ike_retry_limit_reached (ID: 01800108) .................................... 199
2.20.131. packet_corrupt (ID: 01800110) ................................................200
2.20.132. icv_failure (ID: 01800111) ..................................................... 200
2.20.133. sequence_number_failure (ID: 01800112) ................................. 201
2.20.134. sa_lookup_failure (ID: 01800113) ............................................ 201
2.20.135. ip_fragment (ID: 01800114) ...................................................201
2.20.136. sequence_number_overflow (ID: 01800115) .............................. 202
2.20.137. bad_padding (ID: 01800116) .................................................. 202
2.20.138. hardware_accelerator_congested (ID: 01800117) ........................ 203
2.20.139. hardware_acceleration_failure (ID: 01800118) ........................... 203
2.20.140. cfgmode_ip_freed (ID: 01800402) ........................................... 203
2.20.141. recieved_packet_to_disabled_IPsec (ID: 01800500) .................... 204
2.20.142. recieved_packet_to_disabled_IPsec (ID: 01800501) .................... 204
2.20.143. rule_selection_failed (ID: 01802300) ........................................ 204
2.20.144. max_phase1_sa_reached (ID: 01802400) ...................................205
2.20.145. max_phase1_negotiations_reached (ID: 01802402) ..................... 205
2.20.146. max_active_quickmode_negotiation_reached (ID: 01802403) ....... 205
2.20.147. ike_responder_mode_not_available (ID: 01803101) .................... 206
2.20.148. commit suceeded (ID: 01800201) ............................................ 206
2.20.149. IPsec_succesfully_started (ID: 01800202) ................................. 206
2.20.150. reconfig_IPsec (ID: 01800211) ................................................206
2.20.151. ipsec_started_suceessfully (ID: 01800214) ................................ 207
xii
Page 13
Log Reference Guide
2.20.152. Default_IKE_DH_groups_will_be_used (ID: 01800303) ..............207
2.20.153. new_remote_gw_ip (ID: 01800315) .........................................207
2.20.154. peer_is_dead (ID: 01800317) .................................................. 208
2.20.155. ike_sa_negotiation_completed (ID: 01802024) ........................... 208
2.20.156. ike_sa_negotiation_failed (ID: 01802030) ................................. 208
2.20.157. ipsec_sa_negotiation_completed (ID: 01802040) ........................ 209
2.20.158. ipsec_sa_informal (ID: 01802041) ........................................... 209
2.20.159. ipsec_sa_informal (ID: 01802043) ........................................... 209
2.20.160. ipsec_sa_informal (ID: 01802044) ........................................... 210
2.20.161. ipsec_sa_lifetime (ID: 01802045) ............................................ 210
2.20.162. ipsec_sa_lifetime (ID: 01802046) ............................................ 210
2.20.163. ipsec_sa_lifetime (ID: 01802047) ............................................ 211
2.20.164. ipsec_sa_lifetime (ID: 01802048) ............................................ 211
2.20.165. ipsec_sa_informal (ID: 01802058) ........................................... 211
2.20.166. ike_sa_negotiation_completed (ID: 01802703) ........................... 212
2.20.167. ike_sa_negotiation_completed (ID: 01802704) ........................... 212
2.20.168. ike_sa_destroyed (ID: 01802708) ............................................. 212
2.20.169. cfgmode_exchange_event (ID: 01802709) ................................. 213
2.20.170. remote_access_address (ID: 01802710) ..................................... 213
2.20.171. remote_access_dns (ID: 01802711) .......................................... 213
2.20.172. remote_access_wins (ID: 01802712) ........................................ 214
2.20.173. remote_access_dhcp (ID: 01802713) ........................................ 214
2.20.174. remote_access_subnets (ID: 01802714) ..................................... 214
2.20.175. ipsec_sa_destroyed (ID: 01802732) .......................................... 215
2.20.176. (ID: 01802735) ..................................................................... 215
2.20.177. (ID: 01802736) ..................................................................... 215
2.20.178. failed_to_select_policy_rule (ID: 01803001) ..............................216
2.20.179. failed_to_select_ike_sa (ID: 01803002) .................................... 216
2.20.180. ipsec_sa_statistics (ID: 01803021) ........................................... 216
2.20.181. config_mode_exchange_event (ID: 01803022) ........................... 217
2.20.182. config_mode_exchange_event (ID: 01803023) ........................... 217
2.20.183. xauth_exchange_done (ID: 01803024) ......................................217
2.20.184. config_mode_exchange_event (ID: 01803025) ........................... 217
2.20.185. config_mode_exchange_event (ID: 01803026) ........................... 218
2.20.186. failed_to_verify_peer_identity (ID: 01803040) ........................... 218
2.20.187. failed_to_select_ipsec_sa (ID: 01803054) .................................. 218
2.21. IP_ERROR ....................................................................................... 220
2.21.1. too_small_packet (ID: 01500001) ............................................... 220
2.21.2. disallwed_ip_ver (ID: 01500002) ................................................220
2.21.3. invalid_ip_length (ID: 01500003) ............................................... 220
2.21.4. invalid_ip_length (ID: 01500004) ............................................... 221
2.21.5. invalid_ip_checksum (ID: 01500005) ..........................................221
2.22. IP_FLAG .......................................................................................... 222
2.22.1. ttl_low (ID: 01600001) .............................................................. 222
2.22.2. ip_rsv_flag_set (ID: 01600003) .................................................. 222
2.22.3. ip_rsv_flag_set (ID: 01600002) .................................................. 222
2.23. IP_OPT ............................................................................................ 224
2.23.1. ipoptlen_too_small (ID: 01700010) ............................................. 224
2.23.2. ipoptlen_invalid (ID: 01700011) ................................................. 224
2.23.3. multiple_ip_option_routes (ID: 01700012) ....................................224
2.23.4. bad_length (ID: 01700013) ........................................................ 225
2.23.5. bad_route_pointer (ID: 01700014) ............................................... 225
2.23.6. source_route_disallowed (ID: 01700015) ...................................... 225
2.23.7. multiple_ip_option_timestamps (ID: 01700016) ............................. 226
2.23.8. bad_timestamp_len (ID: 01700017) ............................................. 226
2.23.9. bad_timestamp_pointer (ID: 01700018) ........................................ 227
2.23.10. bad_timestamp_pointer (ID: 01700019) ...................................... 227
2.23.11. timestamp_disallowed (ID: 01700020) ....................................... 227
2.23.12. router_alert_bad_len (ID: 01700021) .......................................... 228
2.23.13. router_alert_disallowed (ID: 01700022) ...................................... 228
2.23.14. ipopt_present_disallowed (ID: 01700023) ................................... 228
2.23.15. source_route (ID: 01700001) .................................................... 229
2.23.16. timestamp (ID: 01700002) ....................................................... 229
xiii
Page 14
Log Reference Guide
2.23.17. router_alert (ID: 01700003) ...................................................... 229
2.23.18. ipopt_present (ID: 01700004) ................................................... 230
2.24. IP_PROTO ........................................................................................ 231
2.24.1. multicast_ethernet_ip_address_missmatch (ID: 07000011) ............... 231
2.24.2. invalid_ip4_header_length (ID: 07000012) ................................... 231
2.24.3. ttl_zero (ID: 07000013) ............................................................. 231
2.24.4. ttl_low (ID: 07000014) .............................................................. 232
2.24.5. ip_rsv_flag_set (ID: 07000015) .................................................. 232
2.24.6. oversize_tcp (ID: 07000018) ...................................................... 232
2.24.7. invalid_tcp_header (ID: 07000019) .............................................233
2.24.8. oversize_udp (ID: 07000021) ..................................................... 233
2.24.9. invalid_udp_header (ID: 07000022) ............................................. 234
2.24.10. oversize_icmp (ID: 07000023) .................................................. 234
2.24.11. invalid_icmp_header (ID: 07000024) .........................................234
2.24.12. oversize_gre (ID: 07000050) .................................................... 235
2.24.13. oversize_esp (ID: 07000051) .................................................... 235
2.24.14. oversize_ah (ID: 07000052) ..................................................... 235
2.24.15. oversize_skip (ID: 07000053) ...................................................236
2.24.16. oversize_ospf (ID: 07000054) ................................................... 236
2.24.17. oversize_ipip (ID: 07000055) ...................................................237
2.24.18. oversize_ipcomp (ID: 07000056) ............................................... 237
2.24.19. oversize_l2tp (ID: 07000057) ...................................................237
2.24.20. oversize_ip (ID: 07000058) ...................................................... 238
2.24.21. fragmented_icmp (ID: 07000070) .............................................. 238
2.24.22. invalid_icmp_data_too_small (ID: 07000071) ..............................238
2.24.23. invalid_icmp_data_ip_ver (ID: 07000072) .................................. 239
2.24.24. invalid_icmp_data_too_small (ID: 07000073) ..............................239
2.24.25. invalid_icmp_data_invalid_ip_length (ID: 07000074) ................... 239
2.24.26. invalid_icmp_data_invalid_paramprob (ID: 07000075) ................. 240
2.25. L2TP ................................................................................................ 241
2.25.1. l2tpclient_resolve_failed (ID: 02800002) ......................................241
2.25.2. unknown_l2tp_auth_source (ID: 02800005) .................................. 241
2.25.3. only_routes_set_up_by_server_iface_allowed (ID: 02800006) .......... 241
2.25.4. session_closed (ID: 02800009) ................................................... 242
2.25.5. l2tp_no_userauth_rule_found (ID: 02800014) ................................ 242
2.25.6. failure_init_radius_accounting (ID: 02800017) ..............................242
2.25.7. malformed_packet (ID: 02800019) .............................................. 243
2.25.8. l2tpclient_resolve_successful (ID: 02800001) ................................243
2.25.9. l2tpclient_init (ID: 02800003) .................................................... 243
2.25.10. l2tp_connection_disallowed (ID: 02800004) ................................244
2.25.11. l2tp_session_closed (ID: 02800007) ........................................... 244
2.25.12. l2tp_tunnel_closed (ID: 02800008) ............................................ 244
2.25.13. l2tp_session_request (ID: 02800010) .......................................... 245
2.25.14. l2tp_session_up (ID: 02800011) ................................................ 245
2.25.15. l2tp_session_request (ID: 02800015) .......................................... 245
2.25.16. l2tp_session_up (ID: 02800016) ................................................ 246
2.25.17. l2tpclient_tunnel_up (ID: 02800018) .......................................... 246
2.25.18. waiting_for_ip_to_listen_on (ID: 02800050) ............................... 246
2.26. LICUPDATE ..................................................................................... 248
2.26.1. license_update_failure (ID: 05500001) .........................................248
2.26.2. license_downloaded (ID: 05500002) ............................................248
2.26.3. license_already_up_to_date (ID: 05500003) .................................. 248
2.27. NETCON .......................................................................................... 249
2.27.1. cert_upload_failed (ID: 02300201) .............................................. 249
2.27.2. upload_fail_disk_out_of_space (ID: 02300250) .............................249
2.27.3. upload_fail_disk_cannot_remove (ID: 02300251) .......................... 249
2.27.4. netcon_init_fail_listen_socket_fail (ID: 02300500) ......................... 250
2.27.5. netcon_init_fail_security_file_corrupt (ID: 02300501) ....................250
2.27.6. disk_cannot_write (ID: 02300505) .............................................. 250
2.27.7. keychange_fail (ID: 02300507) ...................................................251
2.27.8. disk_cannot_read_old_keys (ID: 02300508) .................................. 251
2.27.9. download_fail (ID: 02300509) .................................................... 251
2.27.10. concurrent_netcon_processing (ID: 02300510) ............................. 252
xiv
Page 15
Log Reference Guide
2.27.11. disk_cannot_write (ID: 02300511) .............................................252
2.27.12. disk_cannot_read_download_fail (ID: 02300514) ......................... 252
2.27.13. netcon_connect_reject_shutdown_running (ID: 02300002) ............. 253
2.27.14. disallowed_netcon_ping (ID: 02300003) ..................................... 253
2.27.15. netcon_sessionmanager_error (ID: 02300101) .............................. 254
2.27.16. disk_write_error (ID: 02300300) ...............................................254
2.27.17. concurrent_processing_limit_reached (ID: 02300400) ................... 254
2.27.18. disallowed_netcon_connect (ID: 02300502) ................................ 255
2.27.19. upload_fail (ID: 02300517) ...................................................... 255
2.27.20. cert_upload_aborted (ID: 02300200) .......................................... 255
2.27.21. disk_out_of_space (ID: 02300252) ............................................ 256
2.27.22. upload_complete (ID: 02300350) .............................................. 256
2.27.23. netcon_connect (ID: 02300503) ................................................256
2.27.24. netcon_disconnect (ID: 02300504) ............................................. 257
2.27.25. keychange_successful (ID: 02300506) ........................................ 257
2.27.26. upload_begin (ID: 02300512) ................................................... 257
2.27.27. upload_begin (ID: 02300513) ................................................... 258
2.27.28. download_begin (ID: 02300515) ...............................................258
2.27.29. upload_abort (ID: 02300516) .................................................... 258
2.27.30. download_complete (ID: 02300518) .......................................... 259
2.27.31. init_complete (ID: 02300001) ...................................................259
2.27.32. cert_upload_begin (ID: 02300202) ............................................. 259
2.28. OSPF ............................................................................................... 261
2.28.1. failed_to_create_replacement_lsa (ID: 02400161) ..........................261
2.28.2. unable_to_send_ack (ID: 02400162) ............................................261
2.28.3. as_disabled_due_to_mem_alloc_fail (ID: 02400305) ...................... 261
2.28.4. internal_lsa_chksum_error (ID: 02400306) ................................... 262
2.28.5. memory_allocation_failure (ID: 02400500) ................................... 262
2.28.6. unable_to_send (ID: 02400501) .................................................. 262
2.28.7. failed_to_add_route (ID: 02400502) ............................................262
2.28.8. internal_error (ID: 02400001) ..................................................... 263
2.28.9. internal_error (ID: 02400002) ..................................................... 263
2.28.10. unable_to_map_ptp_neighbor (ID: 02400003) ............................. 264
2.28.11. bad_packet_len (ID: 02400004) ................................................264
2.28.12. bad_ospf_version (ID: 02400005) .............................................. 264
2.28.13. sender_not_in_iface_range (ID: 02400006) ................................. 265
2.28.14. area_mismatch (ID: 02400007) ................................................. 265
2.28.15. hello_netmask_mismatch (ID: 02400008) ................................... 265
2.28.16. hello_interval_mismatch (ID: 02400009) .................................... 266
2.28.17. hello_rtr_dead_mismatch (ID: 02400010) ................................... 266
2.28.18. hello_e_flag_mismatch (ID: 02400011) ...................................... 267
2.28.19. hello_n_flag_mismatch (ID: 02400012) ...................................... 267
2.28.20. both_np_and_e_flag_set (ID: 02400013) ..................................... 267
2.28.21. unknown_lsa_type (ID: 02400014) ............................................268
2.28.22. auth_mismatch (ID: 02400050) ................................................. 268
2.28.23. bad_auth_password (ID: 02400051) ........................................... 269
2.28.24. bad_auth_crypto_key_id (ID: 02400052) .................................... 269
2.28.25. bad_auth_crypto_seq_number (ID: 02400053) ............................. 269
2.28.26. bad_auth_crypto_digest (ID: 02400054) ..................................... 270
2.28.27. checksum_mismatch (ID: 02400055) ......................................... 270
2.28.28. dd_mtu_exceeds_interface_mtu (ID: 02400100) ........................... 270
2.28.29. m_ms_mismatch (ID: 02400101) ............................................... 271
2.28.30. i_flag_misuse (ID: 02400102) ...................................................271
2.28.31. opt_change (ID: 02400103) ...................................................... 271
2.28.32. bad_seq_num (ID: 02400104) ................................................... 272
2.28.33. non_dup_dd (ID: 02400105) ..................................................... 272
2.28.34. as_ext_on_stub (ID: 02400106) ................................................. 272
2.28.35. unknown_lsa (ID: 02400107) .................................................... 273
2.28.36. bad_lsa_sequencenumber (ID: 02400108) ................................... 273
2.28.37. bad_lsa_maxage (ID: 02400109) ...............................................273
2.28.38. lsa_checksum_mismatch (ID: 02400150) .................................... 274
2.28.39. unknown_lsa_type (ID: 02400151) ............................................274
2.28.40. bad_lsa_sequencenumber (ID: 02400152) ................................... 274
xv
Page 16
Log Reference Guide
2.28.41. bad_lsa_maxage (ID: 02400153) ...............................................275
2.28.42. received_as_ext_on_stub (ID: 02400154) .................................... 275
2.28.43. received_selforg_for_unknown_lsa_type (ID: 02400155) ............... 275
2.28.44. db_copy_more_recent_then_received (ID: 02400156) ................... 276
2.28.45. got_ack_mismatched_lsa (ID: 02400157) .................................... 276
2.28.46. upd_packet_lsa_size_mismatch (ID: 02400158) ........................... 276
2.28.47. req_packet_lsa_size_mismatch (ID: 02400159) ............................ 277
2.28.48. ack_packet_lsa_size_mismatch (ID: 02400160) ...........................277
2.28.49. unknown_neighbor (ID: 02400200) ........................................... 277
2.28.50. too_many_neighbors (ID: 02400201) .........................................278
2.28.51. neighbor_died (ID: 02400202) .................................................. 278
2.28.52. unable_to_find_transport_area (ID: 02400300) ............................ 278
2.28.53. internal_error_unable_to_map_identifier (ID: 02400301) ............... 279
2.28.54. lsa_size_too_big (ID: 02400302) ............................................... 279
2.28.55. memory_usage_exceeded_70_percent_of_max_allowed (ID: 02400303)
........................................................................................................ 280
2.28.56. memory_usage_exceeded_90_percent_of_max_allowed (ID: 02400304)
........................................................................................................ 280
2.28.57. unable_to_find_iface_to_stub_net (ID: 02400400) ........................ 280
2.28.58. internal_error_unable_to_find_lnk_connecting_to_lsa (ID: 02400401) 281
2.28.59. internal_error_unable_to_find_iface_connecting_to_lsa (ID: 02400402)
........................................................................................................ 281
2.28.60. internal_error_unable_to_find_lnk_connecting_to_lsa (ID: 02400403) 281
2.28.61. internal_error_unable_to_find_iface_connecting_to_lsa (ID: 02400404)
........................................................................................................ 282
2.28.62. internal_error_unable_neighbor_iface_attached_back_to_me (ID:
02400405) ........................................................................................ 282
2.28.63. bad_iface_type_mapping_rtr_to_rtr_link (ID: 02400406) ............... 283
2.28.64. internal_error_unable_to_find_lnk_connecting_to_lsa (ID: 02400407) 283
2.29. PPP .................................................................................................. 284
2.29.1. ppp_tunnel_limit_exceeded (ID: 02500100) .................................. 284
2.29.2. failed_to_agree_on_authentication_protocol (ID: 02500050) ............ 284
2.29.3. peer_refuses_to_use_authentication (ID: 02500051) .......................284
2.29.4. lcp_negotiation_stalled (ID: 02500052) ........................................ 285
2.29.5. unsupported_auth_server (ID: 02500500) ..................................... 285
2.29.6. radius_error (ID: 02500501) ....................................................... 285
2.29.7. authdb_error (ID: 02500502) ...................................................... 286
2.29.8. MPPE_decrypt_fail (ID: 02500600) ............................................. 286
2.29.9. ip_pool_empty (ID: 02500001) ................................................... 286
2.29.10. ip_address_required_but_not_received (ID: 02500002) ................. 287
2.29.11. primary_dns_address_required_but_not_received (ID: 02500003) ... 287
2.29.12. seconday_dns_address_required_but_not_received (ID: 02500004) . 287
2.29.13. primary_nbns_address_required_but_not_received (ID: 02500005) ..288
2.29.14. seconday_nbns_address_required_but_not_received (ID: 02500006) 288
2.29.15. authentication_failed (ID: 02500101) .........................................288
2.29.16. response_value_too_long (ID: 02500150) ................................... 289
2.29.17. username_too_long (ID: 02500151) ........................................... 289
2.29.18. username_too_long (ID: 02500201) ........................................... 289
2.29.19. username_too_long (ID: 02500301) ........................................... 290
2.29.20. username_too_long (ID: 02500350) ........................................... 290
2.29.21. password_too_long (ID: 02500351) ........................................... 290
2.30. PPPOE ............................................................................................. 291
2.30.1. pppoe_tunnel_up (ID: 02600001) ................................................ 291
2.30.2. pppoe_tunnel_closed (ID: 02600002) ........................................... 291
2.31. PPTP ................................................................................................ 292
2.31.1. pptpclient_resolve_failed (ID: 02700002) ..................................... 292
2.31.2. pptp_connection_disallowed (ID: 02700003) .................................292
2.31.3. unknown_pptp_auth_source (ID: 02700004) ................................. 292
2.31.4. user_disconnected (ID: 02700005) .............................................. 293
2.31.5. only_routes_set_up_by_server_iface_allowed (ID: 02700006) .......... 293
2.31.6. mppe_required (ID: 02700007) ................................................... 293
2.31.7. unsupported_message (ID: 02700010) .......................................... 294
2.31.8. failure_init_radius_accounting (ID: 02700011) ..............................294
xvi
Page 17
Log Reference Guide
2.31.9. pptp_session_up (ID: 02700012) ................................................. 295
2.31.10. pptp_session_up (ID: 02700013) ...............................................295
2.31.11. tunnel_idle_timeout (ID: 02700014) .......................................... 295
2.31.12. session_idle_timeout (ID: 02700015) .........................................296
2.31.13. ctrlconn_refused (ID: 02700020) ............................................... 296
2.31.14. pptp_connection_disallowed (ID: 02700024) ............................... 297
2.31.15. unknown_pptp_auth_source (ID: 02700025) ................................ 297
2.31.16. pptp_no_userauth_rule_found (ID: 02700026) .............................297
2.31.17. malformed_packet (ID: 02700027) ............................................ 298
2.31.18. waiting_for_ip_to_listen_on (ID: 02700050) ............................... 298
2.31.19. pptpclient_resolve_successful (ID: 02700001) ............................. 298
2.31.20. pptp_session_closed (ID: 02700008) .......................................... 299
2.31.21. pptp_session_request (ID: 02700009) .........................................299
2.31.22. pptpclient_start (ID: 02700017) ................................................. 299
2.31.23. pptpclient_connected (ID: 02700018) .........................................300
2.31.24. pptp_tunnel_up (ID: 02700019) ................................................300
2.31.25. pptp_tunnel_up (ID: 02700021) ................................................300
2.31.26. pptp_tunnel_closed (ID: 02700022) ........................................... 301
2.32. REASSEMBLY ................................................................................. 302
2.32.1. mismatching_data_in_overlapping_tcp_segment (ID: 04800004) ...... 302
2.32.2. memory_allocation_failure (ID: 04800005) ................................... 302
2.32.3. drop_due_to_buffer_starvation (ID: 04800007) .............................. 302
2.32.4. failed_to_send_ack (ID: 04800008) .............................................303
2.32.5. state_memory_allocation_failed (ID: 04800011) ............................ 303
2.32.6. invalid_tcp_checksum (ID: 04800003) ......................................... 303
2.32.7. processing_memory_limit_reached (ID: 04800009) ........................ 304
2.32.8. maximum_connections_limit_reached (ID: 04800010) ....................304
2.32.9. ack_of_not_transmitted_data (ID: 04800002) ................................304
2.33. RFO .................................................................................................305
2.33.1. no_ping (ID: 04100003) ............................................................305
2.33.2. unable_to_register_pingmon (ID: 04100005) .................................305
2.33.3. no_arp (ID: 04100007) ..............................................................305
2.33.4. unable_to_register_arp_monitor (ID: 04100008) ............................ 306
2.33.5. no_link (ID: 04100010) ............................................................. 306
2.33.6. unable_to_register_interface_monitor (ID: 04100012) ..................... 306
2.33.7. unable_to_register_interface_monitor (ID: 04100013) ..................... 307
2.33.8. no_ping (ID: 04100002) ............................................................307
2.33.9. unable_to_register_pingmon (ID: 04100004) .................................308
2.33.10. unable_to_register_arp_monitor (ID: 04100009) .......................... 308
2.33.11. have_ping (ID: 04100001) ....................................................... 308
2.33.12. have_arp (ID: 04100006) ......................................................... 309
2.33.13. have_link (ID: 04100011) ........................................................ 309
2.33.14. hostmon_failed (ID: 04100014) ................................................. 309
2.33.15. hostmon_successful (ID: 04100015) ..........................................310
2.34. RULE .............................................................................................. 311
2.34.1. block0net (ID: 06000010) .......................................................... 311
2.34.2. block0net (ID: 06000011) .......................................................... 311
2.34.3. block127net (ID: 06000012) ....................................................... 311
2.34.4. block127net (ID: 06000013) ....................................................... 312
2.34.5. unknown_vlandid (ID: 06000040) ............................................... 312
2.34.6. ruleset_reject_packet (ID: 06000050) ........................................... 312
2.34.7. ruleset_drop_packet (ID: 06000051) ............................................ 313
2.34.8. ruleset_fwdfast (ID: 06000003) .................................................. 313
2.34.9. ip_verified_access (ID: 06000005) .............................................. 313
2.34.10. directed_broadcasts (ID: 06000030) ........................................... 314
2.34.11. directed_broadcasts (ID: 06000031) ........................................... 314
2.34.12. unhandled_local (ID: 06000060) ............................................... 314
2.35. SESMGR .......................................................................................... 316
2.35.1. sesmgr_allocate_error (ID: 04900009) ......................................... 316
2.35.2. sesmgr_console_denied_init (ID: 04900012) .................................316
2.35.3. sesmgr_file_error (ID: 04900017) ............................................... 316
2.35.4. sesmgr_session_denied (ID: 04900002) ........................................ 316
2.35.5. sesmgr_console_denied (ID: 04900007) ....................................... 317
xvii
Page 18
Log Reference Guide
2.35.6. sesmgr_session_maximum_reached (ID: 04900008) ....................... 317
2.35.7. sesmgr_session_access_missing (ID: 04900015) ............................ 317
2.35.8. sesmgr_session_created (ID: 04900001) ....................................... 318
2.35.9. sesmgr_session_removed (ID: 04900003) ..................................... 318
2.35.10. sesmgr_access_set (ID: 04900004) ............................................ 319
2.35.11. sesmgr_session_timeout (ID: 04900005) ..................................... 319
2.35.12. sesmgr_upload_denied (ID: 04900006) ....................................... 319
2.35.13. sesmgr_session_activate (ID: 04900010) ..................................... 320
2.35.14. sesmgr_session_disabled (ID: 04900011) .................................... 320
2.35.15. sesmgr_session_previous_removed (ID: 04900014) ...................... 320
2.35.16. sesmgr_session_old_removed (ID: 04900016) ............................. 321
2.35.17. sesmgr_techsupport (ID: 04900018) ........................................... 321
2.36. SLB .................................................................................................322
2.36.1. server_offline (ID: 02900002) .................................................... 322
2.36.2. server_online (ID: 02900001) ..................................................... 322
2.37. SMTPLOG ........................................................................................ 323
2.37.1. unable_to_establish_connection (ID: 03000001) ............................ 323
2.37.2. connect_timeout (ID: 03000002) ................................................. 323
2.37.3. send_failure (ID: 03000004) ....................................................... 323
2.37.4. receive_timeout (ID: 03000005) .................................................. 324
2.37.5. rejected_connect (ID: 03000006) ................................................324
2.37.6. rejected_ehlo_helo (ID: 03000007) .............................................. 324
2.37.7. rejected_sender (ID: 03000008) .................................................. 325
2.37.8. rejected_recipient (ID: 03000009) ...............................................325
2.37.9. rejected_all_recipients (ID: 03000010) .........................................325
2.37.10. rejected_data (ID: 03000011) .................................................... 325
2.37.11. rejected_message_text (ID: 03000012) ....................................... 326
2.38. SNMP ..............................................................................................327
2.38.1. disallowed_sender (ID: 03100001) .............................................. 327
2.38.2. invalid_snmp_community (ID: 03100002) ....................................327
2.39. SSHD ............................................................................................... 328
2.39.1. out_of_mem (ID: 04700001) ......................................................328
2.39.2. dh_key_exchange_failure (ID: 04700002) ..................................... 328
2.39.3. illegal_version_string (ID: 04700004) .......................................... 328
2.39.4. error_occurred (ID: 04700005) ................................................... 328
2.39.5. max_auth_tries_reached (ID: 04700030) ...................................... 329
2.39.6. rsa_sign_verification_failed (ID: 04700050) .................................. 329
2.39.7. dsa_sign_verification_failed (ID: 04700051) .................................329
2.39.8. key_algo_not_supported. (ID: 04700055) ..................................... 330
2.39.9. invalid_mac (ID: 04700007) ....................................................... 330
2.39.10. invalid_service_request (ID: 04700015) ...................................... 330
2.39.11. invalid_username_change (ID: 04700020) ................................... 331
2.39.12. invalid_username_change (ID: 04700025) ................................... 331
2.39.13. ssh_login_timeout_expired (ID: 04700035) .................................331
2.39.14. ssh_inactive_timeout_expired (ID: 04700036) ............................. 332
2.39.15. max_ssh_clients_reached (ID: 04700060) ................................... 332
2.39.16. client_disallowed (ID: 04700061) .............................................. 332
2.39.17. unsupported_pubkey_algo (ID: 04700057) .................................. 333
2.39.18. ssh_force_conn_close (ID: 04700105) ........................................ 333
2.40. SYSTEM .......................................................................................... 334
2.40.1. demo_expired (ID: 03200020) .................................................... 334
2.40.2. demo_mode (ID: 03200021) ....................................................... 334
2.40.3. port_bind_failed (ID: 03200300) ................................................. 334
2.40.4. bidir_fail (ID: 03200600) ........................................................... 335
2.40.5. disk_cannot_remove_file (ID: 03200601) ..................................... 335
2.40.6. cfg_switch_fail (ID: 03200605) .................................................. 335
2.40.7. core_switch_fail (ID: 03200606) ................................................. 336
2.40.8. file_open_failed (ID: 03200602) ................................................. 336
2.40.9. disk_cannot_remove (ID: 03200603) ........................................... 336
2.40.10. disk_cannot_rename (ID: 03200604) .......................................... 337
2.40.11. invalid_ip_match_access_section (ID: 03200110) ......................... 337
2.40.12. port_bind_failed (ID: 03200301) ...............................................337
2.40.13. admin_login_failed (ID: 03203002) ........................................... 338
xviii
Page 19
Log Reference Guide
2.40.14. admin_login_group_mismatch (ID: 03206001) ............................ 338
2.40.15. admin_login_internal_error (ID: 03206002) ................................ 338
2.40.16. reset_clock (ID: 03200100) ...................................................... 339
2.40.17. reset_clock (ID: 03200101) ...................................................... 339
2.40.18. bidir_ok (ID: 03200607) .......................................................... 340
2.40.19. shutdown (ID: 03201000) ........................................................ 340
2.40.20. shutdown (ID: 03201010) ........................................................ 340
2.40.21. shutdown (ID: 03201011) ........................................................ 340
2.40.22. config_activation (ID: 03201020) .............................................. 341
2.40.23. reconfiguration (ID: 03201021) ................................................. 341
2.40.24. startup_normal (ID: 03202000) ................................................. 341
2.40.25. startup_echo (ID: 03202001) .................................................... 342
2.40.26. shutdown (ID: 03202500) ........................................................ 342
2.40.27. admin_login (ID: 03203000) .................................................... 343
2.40.28. admin_logout (ID: 03203001) ................................................... 343
2.40.29. activate_changes_failed (ID: 03204000) ..................................... 343
2.40.30. accept_configuration (ID: 03204001) .........................................344
2.40.31. reject_configuration (ID: 03204002) .......................................... 344
2.40.32. date_time_modified (ID: 03205000) ..........................................344
2.40.33. admin_timeout (ID: 03206000) ................................................. 345
2.41. TCP_FLAG ....................................................................................... 346
2.41.1. tcp_flags_set (ID: 03300002) ..................................................... 346
2.41.2. tcp_flags_set (ID: 03300008) ..................................................... 346
2.41.3. tcp_flag_set (ID: 03300009) ....................................................... 346
2.41.4. unexpected_tcp_flags (ID: 03300010) .......................................... 347
2.41.5. mismatched_syn_resent (ID: 03300011) ....................................... 347
2.41.6. mismatched_first_ack_seqno (ID: 03300012) ................................348
2.41.7. mismatched_first_ack_seqno (ID: 03300013) ................................348
2.41.8. rst_out_of_bounds (ID: 03300015) .............................................. 348
2.41.9. tcp_flags_set (ID: 03300001) ..................................................... 349
2.41.10. tcp_flag_set (ID: 03300003) ..................................................... 349
2.41.11. tcp_flag_set (ID: 03300004) ..................................................... 350
2.41.12. tcp_null_flags (ID: 03300005) .................................................. 350
2.41.13. unacceptable_ack (ID: 03300017) .............................................. 350
2.41.14. rst_without_ack (ID: 03300018) ................................................ 351
2.41.15. unacceptable_seqno (ID: 03300016) ..........................................351
2.42. TCP_OPT ......................................................................................... 352
2.42.1. bad_tcpopt_length (ID: 03400010) .............................................. 352
2.42.2. bad_tcpopt_length (ID: 03400011) .............................................. 352
2.42.3. bad_tcpopt_length (ID: 03400012) .............................................. 352
2.42.4. tcp_mss_too_low (ID: 03400013) ............................................... 353
2.42.5. tcp_mss_too_high (ID: 03400014) ............................................... 353
2.42.6. tcp_option_disallowed (ID: 03400015) ......................................... 354
2.42.7. tcp_null_flags (ID: 03400016) .................................................... 354
2.42.8. multiple_tcp_ws_options (ID: 03400017) ..................................... 354
2.42.9. too_large_tcp_window_scale (ID: 03400018) ................................ 355
2.42.10. mismatching_tcp_window_scale (ID: 03400019) .......................... 355
2.42.11. tcp_mss_too_low (ID: 03400001) .............................................. 355
2.42.12. tcp_mss_too_low (ID: 03400002) .............................................. 356
2.42.13. tcp_mss_too_high (ID: 03400003) ............................................. 356
2.42.14. tcp_mss_too_high (ID: 03400004) ............................................. 357
2.42.15. tcp_mss_above_log_level (ID: 03400005) ................................... 357
2.42.16. tcp_option (ID: 03400006) ....................................................... 357
2.42.17. tcp_option_strip (ID: 03400007) ............................................... 358
2.43. THRESHOLD ................................................................................... 359
2.43.1. failed_to_keep_connection_count (ID: 05300200) ..........................359
2.43.2. failed_to_keep_connection_count (ID: 05300201) ..........................359
2.43.3. conn_threshold_exceeded (ID: 05300100) .................................... 359
2.43.4. conn_threshold_exceeded (ID: 05300102) .................................... 360
2.43.5. threshold_conns_from_srcip_exceeded (ID: 05300210) ................... 360
2.43.6. threshold_conns_from_srcip_exceeded (ID: 05300211) ................... 361
2.43.7. threshold_conns_from_filter_exceeded (ID: 05300212) ................... 361
2.43.8. threshold_conns_from_filter_exceeded (ID: 05300213) ................... 361
xix
Page 20
Log Reference Guide
2.43.9. reminder_conn_threshold (ID: 05300101) ..................................... 362
2.44. TIMESYNC ...................................................................................... 363
2.44.1. failure_communicate_with_timeservers (ID: 03500002) .................. 363
2.44.2. clockdrift_too_high (ID: 03500003) ............................................. 363
2.44.3. synced_clock (ID: 03500001) ..................................................... 363
2.45. TRANSPARENCY ............................................................................. 365
2.45.1. impossible_hw_sender_address (ID: 04400410) .............................365
2.45.2. enet_hw_sender_broadcast (ID: 04400413) ...................................365
2.45.3. enet_hw_sender_multicast (ID: 04400416) ................................... 365
2.45.4. invalid_stp_frame (ID: 04400419) ...............................................366
2.45.5. enet_hw_sender_broadcast (ID: 04400411) ...................................366
2.45.6. enet_hw_sender_broadcast (ID: 04400412) ...................................366
2.45.7. enet_hw_sender_multicast (ID: 04400414) ................................... 367
2.45.8. enet_hw_sender_multicast (ID: 04400415) ................................... 367
2.45.9. relay_stp_frame (ID: 04400417) ................................................. 367
2.45.10. dropped_stp_frame (ID: 04400418) ........................................... 368
2.46. USERAUTH ..................................................................................... 369
2.46.1. no_accounting_start_server_response (ID: 03700003) ..................... 369
2.46.2. invalid_accounting_start_server_response (ID: 03700004) ............... 369
2.46.3. failed_to_send_accounting_stop (ID: 03700007) ............................ 369
2.46.4. no_accounting_stop_server_response (ID: 03700010) ..................... 370
2.46.5. invalid_accounting_stop_server_response (ID: 03700011) ............... 370
2.46.6. failure_init_radius_accounting (ID: 03700012) ..............................370
2.46.7. no_accounting_start_server_response (ID: 03700014) ..................... 371
2.46.8. accounting_interim_failure (ID: 03700051) ................................... 371
2.46.9. no_accounting_interim_server_response (ID: 03700052) .................372
2.46.10. invalid_accounting_interim_server_response (ID: 03700053) ......... 372
2.46.11. radius_auth_timeout (ID: 03700105) .......................................... 372
2.46.12. no_shared_ciphers (ID: 03700500) ............................................ 373
2.46.13. disallow_clientkeyexchange (ID: 03700501) ................................ 373
2.46.14. bad_packet_order (ID: 03700502) .............................................373
2.46.15. bad_clienthello_msg (ID: 03700503) .......................................... 374
2.46.16. bad_changecipher_msg (ID: 03700504) ......................................374
2.46.17. bad_clientkeyexchange_msg (ID: 03700505) ............................... 374
2.46.18. bad_clientfinished_msg (ID: 03700506) ..................................... 375
2.46.19. bad_alert_msg (ID: 03700507) .................................................. 375
2.46.20. unknown_ssl_error (ID: 03700508) ............................................ 375
2.46.21. negotiated_cipher_does_not_permit_the_chosen_certificate_size (ID:
03700509) ........................................................................................ 376
2.46.22. received_sslalert (ID: 03700510) ............................................... 376
2.46.23. sent_sslalert (ID: 03700511) ..................................................... 376
2.46.24. invalid_accounting_start_server_response (ID: 03700002) ............. 377
2.46.25. no_accounting_start_server_response (ID: 03700005) ................... 377
2.46.26. invalid_accounting_start_server_response (ID: 03700006) ............. 378
2.46.27. invalid_accounting_stop_server_response (ID: 03700009) ............. 378
2.46.28. invalid_accounting_start_request (ID: 03700013) ......................... 378
2.46.29. group_list_too_long (ID: 03700030) .......................................... 379
2.46.30. invalid_accounting_interim_server_response (ID: 03700054) ......... 379
2.46.31. relogin_from_new_srcip (ID: 03700100) .................................... 379
2.46.32. already_logged_in (ID: 03700101) ............................................. 380
2.46.33. userauthrules_disallowed (ID: 03700107) ................................... 380
2.46.34. accounting_stop (ID: 03700008) ............................................... 380
2.46.35. user_timeout (ID: 03700020) .................................................... 381
2.46.36. accounting_alive (ID: 03700050) ............................................... 381
2.46.37. user_login (ID: 03700102) ....................................................... 382
2.46.38. bad_user_credentials (ID: 03700104) .........................................382
2.46.39. manual_logout (ID: 03700106) ................................................. 382
2.46.40. challenges_not_supported (ID: 03700108) ................................... 383
2.46.41. accounting_start (ID: 03700001) ............................................... 383
2.47. VFS .................................................................................................384
2.47.1. pkg_execute_fail (ID: 05200005) ................................................384
2.47.2. odm_execute_action (ID: 05200002) ........................................... 384
2.47.3. odm_execute_action (ID: 05200003) ........................................... 384
xx
Page 21
Log Reference Guide
2.47.4. odm_no_execute_action (ID: 05200004) ...................................... 385
2.47.5. upload_certificate_fail (ID: 05200006) .........................................385
2.47.6. upload_certificate_fail (ID: 05200007) .........................................385
2.48. ZONEDEFENSE ................................................................................ 387
2.48.1. failed_to_create_profile (ID: 03800006) ....................................... 387
2.48.2. no_response_trying_to_create_rule (ID: 03800007) ........................ 387
2.48.3. failed_writing_zonededense_state_to_media (ID: 03800008) ............ 387
2.48.4. failed_to_create_access_rule (ID: 03800009) ................................. 388
2.48.5. no_response_trying_to_erase_profile (ID: 03800010) ..................... 388
2.48.6. failed_to_erase_profile (ID: 03800011) ........................................ 388
2.48.7. failed_to_save_configuration (ID: 03800012) ................................ 389
2.48.8. timeout_saving_configuration (ID: 03800013) ............................... 389
2.48.9. unable_to_allocate_send_entries (ID: 03800001) ...........................389
2.48.10. unable_to_allocate_exclude_entry (ID: 03800002) ........................ 390
2.48.11. unable_to_allocate_block_entry (ID: 03800003) ........................... 390
2.48.12. switch_out_of_ip_profiles (ID: 03800004) .................................. 390
2.48.13. out_of_mac_profiles (ID: 03800005) .......................................... 390
xxi
Page 22
List of Tables
1. Abbreviations ................................................................................................xxv
xxii
Page 23
List of Examples
1. Parameters to a log message ............................................................................. xxiv
2. Conditional parameters to a log message ............................................................ xxiv
xxiii
Page 24
Preface
Audience
The target audience for this reference guide consists of:
• Administrators that are responsible for configuring and managing the D-Link Firewall.
• Administrators that are responsible for troubleshooting the D-Link Firewall.
This guide assumes that the reader is familiar with the D-Link Firewall, and has the necessary basic
knowledge in network security.
Notation
The following notation is used throughout this reference guide when specifying parameters to a log
message:
Angle Brackets <name>
Square Brackets [name]
Used for specifying the name of a parameter to a log message.
Used for specifying the name of a conditional parameter to a log
message.
Example 1. Parameters to a log message
Log Message New configuration activated by user <username>, and committed via <authsystem>
Parameters authsystem
Both the authsystem and the username parameters will be included.
Example 2. Conditional parameters to a log message
Log Message Administrative user <username> logged in via <authsystem>. Access level: <access_level>
Parameters authsystem
The authsystem, username and the access_level parameters will be included. The other parameters, userdb,
server_ip, server_port, client_ip and client_port may or may not be included, depending on the context of the log
message.
username
username
access_level
[userdb]
[server_ip]
[server_port]
[client_ip]
[client_port]
xxiv
Page 25
Abbreviations Preface
Abbreviations
The following abbreviations are used throughout this reference guide:
Table 1. Abbreviations
Abbreviation Full name
ALG Application Layer Gateway
ARP Address Resolution Protocol
DHCP Dynamic Host Configuration Protocol
DNS Domain Name System
ESP Encapsulating Security Payload
FTP File Transfer Protocol
HA High Availability
HTTP Hyper Text Transfer Protocol
ICMP Internet Control Message Protocol
IDS Intrusion Detection System
IP Internet Protocol
IPSec Internet Protocol Security
L2TP Layer 2 Tunneling Protocol
NAT Network Address Translation
OSPF Open Shortest Path First
PPP Point to Point Protocol
PPPoE Point to Point Protocol over Ethernet
RADIUS Remote Authentication Dial In User Service
SAT Static Address Translation
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SSL Secure Socket Layer
TCP Transport Control Protocol
TLS Transport Layer Security
UDP User Datagram Protocol
URL Uniform Resource Locator
UTF Unicode Transformation Format
VLAN Virtual Local Area Network
VPN Virtual Private Network
xxv
Page 26
Chapter 1. Introduction
• Log Message Structure, page 1
• Context Parameters, page 3
• Statistics (usage), page 7
• Severity levels, page 8
This guide is a reference to all log messages generated by NetDefendOS. This guide is a valuable
source when managing and troubleshooting your system.
1.1. Log Message Structure
All log messages have a common design, with attributes like category, severity, recommended actions and so forth. These attributes enables you to easily filter the log messages, either within NetDefendOS prior to sending them to a log receiver, or as part of the analysis taking place after logging and storing the messages on an external log server.
The following information about a specific log message is available:
Name
ID
Category
Default Severity
Log Message
The name of the log message, which is a short string, 1-6 words separated by _. Please note that the name cannot be used as a unique identification of the log message, as several log messages might share the
same name.
The ID is a number which uniquely identifies the log message.
Note
In this guide, the Name and the ID of the log message
form the title of the section describing the log message.
Log messages are grouped into categories, where each category maps
to a specific subsystem in NetDefendOS. For instance, the IPSEC category includes some houndreds of log messages, all related to IPSec
VPN activities. Other examples of categories include ARP, DHCP, IGMP and USERAUTH.
In this guide, categories are listed as sections in Chapter 2, Log Mes-
sage Reference.
The default severity level for this log message. For a list of severity
levels, please see section Section 1.4, “Severity levels”.
A brief explanation of the event that took place. This explanation often
features references to parameters, enclosed in angle brackets. Example:
Explanation
Administrative user <username> logged in via <authsystem>. Access
level: <access_level>
Note that this information is only featured in this reference guide, and
is never actually included in the log message.
A detailed explanation of the event.
1
Page 27
1.1. Log Message Structure Chapter 1. Introduction
Note that this information is only featured in this reference guide, and
is never actually included in the log message.
Gateway Action
Recommended Action
Revision
Depending on the log message, the following information may also be included:
Parameters
Context Parameters
A short string, 1-3 words separated by _, of what action the D-Link
Firewall will take. If the log message is purely informative, this is set
to "None".
A detailed recommendation of what the administrator should do if this
log message is received. If the log message is purely informative, this
is set to "None".
Note that this information is only featured in this reference guide, and
is never actually included in the log message.
The current revision of the log message. This is increased each time an
log message is changed between two releases.
The name of the parameters that are included in this log message. If a
parameter is specified within square brackets (for example
[username]), then the parameter is optional and may or may not be included in the log message.
The name of the context parameters that are included in this log message. Please see Section 1.2, “Context Parameters” for a description of
all available context parameters.
2
Page 28
1.2. Context Parameters Chapter 1. Introduction
1.2. Context Parameters
In many cases, information regarding a certain object is featured in the log message. This can be information about, for example, a connection. In this case, the log message should, besides all the normal log message attributes, also include information about which protocol is used, source and destination IP addresses and ports (if applicable), and so on.
As the same information will be included in many log messages, these are referenced as a Context
Parameter. So whenever a log message includes information about a connection, it will feature the
CONN parameter in the Context Parameter list. This means that additional information about the
connection will also be included in the log message.
Here follows a description of all available context parameters and an explanation to all the additional parameters. The name of the additional parameters are specified in the Syslog format.
ALG Module Name
An ALG is always of a certain type, for example FTP, H323 or HTTP. This parameter specifies the
name of the ALG sub-module, in order to quickly distinguish which type of ALG this is.
algmod
ALG Session ID
Each ALG session has its own session ID, which uniquely identifies an ALG session. This is useful,
for example, when matching the opening of an ALG session with the closure of the same ALG session.
algsesid
Packet Buffer
Information about the packet buffer, which in turn contains a large number of additional objects.
Certain parameters may or may not be included, depending on the type of the packet buffer. For example, the TCP flags are only included if the buffer contains a TCP protocol, and the ICMP-specific
parameters are only included if the buffer contains a ICMP protocol.
recvif
[hwsender]
[hwdest]
The name of the ALG sub-module.
The session ID of an ALG session.
The name of the receiving interface.
The sender hardware address. Valid if the protocol is ARP.
The destination hardware address. Valid if the protocol is ARP.
[arp]
[srcip]
[destip]
iphdrlen
[fragoffs]
[fragid]
ipproto
The ARP state. Valid if the protocol is ARP. Possible values: request|reply.
The source IP Address. Valid if the protocol is not ARP.
The destination IP Address. Valid if the protocol is not ARP.
The IP header length.
Fragmentation offset. Valid if the IP packet is fragmented.
Fragmentation ID. Valid if the IP packet is fragmented.
The IP Protocol.
3
Page 29
Connection Chapter 1. Introduction
ipdatalen
[srcport]
[destport]
[tcphdrlen]
[udptotlen]
[[tcpflag]=1]
[icmptype]
[echoid]
[echoseq]
[unreach]
[redirect]
[icmpcode]
The IP data length.
The source port. Valid if the protocol is TCP or UDP.
The destination port. Valid if the protocol is TCP or UDP.
The TCP header length. Valid if the protocol is TCP.
The total UDP data length. Valid if the protocol is UDP.
The specific TCP flag is set. Valid if the protocol is TCP. Possible values for
tcpflag: syn, rst, ack, psh, fin, urg, ece, cwr and ns.
The ICMP sub-protocol name. Valid if the protocol is ICMP.
The ICMP echo ID. Valid if the protocol is ICMP and sub-protocol is echo.
The ICMP echo sequence number. Valid if the protocol is ICMP and sub-
protocol is echo.
The ICMP destination unreachable code. Valid if the protocol is ICMP and sub-
protocol is destination unreachable.
The ICMP redirect code. Valid if the protocol is ICMP and sub-protocol is redir-
ect.
The ICMP sub-protocol code. Valid if the protocol is ICMP and sub-protocol is
not echo, destination unreachable or redirect.
Connection
Additional information about a connection. Certain parameters may or may not be included, depending on the type and status of the connection. For example, the number of bytes sent by the originator
and terminator is only included if the connection is closed.
conn
connipproto
connrecvif
connsrcip
[connsrcport]
[connsrcidt]
conndestif
conndestip
[conndestport]
[conndestidt]
[origsent]
The status of the connection. Possible values: open, close, closing and unknown.
The IP protocol used in this connection.
The name of the receive interface.
The source IP address.
The source port. Valid if the protocol is TCP or UDP.
The source ID. Valid if the protocol is not TCP or UDP.
The name of the destination interface.
The destination IP address.
The destination port. Valid if the protocol is TCP or UDP.
The destination ID. Valid if the protocol is not TCP or UDP.
The number of bytes sent by the originator in this connection. Valid if the con-
nection is closing or closed.
[termsent]
The number of bytes sent by the terminator in this connection. Valid if the connection is closing or closed.
4
Page 30
Dropped Fragments Chapter 1. Introduction
Deep Inspection
Specifies the name and a description of the signature that triggered this event.
Note
For Deep Inspection log messages an additional log receiver, an SMTP log receiver,
can be configured. This information is only sent to log receives of that kind, and not
included in the Syslog format
Dropped Fragments
Specifies detailed information about dropped fragments in a packet.
Rule Name
Specifies the name of the rule that was used when this event was triggered.
rule
The name of the rule.
Rule Information
Additional information about the rule that was used when this event was triggered. Certain parameters may or may not be included, depending on the type of the rule. For example, the name of an authenticated user is only included if this rule contains network objects that has user authentication information in them.
rule
[satsrcrule]
[satdestrule]
[srcusername]
[destusername]
The name of the rule.
The name of the SAT source rule. Valid if the rule action is SAT.
The name of the SAT destination rule. Valid if the rule action is SAT.
The name of the authenticated user in the source network object. Valid if the
source network object has user authentication information.
The name of the authenticated user in the destination network object. Valid if the
destination network object has user authentication information.
User Authentication
Additional information about a user authentication event.
OSPF
authrule
authagent
authevent
username
srcip
The name of the user authentication rule.
The name of the user authentication agent.
The user authentication event that occurred. Possible values: login, logout,
timedout, disallowed_login, accounting and unknown.
The name of the user that triggered this event.
The source IP address of the user that triggered this event.
5
Page 31
OSPF LSA Chapter 1. Introduction
Additional information about OSPF.
logsection
loglevel
OSPF LSA
Additional information about OSPF LSA.
lsatype
lsaid
lsaadvrtr
Dynamic Route
Additional information about events regarding a dynamic route.
event
The OSPF section Possible values: packet, hello, ddesc, exchange, lsa, spf, route
and unknown.
The log level value.
The LSA type Possible values: Router, network, IP summary, ASBR summary
and AS external.
The LSA identifier.
The originating router for the LSA.
The dynamic routing event that occurred. Possible values: add, remove, modify,
export, unexport and unknown.
Route
from
to
Additional information about a route.
route
routeiface
routegw
routemetric
Originating router process.
Destination router process.
Route network.
Route destination interface.
Route gateway.
Route metric (cost).
6
Page 32
1.3. Statistics (usage) Chapter 1. Introduction
1.3. Statistics (usage)
The D-Link Firewall periodically sends information about open connections and network load to its
log recipients. This is sent once every hour per default.
The category for these log messages is USAGE, the severity level is NOTICE, and the log message
string is usage. The log message looks like this in Syslog format:
conns
if<number>
ip<number>
tp<number>
Number of active connections.
The interface name, where number is incremented for each interface.
The IP address of the interface, where number is incremented for each interface.
Throughput of the interface (in Mbps - megabits per second), where number is in-
cremented for each interface.
Note
This log messages can not be customized.
7
Page 33
1.4. Severity levels Chapter 1. Introduction
1.4. Severity levels
An event has a default severity level, based on how serious the event is. The following eight severity
levels are possible, as defined by the Syslog protocol:
0 Emergency
1 Alert
2 Critical
3 Error
4 Warning
5 Notice
6 Informational
7 Debug
In Syslog messages the priority is indicated by the parameter prio=nn.
Emergency conditions, which most likely led to the system being unusable.
Alert conditions, which affected the functionality of the unit. Needs atten-
tion immediately.
Critical conditions, which affected the functionality of the unit. Action
should be taken as soon as possible.
Error conditions, which probably affected the functionality of the unit.
Warning conditions, which could affect the functionality of the unit.
Normal, but significant, conditions.
Informational conditions.
Debug level events.
Note
The Administrator can change the severity level of a specific event if the default level
is either too high or too low.
8
Page 34
1.4. Severity levels Chapter 1. Introduction
9
Page 35
Chapter 2. Log Message Reference
• ALG, page 11
• ARP, page 66
• AVSE, page 72
• AVUPDATE, page 74
• BLACKLIST, page 76
• BUFFERS, page 79
• CONN, page 80
• DHCP, page 86
• DHCPRELAY, page 92
• DHCPSERVER, page 103
• DYNROUTING, page 112
• FRAG, page 115
• GRE, page 126
• HA, page 129
• HWM, page 138
• IDP, page 143
• IDPUPDATE, page 151
• IFACEMON, page 153
• IPPOOL, page 155
• IPSEC, page 161
• IP_ERROR, page 220
• IP_FLAG, page 222
• IP_OPT, page 224
• IP_PROTO, page 231
• L2TP, page 241
• LICUPDATE, page 248
• NETCON, page 249
• OSPF, page 261
• PPP, page 284
• PPPOE, page 291
• PPTP, page 292
10
Page 36
2.1. ALG Chapter 2. Log Message Reference
• REASSEMBLY, page 302
• RFO, page 305
• RULE, page 311
• SESMGR, page 316
• SLB, page 322
• SMTPLOG, page 323
• SNMP, page 327
• SSHD, page 328
• SYSTEM, page 334
• TCP_FLAG, page 346
• TCP_OPT, page 352
• THRESHOLD, page 359
• TIMESYNC, page 363
• TRANSPARENCY, page 365
• USERAUTH, page 369
• VFS, page 384
• ZONEDEFENSE, page 387
The log messages presented here are sorted by their category, then their severity level, and finally by
their ID number.
2.1. ALG
These log messages refer to the ALG (Events from Application Layer Gateways) category.
2.1.1. illegal_ip_address (ID: 00200216)
Default Severity
Log Message
Explanation
CRITICAL
FTPALG: Illegal PORT command from <peer>, bad IP address
<ip4addr>. String=<string>. Rejecting command
An illegal "PORT" command was received from the client. It requests
that the server should connect to another IP that it's own. This is not allowed, and the command will be rejected.
Gateway Action
Recommended Action
Revision
Parameters
rejecting_command
The FTP client could be compromised, and should not be trusted.
1
peer
ip4addr
11
Page 37
2.1.2. illegal_port_number (ID:
00200217)
Chapter 2. Log Message Reference
string
Context Parameters
ALG Module Name
ALG Session ID
Connection
2.1.2. illegal_port_number (ID: 00200217)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
CRITICAL
FTPALG: Illegal PORT command from <peer>, port <port> not al-
lowed. String=<string>. Rejecting command
An illegal "PORT" command was received from the client. It requests
that the server should connect to a port which is out of range. This is
not allowed, and the command will be rejected.
rejecting_command
The FTP client could be compromised, and should not be trusted.
1
peer
port
string
Context Parameters
ALG Module Name
ALG Session ID
Connection
2.1.3. bad_port (ID: 00200233)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
CRITICAL
FTPALG: Bad port <port> from <peer>, should be within the range
(<range>). String=<string>. Closing connection.
An illegal "PORT" command was received from the server. It requests
that the client should connect to a port which is out of range. This is
not allowed, and the connection will be closed.
close
The FTP server could be compromised, and should not be trusted.
1
peer
port
range
string
Context Parameters
ALG Module Name
ALG Session ID
Connection
12
Page 38
2.1.4. bad_ip (ID: 00200234) Chapter 2. Log Message Reference
2.1.4. bad_ip (ID: 00200234)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
CRITICAL
FTPALG: Invalid IP <ip4addr>, Server IP is <ip4addr_server>.
String=<string>. Closing connection.
The FTP Server requests that the client should connect to another IP
that it's own. This is not allowed, and the connection will be closed.
close
The FTP server could be compromised, and should not be trusted.
1
peer
ip4addr
ip4addr_server
string
ALG Module Name
ALG Session ID
Connection
2.1.5. max_line_length_exceeded (ID: 00200003)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
ERROR
Maximum line length <max> exceeded, got <len> characters. Closing
connection
The maximum length of an entered line was exceeded, and the connec-
tion will be closed.
close
If the maximum line length is configued too low, increase it.
1
len
max
ALG Module Name
ALG Session ID
2.1.6. invalid_url_format (ID: 00200101)
Default Severity
ERROR
Log Message
Explanation
HTTPALG: Failed to parse the URL requested by the client: <reason>.
ALG name: <algname>.
The unit failed parsing the requested URL. The reason for this is pro-
13
Page 39
2.1.7. compressed_data_received (ID:
00200109)
blaby because the requested URL has an invalid format, or it contains
invalid UTF8 formatted characters.
Chapter 2. Log Message Reference
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
close
Make sure that the requested URL is formatted correctly.
1
reason
algname
ALG Module Name
ALG Session ID
2.1.7. compressed_data_received (ID: 00200109)
Default Severity
Log Message
Explanation
ERROR
HTTPALG: Compressed data was received from the server, although
uncompressed was requested. Closing connection. ALG name:
<algname>.
The unit requested that no compressed data should be used, but the
server ignored this and sent compressed data anyway. As content processing will not work if the data is compressed, the connection will be
closed.
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
close
Research the source of this, and try to find out why the server is send-
ing compressed data.
1
algname
ALG Module Name
ALG Session ID
2.1.8. failure_connect_http_server (ID: 00200112)
Default Severity
Log Message
Explanation
Gateway Action
ERROR
HTTPALG: Failed to connect to the HTTP Server. Closing connec-
tion. ALG name: <algname>.
The unit failed to connect to the HTTP Server, resulting in that the
ALG session could not be successfully opened.
close
Recommended Action
Revision
Parameters
Verify that there is a listening HTTP Server on the specified address.
1
algname
14
Page 40
2.1.9. wcf_server_unreachable (ID:
00200119)
Chapter 2. Log Message Reference
Context Parameters
ALG Module Name
ALG Session ID
2.1.9. wcf_server_unreachable (ID: 00200119)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
ERROR
HTTPALG: Failed to connect to web content servers
Web Content Filtering was unable to connect to the Web Content Fil-
tering servers. Verify that the unit has been configured with Internet
access.
none
Check_configuration.
1
ALG Module Name
2.1.10. virus_scan_failure (ID: 00200120)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
ERROR
HTTPALG: Antivirus scan engine failed for the file: <filename>.
The data sent to AVSE for scanning failed. Data will be blocked since
Fail Mode is set to deny.
block_data
None.
2
filename
ALG Module Name
ALG Session ID
2.1.11. virus_scan_failure (ID: 00200121)
Default Severity
Log Message
Explanation
ERROR
HTTPALG: Antivirus scan engine failed for the file: <filename>.
The data sent to AVSE for scanning failed. Data will be allowed since
Fail Mode is set to allow.
Gateway Action
Recommended Action
allow_data_without_scan
None.
15
Page 41
2.1.12. avse_out_of_memory (ID:
00200122)
Chapter 2. Log Message Reference
Revision
Parameters
Context Parameters
2
filename
ALG Module Name
ALG Session ID
2.1.12. avse_out_of_memory (ID: 00200122)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
ERROR
HTTPALG: Failed to allocate memory.
Memory allocation failed. Data will be blocked since Fail Mode is set
to deny.
block_data
Try to free up unwanted memory.
2
ALG Module Name
ALG Session ID
2.1.13. avse_out_of_memory (ID: 00200127)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
ERROR
HTTPALG: Failed to allocate memory.
Memory allocation failed. Data will be allowed since Fail Mode is set
to allow.
allow_data_without_scan
Try to free up unwanted memory.
2
ALG Module Name
ALG Session ID
2.1.14. failed_connect_smtp_server (ID: 00200153)
Default Severity
ERROR
Log Message
Explanation
Gateway Action
SMTPALG: Failed to connect to the SMTP Server. Closing the connection.
The unit failed to connect to the remote SMTP Server, resulting in that
the ALG session could not be successfully opened.
close
16
Page 42
2.1.15. failed_to_check_response_cod e_values (ID: 00200155)
Chapter 2. Log Message Reference
Recommended Action
Revision
Context Parameters
Verify that there is a listening SMTP Server on the specified address.
1
ALG Module Name
ALG Session ID
2.1.15. failed_to_check_response_code_values (ID:
00200155)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
ERROR
SMTPALG: Could not pass response code properly!
The SMTPALG failed to parse the SMTP response code.
allow
Check for appropriate response codes.
1
ALG Module Name
2.1.16. virus_scan_failure (ID: 00200162)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
ERROR
SMTPALG: Antivirus scan engine failed for the file: <filename>.
The data sent to AVSE for scanning failed. Data will be blocked since
Fail Mode is set to deny.
block_data
None.
2
filename
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.17. virus_scan_failure (ID: 00200163)
Default Severity
Log Message
Explanation
ERROR
SMTPALG: Antivirus scan engine failed for the file: <filename>.
The data sent to AVSE for scanning failed. Data will be allowed since
17
Page 43
2.1.18. base64_decode_failed (ID:
00200164)
Chapter 2. Log Message Reference
Fail Mode is set to allow.
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
allow_data_without_scan
None.
2
filename
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.18. base64_decode_failed (ID: 00200164)
Default Severity
Log Message
Explanation
Gateway Action
ERROR
SMTPALG: Base 64 decode failed. Attachment blocked
The data sent to Base64 decoding failed. This can occur if the email
sender sends incorrectly formatted data. The attachment has been
blocked.
block_data
Recommended Action
Revision
Parameters
Context Parameters
Research how the sender is encoding the data.
1
filename
filetype
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.19. avse_out_of_memory (ID: 00200169)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
ERROR
SMTPALG: Failed to allocate memory for the file: <filename>
Memory allocation failed. Data will be blocked since Fail Mode is set
to deny.
block_data
Try to free up unwanted memory.
Revision
Parameters
1
filename
sender_email_address
recipient_email_addresses
18
Page 44
2.1.20. avse_out_of_memory (ID:
00200170)
Chapter 2. Log Message Reference
Context Parameters
ALG Module Name
ALG Session ID
2.1.20. avse_out_of_memory (ID: 00200170)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
ERROR
SMTPALG: Failed to allocate memory.
Memory allocation failed. Data will be allowed since Fail Mode is set
to allow.
allow_data_without_scan
Try to free up unwanted memory.
2
filename
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.21. out_of_memory (ID: 00200175)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
ERROR
SMTPALG: Failed to allocate memory (out of memory)
An attempt to allocate memory failed.
close
Try to free up unwanted memory.
2
ALG Module Name
ALG Session ID
2.1.22. illegal_data_direction (ID: 00200202)
Default Severity
Log Message
ERROR
FTPALG: TCP data from <peer> not allowed in this direction. Closing
connection
Explanation
Gateway Action
TCP Data was sent in an invalid direction, and the connection will be
closed.
close
19
Page 45
2.1.23. failed_to_create_connection1 (ID: 00200218)
Chapter 2. Log Message Reference
Recommended Action
Revision
Parameters
Context Parameters
None.
1
peer
ALG Module Name
ALG Session ID
Rule Information
Connection
2.1.23. failed_to_create_connection1 (ID: 00200218)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
ERROR
FTPALG: Failed to create connection(1). Connection: <connection>.
String=<string>
An error occured when creating a data connection from the server to
client. This could possibly be a result of lack of memory.
None
None.
Revision
Parameters
Context Parameters
1
peer
connection
string
ALG Module Name
ALG Session ID
Connection
2.1.24. failed_to_create_connection2 (ID: 00200235)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
ERROR
FTPALG: Failed to create connection(2) Peer=<peer> Connec-
tion=<connection>. String=<string>.
An error occured when creating a data connection from the client to
server. This could possibly be a result of lack of memory.
None
None.
Revision
Parameters
Context Parameters
1
peer
connection
string
ALG Module Name
ALG Session ID
20
Page 46
2.1.25. failed_to_create_server_data_c onnection (ID: 00200236)
Connection
Chapter 2. Log Message Reference
2.1.25. failed_to_create_server_data_connection (ID:
00200236)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
ERROR
FTPALG: Failed to create server data connection. Peer=<peer> Con-
nection=<connection>
An error occured when creating server data connection.
None
None.
1
peer
connection
ALG Module Name
ALG Session ID
Connection
2.1.26. failed_to_register_rawconn (ID: 00200238)
Default Severity
ERROR
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
FTPALG: Internal Error - failed to register eventhandler. Closing connection
An internal error occured when registering an eventhandler, and the
connection will be closed.
close
Contact the support.
1
ALG Module Name
2.1.27. failed_to_merge_conns (ID: 00200239)
Default Severity
Log Message
Explanation
Gateway Action
ERROR
FTPALG: Internal Error - failed to merge conns. Closing connection
An internal error occured when two connections were being merged
into one, and the connection will be closed.
close
21
Page 47
2.1.28. failed_create_new_session (ID:
00200242)
Chapter 2. Log Message Reference
Recommended Action
Revision
Context Parameters
Contact the support.
1
ALG Module Name
2.1.28. failed_create_new_session (ID: 00200242)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
ERROR
FTPALG: Failed to create new FTPALG session (out of memory)
An attempt to create a new FTPALG session failed, because the unit is
out of memory.
close
Decrease the maximum allowed FTPALG sessions, or try to free some
of the RAM used.
1
ALG Module Name
2.1.29. failure_connect_ftp_server (ID: 00200243)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
ERROR
FTPALG: Failed to connect to the FTP Server. Closing connection
The unit failed to connect to the FTP Server, resulting in that the ALG
session could not be successfully opened.
close
Verify that there is a listening FTP Server on the specified address.
1
ALG Module Name
ALG Session ID
2.1.30. virus_scan_failure (ID: 00200257)
Default Severity
ERROR
Log Message
Explanation
Gateway Action
Recommended Action
FTPALG: Antivirus scan engine failed for the file: <filename>.
The data sent to AVSE for scanning failed. Data will be blocked since
Fail Mode is set to deny.
data_blocked_control_and_data_channel_closed
None.
22
Page 48
2.1.31. virus_scan_failure (ID:
00200258)
Chapter 2. Log Message Reference
Revision
Parameters
Context Parameters
1
filename
ALG Module Name
ALG Session ID
2.1.31. virus_scan_failure (ID: 00200258)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
ERROR
FTPALG: Antivirus scan engine failed for the file: <filename>.
The data sent to AVSE for scanning failed. Data will be allowed since
Fail Mode is set to allow.
allow_data_without_scan
None.
1
filename
Context Parameters
ALG Module Name
ALG Session ID
2.1.32. avse_decompression_failed (ID: 00200264)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
ERROR
FTPALG: Failed to decompress the file <filename>
The data sent to the deflate module failed. Data must be decompressed
before scanned by antivirus module. Fail Mode is set to deny and data
will be blocked.
data_blocked_control_and_data_channel_closed
Change Fail Mode parameter to allow if files that fail decompression
should be allowed without scanning.
2
filename
ALG Module Name
ALG Session ID
2.1.33. avse_out_of_memory (ID: 00200266)
Default Severity
Log Message
ERROR
FTPALG: Failed to allocate memory.
23
Page 49
2.1.34. avse_out_of_memory (ID:
00200268)
Chapter 2. Log Message Reference
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
FTPALG: Memory allocation failed. Data will be blocked since Fail
Mode is set to deny.
data_blocked_control_and_data_channel_closed
Try to free up unwanted memory.
2
filename
filetype
ALG Module Name
ALG Session ID
2.1.34. avse_out_of_memory (ID: 00200268)
Default Severity
Log Message
Explanation
ERROR
FTPALG: Failed to allocate memory.
FTPALG: Memory allocation failed. Data will be allowed since Fail
Mode is set to allow.
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
allow_data_without_scan
Try to free up unwanted memory.
2
filename
filetype
ALG Module Name
ALG Session ID
2.1.35. failure_connect_h323_server (ID: 00200316)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
ERROR
H323ALG: Failed to connect to the H.323 Server. Closing connection
The unit failed to connect to the H.323 Server, resulting in that the
ALG session could not open successfully.
close
Verify that there is a listening H.323 Server on the specified address.
Revision
Context Parameters
1
ALG Module Name
ALG Session ID
2.1.36. invalid_client_http_header_received (ID: 00200100)
24
Page 50
2.1.37. unknown_client_data_received (ID: 00200105)
Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
HTTPALG: Invalid HTTP header was received from the client. Clos-
ing Connection. ALG name: <algname>.
An invalid HTTP header was received from the client.
close
Research the source of this and try to find out why the client is sending
an invalid header.
1
algname
ALG Module Name
ALG Session ID
2.1.37. unknown_client_data_received (ID: 00200105)
Default Severity
Log Message
WARNING
HTTPALG: Invalid client request - unexpected data received after the
the client request header. Closing connection. ALG name: <algname>.
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
Data was received after the client request header, although the header
specified that no such data should be sent.
closing_connecion
Research the source of this, and try to find out why the client is send-
ing an invalid request.
1
algname
ALG Module Name
ALG Session ID
2.1.38. suspicious_data_received (ID: 00200106)
Default Severity
Log Message
Explanation
WARNING
HTTPALG: Too much suspicious data has been received from the
server. Closing the connection. ALG name: <algname>.
The unit is configured to do content blocking, but the data from the
server contains too much suspicious data. The unit can not properly
determin if this data is a valid or if it should be blocked.
Gateway Action
Recommended Action
closing_connecion
Research the source of this, and try to find out why the server is send-
25
Page 51
2.1.39. invalid_chunked_encoding (ID:
00200107)
ing such large amounts of suspicious data.
Chapter 2. Log Message Reference
Revision
Parameters
Context Parameters
1
algname
ALG Module Name
ALG Session ID
2.1.39. invalid_chunked_encoding (ID: 00200107)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
WARNING
HTTPALG: The server sent invalid chunked encoding. Closing con-
nection. ALG name: <algname>.
The data received from the server was sent in chunked mode, but it
was not properly formatted.
closing_connecion
Research the source of this, and try to find out why the server is send-
ing invalid formatted chunked data.
1
Parameters
Context Parameters
algname
ALG Module Name
ALG Session ID
2.1.40. invalid_server_http_header_received (ID: 00200108)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
HTTPALG: An invalid HTTP header was received from the server.
Closing connection. ALG name: <algname>.
An invalid HTTP header was received from the server.
closing_connecion
Research the source of this and try to find out why the server is send-
ing an invalid header.
1
algname
ALG Module Name
ALG Session ID
2.1.41. max_http_sessions_reached (ID: 00200110)
26
Page 52
2.1.42. failed_create_new_session (ID:
00200111)
Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
HTTPALG: Maximum number of HTTP sessions (<max_sessions>)
for service reached. Closing connection
The maximum number of concurrent HTTP sessions has been reached
for this service. No more sessions can be opened before old sessions
have been released.
close
If the maximum number of HTTP sessions is too low, increase it.
1
max_sessions
ALG Module Name
2.1.42. failed_create_new_session (ID: 00200111)
Default Severity
Log Message
WARNING
HTTPALG: Failed to create new HTTPALG session (out of memory)
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
An attempt to create a new HTTPALG session failed, because the unit
is out of memory.
close
Decrease the maximum allowed HTTPALG sessions, or try to free
some of the RAM used.
1
ALG Module Name
2.1.43. virus_found (ID: 00200114)
Default Severity
Log Message
Explanation
Gateway Action
WARNING
HTTPALG: Virus found in file <filename>. Virus name:
<virusname>. Signature: <virussig>. Advisory ID: <advisoryid>.
Received data infected with virus. The data is discarded since antivirus
is enabled.
block
Recommended Action
Revision
Parameters
None.
1
filename
virusname
virussig
advisoryid
27
Page 53
2.1.44. content_filtering_disabled (ID:
00200115)
Chapter 2. Log Message Reference
Context Parameters
ALG Module Name
ALG Session ID
2.1.44. content_filtering_disabled (ID: 00200115)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
WARNING
HTTPALG: Web Content Filtering disabled
Web Content Filtering has been disabled due to license restriction.
none
Extend valid time for Content Filtering.
1
ALG Module Name
2.1.45. max_download_size_reached (ID: 00200116)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
HTTPALG: The file <filename> with file size <filesize>kB exceeds
the maximum allowed download size <max_download_size>kB. Closing connection
The data received from the server exceeds the maximun allowed
download file size, the request is rejected and the connection is closed.
close
If the configurable maximum download size is too low, increase it.
2
filename
filesize
max_download_size
ALG Module Name
ALG Session ID
2.1.46. avse_decompression_failed (ID: 00200123)
Default Severity
Log Message
Explanation
Gateway Action
WARNING
HTTPALG: Failed to decompress the file <filename>
The data sent to the deflate module failed. Data must be decompressed
before scanned by antivirus module. Fail Mode is set to allow and data
will be forwarded without further scanning.
allow_data_without_scan
28
Page 54
2.1.47. avse_decompression_failed (ID: 00200124)
Chapter 2. Log Message Reference
Recommended Action
Revision
Parameters
Context Parameters
Change Fail Mode parameter to deny if files that fail decompression
should be blocked.
2
filename
ALG Module Name
ALG Session ID
2.1.47. avse_decompression_failed (ID: 00200124)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
WARNING
HTTPALG: Failed to decompress the file <filename>
The data sent to the deflate module failed. Data must be decompressed
before scanned by antivirus module. Fail Mode is set to deny and data
will be blocked.
block_data
Change Fail Mode parameter to allow if files that fail decompression
should be allowed without scanning.
Revision
Parameters
Context Parameters
2
filename
ALG Module Name
ALG Session ID
2.1.48. restricted_site_notice (ID: 00200132)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
WARNING
HTTPALG: User requests the forbidden URL <url>, eventhough Re-
stricted Site Notice was applied. Host requesting URL: <host>. ALG
name: <algname>.
The URL has been requested and the categories are forbidden. Restricted Site Notice was applied.
allow
Disable the RESTRICTED_SITE_NOTICE mode of parameter CAT-
EGORIES for this ALG.
1
Parameters
Context Parameters
url
host
algname
ALG Module Name
ALG Session ID
29
Page 55
2.1.49. url_reclassification_request (ID: 00200133)
Chapter 2. Log Message Reference
2.1.49. url_reclassification_request (ID: 00200133)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
HTTPALG: Reclassification request for URL <url>. Host requesting
the URL reclassification: <host>. New Category <newcat>. ALG
name: <algname>.
The user has requested a category reclassification for the URL.
allow
Disable the ALLOW_RECLASSIFICATION mode of parameter
CATEGORIES for this ALG.
1
url
host
newcat
algname
ALG Module Name
ALG Session ID
2.1.50. max_smtp_sessions_reached (ID: 00200150)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
SMTPALG: Maximum number of SMTP sessions (<max_sessions>)
for service reached. Closing connection
The maximum number of concurrent SMTP sessions has been reached
for this service. No more sessions can be opened before old sessions
have been released.
close
If the maximum number of SMTP sessions is too low, increase it.
1
max_sessions
ALG Module Name
2.1.51. maximum_email_per_minute_reached (ID:
00200151)
Default Severity
WARNING
Log Message
SMTPALG: Maximum number of e-mails per host and minute is
reached.
30
Page 56
2.1.52. failed_create_new_session (ID:
00200152)
Chapter 2. Log Message Reference
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
Client is trying to send e-mails at a rate higher than the configured
value.
session_rejected
This can be a possible DOS attack.
1
sender_email_address
ALG Module Name
2.1.52. failed_create_new_session (ID: 00200152)
Default Severity
Log Message
Explanation
Gateway Action
WARNING
SMTPALG: Failed to create new SMTPALG session (out of memory)
An attempt to create a new SMTPALG session failed, because the unit
is out of memory.
close
Recommended Action
Revision
Context Parameters
Decrease the maximum allowed SMTPALG sessions, or try to free
some of the RAM used.
1
ALG Module Name
2.1.53. avse_decompression_failed (ID: 00200154)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
WARNING
SMTPALG: Failed to decompress the file <filename>
The data sent to the deflate module failed. Data must be decompressed
before scanned by antivirus module. Fail Mode is set to deny and data
will be blocked.
block_data
Change Fail Mode parameter to allow if files that fail decompression
should be allowed without scanning.
2
Parameters
Context Parameters
filename
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.54. sender_email_id_is_in_blacklist (ID: 00200158)
31
Page 57
2.1.55. recipient_email_id_in_blacklist (ID: 00200159)
Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
SMTPALG: Sender e-mail address is in Black List
Since "MAIL FROM:" Email Id is in Black List, SMTP ALG rejected
the Client request.
reject
None.
1
sender_email_address
ALG Module Name
2.1.55. recipient_email_id_in_blacklist (ID: 00200159)
Default Severity
Log Message
Explanation
WARNING
SMTPALG: Recipient e-mail address is in Black List
Since "RCPT TO:" e-mail address is in Black List, SMTP ALG rejec-
ted the client request.
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
reject
None.
1
sender_email_address
recipient_email_addresses
ALG Module Name
2.1.56. some_recipient_email_ids_are_in_blocklist (ID:
00200160)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
WARNING
SMTPALG: Some recipients email id are in Black List
Since some "RCPT TO:" Email ids are in Black List, SMTP ALG has
blocked mail to those recipients.
reject
Emails can be forwarded only to the Non-Black List users.
Revision
Parameters
1
sender_email_address
recipient_email_addresses
32
Page 58
2.1.57. virus_found (ID: 00200165) Chapter 2. Log Message Reference
Context Parameters
ALG Module Name
2.1.57. virus_found (ID: 00200165)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
WARNING
SMTPALG: Virus found in file <filename>. Virus Name:
<virusname>. Signature: <virussig>. Advisory ID: <advisoryid>.
Received data infected with virus. The data is discarded since antivirus
is enabled.
block
None.
1
virusname
virussig
advisoryid
filename
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID
2.1.58. avse_decompression_failed (ID: 00200168)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
WARNING
SMTPALG: Failed to decompress the file <filename>
The data sent to the deflate module failed. Data must be decompressed
before scanned by antivirus module. Fail Mode is set to allow and data
will be forwarded without further scanning.
allow_data_without_scan
Change Fail Mode parameter to deny if files that fail decompression
should be blocked.
2
filename
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID
2.1.59. all_recipient_email_ids_are_in_blocklist (ID:
00200172)
33
Page 59
2.1.60. virus_found_in_audit_mode (ID: 00200173)
Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
SMTPALG: All recipients e-mail addresses are in Black List
Since "RCPT TO:" email ids are in Black List, SMTP ALG rejected
the client request.
reject
None.
1
sender_email_address
recipient_email_addresses
ALG Module Name
2.1.60. virus_found_in_audit_mode (ID: 00200173)
Default Severity
Log Message
WARNING
SMTPALG: Virus found in file <filename>. Virus Name:
<virusname>. Signature: <virussig>. Advisory ID: <advisoryid>.
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
Received data infected with virus. As virus is scanned in audit mode,
the data is allowed.
allow
Change the antivirus setting to enable if the file should be blocked.
1
virusname
virussig
advisoryid
filename
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.61. invalid_end_of_mail (ID: 00200176)
Default Severity
Log Message
WARNING
SMTPALG: Invalid end of mail "\\n.\\n" received.
Explanation
Gateway Action
The client is sending invalid end of mail. Transaction will be terminated.
block
34
Page 60
2.1.62. virus_found_in_audit_mode (ID: 00200200)
Chapter 2. Log Message Reference
Recommended Action
Revision
Parameters
Context Parameters
Research how the client is sending invalid end of mail.
1
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.62. virus_found_in_audit_mode (ID: 00200200)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
WARNING
HTTPALG: Virus found in file <filename>. Virus Name:
<virusname>. Signature:<virussig>. Advisory ID: <advisoryid>.
Received data infected with virus. As virus is scanned in audit mode,
the data is allowed.
allow
Change the antivirus setting to enable if the file should be blocked.
Revision
Parameters
Context Parameters
1
virusname
virussig
advisoryid
filename
ALG Module Name
ALG Session ID
2.1.63. illegal_chars (ID: 00200210)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
WARNING
FTPALG: 8 bit characters in control channel from <peer> not allowed.
Closing connection
8 bit characters were discovered in the control channel. This is not al-
lowed according to the FTPALG configuration, and the connection
will be closed.
close
If 8 bit characters should be allowed, modify the FTPALG configura-
tion.
Revision
Parameters
Context Parameters
1
peer
ALG Module Name
ALG Session ID
Connection
35
Page 61
2.1.64. control_chars (ID: 00200211) Chapter 2. Log Message Reference
2.1.64. control_chars (ID: 00200211)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
FTPALG: Unexpected telnet control chars in control channel from
<peer>. Closing connection
Unexpected telnet control characters were discovered in the control
channel. This is not allowed according to the FTPALG configuration,
and the connection will be closed.
close
If unknown commands should be allowed, modify the FTPALG con-
figuration.
1
peer
ALG Module Name
ALG Session ID
Connection
2.1.65. illegal_command (ID: 00200212)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
FTPALG: Failed to parse command from <peer> as a FTP command.
String=<string>. Closing connection
An invalid command was received on the control channel. This is not
allowed, and the connection will be closed.
close
If unknown commands should be allowed, modify the FTPALG con-
figuration.
1
peer
string
ALG Module Name
ALG Session ID
Connection
2.1.66. illegal_command (ID: 00200213)
Default Severity
Log Message
WARNING
FTPALG: Failed to parse command from <peer> as a FTP command.
String=<string>. Rejecting command
36
Page 62
2.1.67. port_command_disabled (ID:
00200214)
Chapter 2. Log Message Reference
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
An invalid command was received on the control channel. This is allowed, but the command will be rejected as it is not understood.
rejecting_command
If unknown commands should not be allowed, modify the FTPALG
configuration.
1
peer
string
ALG Module Name
ALG Session ID
Connection
2.1.67. port_command_disabled (ID: 00200214)
Default Severity
Log Message
WARNING
FTPALG: PORT command not allowed from <peer>. Rejecting com-
mand
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
The client tried to issue a "PORT" command, which is not valid since
the client is not allowed to do active FTP. The command will be rejected.
rejecting_command
If the client should be allowed to do active FTP, modify the FTPALG
configuration.
1
peer
ALG Module Name
ALG Session ID
Connection
2.1.68. illegal_command (ID: 00200215)
Default Severity
Log Message
WARNING
FTPALG: Failed to parse PORT parameters from <peer>.
String=<string>. Closing connection
Explanation
Gateway Action
Recommended Action
Revision
Invalid parameters to the "PORT" command were received. The connection will be closed.
close
None.
1
37
Page 63
2.1.69. illegal_command (ID:
00200219)
Chapter 2. Log Message Reference
Parameters
Context Parameters
peer
string
ALG Module Name
ALG Session ID
Connection
2.1.69. illegal_command (ID: 00200219)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
WARNING
FTPALG: SITE EXEC from <peer> not allowed, rejecting command
The client tried to issue a "SITE EXEC" command, which is not valid
since the client is not allowed to do this. The command will be rejected.
rejecting_command
If the client should be allowed to do issue "SITE EXEC" commands,
modify the FTPALG configuration.
1
Parameters
Context Parameters
peer
ALG Module Name
ALG Session ID
Connection
2.1.70. illegal_direction1 (ID: 00200220)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
WARNING
FTPALG: Illegal direction for command(1), peer=<peer>. Closing
connection.
A command was sent in an invalid direction, and the connection will
be closed.
close
None.
1
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection
2.1.71. illegal_direction2 (ID: 00200221)
38
Page 64
2.1.72. illegal_option (ID: 00200222) Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
FTPALG: Illegal direction for command(2), peer=<peer>. Closing
connection.
A command was sent in an invalid direction, and the connection will
be closed.
close
None.
1
peer
ALG Module Name
ALG Session ID
Connection
2.1.72. illegal_option (ID: 00200222)
Default Severity
WARNING
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
FTPALG: Invalid OPTS argument from <peer>. String=<string>. Rejecting command.
An invalid OPTS argument was received. The argument does not start
with an alphabetic letter, and the command will be rejected.
rejecting_command
None.
1
peer
string
ALG Module Name
ALG Session ID
Connection
2.1.73. illegal_option (ID: 00200223)
Default Severity
Log Message
WARNING
FTPALG: Disallowed OPTS argument from <peer>. String:<string>.
Rejecting command.
Explanation
Gateway Action
Recommended Action
A disallowed OPTS argument was received, and the command will be
rejected.
rejecting_command
None.
39
Page 65
2.1.74. unknown_option (ID:
00200224)
Chapter 2. Log Message Reference
Revision
Parameters
Context Parameters
1
peer
string
ALG Module Name
ALG Session ID
Connection
2.1.74. unknown_option (ID: 00200224)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
WARNING
FTPALG: Unknown OPTS argument from <peer>. String=<string>.
Rejecting command.
An unknown OPTS argument was received, and the command will be
rejected.
rejecting_command
If unknown commands should be allowed, modify the FTPALG con-
figuration.
Revision
Parameters
Context Parameters
1
peer
string
ALG Module Name
ALG Session ID
Connection
2.1.75. illegal_command (ID: 00200225)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
WARNING
FTPALG: Illegal command from <peer>. String=<string>. Rejecting
command.
An illegal command was received, and the command will be rejected.
rejecting_command
None.
1
Parameters
Context Parameters
peer
string
ALG Module Name
ALG Session ID
Connection
2.1.76. unknown_command (ID: 00200226)
40
Page 66
2.1.77. illegal_reply (ID: 00200228) Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
FTPALG: Unknown command from <peer>. String=<string>. Reject-
ing command.
An unknown command was received, and the command will be rejec-
ted.
rejecting_command
If unknown commands should be allowed, modify the FTPALG con-
figuration.
1
peer
string
ALG Module Name
ALG Session ID
Connection
2.1.77. illegal_reply (ID: 00200228)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
FTPALG: Illegal numerical reply (<reply>) from <peer>.
String=<string>. Closing connection.
An illegal numerical reply was received from server, and the connec-
tion will be closed.
close
None.
1
peer
reply
string
ALG Module Name
ALG Session ID
Connection
2.1.78. illegal_reply (ID: 00200230)
Default Severity
Log Message
Explanation
WARNING
FTPALG: Illegal multiline response (<reply>) from <peer>.
String=<string>. Closing connection.
An illegal multiline response was received from server, and the con-
nection will be closed.
41
Page 67
2.1.79. illegal_reply (ID: 00200231) Chapter 2. Log Message Reference
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
close
None.
1
peer
reply
string
ALG Module Name
ALG Session ID
Connection
2.1.79. illegal_reply (ID: 00200231)
Default Severity
Log Message
Explanation
WARNING
FTPALG: Unsolicted 227 (passive mode) response from <peer>.
String=<string>. Closing connection.
An illegal response was received from the server, and the connection is
closed.
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
close
None.
1
peer
string
ALG Module Name
ALG Session ID
Connection
2.1.80. illegal_reply (ID: 00200232)
Default Severity
Log Message
Explanation
Gateway Action
WARNING
FTPALG: Reply 229 (extended passive mode) from <peer> is not al-
lowed. String=<string>. Closing connection.
An illegal response was received from the server, and the connection is
closed.
close
Recommended Action
Revision
Parameters
Context Parameters
None.
1
peer
string
ALG Module Name
42
Page 68
2.1.81. failed_to_send_port (ID:
00200237)
ALG Session ID
Connection
2.1.81. failed_to_send_port (ID: 00200237)
Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
FTPALG: Failed to send port. Peer=<peer>
An error occured when trying to send the "PORT" command to the
server.
None
None.
1
peer
ALG Module Name
ALG Session ID
Connection
2.1.82. max_ftp_sessions_reached (ID: 00200241)
Default Severity
Log Message
WARNING
FTPALG: Maximum number of FTP sessions (<max_sessions>) for
service reached. Closing connection
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
The maximum number of concurrent FTP sessions has been reached
for this service. No more sessions can be opened before old sessions
have been released.
close
If the maximum number of FTP sessions is too low, increase it.
1
max_sessions
ALG Module Name
2.1.83. resumed_compressed_file_transfer (ID: 00200252)
Default Severity
Log Message
Explanation
WARNING
FTPALG: The file <filename> (File type: <filetype> ) cannot be sent
to antivirus scan engine.
The data cannot be sent to AVSE for scanning since file transfer be-
gins from within the middle of the file. The scanning process will fail
43
Page 69
2.1.84. resumed_compressed_file_tra nsfer (ID: 00200254)
for compressed files.
Chapter 2. Log Message Reference
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
data_blocked_control_and_data_channel_closed
Change fail mode setting to allow, if resumed file transfers of com-
pressed files should be allowed.
2
filename
filetype
ALG Module Name
ALG Session ID
2.1.84. resumed_compressed_file_transfer (ID: 00200254)
Default Severity
Log Message
Explanation
WARNING
FTPALG: The file <filename> (File type: <filetype> ) cannot be sent
to antivirus scan engine.
Decompression module cannot decompress a file that has been re-
sumed. The file is allowed without any firther scanning since Fail
Mode is Allow.
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
allow_data_without_scan
Update Fail-Mode parameter if the file should be blocked.
2
filename
filetype
ALG Module Name
ALG Session ID
2.1.85. virus_found (ID: 00200259)
Default Severity
Log Message
Explanation
Gateway Action
WARNING
FTPALG: Virus found in file <filename>. Virus Name: <virusname>.
Signature: <virussig>. Advisory ID: <advisoryid>.
Data infected with virus. The data is discarded since antivirus is en-
abled. The control and data channels are closed. Client needs to reconnect.
data_blocked_control_and_data_channel_closed
Recommended Action
Revision
Parameters
None.
2
filename
virusname
44
Page 70
2.1.86. illegal_command (ID:
00200267)
Chapter 2. Log Message Reference
virussig
advisoryid
Context Parameters
ALG Module Name
ALG Session ID
2.1.86. illegal_command (ID: 00200267)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
FTPALG: REST from <peer> not allowed, rejecting command
The client tried to issue a "REST" command, which is not valid since
the client is not allowed to do this. The command will be rejected.
rejecting_command
If the client should be allowed to do issue "REST" commands, modify
the FTPALG configuration.
1
filename
peer
ALG Module Name
ALG Session ID
Connection
2.1.87. compression_ratio_violation (ID: 00200269)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
FTPALG: Compression ratio violation for file <filename>. Compres-
sion ratio threshold: <comp_ratio>
Antivirus has scanned a compresed file with a compression ratio high-
er than the specified value. Action is set to deny.
data_blocked_control_and_data_channel_closed
Files with too high compression ratio can consume large amount of re-
sources. This can be a DOS attack.
1
filename
comp_ratio
ALG Module Name
ALG Session ID
2.1.88. compression_ratio_violation (ID: 00200270)
45
Page 71
2.1.89. compression_ratio_violation (ID: 00200271)
Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
FTPALG: Compression ratio violation for file <filename>. Compres-
sion ratio threshold: <comp_ratio>
Antivirus has scanned a compresed file with a compression ratio high-
er than the specified value. Action is set to continue scan.
continue_scan
Files with too high compression ratio can consume large amount of re-
sources. This can be a DOS attack.
1
filename
comp_ratio
ALG Module Name
ALG Session ID
2.1.89. compression_ratio_violation (ID: 00200271)
Default Severity
WARNING
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
FTPALG: Compression ratio violation for file <filename>. Compression ratio threshold: <comp_ratio>
Antivirus has scanned a compresed file with a compression ratio higher than the specified value. Action is set to allow without scan.
abort_scan
Files with too high compression ratio can consume large amount of re-
sources. This can be a DOS attack.
1
filename
comp_ratio
ALG Module Name
ALG Session ID
2.1.90. virus_found_in_audit_mode (ID: 00200272)
Default Severity
Log Message
WARNING
FTPALG: Virus found in file <filename>. Virus Name: <virusname>.
Signature: <virussig>. Advisory ID: <advisoryid>.
Explanation
Gateway Action
Recommended Action
Received data infected with virus. As virus is scanned in audit mode,
the data is allowed.
allow
Change the antivirus setting to enable if the file should be blocked.
46
Page 72
2.1.91. compression_ratio_violation (ID: 00200273)
Chapter 2. Log Message Reference
Revision
Parameters
Context Parameters
2
filename
virusname
virussig
advisoryid
ALG Module Name
ALG Session ID
2.1.91. compression_ratio_violation (ID: 00200273)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
WARNING
HTTPALG: Compression ratio violation for file <filename>. Com-
pression ratio threshold: <comp_ratio>
Antivirus has scanned a compresed file with a compression ratio high-
er than the specified value. Action is set to deny.
block_data
Files with too high compression ratio can consume large amount of re-
sources. This can be a DOS attack.
Revision
Parameters
Context Parameters
1
filename
comp_ratio
ALG Module Name
ALG Session ID
2.1.92. compression_ratio_violation (ID: 00200274)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
WARNING
HTTPALG: Compression ratio violation for file <filename>. Com-
pression ratio threshold: <comp_ratio>
Antivirus has scanned a compresed file with a compression ratio high-
er than the specified value. Action is set to continue scan.
continue_scan
Files with too high compression ratio can consume large amount of re-
sources. This can be a DOS attack.
1
Parameters
Context Parameters
filename
comp_ratio
ALG Module Name
ALG Session ID
47
Page 73
2.1.94. compression_ratio_violation (ID: 00200276)
Chapter 2. Log Message Reference
2.1.93. compression_ratio_violation (ID: 00200275)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
HTTPALG: Compression ratio violation for file <filename>. Com-
pression ratio threshold: <comp_ratio>
Antivirus has scanned a compresed file with a compression ratio high-
er than the specified value. Action is set to allow without scan.
abort_scan
Files with too high compression ratio can consume large amount of re-
sources. This can be a DOS attack.
1
filename
comp_ratio
ALG Module Name
ALG Session ID
2.1.94. compression_ratio_violation (ID: 00200276)
Default Severity
WARNING
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
SMTPALG: Compression ratio violation for file <filename>. Compression ratio threshold: <comp_ratio>
Antivirus has scanned a compresed file with a compression ratio higher than the specified value. Action is set to deny.
block_data
Files with too high compression ratio can consume large amount of re-
sources. This can be a DOS attack.
1
filename
sender_email_address
recipient_email_addresses
comp_ratio
ALG Module Name
ALG Session ID
2.1.95. compression_ratio_violation (ID: 00200277)
Default Severity
WARNING
Log Message
Explanation
SMTPALG: Compression ratio violation for file <filename>. Compression ratio threshold: <comp_ratio>
Antivirus has scanned a compresed file with a compression ratio high-
48
Page 74
2.1.96. compression_ratio_violation (ID: 00200278)
Chapter 2. Log Message Reference
er than the specified value. Action is set to continue scan.
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
continue_scan
Files with too high compression ratio can consume large amount of re-
sources. This can be a DOS attack.
1
filename
sender_email_address
recipient_email_addresses
comp_ratio
ALG Module Name
ALG Session ID
2.1.96. compression_ratio_violation (ID: 00200278)
Default Severity
Log Message
Explanation
WARNING
SMTPALG: Compression ratio violation for file <filename>. Com-
pression ratio threshold: <comp_ratio>
Antivirus has scanned a compresed file with a compression ratio high-
er than the specified value. Action is set to allow without scan.
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
abort_scan
Files with too high compression ratio can consume large amount of re-
sources. This can be a DOS attack.
1
filename
sender_email_address
recipient_email_addresses
comp_ratio
ALG Module Name
ALG Session ID
2.1.97. unknown_state (ID: 00200300)
Default Severity
Log Message
Explanation
WARNING
H323ALG: H.225 parser is in unknown state
The H.225 parser failed to parse the H.225 message. The ALG session
will be closed.
Gateway Action
Recommended Action
Revision
None
None.
1
49
Page 75
2.1.98. invalid_message (ID:
00200301)
Chapter 2. Log Message Reference
Parameters
Context Parameters
peer
state
ALG Module Name
ALG Session ID
Connection
2.1.98. invalid_message (ID: 00200301)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
WARNING
H323ALG: An invalid message was received from peer
An invalid message was received from the peer. The ALG session will
be closed.
None
None.
1
peer
message
state
Context Parameters
ALG Module Name
ALG Session ID
Connection
2.1.99. decode_failed (ID: 00200302)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
H323ALG: Decoding of message from peer failed. Closing session
The H.225 parser failed to decode the H.225 message. The ALG ses-
sion will be closed.
close
None.
1
peer
message_type
ALG Module Name
ALG Session ID
Connection
2.1.100. encode_failed (ID: 00200303)
50
Page 76
2.1.101. encode_failed (ID: 00200304) Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
H323ALG: Encoding of message from peer failed. Closing session
The ASN.1 encoder failed to encode the message. The ALG session
will be closed.
close
None.
1
peer
message_type
ALG Module Name
ALG Session ID
Connection
2.1.101. encode_failed (ID: 00200304)
Default Severity
WARNING
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
H323ALG: Failed before encoding message from peer. Closing session
The ASN.1 encoder failed to allocate memory used for encoding of the
message. The ALG session will be closed.
close
None.
1
peer
message_type
ALG Module Name
ALG Session ID
Connection
2.1.102. encode_failed (ID: 00200305)
Default Severity
Log Message
WARNING
H323ALG: Failed after encoding message from peer. Closing session
Explanation
Gateway Action
Recommended Action
Revision
The ASN.1 encoder failed to encode the message properly. The ALG
session will be closed.
close
None.
1
51
Page 77
2.1.103. decode_failed (ID: 00200306) Chapter 2. Log Message Reference
Parameters
Context Parameters
peer
message_type
ALG Module Name
ALG Session ID
Connection
2.1.103. decode_failed (ID: 00200306)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
WARNING
H323ALG: Failed before encoding H.245 message. Closing connec-
tion
The H.245 encoder failed to allocate memory used for encoding of the
message. The ALG session will be closed.
close
None.
1
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection
2.1.104. encode_failed (ID: 00200307)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
H323ALG: Failed after encoding H.245 message. Closing connection
The H.245 encoder failed to encode the message. The ALG session
will be closed.
close
None.
1
peer
ALG Module Name
ALG Session ID
Connection
2.1.105. max_tcp_data_connections_exceeded (ID:
00200308)
52
Page 78
2.1.106. max_connections_per_call_e xceeded (ID: 00200309)
Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
H323ALG: Maximum number of TCP data channels exceeded
The maximum number of concurrent TCP data channels has been
reached for this session.
None
If the maximum number of TCP data channels per session is too low,
increase it.
1
max_channels
ALG Module Name
ALG Session ID
Connection
2.1.106. max_connections_per_call_exceeded (ID:
00200309)
Default Severity
WARNING
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
H323ALG: No more connections allowed for this call
The maximum number of concurrent logical channels (calls) has been
reached for this session.
None
If the maximum number of concurrent logical channels (calls) per ses-
sion is too low, increase it.
1
max_connections
ALG Module Name
ALG Session ID
Connection
2.1.107. ignoring_channel (ID: 00200310)
Default Severity
Log Message
WARNING
H323ALG: Ignoring mediaChannel info in openLogicalChannel
Explanation
Gateway Action
Recommended Action
Revision
Media channel information in the openLogicalChannel message is not
handled.
None
None.
1
53
Page 79
2.1.108. com_mode_response_messa ge_not_translated (ID: 00200311)
Chapter 2. Log Message Reference
Parameters
Context Parameters
peer
ALG Module Name
ALG Session ID
Connection
2.1.108. com_mode_response_message_not_translated
(ID: 00200311)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
H323ALG: CommunicationModeResponse not translated.
The H.245 Communication Mode Response message is not translated.
None
None.
2
peer
ALG Module Name
ALG Session ID
Connection
2.1.109. max_h323_session_reached (ID: 00200312)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
H323ALG: Maximum number of H.323 sessions (<max_sessions>)
for service reached. Closing connection.
The maximum number of concurrent H.323 sessions has been reached
for this service. No more sessions can be opened before old sessions
have been released.
close
If the maximum number of H.323 session is too low, increase it.
1
max_sessions
ALG Module Name
2.1.110. failed_create_new_session (ID: 00200313)
Default Severity
Log Message
WARNING
H323ALG: Failed to create new H.323 session (out of memory)
54
Page 80
2.1.111. max_h323_gk_sessions_reac hed (ID: 00200314)
Chapter 2. Log Message Reference
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
Could not create a new H.323 session due to lack of memory. No more
sessions can be created unless the system increases the amount of free
memory.
close
None.
1
ALG Module Name
2.1.111. max_h323_gk_sessions_reached (ID: 00200314)
Default Severity
Log Message
Explanation
Gateway Action
WARNING
H323ALG: Maximum number of H.323 gatekeeper sessions for ser-
vice reached
The maximum number of concurrent H.323 gatekeeper sessions has
been reached for this service. Connection will be closed.
close
Recommended Action
Revision
Parameters
Context Parameters
If the maximum number of concurrent H.323 gatekeeper sessions is
too low, increase it.
1
max_sessions
ALG Module Name
2.1.112. failed_create_new_session (ID: 00200315)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
WARNING
H323ALG: Failed to create new gatekeeper session (out of memory)
Could not create a new H.323 gatekeeper session due to lack of
memory. No more sessions can be created unless the system increases
the amount of free memory.
close
None.
1
Context Parameters
ALG Module Name
2.1.113. com_mode_command_message_not_translated (ID: 00200317)
55
Page 81
2.1.114. content_type_mismatch (ID:
00200113)
Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
WARNING
H323ALG: CommunicationModeCommand not translated.
The H.245 Communication Mode Command message is not translated.
None
None.
1
peer
ALG Module Name
ALG Session ID
Connection
2.1.114. content_type_mismatch (ID: 00200113)
Default Severity
Log Message
NOTICE
HTTPALG: Content type mismatch in file <filename>. Identified file-
type <filetype>
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
The filetype of the file does not match the actual content type. As there
is a content type mismatch, data is discarded.
block_data
None.
1
filename
filetype
contenttype
ALG Module Name
ALG Session ID
2.1.115. blocked_filetype (ID: 00200117)
Default Severity
Log Message
Explanation
NOTICE
HTTPALG: Requested file:<filename> is blocked as this file is identi-
fied as type <filetype>, which is in block list.
The file is present in the block list. It will be blocked as per configura-
tion.
Gateway Action
Recommended Action
Revision
block
If this file should be allowed, update the ALLOW/BLOCK list.
2
56
Page 82
2.1.116. avscan_excluded_file (ID:
00200118)
Chapter 2. Log Message Reference
Parameters
Context Parameters
filename
filetype
ALG Module Name
ALG Session ID
2.1.116. avscan_excluded_file (ID: 00200118)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
NOTICE
HTTPALG: File <filename> not scanned. Identified filetype:
<filetype>. File type is present in virus scan exclude list
The file will not be scanned for virus as per configuration. Allowing
data without any virus scanning.
allow_data_without_scan
None.
2
filename
filetype
Context Parameters
ALG Module Name
ALG Session ID
2.1.117. request_url (ID: 00200125)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
NOTICE
HTTPALG: Requesting URL <url>. Categories: <categories>. Host
requesting URL: <host>. Audit: <audit>. Override: <override>. ALG
name: <algname>.
The URL has been requested.
allow
None.
1
url
categories
host
audit
override
algname
Context Parameters
ALG Module Name
ALG Session ID
2.1.118. request_url (ID: 00200126)
57
Page 83
2.1.119. sender_email_id_mismatched (ID: 00200157)
Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
NOTICE
HTTPALG: Requesting URL <url>. Categories: <categories>. Host
requesting URL: <host>. Audit: <audit>. Override: <override>. ALG
name: <algname>.
The URL has been requested.
block
None.
1
url
categories
host
audit
override
algname
ALG Module Name
ALG Session ID
2.1.119. sender_email_id_mismatched (ID: 00200157)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
NOTICE
SMTPALG: Sender EmailId is Mismatched!
Since "MAIL FROM:" Email Id and "From:" header are not same. So
we are freeing the session and closing the connection.
reject
Send Email only if both "MAIL FROM:" and "From:" are same.
1
sender_email_address
recipient_email_addresses
ALG Module Name
2.1.120. avscan_excluded_file (ID: 00200161)
Default Severity
Log Message
NOTICE
SMTPALG: File <filename> not scanned. Identified filetype:
<filetype>. File type is present in virus scan exclude list
Explanation
Gateway Action
The file will not be scanned for virus as per configuration. Allowing
data without any virus scanning.
allow_data_without_scan
58
Page 84
2.1.121. blocked_filetype (ID:
00200166)
Chapter 2. Log Message Reference
Recommended Action
Revision
Parameters
Context Parameters
None.
2
filename
filetype
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.121. blocked_filetype (ID: 00200166)
Default Severity
Log Message
Explanation
Gateway Action
NOTICE
SMTPALG: Requested file:<filename> is blocked as this file is identi-
fied as type <filetype>, which is in block list.
The file is present in the block list. It will be blocked as per configura-
tion.
block
Recommended Action
Revision
Parameters
Context Parameters
If this file should be allowed, update the ALLOW/BLOCK list.
2
filename
filetype
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.122. content_type_mismatch (ID: 00200167)
Default Severity
Log Message
Explanation
Gateway Action
NOTICE
SMTPALG: Content type mismatch in file <filename>. Identified file-
type <filetype>
The filetype of the file does not match the actual content type. As there
is a content type mismatch, data is discarded.
block_data
Recommended Action
Revision
Parameters
None.
2
filename
filetype
sender_email_address
recipient_email_addresses
59
Page 85
2.1.123. content_type_mismatch_mim echeck_disabled (ID: 00200171)
Chapter 2. Log Message Reference
Context Parameters
ALG Module Name
2.1.123. content_type_mismatch_mimecheck_disabled (ID:
00200171)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
NOTICE
SMTPALG: Content type mismatch found for the file <filename>. It is
identified as type <filetype> file
Received type of data in the packet and its actual type do not match.
As there is a mismatch and mime type check is disabled, the data will
be allowed.
allow
Content type should be matched.
2
filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
2.1.124. unknown_encoding (ID: 00200181)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
NOTICE
SMTPALG: Content transfer encoding is unknown or not present
Antivirus module cannot scan the attachment since the transfer encod-
ing is missing or unknown. Fail Mode is deny so data is blocked.
block_data
None.
1
filename
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.125. unknown_encoding (ID: 00200182)
Default Severity
NOTICE
60
Page 86
2.1.126. content_type_mismatch (ID:
00200250)
Chapter 2. Log Message Reference
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
SMTPALG: Content transfer encoding is unknown or not present.
Antivirus module cannot scan the attachment since the transfer encod-
ing is missing or unknown. Fail Mode is allow so data is allowed
without scanning.
allow_data_without_scan
Research the Content Transfer Encoding format.
1
filename
sender_email_address
recipient_email_addresses
ALG Module Name
ALG Session ID
2.1.126. content_type_mismatch (ID: 00200250)
Default Severity
Log Message
NOTICE
FTPALG: Content type mismatch in file <filename>. Identified file-
type <filetype>
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
The filetype of the file does not match the actual content type. As there
is a content type mismatch, data is discarded.
data_blocked_control_and_data_channel_closed
None.
1
filename
filetype
ALG Module Name
ALG Session ID
2.1.127. failed_to_send_command (ID: 00200251)
Default Severity
Log Message
Explanation
Gateway Action
NOTICE
FTPALG:Failed to send the command.
The command sent by the ALG to the server could not be sent.
none
Recommended Action
Revision
Context Parameters
None.
1
ALG Module Name
61
Page 87
2.1.128. blocked_filetype (ID:
00200253)
2.1.128. blocked_filetype (ID: 00200253)
Chapter 2. Log Message Reference
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
NOTICE
FTPALG: Requested file:<filename> is blocked as this file is identi-
fied as type <filetype>, which is in block list.
The file is present in the block list. It will be blocked as per configura-
tion.
data_blocked_control_and_data_channel_closed
If this file should be allowed, update the ALLOW/BLOCK list.
2
filename
filetype
ALG Module Name
ALG Session ID
2.1.129. failed_to_send_response_code (ID: 00200255)
Default Severity
NOTICE
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
FTPALG:Failed to send the response code.
The FTP ALG could not send the correct response code to the client.
none
None.
1
ALG Module Name
2.1.130. avscan_excluded_file (ID: 00200256)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
NOTICE
FTPALG: File <filename> not scanned. Identified filetype: <filetype>.
File type is present in virus scan exclude list
The file will not be scanned for virus as per configuration. Allowing
data without any virus scanning.
allow_data_without_scan
None.
Revision
Parameters
2
filename
62
Page 88
2.1.131. avse_decompression_failed (ID: 00200262)
Chapter 2. Log Message Reference
filetype
Context Parameters
ALG Module Name
ALG Session ID
2.1.131. avse_decompression_failed (ID: 00200262)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
NOTICE
FTPALG: Failed to decompress the file <filename>
The data sent to the deflate module failed. Data must be decompressed
before scanned by antivirus module. Fail Mode is set to allow and data
will be forwarded without further scanning.
allow_data_without_scan
Change Fail Mode parameter to deny if files that fail decompression
should be blocked.
1
filename
ALG Module Name
ALG Session ID
2.1.132. alg_session_open (ID: 00200001)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
INFORMATIONAL
ALG session opened
A new ALG session has been opened.
None
None.
1
ALG Module Name
ALG Session ID
Connection
2.1.133. alg_session_closed (ID: 00200002)
Default Severity
INFORMATIONAL
Log Message
Explanation
Gateway Action
ALG session closed
An ALG session has been closed.
None
63
Page 89
2.1.134. hybrid_data (ID: 00200205) Chapter 2. Log Message Reference
Recommended Action
Revision
Context Parameters
None.
1
ALG Module Name
ALG Session ID
2.1.134. hybrid_data (ID: 00200205)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
INFORMATIONAL
FTPALG: Hybrid data channel closed
A hybrid data channel was closed.
None
None.
1
ALG Module Name
ALG Session ID
Rule Information
Connection
2.1.135. hybrid_data (ID: 00200206)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
INFORMATIONAL
FTPALG: Hybrid connection made
A hybrid connection was successfully created.
None
None.
1
ALG Module Name
ALG Session ID
Rule Information
Connection
2.1.136. hybrid_data (ID: 00200209)
Default Severity
INFORMATIONAL
Log Message
Explanation
Gateway Action
FTPALG: Hybrid data channel closed
A hybrid data channel was closed.
None
64
Page 90
2.1.136. hybrid_data (ID: 00200209) Chapter 2. Log Message Reference
Recommended Action
Revision
Context Parameters
None.
1
ALG Module Name
ALG Session ID
Rule Information
Connection
65
Page 91
2.2. ARP Chapter 2. Log Message Reference
2.2. ARP
These log messages refer to the ARP (ARP events) category.
2.2.1. invalid_arp_sender_ip_address (ID: 00300049)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
WARNING
Failed to verify ARP sender IP address. Dropping
The ARP sender IP address could not be verfied according to the "ac-
cess" section, and the packet is dropped.
drop
If all ARP sender IP addresses should be accepted without validation,
modify the configuration.
1
Rule Name
Packet Buffer
2.2.2. arp_response_broadcast_drop (ID: 00300052)
Default Severity
Log Message
Explanation
WARNING
ARP response is a broadcast address. Dropping
The ARP response has a sender address which is a broadcast address.
Dropping packet.
Gateway Action
Recommended Action
Revision
Context Parameters
drop
If this is not the desired behaviour, modify the configuration.
1
Rule Name
Packet Buffer
2.2.3. arp_collides_with_static (ID: 00300054)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
WARNING
Known entry is <knowntype> <knownip>=<knownhw>. Dropping
The hardware sender address does not match the static entry in the
ARP table. Static ARP changes are not allowed. Dropping packet.
drop
If this is not the desired behaviour, modify the configuration.
66
Page 92
2.2.4. already_exists (ID: 00300001) Chapter 2. Log Message Reference
Revision
Parameters
Context Parameters
1
reason
knowntype
knownip
knownhw
Rule Name
Packet Buffer
2.2.4. already_exists (ID: 00300001)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
NOTICE
An entry for this IP address already exists
The entry was not added as a previous entry for this IP address already
exists in the ARP table.
drop
None.
1
Context Parameters
Rule Name
Packet Buffer
2.2.5. no_sender_ip (ID: 00300002)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
NOTICE
ARP query sender IP is 0.0.0.0
The source IP-address of an ARP query is 0.0.0.0. Allowing.
allow
If this is not the desired behaviour, modify the configuration.
1
Rule Name
Packet Buffer
2.2.6. no_sender_ip (ID: 00300003)
Default Severity
Log Message
Explanation
Gateway Action
NOTICE
ARP query sender IP is 0.0.0.0. Dropping
The source IP-address of an ARP query is 0.0.0.0. Dropping packet.
drop
67
Page 93
2.2.7. arp_response_broadcast (ID:
00300004)
Chapter 2. Log Message Reference
Recommended Action
Revision
Context Parameters
If this is not the desired behaviour, modify the configuration.
1
Rule Name
Packet Buffer
2.2.7. arp_response_broadcast (ID: 00300004)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
NOTICE
ARP response is a broadcast address
The ARP response has a sender address which is a broadcast address.
Allowing.
allow
If this is not the desired behaviour, modify the configuration.
1
Rule Name
Packet Buffer
2.2.8. arp_response_multicast (ID: 00300005)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
NOTICE
ARP response is a multicast address
The ARP response has a sender address which is a multicast address.
This might be the case if there are load balancing network equipment
in the network. Allowing.
allow
If this is not the desired behaviour, modify the configuration.
1
Rule Name
Packet Buffer
2.2.9. mismatching_hwaddrs (ID: 00300006)
Default Severity
NOTICE
Log Message
Explanation
Gateway Action
ARP hw sender does not match Ethernet hw sender
The hardware sender address specified in the ARP data does not match
the Ethernet hardware sender address. Allowing.
allow
68
Page 94
2.2.10. mismatching_hwaddrs_drop (ID: 00300007)
Chapter 2. Log Message Reference
Recommended Action
Revision
Context Parameters
If this is not the desired behaviour, modify the configuration.
1
Rule Name
Packet Buffer
2.2.10. mismatching_hwaddrs_drop (ID: 00300007)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
NOTICE
ARP hw sender does not match Ethernet hw sender. Dropping
The hardware sender address specified in the ARP data does not match
the Ethernet hardware sender address. Dropping packet.
drop
If this is not the desired behaviour, modify the configuration.
1
Rule Name
Packet Buffer
2.2.11. hwaddr_change (ID: 00300008)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
NOTICE
<knownip> has a different address <newhw> compared to the known
hardware address <knownhw>. Allow packet for further processing.
A known dynamic ARP entry has a different hardware address than the
one in the ARP packet. Allowing packet for further processing.
allow_processing
If this is not the desired behaviour, modify the configuration.
1
knownip
knownhw
newhw
Rule Name
Packet Buffer
2.2.12. arp_cache_size_limit_reached (ID: 00300030)
Default Severity
Log Message
NOTICE
ARP cache size limit reached
69
Page 95
2.2.13. arp_access_allowed_expect (ID: 00300050)
Chapter 2. Log Message Reference
Explanation
Gateway Action
Recommended Action
Revision
Parameters
The ARP cache size limit has been reached. Current license limit is
[limit].
None
Update your license to allow a greater amount of concurrent ARP
entries.
1
limit
2.2.13. arp_access_allowed_expect (ID: 00300050)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
NOTICE
Allowed by expect rule in access section
The ARP sender IP address is verified by an expect rule in the access
section.
access_allow
None.
Revision
Context Parameters
1
Rule Name
Packet Buffer
2.2.14. impossible_hw_address (ID: 00300051)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
NOTICE
Impossible hardware address 0000:0000:0000 in ARP response. Drop-
ping
The ARP response has sender hardware address 0000:0000:0000,
which is illegal. Dropping packet.
drop
Verify that no fault network equipment exists.
1
Rule Name
Packet Buffer
2.2.15. arp_response_multicast_drop (ID: 00300053)
Default Severity
Log Message
NOTICE
ARP response is a multicast address. Dropping
70
Page 96
2.2.16. hwaddr_change_drop (ID:
00300055)
Chapter 2. Log Message Reference
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
The ARP response has a sender address which is a multicast address.
This might be the case if there are load balancing network equipment
in the network. Dropping packet.
drop
If this is not the desired behaviour, modify the configuration.
1
Rule Name
Packet Buffer
2.2.16. hwaddr_change_drop (ID: 00300055)
Default Severity
Log Message
Explanation
Gateway Action
NOTICE
<knownip> has a different address <newhw> compared to the known
hardware address <knownhw>. Dropping packet.
A known dynamic ARP entry has a different hardware address than the
one in the ARP packet. Dropping packet.
drop
Recommended Action
Revision
Parameters
Context Parameters
If this is not the desired behaviour, modify the configuration.
1
knownip
knownhw
newhw
Rule Name
Packet Buffer
71
Page 97
2.3. AVSE Chapter 2. Log Message Reference
2.3. AVSE
These log messages refer to the AVSE (Events from Anti Virus Scan Engine) category.
2.3.1. failed_to_allocate_memory (ID: 05100304)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
ERROR
AVSE: Memory usage for virus scanning subsystem is exceeding the
limit(out of memory)
An attempt to allocate memory failed, because the subsystem is ex-
ceeding the allocated memory limit.
close
Try to free some of the memory used.
1
2.3.2. no_signature_database (ID: 05100306)
Default Severity
Log Message
Explanation
Gateway Action
ERROR
AVSE: Virus scanning aborted. No virus signatures present.
Antivirus scanning is aborted since there is no local antivirus signature
database.
av_scanning_denied
Recommended Action
Revision
Context Parameters
Connect your gateway to the Internet and download the antivirus database or configure automatic updates of antivirus.
1
ALG Session ID
2.3.3. general_engine_error (ID: 05100307)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
ERROR
AVSE: Virus scanning aborted. General error occured during initializ-
ation.
Antivirus scanning is aborted since the scan engine returned a general
error during initialization.
av_scanning_aborted
Try to restart the unit in order to solve this issue.
1
72
Page 98
2.3.4. out_of_memory (ID: 05100308) Chapter 2. Log Message Reference
Context Parameters
ALG Session ID
2.3.4. out_of_memory (ID: 05100308)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Context Parameters
ERROR
AVSE: Virus scanning aborted. Out of memory during initialization.
Antivirus scanning is aborted since the scan engine run out of memory
during initialization.
av_scanning_denied
Review your configuration in order to free up more RAM.
1
ALG Session ID
2.3.5. failed_to_allocate_memory (ID: 05100303)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
WARNING
AVSE: Memory usage for virus scanning subsystem is exceeding the
limit(out of memory)
An attempt to allocate memory failed, because the subsystem is ex-
ceeding the allocated memory limit.
close
Try to free some of the memory used.
1
2.3.6. no_valid_license (ID: 05100305)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
WARNING
AVSE: Virus scanning aborted. No valid license present.
Antivirus scanning is aborted since there is no valid license present.
av_scanning_aborted
If antivirus scanning is wanted, you must get a valid license with anti-
virus capabilities. Antivirus scanning can be turned off in order to
avoid future postings of this log message.
Revision
Context Parameters
1
ALG Session ID
73
Page 99
2.4. AVUPDATE Chapter 2. Log Message Reference
2.4. AVUPDATE
These log messages refer to the AVUPDATE (Antivirus Signature update) category.
2.4.1. av_db_update_failure (ID: 05000001)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
ALERT
Update of the Antivirus database failed, because of <reason>
The unit tried to update the Antivirus database, but failed. The reason
for this is specified in the "reason" parameter.
None
None.
1
reason
2.4.2. av_detects_invalid_system_time (ID: 05000005)
Default Severity
Log Message
Explanation
ERROR
System clock is not properly set. Invalid date (<date>) in antivirus sig-
nature file. Antivirus Disabled
The system clock is not up to date. The system clock must be set cor-
rectly in order to use the antivirus features. Antivirus features remains
disabled until clock is correct and a manual antivirus update has been
performed.
Gateway Action
Recommended Action
Revision
Parameters
antivirus_disabled
Check and set the system time correct and perform a manual antivirus
update.
1
date
2.4.3. av_database_downloaded (ID: 05000002)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
NOTICE
New Antivirus database downloaded
An updated version of the Antivirus database has been downloaded,
which will now be used.
using_new_database
None.
74
Page 100
2.4.4. av_db_already_up_to_date (ID:
05000003)
Chapter 2. Log Message Reference
Revision
2
2.4.4. av_db_already_up_to_date (ID: 05000003)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
NOTICE
Antivirus database is up-to-date
The current Antivirus database is up-to-date, and does not need to be
updated.
None
None.
1
2.4.5. av_db_update_denied (ID: 05000004)
Default Severity
NOTICE
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Antivirus database could not be updated, as no valid subscription exist
The current license does not allow the Antivirus database to be up-
dated.
None
Check the system's time and/or purchase a subscription.
1
2.4.6. downloading_new_database (ID: 05000007)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
NOTICE
Downloading new antivirus database
A new antivirus database is availible. The database is being down-
loaded.
downloading_new_database
None.
1
75
Loading...