SonicOS Combined Log Event Reference Guide

Transcription

1 SonicOS Combined Log Event Reference Guide 1

2 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death Dell Inc. Trademarks: Dell, the DELL logo, SonicWALL, SonicWALL GMS, SonicWALL Analyzer, Reassembly-Free Deep Packet Inspection, Dynamic Security for the Global Network, SonicWALL Clean VPN, SonicWALL Clean Wireless, SonicWALL Comprehensive Gateway Security Suite, SonicWALL Mobile Connect, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc P/N Rev. C

3 Overview This reference guide lists and describes SonicOS log event messages for SonicOS,, and. Reference a log event message by using the alphabetical index from the Log Event Message Index table of this document. This document contains the following sections: Log > Monitor on page 1 Log > Categories on page 2 Index of Log Event Messages on page 2 Log > Syslog on page 67 Index of Syslog Tag Field Descriptions on page 68 Table of Values on page 79 Log > Monitor The Dell SonicWALL security appliance maintains an Event log for tracking potential security threats. This log can be viewed by navigating to the Dashboard > Log Monitor or Log > View page, or it can be automatically sent to an address for convenience and archiving. The log is displayed in a table and can be sorted by column. For more information on configuring the Log Monitor page, refer to the SonicOS Administrator s Guide. 1

4 Log > Categories The Log > Categories page allows you to categorize and customize the logging functions on your Dell SonicWALL security appliance for troubleshooting and diagnostics. For more information on configuring and managing the Log > Categories page, refer to the SonicOS Administrator s Guide. Index of Log Event Messages The following table is the Log Event Message Index, which is an alphabetical list of log event messages for the SonicOS,, and firmware. Each log event message described in the following table provides the following log event details: Log Event Messages Displays the name of the event message. SonicOS Category Displays the SonicOS category type. This is the same category as Table 2: Expanded Categories on page 80. Legacy Category Displays the category event type. This is the same category as Table 1: Legacy Category on page 79. Priority Level Displays the level of urgency of the log event message. For additional information, you can also reference Table 3: Priority Leve on page 83. Log Event Message ID Number Displays the ID number of the log event message. SNMP Trap Type Displays the SNMP Trap ID number of the log event message. Log Event Messages SonicOS Category Legacy Category Priority Level Log Message ID Number SNMP Trap Type DOS protection on WAN %s Intrusion Prevention Network Debug ALERT 1181 DOS protection on WAN begins %s Intrusion Prevention Network Debug ALERT 1180 "As per Diagnostic Auto restart configuration request, restarting system" Firewall Event INFO

5 #Web site hit Network Traffic Syslog only for traffic reporting INFO 97 %s auto dial failed: Current Connection Model is configured as Ethernet Only PPP Dial Up Errors ALERT 1028 %s Ethernet Port Down Firewall Event Errors ERROR %s Ethernet Port Up Firewall Event Errors WARNING %s is operational Anti Spam Service WARNING %s is unavailable Anti Spam Service WARNING <b>registration Update Needed:</b> Restore your existing security service subscriptions by clicking <a href="/security_services/ enable_services.html">here</a> 3G/4G %s device detected Security Services Firewall Hardware Maintenance WARNING 496 Environment INFO G/4G Dial up: %s PPP Dial Up User Activity ALERT G/4G Dial up: data usage limit reached for the '%s' billing cycle. Disconnecting the 3G/4G session. PPP Dial Up User Activity ALERT G/4G: No SIM detected Firewall Hardware ALERT Management Wireless Management INFO 518 A high percentage of the system packet buffers are held waiting for SSO SSO Agent Authentication User Activity ALERT 1178 A prior version of preferences was loaded because the most recent preferences file was inaccessible Firewall Event Errors WARNING

6 A SonicOS Standard to Enhanced Upgrade was performed Firewall Event Maintenance INFO 611 A user has a very high number of connections waiting for SSO SSO Agent Authentication User Activity ALERT 1179 Access attempt from host out of compliance with GSC policy Security Services Maintenance INFO 761 Access attempt from host without Anti Virus agent installed Security Services Maintenance INFO 123 Access attempt from host without GSC installed Security Services Maintenance INFO Access rule added Firewall Rule User Activity INFO 440 Access rule deleted Firewall Rule User Activity INFO 442 Access rule modified Firewall Rule User Activity INFO 441 Access rules restored to defaults Firewall Rule User Activity INFO 443 Access to proxy server denied Network Access Blocked Web Sites NOTICE Active Backup detects Active Primary: Backup going Idle High Availability Maintenance INFO 154 Active/Active Clustering license is not activated on the following cluster units: %s High Availability ERROR 1152 ActiveX access denied Network Access Blocked Java Etc NOTICE 18 ActiveX or Java archive access denied Network Access Blocked Java Etc NOTICE 20 ADConnector %s response timedout; applying caching policy Microsoft Active Directory ERROR 769 Add an attack message Firewall Event Attacks ERROR Added a new member to an LDAP mirror user group Remote Authentication User Activity INFO 1192 Added host entry to dynamic address object Dynamic Address Objects Maintenance INFO 911 Added new LDAP mirror user group: %s Remote Authentication User Activity INFO

7 Adding Dynamic Entry for Bound MAC Address Network INFO 813 Adding L2TP IP pool Address object Failed. L2TP Server Errors ERROR Adding to multicast policylist, interface : %s Multicast DEBUG 697 Adding to Multicast policylist, VPN SPI : %s Multicast DEBUG 699 Administrator logged out Access User Activity INFO 261 Administrator logged out inactivity timer expired Access User Activity INFO 262 Administrator login allowed Access User Activity INFO 29 Administrator login denied due to bad credentials Access Attacks ALERT Administrator login denied from %s; logins disabled from this interface Access Attacks ALERT Administrator name changed Access Maintenance INFO 328 All DDNS associations have been deleted DDNS Maintenance INFO 783 All preference values have been set to factory default values Firewall Event Errors WARNING Allowed LDAP server certificate with wrong host name Remote Authentication User Activity WARNING 752 An LDAP user group nesting is not being mirrored Remote Authentication User Activity WARNING 1246 Anti Spam service is disabled by administrator. Anti Spam Service INFO Anti Spam service is enabled by administrator. Anti Spam Service INFO Anti Spam Startup Failure %s Anti Spam Service WARNING Anti Spam Teardown Failure %s Anti Spam Service WARNING Anti Spyware Detection Alert: %s Intrusion Prevention Attacks ALERT Anti Spyware Prevention Alert: %s Intrusion Prevention Attacks ALERT

8 Anti Spyware Service Expired Anti Virus agent out of date on host Anti Virus Licenses Exceeded Security Services Security Services Security Services Maintenance WARNING Maintenance INFO 124 Maintenance INFO 408 Appflow Server Event App Flow Server INFO 1263 Application Control Detection Alert: %s Application Control ALERT Application Control Prevention Alert: %s Application Control ALERT Application Filter Detection Alert: %s Intrusion Prevention Attacks ALERT 650 Application Filters Block Alert: %s Intrusion Prevention Attacks ALERT 649 Application Firewall Alert: %s App Rules User Activity ALERT ARP request packet received Network INFO 717 ARP request packet sent Network INFO 715 ARP response packet received Network INFO 716 ARP response packet sent Network INFO 718 ARP timeout Network Network Debug DEBUG 45 Assigned IP address %s DHCP Server INFO 1110 Association Flood from WLAN station WLAN IDS Expanded WLAN IDS activity ALERT Attempt to contact Remote backup server for upload approval failed Firewall Event Maintenance DEBUG 1160 Authentication timeout during Remotely Triggered Dial out session Access User Activity INFO 821 6

9 Back Orifice attack dropped Intrusion Prevention Attacks ALERT Backup active High Availability Errors INFO 825 Backup firewall being preempted by Primary High Availability Errors ERROR Backup firewall has transitioned to Active High Availability Maintenance ALERT 145 Backup firewall has transitioned to Idle High Availability Maintenance ALERT 147 Backup firewall rebooting itself as it transitioned from Active to Idle while Preempt High Availability INFO 1059 Backup going Active in preempt mode Application Firewall reboot High Availability Errors ERROR Backup missed heartbeats from Primary High Availability Errors ERROR Backup received error signal from Primary High Availability Errors ERROR Backup received heartbeat from wrong source High Availability Maintenance INFO 161 Backup received reboot signal from Primary High Availability Errors ERROR Backup remote server did not approve upload request Firewall Event Maintenance DEBUG 1161 Backup shut down because license is expired High Availability Errors ERROR 824 Backup WAN link down, Primary going Active High Availability Errors ERROR Backup will be shut down in %s minutes High Availability Errors ERROR 823 Bad CRL format VPN PKI User Activity ALERT 277 Bind to LDAP server failed Remote Authentication Errors ERROR 1009 Blocked Quick Mode for Client using Default KeyId VPN Client Errors ERROR BOOTP Client IP address on LAN conflicts with remote device IP, deleting IP address from remote table BOOTP Maintenance INFO 619 BOOTP reply relayed to local device BOOTP Maintenance INFO 620 7

10 BOOTP Request received from remote device BOOTP Network Debug DEBUG 621 BOOTP server response relayed to remote device BOOTP Network Debug DEBUG 618 Broadcast packet dropped Network Access Network Debug DEBUG 46 Cannot connect to the CRL server VPN PKI User Activity ALERT 274 Cannot Validate Issuer Path VPN PKI User Activity ALERT 878 Certificate on Revoked list(crl) VPN PKI User Activity ALERT 279 CFL auto download disabled, time problem detected Security Services Maintenance INFO 268 Chat %s PPP Dial Up User Activity INFO 1022 Chat completed PPP Dial Up User Activity INFO 1020 Chat failed: %s PPP Dial Up User Activity INFO 1023 Chat started PPP Dial Up User Activity INFO 1019 Chat started by '%s' PPP Dial Up User Activity INFO 1032 Chat wrote '%s' PPP Dial Up User Activity INFO 1021 CLI administrator logged out Access User Activity INFO 520 CLI administrator login allowed Access User Activity INFO 199 CLI administrator login denied due to bad credentials Access User Activity WARNING 200 Computed hash does not match hash received from peer; preshared key mismatch VPN IKE User Activity WARNING 410 Configuration mode administration session ended Configuration mode administration session started Access User Activity INFO 995 Access User Activity INFO 994 8

11 Connection Closed Network Traffic Syslog only for traffic reporting INFO 537 Connection Opened Network Traffic Syslog only for traffic reporting INFO 98 Connection timed out VPN PKI User Activity ALERT 273 Content filter subscription expired. Security Services Errors ERROR Cookie removed Network Access Blocked Java Etc NOTICE 21 CPU reaches 80% utilization for more than 10 seconds. Firewall Hardware ALERT CRL has expired VPN PKI User Activity ALERT 874 CRL loaded from VPN PKI User Activity INFO 270 CRL missing Issuer requires CRL checking. VPN PKI User Activity ALERT 876 CRL validation failure for Root Certificate VPN PKI User Activity ALERT 877 Crypto DES test failed Crypto Test Maintenance ERROR 360 Crypto DH test failed Crypto Test Maintenance ERROR 361 Crypto hardware 3DES test failed Crypto Test Maintenance ERROR 367 Crypto Hardware 3DES with SHA test failed Crypto Test Maintenance ERROR 369 Crypto Hardware AES test failed Crypto Test Maintenance ERROR 610 Crypto hardware DES test failed Crypto Test Maintenance ERROR 366 Crypto hardware DES with SHA test failed Crypto Test Maintenance ERROR 368 Crypto Hmac MD5 fest failed Crypto Test Maintenance ERROR 362 Crypto Hmac Sha1 test failed Crypto Test Maintenance ERROR 363 9

12 Crypto MD5 test failed Crypto Test Maintenance ERROR 370 Crypto RSA test failed Crypto Test Maintenance ERROR 364 Crypto SHA1 based DRNG KAT test failed Crypto Test ERROR 1060 Crypto Sha1 test failed Crypto Test Maintenance ERROR 365 CSR Generation: %s VPN PKI INFO 1109 Current dynamic NAT translation count is more than 50% of the configured maximum. Firewall Hardware ALERT Current session count is more than 50% of the supported maximum. Firewall Hardware ALERT DDNS association %s disabled DDNS Maintenance INFO 781 DDNS association %s enabled DDNS Maintenance INFO 780 DDNS association %s added DDNS Maintenance INFO 779 DDNS association %s deactivated DDNS Maintenance INFO 784 DDNS association %s deleted DDNS Maintenance INFO 785 DDNS Association %s put on line DDNS Maintenance INFO 782 DDNS association %s taken Offline locally DDNS Maintenance INFO 778 DDNS association %s updated DDNS INFO 786 DDNS Failure: Provider %s DDNS Errors ERROR 774 DDNS Failure: Provider %s DDNS Errors ERROR 775 DDNS Failure: Provider %s DDNS Errors ERROR 773 DDNS Update success for domain %s DDNS Maintenance INFO 776 DDNS Warning: Provider %s DDNS Errors WARNING

13 Default to not blacklisted Anti Spam Service DEBUG 1144 Delete invalid scope because port ip in the range of this DHCP scope. DHCP Server WARNING 1184 Deleted LDAP mirror user group: %s Remote Authentication User Activity INFO 1191 Deleting from Multicast policy list, interface : %s Multicast DEBUG 698 Deleting from Multicast policy list, VPN SPI : %s Multicast DEBUG 700 Deleting IPsec SA VPN IKE User Activity INFO 92 Deleting IPsec SA for destination VPN IKE User Activity INFO 91 Deleting IPsec SA. (Phase 2) VPN IKE User Activity DEBUG 1183 Destination IP address connection status: %s Firewall Event INFO 735 DHCP client enabled but not ready DHCP Client Maintenance INFO 504 DHCP Client did not get DHCP ACK. DHCP Client Maintenance INFO 109 DHCP Client failed to verify and lease has expired. Go to INIT state. DHCP Client failed to verify and lease is still valid. Go to BOUND state. DHCP Client got a new IP address lease. DHCP Client got ACK from server. DHCP Client got NACK. DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client Maintenance INFO 119 Maintenance INFO 120 Maintenance INFO 121 Maintenance INFO 111 Maintenance INFO 110 DHCP Client is declining address offered by the server. DHCP Client sending REQUEST and going to REBIND state. DHCP Client sending REQUEST and going to RENEW state. DHCP Client DHCP Client DHCP Client Maintenance INFO 112 Maintenance INFO 113 Maintenance INFO

14 DHCP DECLINE received from remote device DHCP Relay Network Debug INFO 475 DHCP DISCOVER received from local device DHCP Relay Network Debug INFO 479 DHCP DISCOVER received from remote device DHCP Relay Network Debug INFO 474 DHCP INFORM received from remote device DHCP Relay Network Debug INFO 1215 DHCP lease dropped. Lease from Central Gateway conflicts with Relay IP DHCP lease dropped. Lease from Central Gateway conflicts with Remote Management IP DHCP lease file in the flash is DHCP Relay DHCP Relay Maintenance WARNING 228 Maintenance WARNING 484 corrupted; read failed Firewall Event Errors WARNING 833 DHCP lease relayed to local device DHCP Relay Maintenance INFO 223 DHCP lease relayed to remote device DHCP Relay Network Debug INFO 225 DHCP lease to LAN device conflicts with remote device, deleting remote IP entry DHCP leases written to flash DHCP Relay Firewall Event Maintenance INFO 226 Maintenance INFO 835 DHCP NACK received from server DHCP Relay Network Debug INFO 477 DHCP OFFER received from server DHCP Relay Network Debug INFO 476 DHCP RELEASE received from remote device DHCP Relay Network Debug INFO 224 DHCP RELEASE relayed to Central Gateway DHCP Relay Maintenance INFO 222 DHCP REQUEST received from local device DHCP Relay Network Debug INFO 480 DHCP REQUEST received from remote device DHCP Relay Network Debug INFO 473 DHCP Scopes altered automatically due to change in network settings for interface %s Firewall Event INFO

15 DHCP Server not available. Did not get any DHCP OFFER. DHCP Client Maintenance INFO 106 DHCP Server sanity check failed %s Firewall Event CRITICAL 1072 DHCP Server sanity check passed %s Firewall Event CRITICAL 1071 DHCP Server: IP conflict detected Firewall Event ALERT 1040 DHCP Server: Received DHCP decline from client Firewall Event ALERT 1041 DHCP Server: Received DHCP message from untrusted relay agent Firewall Event NOTICE 1090 DHCPv6 lease file in the flash is corrupted; read failed Network WARNING 1259 DHCPv6 leases written to flash Network INFO 1261 Diagnostic Auto restart canceled Firewall Event INFO 1046 Diagnostic Auto restart scheduled for %s minutes from now Firewall Event INFO 1045 Diagnostic Code A Firewall Hardware Errors ERROR Diagnostic Code B Firewall Hardware Errors ERROR Diagnostic Code C Firewall Hardware Errors ERROR Diagnostic Code D Firewall Hardware Errors ERROR Diagnostic Code E VPN IPSec Errors ERROR Diagnostic Code F Firewall Hardware Errors ERROR Diagnostic Code G Firewall Hardware Errors ERROR Diagnostic Code H Firewall Hardware Errors ERROR Diagnostic Code I Firewall Hardware Errors ERROR Diagnostic Code J Firewall Hardware Errors ERROR

16 Dial up: Session initiated by data packet PPP Dial Up INFO 1039 Dial up: Traffic generated by '%s' PPP Dial Up INFO 1038 Disconnecting L2TP Tunnel due to traffic timeout Disconnecting PPPoE due to traffic timeout Disconnecting PPTP Tunnel due to traffic timeout L2TP Client PPPoE PPTP Maintenance INFO 215 Maintenance INFO 168 Maintenance INFO 389 Discovered HA %s Firewall High Availability INFO 1044 Discovered HA Backup Firewall High Availability Maintenance INFO 156 DNS packet allowed Network Access Network Debug INFO 602 DNS rebind attack blocked Intrusion Prevention ALERT DOS protection on WAN %s Intrusion Prevention Network Debug ALERT 1182 DPI SSL: %s DPI SSL Network Access INFO 791 Drop WLAN traffic from non SonicPoint devices Intrusion Prevention Attack ERROR DSL: %s Device Down DSL ALERT 1186 DSL: %s Device Up DSL ALERT 1185 DSL: %s WAN is connected DSL ALERT 1187 DSL: %s WAN is initializing DSL ALERT 1188 Duplicate packet dropped Network Access Network Debug DEBUG 51 Dynamic IPsec client connected VPN IPSec User Activity INFO 62 E1 T1 Layer 1 status: Controlled slip E1 T1 INFO 1167 E1 T1 Layer 1 status: No frame synchronization E1 T1 INFO

17 E1 T1 Layer 1 status: No multiframe synchronization E1 T1 INFO 1165 E1 T1 Layer 1 status: No signal E1 T1 INFO 1163 E1 T1 Layer 1 status: OK E1 T1 INFO 1168 E1 T1 Layer 1 status: Remote alarm detected E1 T1 INFO 1166 EIGRP packet dropped Network Access Network Debug NOTICE 714 E Mail fragment dropped Intrusion Prevention Attacks ERROR Entering FIPS ERROR state Crypto Test Maintenance ERROR 359 Entering FIPS Error State. Crypto Test Errors ERROR Error initializing Hardware acceleration for VPN Firewall Hardware Maintenance ERROR 374 Error Rebooting HA Peer Firewall High Availability Errors ERROR Error setting the IP address of the backup, please manually set to backup LAN IP High Availability Errors ERROR Error synchronizing HA peer firewall (%s) High Availability Errors ERROR Error updating HA peer configuration High Availability Errors ERROR ERROR: DHCP over VPN policy is not defined. Cannot start IKE. DHCP Relay Maintenance INFO 478 Exceeded Max multicast address limit Multicast WARNING 703 External Web Server Host Resolution Failed %s Access ERROR 1069 Failed on updating time from NTP server NOTICE 1230 Failed payload validation VPN IKE User Activity WARNING 405 Failed payload verification Application Firewall decryption; possible preshared key mismatch VPN IKE User Activity WARNING 404 Failed to add a member to an LDAP mirror user group Remote Authentication User Activity WARNING

18 Failed to add an LDAP mirror user group Remote Authentication User Activity WARNING 1244 Failed to find certificate VPN PKI User Activity ALERT 875 Failed to get CRL from VPN PKI User Activity ALERT 271 Failed to insert entry into GRID result IP cached table Anti Spam Service DEBUG 1145 Failed to Process CRL from VPN PKI User Activity ALERT 276 Failed to resolve name Network Maintenance INFO 84 Failed to send file to remote backup server, Error: %s Failed to send Preference file to remote backup server, Error: %s Firewall Event Firewall Event Maintenance INFO 1066 Maintenance INFO 1062 Failed to send TSR file to remote backup server, Error: %s Firewall Event Maintenance INFO 1064 Failed to synchronize license information with Licensing Server. %s Security Services Maintenance WARNING Failed to synchronize Relay IP Table DHCP Relay Errors WARNING Failed to write DHCP leases to flash Firewall Event Errors WARNING 834 Failed to write DHCPv6 leases to flash Network WARNING 1260 Failed VPN I/O processing VPN IKE User Activity ERROR 1234 Failure to reach Interface %s probe High Availability Errors ERROR Fan Failure Firewall Hardware Environment ALERT FIN Flood Blacklist on IF %s continues Intrusion Prevention Network Debug WARNING 902 FIN Flooding machine %s blacklisted Intrusion Prevention Network Debug ALERT 901 Forbidden E Mail attachment deleted Intrusion Prevention Attacks ERROR Forbidden E Mail attachment disabled Intrusion Prevention Attacks ALERT

19 Found Rogue Access Point WLAN IDS WLAN IDS ALERT Found Rogue Access Point WLAN IDS WLAN IDS ALERT Fragmented packet dropped Network Dropped TCP Dropped UDP Dropped ICMP NOTICE 28 Fraudulent Microsoft certificate found; access denied Intrusion Prevention Attacks ERROR FTP client user logged in failed FTP DEBUG 1115 FTP client user logged in successfully FTP DEBUG 1114 FTP client user logged out FTP DEBUG 1116 FTP client user name was sent FTP DEBUG 1113 FTP server accepted the connection FTP DEBUG 1112 FTP: Data connection from non default port dropped Network Access Attacks ALERT FTP: PASV response bounce attack dropped Intrusion Prevention Attacks ALERT FTP: PASV response spoof attack dropped Intrusion Prevention Attacks ERROR FTP: PORT bounce attack dropped. Intrusion Prevention Attacks ALERT Gateway Anti Virus Alert: %s Security Services Attacks ALERT Gateway Anti Virus Service expired Security Services Maintenance WARNING Global VPN Client connection is not allowed. Appliance is not registered. VPN Client Errors INFO Global VPN Client License Exceeded: Connection denied. VPN Client Errors INFO Global VPN Client version cannot enforce personal firewall. Minimum Version required is 2.1 VPN Client User Activity INFO

20 GMS or syslog server name lookup failed try again in 60 secs. Firewall Event ERROR 1156 Got DHCP OFFER. Selecting. DHCP Client Maintenance INFO 107 GSC policy out of date on host Security Services Maintenance INFO 762 Guest account '%s' created Access User Activity INFO 558 Guest account '%s' deleted Access User Activity INFO 559 Guest account '%s' disabled Guest account '%s' pruned Guest account '%s' re enabled Guest account '%s' re generated Guest Account Timeout Guest Idle Timeout Guest login denied. Guest '%s' is already logged in. Please try again later. Access User Activity INFO 560 Access User Activity INFO 562 Access User Activity INFO 561 Access User Activity INFO 563 Access User Activity INFO 551 Access User Activity INFO 564 Access User Activity INFO 557 Guest policy accepted User Activity INFO 1228 Guest Services drop traffic to deny network Network Access INFO 724 Guest Services pass traffic to access allow network Network Access INFO 725 Guest Session Timeout Access User Activity INFO 550 Guest traffic quota exceeded User Activity INFO 1227 GUI administration session ended Access User Activity INFO 998 H.323/H.225 Connect VoIP Expanded VoIP activity DEBUG

21 H.323/H.225 Setup VoIP Expanded VoIP activity DEBUG 633 H.323/H.245 Address VoIP Expanded VoIP activity DEBUG 635 H.323/H.245 End Session VoIP Expanded VoIP activity DEBUG 636 H.323/RAS Admission Confirm VoIP Expanded VoIP activity DEBUG 625 H.323/RAS Admission Reject VoIP Expanded VoIP activity DEBUG 624 H.323/RAS Admission Request VoIP Expanded VoIP activity DEBUG 626 H.323/RAS Bandwidth Reject VoIP Expanded VoIP activity DEBUG 627 H.323/RAS Disengage Confirm VoIP Expanded VoIP activity DEBUG 628 H.323/RAS Disengage Reject VoIP Expanded VoIP activity DEBUG 641 H.323/RAS Gatekeeper Reject VoIP Expanded VoIP activity DEBUG 629 H.323/RAS Location Confirm VoIP Expanded VoIP activity DEBUG 630 H.323/RAS Location Reject VoIP Expanded VoIP activity DEBUG 631 H.323/RAS Registration Reject VoIP Expanded VoIP activity DEBUG 632 H.323/RAS Unknown Message Response VoIP Expanded VoIP activity DEBUG 640 H.323/RAS Unregistration Reject VoIP Expanded VoIP activity DEBUG 642 HA packet processing error High Availability Maintenance INFO 162 HA Peer Firewall Rebooted High Availability Maintenance INFO 668 HA Peer Firewall Synchronized High Availability Maintenance INFO 157 Hardware Failover settings were not upgraded Firewall Event Maintenance INFO 743 Header verification failed VPN IKE User Activity WARNING 587 Heartbeat received from incompatible source High Availability Maintenance INFO

22 High Availability has been enabled and Dial Up device(s) are not supported in High Availability processing High Availability INFO 1125 Host IP address not in GRID List Anti Spam Service DEBUG 1141 HTTP management port has changed Firewall Event Maintenance INFO 340 HTTP method detected; examining stream for host header Network Access Dropped TCP DEBUG 882 HTTPS Handshake: %s Network INFO 1226 HTTPS management port has changed Firewall Event Maintenance INFO 341 ICMP checksum error; packet dropped Network Access Dropped UDP NOTICE 886 ICMP packet allowed Network Access Network Debug INFO 597 ICMP packet dropped due to policy Network Access Dropped ICMP NOTICE 38 ICMP packet dropped no match Network Access Dropped ICMP NOTICE 523 ICMP packet from LAN allowed Network Access Network Debug INFO 598 ICMP packet from LAN dropped Network Access Dropped LAN ICMP Dropped LAN TCP NOTICE 175 ICMPv6 packet allowed Network INFO 1256 ICMPv6 packet dropped due to policy Network NOTICE 1257 ICMPv6 packet from LAN allowed Network INFO 1255 ICMPv6 packet from LAN dropped Network NOTICE 1254 If not already enabled, enabling NTP is recommended Firewall Hardware Errors WARNING IGMP packet dropped, wrong checksum received on interface %s Multicast NOTICE

23 IGMP Leave group message Received on interface %s Multicast INFO 682 IGMP packet dropped, decoding error Multicast NOTICE 686 IGMP Packet Not handled. Packet type : %s Multicast NOTICE 687 IGMP querier Router detected on interface %s Multicast DEBUG 701 IGMP querier Router detected on VPN tunnel, SPI %S Multicast DEBUG 702 IGMP state table entry time out,deleting interface : %s for multicast address : %s Multicast DEBUG 692 IGMP state table entry time out,deleting VPN SPI :%s for Multicast address : %s Multicast DEBUG 693 IGMP V2 client joined multicast Group : %s Multicast INFO 676 IGMP V2 Membership report received from interface %s Multicast DEBUG 679 IGMP V3 client joined multicast Group : %s Multicast INFO 677 IGMP V3 Membership report received from interface %s Multicast DEBUG 678 IGMP V3 packet dropped, unsupported Record type : %s Multicast NOTICE 688 IGMP V3 record type : %s not Handled Multicast DEBUG 689 IKE Initiator drop: VPN tunnel end point does not match configured VPN Policy Bound to scope VPN IKE User Activity INFO 544 IKE Initiator: Accepting IPsec proposal (Phase 2) VPN IKE User Activity INFO 372 IKE Initiator: Accepting peer lifetime. (Phase 1) VPN IKE User Activity INFO 445 IKE Initiator: Aggressive Mode complete (Phase 1). VPN IKE User Activity INFO 354 IKE Initiator: IKE proposal does not match (Phase 1) VPN IKE User Activity WARNING

24 IKE Initiator: Main Mode complete (Phase 1) VPN IKE User Activity INFO 353 IKE Initiator: Proposed IKE ID mismatch VPN IKE User Activity WARNING 933 IKE Initiator: Remote party timeout Retransmitting IKE request. VPN IKE User Activity INFO 930 IKE Initiator: Start Aggressive Mode negotiation (Phase 1) VPN IKE User Activity INFO 358 IKE Initiator: Start Main Mode negotiation (Phase 1) VPN IKE User Activity INFO 351 IKE Initiator: Start Quick Mode (Phase 2). VPN IKE User Activity INFO 346 IKE Initiator: Using secondary gateway to negotiate VPN IKE User Activity INFO 543 IKE negotiation aborted due to timeout VPN IKE User Activity INFO 403 IKE negotiation complete. Adding IPsec SA. (Phase 2) VPN IKE User Activity INFO 89 IKE Responder drop: VPN tunnel end point does not match configured VPN Policy Bound to scope VPN IKE User Activity INFO 545 IKE Responder: %s policy does not allow static IP for Virtual Adapter. VPN Client Errors ERROR 660 IKE Responder: Accepting IPsec proposal (Phase 2) VPN IKE User Activity INFO 87 IKE Responder: Aggressive Mode complete (Phase 1) VPN IKE User Activity INFO 373 IKE Responder: AH authentication algorithm does not match VPN IKE User Activity WARNING 920 IKE Responder: AH authentication key length does not match VPN IKE User Activity WARNING 923 IKE Responder: AH authentication key rounds does not match VPN IKE User Activity WARNING 926 IKE Responder: AH Perfect Forward Secrecy mismatch VPN IKE User Activity WARNING

25 IKE Responder: Algorithms and/ or keys do not match VPN IKE User Activity WARNING IKE Responder: Client Policy has no VPN Access Networks assigned. Check Configuration. VPN IKE Errors ERROR 965 IKE Responder: Default LAN gateway is not set but peer is proposing to use this SA as a default route VPN IKE Attacks ERROR IKE Responder: Default LAN gateway is set but peer is not proposing to use this SA as a default route VPN IKE User Activity WARNING IKE Responder: ESP authentication algorithm does not match VPN IKE User Activity WARNING 922 IKE Responder: ESP authentication key length does not match VPN IKE User Activity WARNING 925 IKE Responder: ESP authentication key rounds does not match VPN IKE User Activity WARNING 928 IKE Responder: ESP encryption algorithm does not match VPN IKE User Activity WARNING 921 IKE Responder: ESP encryption key length does not match VPN IKE User Activity WARNING 924 IKE Responder: ESP encryption key rounds does not match VPN IKE User Activity WARNING 927 IKE Responder: ESP mode mismatch Local Transport Remote Tunnel VPN IKE User Activity WARNING 1128 IKE Responder: ESP mode mismatch Local Tunnel Remote Transport VPN IKE User Activity WARNING 1127 IKE Responder: ESP Perfect Forward Secrecy mismatch VPN IKE User Activity WARNING IKE Responder: IKE Phase 1 exchange does not match VPN IKE User Activity ERROR 1036 IKE Responder: IKE proposal does not match (Phase 1) VPN IKE User Activity WARNING

26 IKE Responder: IP Address already exists in the DHCP relay table. Client traffic not allowed. VPN Client Errors ERROR 659 IKE Responder: IP Compression algorithm does not match VPN IKE User Activity WARNING 929 IKE Responder: IPsec proposal does not match (Phase 2) VPN IKE User Activity WARNING IKE Responder: IPsec protocol mismatch VPN IKE User Activity WARNING 932 IKE Responder: Main Mode complete (Phase 1) VPN IKE User Activity INFO 357 IKE Responder: Mode %d not transport mode. Xauth is required but not supported by peer. VPN IKE Network Debug WARNING 342 IKE Responder: Mode %d not tunnel mode VPN IKE User Activity WARNING IKE Responder: No match for proposed remote network address VPN IKE User Activity WARNING IKE Responder: No matching Phase 1 ID found for proposed remote network VPN IKE User Activity WARNING IKE Responder: Peer's destination network does not match VPN policy's <b>local Network</b> VPN IKE User Activity WARNING 935 IKE Responder: Peer's local network does not match VPN policy's <b>destination Network</b> VPN IKE User Activity WARNING 934 IKE Responder: Peer's network does not match VPN policy's <b>network</b> VPN IKE User Activity WARNING 1189 IKE Responder: Phase 1 Authentication Method does not match VPN IKE User Activity WARNING

27 IKE Responder: Phase 1 DH Group does not match VPN IKE User Activity WARNING 919 IKE Responder: Phase 1 encryption algorithm does not match VPN IKE User Activity WARNING 914 IKE Responder: Phase 1 encryption algorithm keylength does not match VPN IKE User Activity WARNING 915 IKE Responder: Phase 1 hash algorithm does not match VPN IKE User Activity WARNING 916 IKE Responder: Phase 1 XAUTH required but policy has no user name VPN IKE User Activity WARNING 917 IKE Responder: Phase 1 XAUTH required but policy has no user password VPN IKE User Activity WARNING 918 IKE Responder: Proposed IKE ID mismatch VPN IKE Errors WARNING 658 IKE Responder: Proposed local network is but SA has no LAN Default Gateway VPN IKE User Activity WARNING IKE Responder: Proposed remote network is but not DHCP relay nor default route VPN IKE User Activity WARNING IKE Responder: Received Aggressive Mode request (Phase 1) VPN IKE User Activity INFO 356 IKE Responder: Received Main Mode request (Phase 1) VPN IKE User Activity INFO 355 IKE Responder: Received Quick Mode Request (Phase 2) VPN IKE User Activity INFO 352 IKE Responder: Remote party timeout Retransmitting IKE request. VPN IKE User Activity INFO 931 IKE Responder: Route table overrides VPN policy VPN IKE User Activity WARNING

28 IKE Responder: Tunnel terminates inside firewall but proposed local network is not inside firewall VPN IKE User Activity WARNING IKE Responder: Tunnel terminates on DMZ but proposed local network is on LAN VPN IKE User Activity WARNING IKE Responder: Tunnel terminates on LAN but proposed local network is on DMZ VPN IKE User Activity WARNING IKE Responder: Tunnel terminates outside firewall but proposed local network is not NAT public address VPN IKE User Activity WARNING IKE Responder: Tunnel terminates outside firewall but proposed remote network is not NAT public address VPN IKE User Activity WARNING IKE SA lifetime expired. VPN IKE User Activity INFO 350 IKEv2 Accept IKE SA Proposal VPN IKE User Activity INFO 943 IKEv2 Accept IPsec SA Proposal VPN IKE User Activity INFO 944 IKEv2 Authentication successful VPN IKE User Activity INFO 942 IKEv2 Decrypt packet failed VPN IKE User Activity WARNING 960 IKEv2 Function sendto() failed to transmit packet. VPN IKE User Activity ERROR 979 IKEv2 IKE attribute not found VPN IKE User Activity WARNING 970 IKEv2 IKE proposal does not match VPN IKE User Activity WARNING 981 IKEv2 Initiator: Negotiations failed. Extra payloads present. VPN IKE User Activity WARNING 954 IKEv2 Initiator: Negotiations failed. Invalid input state. VPN IKE User Activity WARNING 956 IKEv2 Initiator: Negotiations failed. Invalid output state. VPN IKE User Activity WARNING

29 IKEv2 Initiator: Negotiations failed. Missing required payloads. VPN IKE User Activity WARNING 955 IKEv2 Initiator: Proposed IKE ID mismatch VPN IKE User Activity WARNING 980 IKEv2 Initiator: Received CREATE_CHILD_SA response VPN IKE User Activity INFO 975 IKEv2 Initiator: Received IKE_AUTH response VPN IKE User Activity INFO 974 IKEv2 Initiator: Received IKE_SA_INT response VPN IKE User Activity INFO 973 IKEv2 Initiator: Remote party timeout Retransmitting IKEv2 request. VPN IKE User Activity INFO 972 IKEv2 Initiator: Send CREATE_CHILD_SA request VPN IKE User Activity INFO 945 IKEv2 Initiator: Send IKE_AUTH request VPN IKE User Activity INFO 940 IKEv2 Initiator: Send IKE_SA_INIT request VPN IKE User Activity INFO 938 IKEv2 Invalid SPI size VPN IKE User Activity WARNING 966 IKEv2 Invalid state VPN IKE User Activity WARNING 964 IKEv2 IPsec attribute not found VPN IKE User Activity WARNING 969 IKEv2 IPsec proposal does not match VPN IKE User Activity WARNING 968 IKEv2 NAT device detected between negotiating peers VPN IKE User Activity INFO 985 IKEv2 negotiation complete VPN IKE User Activity INFO 978 IKEv2 No NAT device detected between negotiating peers VPN IKE User Activity INFO 984 IKEv2 Out of memory VPN IKE User Activity WARNING 961 IKEv2 Payload processing error VPN IKE User Activity WARNING 953 IKEv2 Payload validation failed. VPN IKE User Activity WARNING

30 IKEv2 Peer is not responding. Negotiation aborted. VPN IKE User Activity WARNING 971 IKEv2 Process Message queue failed VPN IKE User Activity WARNING 963 IKEv2 Received delete IKE SA request VPN IKE User Activity INFO 948 IKEv2 Received delete IKE SA response VPN IKE User Activity INFO 1015 IKEv2 Received delete IPsec SA request VPN IKE User Activity INFO 950 IKEv2 Received delete IPsec SA response VPN IKE User Activity INFO 1016 IKEv2 Received notify error payload VPN IKE User Activity WARNING 983 IKEv2 Received notify status payload VPN IKE User Activity INFO 982 IKEv2 Responder: Peer's destination network does not match VPN policy's <b>local Network</b> VPN IKE User Activity INFO 951 IKEv2 Responder: Peer's local network does not match VPN policy's <b>destination Network</b> VPN IKE User Activity INFO 952 IKEv2 Responder: Policy for remote IKE ID not found VPN IKE User Activity ERROR 962 IKEv2 Responder: Received CREATE_CHILD_SA request VPN IKE User Activity INFO 946 IKEv2 Responder: Received IKE_AUTH request VPN IKE User Activity INFO 941 IKEv2 Responder: Received IKE_SA_INIT request VPN IKE User Activity INFO 939 IKEv2 Responder: Send CREATE_CHILD_SA response VPN IKE User Activity INFO 1012 IKEv2 Responder: Send IKE_AUTH response VPN IKE User Activity INFO 977 IKEv2 Responder: Send IKE_SA_INIT response VPN IKE User Activity INFO 976 IKEv2 Send delete IKE SA request VPN IKE User Activity INFO 947 IKEv2 Send delete IKE SA response VPN IKE User Activity INFO

31 IKEv2 Send delete IPsec SA request VPN IKE User Activity INFO 949 IKEv2 Send delete IPsec SA response VPN IKE User Activity INFO 1014 IKEv2 Unable to find IKE SA VPN IKE User Activity WARNING 959 IKEv2 VPN Policy not found VPN IKE User Activity WARNING 967 Illegal IPsec SPI VPN IPSec User Activity INFO 65 Imported HA hardware ID did not match this firewall High Availability Maintenance INFO 155 Imported VPN SA is invalid disabled Firewall Event Maintenance WARNING 348 Inbound connection from GRIDlisted SMTP server dropped Anti Spam Service NOTICE Inbound connection from RBLlisted SMTP server dropped RBL NOTICE 798 Incoming call received for Remotely Triggered Dial out session Access User Activity INFO 817 Incompatible IPsec Security Association VPN IPSec User Activity INFO 69 Incorrect authentication received for Remotely Triggered Dial out Access User Activity INFO 819 Ini Killer attack dropped Intrusion Prevention Attacks ALERT Initiator from country blocked: %s Geolocation ALERT 1198 Interface %s Link Is Down Firewall Event Errors ALERT Interface %s Link Is Up Firewall Event Errors ALERT Interface IP Assignment : Binding and initializing %s Firewall Event Maintenance INFO 568 Interface IP Assignment changed: Shutting down %s Firewall Event Maintenance INFO 567 Interface statistics report GMS INFO

32 Internet Access restricted to authorized users. Dropped packet received in the clear. Wireless Dropped TCP Dropped UDP Dropped ICMP WARNING 532 Invalid DNS Server will not be accepted by the dynamic client Firewall Event INFO 1070 Invalid key or serial number used for GRID response Anti Spam Service DEBUG 1139 Invalid key version used for GRID response Anti Spam Service DEBUG 1140 Invalid Product Code Upgrade request received: %s Firewall Event ERROR 704 Invalid SNMP packet SNMP WARNING 1220 Invalid SNMPv3 engineid SNMP WARNING 1221 Invalid SNMPv3 Time Window SNMP WARNING 1223 Invalid SNMPv3 User SNMP WARNING 1222 Invalid VLAN packet dropped Network ALERT 836 IP address conflict detected from Ethernet address %s Network Maintenance WARNING 847 IP Address is allocated for Client VPN IKE INFO 1219 IP Header checksum error; Dropped TCP packet dropped Network Access Dropped UDP NOTICE 883 IP Pool of the VPN Policy is Full VPN IKE DEBUG 1216 IP Pool of the VPN Policy is Not Configured VPN IKE DEBUG 1217 IP spoof detected on packet to Central Gateway, packet dropped DHCP Relay Attacks ERROR IP spoof dropped Intrusion Prevention Attacks ALERT IP type %s packet dropped Network Access Dropped LAN UDP Dropped LAN TCP NOTICE 590 IP Comp connection interrupt IPcomp Network Debug DEBUG

33 IP Comp packet dropped IPcomp Dropped TCP Dropped UDP Dropped ICMP NOTICE 652 IP Comp packet dropped; waiting for pending IP Comp connection IPcomp Network Debug DEBUG 653 IPS Detection Alert: %s Intrusion Prevention Attacks ALERT IPS Detection Alert: %s Intrusion Prevention Attacks ALERT IPS Prevention Alert: %s Intrusion Prevention Attacks ALERT IPS Prevention Alert: %s Intrusion Prevention Attacks ALERT IPsec (AH) packet dropped VPN IPSec Dropped TCP Dropped UDP Dropped ICMP NOTICE 534 IPsec (AH) packet dropped; waiting for pending IPsec connection VPN IPSec Network Debug DEBUG 536 IPsec (ESP) packet dropped VPN IPSec Dropped TCP Dropped UDP Dropped ICMP NOTICE 533 IPsec (ESP) packet dropped; waiting for pending IPsec connection VPN IPSec Network Debug DEBUG 535 IPsec Authentication Failed VPN IPSec Attacks ERROR IPsec connection interrupt Network Access Network Debug DEBUG 43 IPsec Decryption Failed VPN IPSec Attacks ERROR IPsec packet dropped Network Access Dropped TCP Dropped UDP Dropped ICMP NOTICE 40 IPsec packet dropped; waiting for pending IPsec connection Network Access Network Debug DEBUG 42 IPsec packet from an illegal host VPN IPSec Maintenance INFO 247 IPsec packet from or to an illegal host VPN IPSec Attacks ERROR IPsec Replay Detected VPN IPSec Attacks ALERT IPsec SA lifetime expired. VPN IPSec User Activity INFO

34 IPsecTunnel status changed VPN VPN Tunnel Status INFO IPv6 Tunnel packet dropped VPN IKE NOTICE 1253 IPv6 VPN only support IKEv2 mode VPN IKE INFO 1252 ISDN Driver Firmware successfully updated Firewall Event Maintenance INFO 493 Issuer match failed VPN PKI User Activity ALERT 278 Java access denied Network Access Blocked Java Etc NOTICE 19 L2TP Connect Initiated by the User L2TP Client Maintenance INFO 216 L2TP Disconnect Initiated by the User L2TP Client Maintenance INFO 214 L2TP LCP Down L2TP Client Maintenance INFO 209 L2TP LCP Up L2TP Client Maintenance INFO 213 L2TP Max Retransmission Exceeded L2TP Client Maintenance INFO 203 L2TP PPP Authentication Failed L2TP Client Maintenance INFO 212 L2TP PPP Down L2TP Client Maintenance INFO 211 L2TP PPP link down L2TP Client Maintenance INFO 217 L2TP PPP Negotiation Started L2TP Client Maintenance INFO 208 L2TP PPP Session Up L2TP Client Maintenance INFO 210 L2TP Server : Access from L2TP VPN Client Privilege not enabled for RADIUS Users. L2TP Server : Deleting the L2TP active Session L2TP Server : Deleting the Tunnel L2TP Server : L2TP PPP Session Established. L2TP Server : L2TP Session Established. L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server Maintenance INFO 343 Maintenance INFO 337 Maintenance INFO 336 Maintenance INFO 310 Maintenance INFO

35 L2TP Server : L2TP Tunnel Established. L2TP Server : Retransmission Timeout, Deleting the Tunnel L2TP Server : User Name authentication Failure locally. L2TP Server: Keep alive Failure. Closing Tunnel L2TP Server: L2TP Remote terminated the PPP session L2TP Server: L2TP Session Disconnect from the Remote. L2TP Server: L2TP Tunnel Disconnect from the Remote. L2TP Server: Local Authentication Failure L2TP Server: Local Authentication Success. L2TP Server: No IP address available in the Local IP Pool L2TP Server: RADIUS/LDAP Authentication Success L2TP Server: RADIUS/LDAP reports Authentication Failure L2TP Server: RADIUS/LDAP server not assigned IP address L2TP Server: Call Disconnect from Remote. L2TP Server: Tunnel Disconnect from Remote. L2TP Session Disconnect from Remote L2TP Session Established L2TP Session Negotiation Started L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Client L2TP Client L2TP Client Maintenance INFO 308 Maintenance INFO 338 Maintenance INFO 344 Maintenance INFO 320 Maintenance INFO 317 Maintenance INFO 316 Maintenance INFO 315 Maintenance INFO 312 Maintenance INFO 318 Maintenance INFO 314 Maintenance INFO 319 Maintenance INFO 311 Maintenance INFO 313 Maintenance INFO 334 Maintenance INFO 335 Maintenance INFO 207 Maintenance INFO 206 Maintenance INFO

36 L2TP Tunnel Disconnect from Remote L2TP Tunnel Established L2TP Client L2TP Client Maintenance INFO 205 Maintenance INFO 204 L2TP Tunnel Negotiation %s L2TP Client INFO 1074 L2TP Tunnel Negotiation Started L2TP Client Maintenance INFO 201 LAN Subnet configurations were not upgraded. Firewall Event Maintenance INFO 741 Land attack dropped Intrusion Prevention Attacks ALERT Remote LDAP server does not allow CHAP Authentication User Activity WARNING 758 LDAP using non administrative account VPN client user will not be able to change passwords Remote Authentication Errors WARNING 1011 License exceeded: Connection dropped because too many IP addresses are in use on your LAN Firewall Event Errors ERROR License of HA pair doesn't match: %s High Availability Errors ERROR Locked out user logins allowed lockout period expired Access User Activity INFO 438 Locked out user logins allowed by administrator Access User Activity INFO 439 Log Cleared Firewall Logging Maintenance INFO 5 Log Debug Firewall Event Network Debug ERROR 142 Log full; deactivating Network Security Appliance Firewall Logging Errors ERROR Log successfully sent via Firewall Logging Maintenance INFO 6 Login screen timed out Access User Activity INFO 34 MAC address collides with Static ARP Entry with Bound MAC address; packet dropped Network NOTICE

37 Machine %s removed from FIN flood blacklist Intrusion Prevention Network Debug ALERT 903 Machine %s removed from RST flood blacklist Intrusion Prevention Network Debug ALERT 900 Machine %s removed from SYN flood blacklist Intrusion Prevention Network Debug ALERT 865 MAC IP Anti Spoof cache found, but it is blacklisted device. MAC IP Anti Spoof ALERT 1212 MAC IP Anti spoof cache found, but it is not a router. MAC IP Anti Spoof ALERT 1211 MAC IP Anti spoof cache not found for this router. Mac IP Spoof ALERT 1210 MAC IP Anti spoof check enforced for hosts. MAC IP Anti Spoof ALERT 1209 Malformed DNS packet detected Network Access Network Debug ALERT 1177 Malformed or unhandled IP packet dropped Network Access Network Debug ALERT Maximum events per second threshold exceeded Firewall Logging Errors CRITICAL 654 Maximum number of Bandwidth Managed rules exceeded upon upgrade to this version. Some Bandwidth settings ignored. Maintenance NOTICE 541 Firewall Event Maximum sequential failed dial attempts (10) to a single dial up number: %s PPP Dial Up Attacks ERROR Maximum syslog data per second threshold exceeded Firewall Logging Errors CRITICAL 655 Message blocked by Real Time Scanner Anti Spam Service INFO 1108 MOBIKE: Update Peer Gateway IP VPN IKE INFO 1218 Modules attached to HA units do not match: %s High Availability Errors ALERT Monitoring probe out interface mismatch %s High Availability ERROR 1194 Multicast application %s not supported Multicast INFO 696 Multicast packet dropped, Invalid src IP received on interface : %s Multicast ALERT

38 Multicast packet dropped, wrong MAC address received on interface : %s Multicast ALERT 684 Multicast TCP packet dropped Multicast NOTICE 691 Multicast UDP packet dropped, no state entry Multicast NOTICE 690 Multicast UDP packet dropped, RTCP stateful failed Multicast WARNING 695 Multicast UDP packet dropped, RTP stateful failed Multicast WARNING 694 Multiple DHCP Servers are detected on network Firewall Event WARNING 1068 NAT device may not support IPsec AH passthrough VPN IPSec Maintenance INFO 266 NAT Discovery : No NAT/NAPT device detected between IPsec Security gateways VPN IKE User Activity INFO 241 NAT Discovery : Local IPsec Security Gateway behind a NAT/ NAPT Device VPN IKE User Activity INFO 240 NAT Discovery : Peer IPsec Security Gateway behind a NAT/ NAPT Device VPN IKE User Activity INFO 239 NAT Discovery : Peer IPsec Security Gateway doesn't support VPN NAT Traversal VPN IKE User Activity INFO 242 Nat Mapping Network Access NOTICE 1197 NAT translated packet exceeds size limit, packet dropped Network Network Debug DEBUG 339 Net Spy attack dropped Intrusion Prevention Attacks ALERT NetBIOS settings were not upgraded. Use Network>IP Helper to configure NetBIOS support Firewall Event Maintenance INFO 740 NetBus attack dropped Intrusion Prevention Attacks ALERT

39 Network for interface %s overlaps with another interface. Firewall Event Maintenance INFO 569 Network Modem Mode Disabled: re enabling NAT PPP Dial Up Maintenance INFO 531 Network Modem Mode Enabled: turning off NAT PPP Dial Up Maintenance INFO 530 Network Monitor Policy %s Added Network Monitor INFO 1104 Network Monitor Policy %s Deleted Network Monitor INFO 1105 Network Monitor Policy %s Modified Network Monitor INFO 1106 Network Monitor: Host %s is offline Network Monitor ALERT Network Monitor: Host %s is online Network Monitor ALERT Network Monitor: Host %s status is UNKNOWN Network Monitor ALERT Network Monitor: Policy %s status is DOWN Network Monitor ALERT Network Monitor: Policy %s status is UNKNOWN Network Monitor ALERT Network Monitor: Policy %s status is UP Network Monitor ALERT Network Security Appliance activated Firewall Event Maintenance ALERT 4 Network Security Appliance initializing Firewall Event Maintenance INFO 521 New firmware available. Firewall Event Maintenance INFO 198 New URL List loaded Security Services Maintenance INFO 8 Newsgroup access allowed Network Access Blocked Web Sites NOTICE Blocked Web Newsgroup access denied Network Access Sites NOTICE No Certificate for VPN PKI User Activity ALERT 280 No DNS response to domain %s Security Services DEBUG 1238 No HOST tag found in HTTP request Network Access Network Debug DEBUG 52 37

40 No new URL List available No response from ISP Disconnecting PPPoE. No response from PPTP server to call requests Security Services PPPoE PPTP Maintenance INFO 9 Maintenance INFO 169 Maintenance INFO 431 No response from PPTP server to control connection requests PPTP Maintenance INFO 430 No response from server to Echo Requests, disconnecting PPTP Tunnel PPTP Maintenance INFO 429 No response received from DNS server Anti Spam Service DEBUG 1142 No valid DNS server specified for GRID lookups Anti Spam Service ERROR No valid DNS server specified for RBL lookups RBL ERROR 800 Non config mode GUI administration session started Access User Activity INFO 997 Not all configurations may have been completely upgraded Firewall Event Maintenance INFO 612 Not blacklisted as per configuration Anti Spam Service DEBUG 1143 Not Blacklisted by domain %s Security Services DEBUG 1237 Not enough memory to hold the CRL VPN PKI User Activity WARNING 272 NTP Request sent NOTICE 1232 Obtained Relay IP Table from Remote Gateway DHCP Relay Maintenance INFO 233 OCSP Failed to Resolve Domain Name. VPN PKI User Activity ERROR 853 OCSP Internal error handling received response. VPN PKI User Activity ERROR 854 OCSP received response error. VPN PKI User Activity ERROR 851 OCSP received response. VPN PKI User Activity INFO

41 OCSP Resolved Domain Name. VPN PKI User Activity INFO 852 OCSP send request message failed. VPN PKI User Activity ERROR 849 OCSP sending request. VPN PKI User Activity INFO 848 On HA peer firewall, Interface %s Link Is Down High Availability Errors ALERT 1206 On HA peer firewall, Interface %s Link Is Up High Availability Errors ALERT 1205 Outbound connection to GRIDlisted SMTP server dropped Anti Spam Service NOTICE Outbound connection to RBLlisted SMTP server dropped RBL NOTICE 797 Out of order command packet dropped Network Access Network Debug DEBUG 48 Overriding Product Code Upgrade to: %s Firewall Event ERROR 705 Packet allowed by ACL Network INFO 1235 Packet destination not in VPN Access list VPN IPSec Attacks ERROR Packet Dropped IP TTL expired Network Network Debug WARNING 910 Packet dropped by guest check Network Access Dropped TCP Dropped UDP Dropped ICMP WARNING 488 Packet dropped by wireless Advanced IDP Wireless WARNING 1229 Dropped TCP Dropped UDP Packet dropped by WLAN SSL VPN enforcement check Packet dropped by WLAN VPN traversal check Wireless Wireless Dropped ICMP WARNING 732 Dropped TCP Dropped UDP Dropped ICMP WARNING 495 Packet dropped. No firewall rule associated with VPN policy. VPN Errors ALERT 739 Packet dropped; connection limit for this destination IP address has been reached Firewall Event Errors ALERT

42 Packet dropped; connection limit for this source IP address has been reached Firewall Event Errors ALERT Payload processing failed VPN IKE Network Debug ERROR 616 PC Card inserted. Firewall Hardware ALERT PC Card removed. Firewall Hardware ALERT PC Card: No device detected Firewall Hardware ALERT 1056 Peer firewall has equivalent link status. In event of failover, it will operate with equal capability. Peer firewall has reduced link status. In event of failover, it will operate with limited capability. High Availability High Availability Maintenance INFO 1208 Maintenance INFO 1207 Peer firewall rebooting (%s) High Availability INFO 1057 Peer HA firewall has stateful license but this firewall is not yet registered High Availability Errors ALERT 1136 Physical environment normal Firewall Hardware INFO Physical interface utilization is greater than 80% of the maximum rated tolerance(for the interface)for more than 10 seconds. Firewall Hardware ALERT Ping of death dropped Intrusion Prevention Attacks ALERT PKI Error: VPN PKI Maintenance ERROR 417 PKI Failure VPN PKI Maintenance ERROR 447 PKI Failure: CA certificates store exceeded. Cannot verify this Local Certificate VPN PKI Maintenance ERROR 453 PKI Failure: Cannot allocate memory VPN PKI Maintenance ERROR

43 PKI Failure: Certificate's ID does not match this Network Security Appliance PKI Failure: Duplicate local certificate PKI Failure: Duplicate local certificate name PKI Failure: Import failed PKI Failure: Improper file format. Please select PKCS#12 (*.p12) file PKI Failure: Incorrect admin password PKI Failure: Internal error PKI Failure: Loaded but could not verify certificate PKI Failure: Loaded the certificate but could not verify its chain PKI Failure: No CA certificates yet loaded PKI Failure: Output buffer too small PKI Failure: public private key mismatch PKI Failure: Reached the limit for local certificates, cant load any more PKI Failure: Temporary memory shortage, try again PKI Failure: The certificate chain has no root PKI Failure: The certificate chain is circular PKI Failure: The certificate chain is incomplete PKI Failure: The certificate or a certificate in the chain has a bad signature VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI Maintenance ERROR 455 Maintenance ERROR 458 Maintenance ERROR 457 Maintenance ERROR 451 Maintenance ERROR 454 Maintenance ERROR 452 Maintenance ERROR 460 Maintenance ERROR 469 Maintenance ERROR 470 Maintenance ERROR 459 Maintenance ERROR 448 Maintenance ERROR 456 Maintenance ERROR 450 Maintenance ERROR 461 Maintenance ERROR 464 Maintenance ERROR 462 Maintenance ERROR 463 Maintenance ERROR

44 PKI Failure: The certificate or a certificate in the chain has a validity period in the future PKI Failure: The certificate or a certificate in the chain has expired VPN PKI VPN PKI Maintenance ERROR 466 Maintenance ERROR 465 PKI Failure: The certificate or a certificate in the chain is corrupt VPN PKI Maintenance ERROR 467 Please connect interface %s to another network to function properly Firewall Event Maintenance INFO 570 Please manually check all system configurations for correctness of Upgrade Firewall Event Maintenance INFO 613 Port configured to receive IPsec protocol ONLY; drop packet received in the clear Network Access Dropped TCP Dropped UDP Dropped ICMP WARNING 347 Possible DNS rebind attack detected Intrusion Prevention ALERT Possible FIN Flood on IF %s Intrusion Prevention Network Debug ALERT 905 Possible FIN Flood on IF %s continues Intrusion Prevention Network Debug WARNING 909 Possible FIN Flood on IF %s has ceased Intrusion Prevention Network Debug ALERT 907 Possible ICMP Flood attack detected Intrusion Prevention Attacks ALERT 1214 Possible port scan detected Intrusion Prevention Attacks ALERT Possible RST Flood on IF %s Intrusion Prevention Network Debug ALERT 904 Possible RST Flood on IF %s continues Intrusion Prevention Network Debug WARNING 908 Possible RST Flood on IF %s has ceased Intrusion Prevention Network Debug ALERT 906 Possible SYN flood attack detected Intrusion Prevention Attacks WARNING Possible SYN flood detected on WAN IF %s switching to connection proxy mode Intrusion Prevention Network Debug ALERT 859 Possible SYN Flood on IF %s Intrusion Prevention Network Debug ALERT

45 Possible SYN Flood on IF %s continues Intrusion Prevention Network Debug WARNING 866 Possible SYN Flood on IF %s has ceased Intrusion Prevention Network Debug ALERT 867 Possible UDP Flood attack detected Intrusion Prevention Attacks ALERT 1213 Power supply without redundancy Firewall Hardware ERROR PPP Dial Up: Connect request canceled PPP Dial Up User Activity INFO 306 PPP Dial Up: Connected at %s bps starting PPP PPP Dial Up User Activity INFO 286 PPP Dial Up: Connection disconnected as scheduled. PPP Dial Up INFO 666 PPP Dial Up: Dial initiated by %s PPP Dial Up Maintenance INFO 324 PPP Dial Up: Dialed number did not answer PPP Dial Up User Activity INFO 285 PPP Dial Up: Dialed number is busy PPP Dial Up User Activity INFO 284 PPP Dial Up: Dialing not allowed by schedule. %s PPP Dial Up INFO 665 PPP Dial Up: Dialing: %s PPP Dial Up User Activity INFO 281 PPP Dial Up: Failed to get IP address PPP Dial Up User Activity INFO 298 PPP Dial Up: Idle time limit exceeded disconnecting PPP Dial Up User Activity INFO 297 PPP Dial Up: Initialization : %s PPP Dial Up User Activity INFO 303 PPP Dial Up: Invalid DNS IP address returned from Dial Up ISP; overriding using dial up profile settings PPP Dial Up Maintenance INFO 811 PPP Dial Up: Link carrier lost PPP Dial Up User Activity INFO 288 PPP Dial Up: Manual intervention needed. Check Primary Profile or Profile details PPP Dial Up User Activity INFO 321 PPP Dial Up: Maximum connection time exceeded disconnecting PPP Dial Up User Activity INFO

46 PPP Dial Up: No dial tone detected check phone line connection PPP Dial Up User Activity INFO 282 PPP Dial Up: No link carrier detected check phone number PPP Dial Up User Activity INFO 283 PPP Dial Up: No peer IP address from Dial Up ISP, local and remote IPs will be the same PPP Dial Up Maintenance INFO 481 PPP Dial Up: PPP link down PPP Dial Up User Activity INFO 301 PPP Dial Up: PPP link established PPP Dial Up User Activity INFO 300 PPP Dial Up: PPP negotiation failed disconnecting PPP Dial Up User Activity INFO 296 PPP Dial Up: Previous session was connected for %s PPP Dial Up User Activity INFO 542 PPP Dial Up: Received new IP address PPP Dial Up User Activity INFO 299 PPP Dial Up: Shutting down link PPP Dial Up User Activity INFO 302 PPP Dial Up: Starting PPP PPP Dial Up INFO 1037 PPP Dial Up: Startup without Ethernet cable, will try to dial on outbound traffic PPP Dial Up User Activity INFO 323 PPP Dial Up: The profile in use disabled VPN networking. PPP Dial Up Maintenance INFO 330 PPP Dial Up: Trying to failover but Alternate Profile is manual WAN Availability User Activity INFO 434 PPP Dial Up: Trying to failover but Primary Profile is manual PPP Dial Up User Activity INFO 322 PPP Dial Up: Unknown dialing failure PPP Dial Up User Activity INFO 287 PPP Dial Up: User requested connect PPP Dial Up User Activity INFO 305 PPP Dial Up: User requested disconnect PPP Dial Up User Activity INFO

47 PPP Dial Up: VPN networking restored. PPP Dial Up Maintenance INFO 331 PPP message: %s PPP INFO 1018 PPP: Authentication successful PPP INFO 289 PPP: CHAP authentication failed check username / password PPP INFO 291 PPP: MS CHAP authentication failed check username / password PPP INFO 292 PPP: PAP Authentication failed check username / password PPP INFO 290 PPP: Starting CHAP authentication PPP INFO 294 PPP: Starting MS CHAP authentication PPP INFO 293 PPP: Starting PAP authentication PPP INFO 295 PPPoE terminated PPPoE Maintenance INFO 130 PPPoE CHAP Authentication Failed PPPoE Maintenance INFO 136 PPPoE Client: Previous session was connected for %s PPPoE discovery process complete PPPoE enabled but not ready PPPoE LCP Link Down PPPoE LCP Link Up PPPoE Network Connected PPPoE Network Disconnected PPPoE PAP Authentication Failed PPPoE PPPoE PPPoE PPPoE PPPoE PPPoE PPPoE PPPoE Maintenance INFO 738 Maintenance INFO 133 Maintenance INFO 499 Maintenance INFO 129 Maintenance INFO 128 Maintenance INFO 131 Maintenance INFO 132 Maintenance INFO

48 PPPoE PAP Authentication Failed. Please verify PPPoE username and password PPPoE Maintenance INFO 167 PPPoE PAP Authentication success. PPPoE Maintenance INFO 166 PPPoE password changed by Administrator Access User Activity INFO 515 PPPoE starting CHAP Authentication PPPoE Maintenance INFO 134 PPPoE starting PAP Authentication PPPoE Maintenance INFO 135 PPPoE user name changed by Administrator Access User Activity INFO 514 PPTP enabled but not ready PPTP Maintenance INFO 501 PPTP CHAP Authentication Failed. Please verify PPTP username and password PPTP Maintenance INFO 394 PPTP Connect Initiated by the User PPTP Maintenance INFO 390 PPTP Control Connection Established PPTP Maintenance INFO 378 PPTP Control Connection Negotiation Started PPTP Maintenance INFO 375 PPTP decode failure PPTP Network Debug DEBUG 596 PPTP Disconnect Initiated by the User PPTP Maintenance INFO 388 PPTP LCP Down PPTP Maintenance INFO 383 PPTP LCP Up PPTP Maintenance INFO 387 PPTP Max Retransmission Exceeded PPTP Maintenance INFO 377 PPTP packet dropped Network Access Dropped TCP Dropped UDP Dropped ICMP NOTICE 39 PPTP PAP Authentication Failed PPTP Maintenance INFO 395 PPTP PAP Authentication Failed. Please verify PPTP username and password PPTP Maintenance INFO 397 PPTP PAP Authentication success. PPTP Maintenance INFO

49 PPTP PPP Authentication Failed PPTP Maintenance INFO 386 PPTP PPP Down PPTP Maintenance INFO 385 PPTP PPP link down PPTP Maintenance INFO 391 PPTP PPP Link down PPTP Maintenance INFO 399 PPTP PPP Link Finished PPTP Maintenance INFO 400 PPTP PPP Link Up PPTP Maintenance INFO 398 PPTP PPP Negotiation Started PPTP Maintenance INFO 382 PPTP PPP Session Up PPTP Maintenance INFO 384 PPTP Server is not responding, check if the server is UP and running. PPTP Maintenance INFO 444 PPTP server rejected control connection PPTP Maintenance INFO 432 PPTP server rejected the call request PPTP Maintenance INFO 433 PPTP Session Disconnect from Remote PPTP Maintenance INFO 381 PPTP Session Established PPTP Maintenance INFO 380 PPTP Session Negotiation Started PPTP Maintenance INFO 376 PPTP starting CHAP Authentication PPTP Maintenance INFO 392 PPTP starting PAP Authentication PPTP Maintenance INFO 393 PPTP Tunnel Disconnect from Remote PPTP Maintenance INFO 379 Primary firewall has transitioned to Active High Availability Maintenance ALERT 144 Primary firewall has transitioned to Idle High Availability Errors ALERT Primary firewall preempting Backup High Availability Errors ERROR

50 Primary firewall rebooting itself as it transitioned from Active to Idle while Preempt High Availability INFO 1058 Primary missed heartbeats from Backup High Availability Errors ERROR Primary received error signal from Backup High Availability Errors ERROR Primary received heartbeat from wrong source High Availability Maintenance INFO 160 Primary received reboot signal from Backup High Availability Errors ERROR Primary WAN link down, Backup going Active High Availability Errors ERROR Primary WAN link down, Primary going Idle High Availability Maintenance INFO 218 Primary WAN link up, preempting Backup High Availability Maintenance INFO 221 Priority attack dropped Intrusion Prevention Attacks ALERT Probable port scan detected Intrusion Prevention Attacks ALERT Probable TCP FIN scan detected Intrusion Prevention Attacks ALERT Probable TCP NULL scan detected Intrusion Prevention Attacks ALERT Probable TCP XMAS scan detected Intrusion Prevention Attacks ALERT Probe Response Failure %s Anti Spam Service DEBUG 1132 Probe Response Success %s Anti Spam Service DEBUG 1131 Probing failure on %s WAN Availability Errors ALERT Probing succeeded on %s WAN Availability Errors ALERT Problem loading the URL List; Appliance not registered. Security Services Errors ERROR Problem loading the URL List; check Filter settings Security Services Errors ERROR Problem loading the URL List; check your DNS server Security Services Errors ERROR

51 Problem loading the URL List; Flash write failure. Security Services Errors ERROR Problem loading the URL List; Retrying later. Security Services Errors ERROR Problem loading the URL List; Subscription expired. Security Services Errors ERROR Problem loading the URL List; Try loading it again. Security Services Errors ERROR Problem occurred during user group membership retrieval Access User Activity WARNING 1033 Problem sending log ; check log settings Firewall Logging Errors WARNING Processed received from Security Service Anti Spam Service INFO Product maximum entries reached %s Firewall Event WARNING 1196 RADIUS user cannot use One Time Password no mail address set for equivalent local user Access User Activity INFO 1119 RBL DNS server responded with error code %s Security Services DEBUG 1239 Read only mode GUI administration session started Access User Activity INFO 996 Real time clock battery failure Time values may be incorrect Firewall Hardware Errors WARNING Received a path MTU ICMP message from router/gateway Network User Activity INFO 182 Received a path MTU ICMP message from router/gateway Network User Activity INFO 188 Received Application Firewall Alert: Your Application Firewall (Application Firewall) subscription has expired. Maintenance WARNING Security Services Received Alert: Your Firewall Botnet Filter subscription has expired. Security Services WARNING

52 Received Alert: Your Firewall Visualization Control subscription has expired. Security Services WARNING 1159 Received AV Alert: %s Security Services Maintenance WARNING Received AV Alert: Your Network Anti Virus subscription has expired. %s Security Services Maintenance WARNING Received AV Alert: Your Network Anti Virus subscription will expire in 7 days. %s Maintenance WARNING Security Services Received Blacklisted Directive from %s Security Services DEBUG 1236 Received CFS Alert: Your Content Filtering subscription has expired. Security Services Maintenance WARNING Received CFS Alert: Your Content Filtering subscription will expire in 7 days. Received DHCP offer packet has errors Received E Mail Filter Alert: Your E Mail Filtering subscription has expired. Received E Mail Filter Alert: Your E Mail Filtering subscription will expire in 7 days. Security Services DHCP Client Security Services Security Services Maintenance WARNING Maintenance INFO 588 Maintenance WARNING Maintenance WARNING Received fragmented packet or fragmentation needed Network Network Debug DEBUG 63 Received IKE SA delete request VPN IKE User Activity INFO 413 Received IPS Alert: Your Intrusion Prevention (IDP) subscription has expired. Security Services Maintenance WARNING Received IPsec SA delete request VPN IKE User Activity INFO 412 Received ISAKMP packet Network Debug destined to port %s VPN IKE Dropped UDP INFO

53 Received LCP Echo Reply PPPoE Maintenance INFO 723 Received LCP Echo Request PPPoE Maintenance INFO 721 Received notify. NO_PROPOSAL_CHOSEN VPN IKE User Activity WARNING 401 Received notify: INVALID_COOKIES VPN IKE User Activity INFO 414 Received notify: INVALID_ID_INFO VPN IPSec User Activity WARNING 483 Received notify: INVALID_PAYLOAD VPN IKE User Activity ERROR 661 Received notify: INVALID_SPI VPN IKE User Activity INFO 416 Received notify: ISAKMP_AUTH_FAILED VPN IKE User Activity WARNING 409 Received notify: PAYLOAD_MALFORMED VPN IKE User Activity WARNING 411 Received notify: RESPONDER_LIFETIME VPN IKE User Activity INFO 415 Received packet retransmission. Drop duplicate packet VPN IKE User Activity WARNING 406 Received PPPoE Active Discovery Offer PPPoE Maintenance INFO 593 Received PPPoE Active Discovery Session_confirmation PPPoE Maintenance INFO 594 Received response packet for DHCP request has errors DHCP Client Maintenance INFO 589 Received unauthenticated GRID response Anti Spam Service DEBUG 1138 Received unencrypted packet in crypto active state VPN IKE User Activity WARNING 605 Regulatory requirements prohibit %s from being re dialed for 30 minutes PPP Dial Up Attacks ERROR Released IP address %s DHCP Server INFO 1111 Remote WAN Acceleration device started responding to probes WAN Acceleration ALERT

54 Remote WAN Acceleration device stopped responding to probes WAN Acceleration ALERT Remotely Triggered Dial out session ended. Valid WAN bound data found. Normal dial up sequence will commence Remotely Triggered Dial out session started. Requesting authentication Removed a member from an LDAP mirror user group Removed host entry from dynamic address object Request for Relay IP Table from Central Gateway Access User Activity INFO 822 Access User Activity INFO 818 Remote Authentication User Activity INFO 1193 Dynamic Address Objects Maintenance INFO 912 DHCP Relay Maintenance INFO 230 Requesting CRL from VPN PKI User Activity INFO 269 Requesting Relay IP Table from Remote Gateway DHCP Relay Maintenance INFO 231 Resolved ES Cloud %s Anti Spam Service DEBUG 1146 Responder from country blocked: %s Geolocation ALERT 1199 Restarting Network Security Appliance; dumping log to Retransmitting DHCP DISCOVER. Retransmitting DHCP REQUEST (Rebinding). Retransmitting DHCP REQUEST (Rebooting). Retransmitting DHCP REQUEST (Renewing). Retransmitting DHCP REQUEST (Requesting). Retransmitting DHCP REQUEST (Verifying). RIP Broadcasts for LAN Network %s are being broadcast over dialup connection Firewall Event DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client RIP Maintenance INFO 13 Maintenance INFO 99 Maintenance INFO 102 Maintenance INFO 103 Maintenance INFO 101 Maintenance INFO 100 Maintenance INFO 104 Maintenance INFO

55 RIP disabled on DMZ interface RIP disabled on interface %s RIP disabled on WAN interface RIP RIP RIP Maintenance INFO Maintenance INFO Maintenance INFO Ripper attack dropped Intrusion Prevention Attacks ALERT RIPv1 enabled on DMZ interface RIP Maintenance INFO RIPv1 enabled on interface %s RIP Maintenance INFO RIPv1 enabled on WAN interface RIP Maintenance INFO RIPv2 compatibility (broadcast) mode enabled on DMZ interface RIPv2 compatibility (broadcast) mode enabled on interface %s RIP RIP Maintenance INFO Maintenance INFO RIPv2 compatibility (broadcast) mode enabled on WAN interface RIP Maintenance INFO RIPv2 enabled on DMZ interface RIP Maintenance INFO RIPv2 enabled on interface %s RIP Maintenance INFO RIPv2 enabled on WAN interface RIP Maintenance INFO Router IGMP General query received on interface %s Multicast DEBUG 680 Router IGMP Membership query received on interface %s Multicast DEBUG 681 RST Flood Blacklist on IF %s continues Intrusion Prevention Network Debug WARNING 899 RST Flooding machine %s blacklisted Intrusion Prevention Network Debug ALERT 898 SA is disabled. Check VPN SA settings VPN IKE User Activity INFO 407 SCEP Client: %s VPN PKI NOTICE 1097 Sending DHCP DISCOVER. DHCP Client Maintenance INFO

56 Sending DHCP RELEASE. Sending DHCP REQUEST (Rebinding). Sending DHCP REQUEST (Rebooting). Sending DHCP REQUEST (Renewing). Sending DHCP REQUEST (Verifying). Sending DHCP REQUEST. Sending LCP Echo Reply Sending LCP Echo Request Sending PPPoE Active Discovery Request DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client PPPoE PPPoE PPPoE Maintenance INFO 122 Maintenance INFO 116 Maintenance INFO 117 Maintenance INFO 115 Maintenance INFO 118 Maintenance INFO 108 Maintenance INFO 722 Maintenance INFO 720 Maintenance INFO 595 Senna Spy attack dropped Intrusion Prevention Attacks ALERT Sent Relay IP Table to Central Gateway DHCP Relay Maintenance INFO 232 Settings Import: %s Firewall Event INFO 1049 SIP Register expiration exceeds configured Signaling inactivity time out VoIP Expanded VoIP Activity WARNING 645 SIP Request VoIP Expanded VoIP Activity DEBUG 643 SIP Response VoIP Expanded VoIP Activity DEBUG 644 SMTP authentication problem:%s Firewall Logging Errors WARNING 737 SMTP connection limit is reached. Connection is dropped. Anti Spam Service WARNING SMTP POP Before SMTP authentication failed Firewall Logging Errors WARNING 656 SMTP server found on RBL blacklist RBL NOTICE 799 SMTP server found on Reject List Anti Spam Service NOTICE Smurf Amplification attack dropped Intrusion Prevention Attacks ALERT

57 SNMP Packet Dropped Unused INFO 1225 SonicPoint association posted successfully to License Manager Firewall Event INFO 1266 SonicPoint association request to License Manager failed: %s Firewall Event WARNING 1265 SonicPoint Provision SonicPoint Expanded SonicPoint Activity INFO 727 SonicPoint statistics report GMS INFO 806 Expanded SonicPoint Status SonicPoint SonicPoint Activity INFO 667 SonicPointN Provision SonicPointN INFO 1078 SonicPointN Status SonicPointN INFO 1077 Source IP address connection status: %s Firewall Event INFO 734 Source routed IP packet dropped Intrusion Prevention Network Debug WARNING 428 Spank attack multicast packet dropped Intrusion Prevention Attacks ALERT SSL Control: Certificate chain not complete Network Access Blocked Web Sites INFO 1006 SSL Control: Certificate with invalid date Network Access Blocked Web Sites INFO 1002 SSL Control: Certificate with MD5 Digest Signature Algorithm Network Access Blocked Web Sites INFO 1081 SSL Control: Failed to decode Server Hello Network Access Blocked Web Sites INFO 1007 SSL Control: HTTPS via SSL2 Network Access Blocked Web Sites INFO 1001 SSL Control: Self signed certificate Network Access Blocked Web Sites INFO 1003 SSL Control: Untrusted CA Network Access Blocked Web Sites INFO 1005 SSL Control: Weak cipher being used Network Access Blocked Web Sites INFO 1004 SSL Control: Website found in blacklist Network Access Blocked Web Sites INFO

58 SSL Control: Website found in whitelist Network Access Blocked Web Sites INFO 1000 SSLVPN enforcement Wireless Maintenance INFO 733 SSLVPN Traffic SSLVPN zone remote user login allowed SSO agent is down SSO agent is up SSO agent returned error SSO returned a domain name that is too long SSO returned a user name that is too long SSLVPN Syslog only for traffic reporting INFO 1153 Access User Activity INFO 1080 SSO Agent Authentication User Activity ALERT 1075 SSO Agent Authentication User Activity ALERT 1076 SSO Agent Authentication User Activity WARNING 1073 SSO Agent Authentication User Activity WARNING 993 SSO Agent Authentication User Activity WARNING 992 Starting IKE negotiation VPN IKE User Activity INFO 90 Starting PPPoE discovery PPPoE Maintenance INFO 127 Status GMS Maintenance EMERGENCY 96 Striker attack dropped Intrusion Prevention Attacks ALERT Sub Seven attack dropped Intrusion Prevention Attacks ALERT Succeed in updating time from NTP server NOTICE 1231 Success to reach Interface %s probe High Availability Errors INFO 674 Successful authentication received for Remotely Triggered Dial out Access User Activity INFO 820 Successfully sent %s file to remote backup server Firewall Event Maintenance INFO 1065 Successfully sent Preference file to remote backup server Firewall Event Maintenance INFO

59 Successfully sent TSR file to remote backup server Firewall Event Maintenance INFO 1063 Suspected Botnet initiator blocked: %s Botnet Blocking ALERT 1200 Suspected Botnet responder blocked: %s Botnet Blocking ALERT 1201 SYN Flood Blacklist on IF %s continues Intrusion Prevention Network Debug WARNING 868 SYN Flood blacklisting disabled by user Intrusion Prevention Network Debug WARNING 863 SYN Flood blacklisting enabled by user Intrusion Prevention Network Debug WARNING 862 SYN flood ceased or flooding machines blacklisted connection proxy disabled Intrusion Prevention Network Debug ALERT 861 SYN Flood Mode changed by user to: Always proxy WAN connections Intrusion Prevention Network Debug WARNING 858 SYN Flood Mode changed by user to: Watch and proxy WAN connections when under attack Intrusion Prevention Network Debug WARNING 857 SYN Flood Mode changed by user to: Watch and report possible SYN floods Intrusion Prevention Network Debug WARNING 856 Synchronizing preferences to HA Peer Firewall High Availability Maintenance INFO 673 SYN Flooding machine %s blacklisted Intrusion Prevention Network Debug ALERT 864 Syslog Server cannot be reached Network Maintenance INFO 657 clock manually updated Firewall Logging NOTICE 881 shutdown by administrator. Power cycle required. Firewall Event ALERT TCP checksum error; packet dropped Network Access Dropped TCP NOTICE 884 TCP connection abort received; TCP connection dropped Network Network Debug DEBUG 713 TCP connection dropped Network Access Dropped TCP NOTICE 36 57

60 TCP connection from LAN denied Network Access Dropped LAN TCP NOTICE 173 TCP connection reject received; TCP connection dropped Network Network Debug DEBUG 712 TCP FIN packet dropped Network Network Debug DEBUG 181 TCP handshake violation detected; TCP connection dropped Network Access NOTICE 760 TCP packet received on a closing connection; TCP packet dropped Network Network Debug DEBUG 891 TCP packet received on nonexistent/closed connection; TCP packet dropped Network Network Debug DEBUG 888 TCP packet received with invalid ACK number; TCP packet dropped Network Network Debug DEBUG 709 TCP packet received with invalid header length; TCP packet dropped Network Network Debug DEBUG 887 TCP packet received with invalid MSS option length; TCP packet dropped Network Network Debug DEBUG 894 TCP packet received with invalid option length; TCP packet dropped Network Network Debug DEBUG 895 TCP packet received with invalid SACK option length; TCP packet dropped Network Network Debug DEBUG 893 TCP packet received with invalid SEQ number; TCP packet dropped Network Network Debug DEBUG 708 TCP packet received with invalid source port; TCP packet dropped Network Network Debug DEBUG 896 TCP packet received with invalid SYN Flood cookie; TCP packet dropped Network Network Debug INFO 897 TCP packet received with invalid Window Scale option length; TCP packet dropped Network Network Debug DEBUG

61 TCP packet received with invalid Window Scale option value; TCP packet dropped Network Network Debug DEBUG 1031 TCP packet received with nonpermitted option; TCP packet dropped Network Network Debug DEBUG 1029 TCP packet received with SYN flag on an existing connection; TCP packet dropped Network Network Debug INFO 892 TCP packet received without mandatory ACK flag; TCP packet dropped Network Network Debug DEBUG 890 TCP packet received without mandatory SYN flag; TCP packet dropped Network Network Debug DEBUG 889 TCP stateful inspection: Bad header; TCP packet dropped Network Network Debug DEBUG 711 TCP stateful inspection: Invalid flag; TCP packet dropped Network Network Debug INFO 710 TCP SYN received Intrusion Prevention Network Debug DEBUG 869 TCP Syn/Fin packet dropped Network Access Attacks ALERT TCP Xmas Tree dropped Intrusion Prevention Attacks ALERT Terminal Services agent is down SSO Agent Authentication User Activity ALERT 1150 Terminal Services agent is up SSO Agent Authentication User Activity ALERT 1151 The cache is full; %u open connections; some will be dropped Firewall Event Errors ERROR The current WAN interface is not ready to route packets. Firewall Event Errors ERROR The High Availability monitoring IP configuration of Interface %s is incorrect. High Availability ERROR 1126 The loaded content URL List has expired. Security Services Errors ERROR

62 The network connection in use is %s WAN Availability Errors WARNING The preferences file is too large to be saved in available flash memory Firewall Event Errors WARNING The stateful license of HA peer firewall is not activated High Availability Errors ALERT 1137 Thermal Red Firewall Hardware Environment ALERT Thermal Red Timer Exceeded Firewall Hardware Environment ALERT Thermal Yellow Firewall Hardware Environment ALERT Time of day settings for firewall policies were not upgraded. Firewall Event Maintenance INFO 742 Too many gratuitous ARPs detected Network WARNING 815 Total firewall throughput is greater than 50% of the maximum rated tolerance for more than 10 seconds. Firewall Hardware ALERT UDP checksum error; packet dropped Network Access Dropped UDP NOTICE 885 UDP packet dropped Network Access Dropped UDP NOTICE 37 UDP packet from LAN dropped Network Access Dropped LAN UDP Dropped LAN TCP NOTICE 174 Unable to resolve dynamic address object Dynamic Address Objects Maintenance INFO 880 Unable to send message to dialup task PPP Dial Up Errors ERROR 1024 Unhandled link local or multicast IPv6 packet dropped Multicast ALERT 1233 Unknown IPsec SPI VPN IPSec Attacks ERROR Unknown protocol dropped Network Access Network Debug NOTICE 41 Unknown reason VPN PKI User Activity ERROR 275 Unprocessed received from MTA on Inbound SMTP port Anti Spam Service INFO

63 Updated ES Cloud Address %s Anti Spam Service DEBUG 1147 User account '%s' expired and disabled Access User Activity INFO 1157 User account '%s' expired and pruned Access User Activity INFO 1158 User logged out Access User Activity INFO 263 User logged out inactivity timer expired Access User Activity INFO 265 User logged out logout detected by SSO Access User Activity INFO 1008 User logged out logout reported by Terminal Services agent User logged out max session time exceeded User logged out user disconnect detected (heartbeat timer expired) User login denied insufficient access on LDAP server User login denied invalid credentials on LDAP server User login denied LDAP authentication failure User login denied LDAP communication problem User login denied LDAP directory mismatch User login denied LDAP schema mismatch User login denied LDAP server certificate not valid User login denied LDAP server down or misconfigured User login denied LDAP server name resolution failed User login denied LDAP server timeout Access User Activity INFO 1124 Access User Activity INFO 264 Access User Activity INFO 24 Remote Authentication User Activity WARNING 750 Remote Authentication User Activity WARNING 749 Remote Authentication User Activity INFO 745 Remote Authentication User Activity WARNING 748 Remote Authentication User Activity WARNING 757 Remote Authentication User Activity WARNING 751 Remote Authentication User Activity WARNING 755 Remote Authentication User Activity WARNING 747 Remote Authentication User Activity WARNING 753 Remote Authentication User Activity WARNING

64 User login denied Mail Address(From/to) or SMTP Server is not configured User login denied No name received from Terminal Services agent User login denied not allowed by policy rule User login denied not found locally User login denied password doesn't meet constraints User login denied password expired User login denied RADIUS authentication failure User login denied RADIUS communication problem User login denied RADIUS configuration error User login denied RADIUS server name resolution failed User login denied RADIUS server timeout User login denied SSO agent communication problem User login denied SSO agent configuration error User login denied SSO agent name resolution failed User login denied SSO agent timeout User login denied SSO probe failed User login denied Terminal Services agent communication problem User login denied Terminal Services agent name resolution failed Access User Activity INFO 1118 Access User Activity WARNING 1122 Access User Activity INFO 986 Access User Activity INFO 987 Access INFO 1048 Access User Activity INFO 1035 Remote Authentication User Activity INFO 243 Remote Authentication User Activity WARNING 744 Remote Authentication User Activity WARNING 245 Remote Authentication User Activity WARNING 754 Remote Authentication User Activity WARNING 244 Access User Activity WARNING 990 Access User Activity WARNING 989 Access User Activity WARNING 991 Access User Activity WARNING 988 Access User Activity WARNING 1117 Access User Activity WARNING 1123 Access User Activity WARNING

65 User login denied Terminal Services agent timeout User login denied TLS or local certificate problem User login denied user already logged in User login denied User has no privileges for guest service User login denied User has no privileges for login from that location User login denied due to bad credentials User login denied due to bad credentials User login disabled from %s User login Failed An error has occurred while sending your onetime password User login failed Guest service limit reached User login failure rate exceeded logins from user IP address denied User login from an internal zone allowed Using LDAP without TLS highly insecure Virtual Access Point is disabled Virtual Access Point is enabled VoIP %s Endpoint added VoIP %s Endpoint not added configured 'public' endpoint limit reached VoIP %s Endpoint removed VoIP Call Connected Access User Activity WARNING 1120 Remote Authentication User Activity WARNING 756 Access User Activity INFO 759 Access User Activity INFO 486 Access User Activity INFO 246 Access User Activity INFO 32 Access User Activity INFO 33 Access Attacks ERROR Access User Activity INFO 1243 Access User Activity INFO 549 Access Attacks ERROR Access User Activity INFO 31 Remote Authentication Errors ALERT SonicPoint Management INFO SonicPoint Management INFO 730 Expanded VoIP VoIP Activity DEBUG 637 VoIP VoIP VoIP Expanded VoIP Activity WARNING 639 Expanded VoIP Activity DEBUG 638 Expanded VoIP Activity INFO

66 VoIP Call Disconnected VoIP Expanded VoIP Activity INFO 623 Voltages Out of Tolerance Firewall Hardware Environment ERROR VPN Cleanup: Dynamic network settings change VPN User Activity INFO 471 VPN Client Policy Provisioning VPN Client User Activity INFO 371 VPN disabled by administrator Access Maintenance INFO 506 VPN enabled by administrator Access Maintenance INFO 507 VPN Log Debug VPN IKE Network Debug INFO 172 VPN Policy Added VPN INFO 1050 VPN policy count received exceeds the limit; %s VPN Errors ERROR 719 VPN Policy Deleted VPN INFO 1051 VPN Policy Modified VPN INFO 1052 VPN TCP FIN VPN Syslog Only VPN Statistics INFO 195 VPN TCP PSH VPN Syslog Only VPN Statistics INFO 196 VPN TCP SYN VPN Syslog Only VPN Statistics INFO 194 VPN zone administrator login allowed Access User Activity INFO 235 VPN zone remote user login allowed Access User Activity INFO 237 WAN Acceleration device %s found WAN Acceleration INFO 1169 WAN Acceleration device %s is being used WAN Acceleration ALERT WAN Acceleration device %s is no longer being used WAN Acceleration ALERT WAN Acceleration device %s is no longer operational WAN Acceleration ALERT WAN Acceleration device %s is operational WAN Acceleration ALERT WAN DHCPC IP Changed Firewall Event Errors WARNING

67 WAN Interface not setup Firewall Event Maintenance INFO 498 Wan IP Changed Firewall Event Errors WARNING WAN node exceeded: Connection dropped because too many IP addresses are in use on your LAN Firewall Event Errors ERROR 812 WAN not ready Firewall Event Maintenance INFO 502 WAN zone administrator login allowed Access User Activity INFO 236 WAN zone remote user login allowed Access User Activity INFO 238 WARNING: Central Gateway does not have a Relay IP Address. DHCP message dropped. WARNING: DHCP lease relayed from Central Gateway conflicts with IP in Static Devices list DHCP Relay DHCP Relay Maintenance INFO 472 Maintenance INFO 227 Web access request dropped Network Access Dropped TCP NOTICE 524 Web management request allowed Network Access User Activity NOTICE 526 Web site access allowed Network Access Blocked Web Sites NOTICE Web site access denied Network Access Blocked Web Sites ERROR WiFiSec Enforcement disabled by administrator Access Maintenance INFO 510 WiFiSec Enforcement enabled by administrator Access Maintenance INFO 511 Wireless MAC Filter List disabled by administrator Access Maintenance INFO 513 Wireless MAC Filter List enabled by administrator Access Maintenance INFO 512 WLAN client null probing WLAN IDS Expanded WLAN IDS Activity WARNING WLAN DHCPC IP Changed Firewall Event Errors WARNING 1130 WLAN disabled by administrator Access Maintenance INFO

68 WLAN disabled by schedule WLAN enabled by administrator WLAN enabled by schedule WLAN firmware image has been updated Access Access Access Wireless Maintenance INFO 728 Maintenance INFO 509 Maintenance INFO 729 Maintenance INFO 487 WLAN HTTP traffic not being sent to WXA WebCache; zone conflict. WAN Acceleration INFO 1264 WLAN max concurrent users reached already Network Access INFO 726 WLAN not in AP mode, DHCP server will not provide lease to clients on WLAN Maintenance INFO 617 Wireless WLAN radio frequency threat detected RF Monitoring WARNING 879 WLAN Reboot Firewall Hardware Errors ERROR WLAN recovery Wireless Maintenance INFO 519 WLAN sequence number out of order. WLAN IDS Expanded WLAN IDS Activity WARNING WLB Failback initiated by %s. WAN Availability Errors ALERT WLB Failover in progress. WAN Availability Errors ALERT WLB Resource failed. WAN Availability Errors ALERT WLB Resource is now available. WAN Availability Errors ALERT WLB Spill over started, configured threshold exceeded. WLB Spill over stopped. WPA MIC Failure. WPA RADIUS Server Timeout. WAN Availability WAN Availability Wireless Wireless Maintenance WARNING 581 Maintenance WARNING Management WARNING Management INFO 664 XAUTH Failed with VPN client, Authentication failure. VPN Client User Activity ERROR

69 XAUTH Failed with VPN client, Cannot Contact RADIUS Server. VPN Client User Activity INFO 141 XAUTH Succeeded with VPN client. VPN Client User Activity INFO 139 Your WAN Acceleration Service subscription has expired. WAN Acceleration ALERT Your Active/Active Clustering subscription has expired. High Availability WARNING 1149 Your Anti Spam Service subscription has expired. Anti Spam Service WARNING YouTube for school enforced. Network Access DEBUG 1262 Log > Syslog In addition to the standard event log, the Dell SonicWALL security appliance can send a detailed log to an external Syslog server. The Dell SonicWALL Syslog captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. Syslog Analyzers such as Dell SonicWALL ViewPoint, Analyzer, or WebTrends Firewall Suite can be used to sort, analyze, and graph the Syslog data. For more information on configuring the Log > Syslog page, refer to the SonicOS Administrator s Guide. 67

70 Index of Syslog Tag Field Descriptions This section provides an alphabetical listing of Syslog tags and the associated field description. For more information about the pri Syslog Tag, see Table 3: Priority Leve on page 83. The value here is taken from the Priority Level column of the Index of Log Event Messages on page 2. For more information about the c Syslog Tag, see Legacy Category on page 79. Note that the following table also includes Syslog information for ArcSight, which is supported on SonicOS 5.9. Tag Tags for ArcSight ( only) Field Description Versions <ddd> Syslog message prefix The beginning of each syslog message has a string of the form <ddd> where ddd is a decimal number indicating facility and priority of the message af_polid Application Filter Displays the Application Filter Policy ID af_policy Application Filter Displays the Application Policy name af_type Application Filter Displays the Application Policy type such as: SMTP Client Request HTTP Client Request HTTP Server Response FTP Client Request FTP Client Upload File FTP Client Download File POP3 Client Request POP3 Server Response FTP Data Transfer IPS Content App Control Content Custom Policy Type CFS af_service Application Filter Displays the Application Policy service name 68

71 af_action Application Filter Displays the Application Policy action such as: HTTP Block Page HTTP Redirect, Bandwidth Management Disable Attachment FTP Notification Reply Reset/Drop Block SMTP Bypass DPI CFS Block Page Packet Monitor Af_object Application policy object name Displays the custom Application Policy object name ai Active Interface via GMS heartbeat Displays the Active WAN Interface. Normally it is Primary WAN but in a failover, it displays the value of the failover default outbound WAN interface, if there s more than one WAN. When there is only one WAN interface, it is always Primary WAN regardless of the link state app app Numeric application ID appcat appcat Application Control appid appid Application ID Indicates the application for the applied syslog. Only displays when Flow Reporting is enabled Display the application category when Application Control is enabled Display the application ID when Application Control is enabled arg arg URL Used to render a URL: arg represents the URL path name part bcastrx bcastrx Interface statistics report Displays the broadcast packets received 69

72 bcasttx bcasttx Interface statistics report Displays the broadcast packets transmitted bytesrx bytesrx Interface statistics report bytestx bytestx Interface statistics report Displays the bytes received Displays the bytes transmitted c cat Message category (legacy only) category category Blocking code description Indicates the legacy category number (Note: We are not currently sending new category information.) Applicable only when CFS is enabled, indicates the category of the blocked content such as Gambling. This works in conjunction with code Blocking code. catid Rule category Indicates the category id of the rule cdur cn3label Connection Duration Displays the connection duration change SWGMSchan geurl Configuration change webpage Displays the basename of the firewall web page that performed the last configuration change code reason Blocking code Indicates the CFS block code category icmpcode cn2 ICMP type and code Indicates the ICMP code conns Firewall status report via GMS heartbeat Indicates the number of connections in use 70

73 contentobjec t Firewall Indicates rule name cs4 Interface Statistics Display interface statistics deviceinboun dinterface Interface Indicates interface on which the packet leaves the device deviceinboun dinterface Interface Indicates interface on which the packet enters the device dpt Port Display destination port dnpt NAT ed Port Display NAT ed destination port dst dst Destination Destination IP address, and optionally, port, network interface, and resolved name. dstv6 dst Destination Destination IPv6 address, and optionally, port, network interface, and resolved name. dstname dst URL Displays the URL of web site hit and other legacy destination strings such as the URL of the host dur request Numeric, session duration in seconds dyn cs6label Firewall status report via GMS heartbeat f flowtype Numeric flow type Indicates the duration in units of seconds that a session is connected Displays the HA and dialup connection state (rendered as h.d where h is n (not enabled), b (backup), or p (primary) and d is 1 (enabled) or 0 (disabled)) Indicates the flow type when Flow Reporting is disabled fw Firewall WAN IP Indicates the WAN IP Address 71

74 fwlan Firewall status report via GMS heartbeat Indicates the LAN zone IP address gcat gcat Group category goodrxbytes goodrxbytes SonicPoint statistics report goodtxbytes goodtxbytes SonicPoint statistics report Display event group category when using Enhanced Syslog Indicates the well formed bytes received Indicates the well formed bytes transmitted i Firewall status report via GMS heartbeat Displays the GMS message interval in seconds id=firewall WebTrends prefix Syntactic sugar for WebTrends (and GMS by habit) if if Interface statistics report Displays the interface on which statistics are reported ipscat ipscat IPS message Displays the IPS category ipspri ipspri IPS message Displays the IPS priority lic Firewall status report via GMS heartbeat Indicates the number of licenses for firewalls with limited modes m Message ID Provides the message ID number 72

75 mac smac or dmac MAC address Provides the source or destination MAC address mailfrom sender Originator of the msg msg Message Displays the message which is composed of either or both a predefined message and a dynamic message containing a string %s or numeric %d argument n cnt Message count natdst cs2label NAT destination IP natdstv6 cs2label NAT destination IPv6 natsrc cs1label NAT source IP natsrcv6 cs1label NAT source IPv6 note cs6 Additional Information Indicates the number of times event occurs Displays the NAT ed destination IP address Displays the NAT ed destination IPv6 address Displays the NAT ed source IP address Displays the NAT ed source IPv6 address Additional information that is application-dependent npcs cs5 URL Applicable only when Network Packet Capture (NPCS Solera) is enabled, displays URL of an NPCS object op requestmeth od HTTP OP code Displays the HTTP operation (GET, POST, etc.) of web site hit 73

76 pri Message priority Displays the event priority level (0=emergency..7=debug) proto proto Protocol and service Displays the protocol information (rendered as proto=[protocol] or just [proto]/[service] ) pt Firewall status report via GMS heartbeat Displays the HTTP/HTTPS management port (rendered as hhh.sss ) radio radio SonicPoint statistics report Displays the SonicPoint radio on which event occurred rcptto recipient Indicates the recipient rcvd in Bytes received result outcome HTTP Result code rpkt cn1label Packet received Indicates the number of bytes received within connection Displays the HTTP result code (200, 403, etc.) of web site hit Display the number of packet received rule cs1 Rule ID Displays the Access Rule number causing packet drop. The policy index includes Address Object names sent out Bytes sent Displays the number of bytes sent within connection sess cs5label Pre-defined string indicating session type Applies to syslogs with an associated user session being tracked by the UTM 74

77 sid sid IPS or Anti- Spyware message Provides either IPS or Anti- Spyware signature ID sn Firewall serial number Indicates the device serial number spkt cn2label Packet sent Display the number of packets sent spt Port Displays source port spycat spycat Anti-Spyware message spypri spypri Anti-Spyware message Displays the Anti-Spyware category Displays the Anti-Spyware priority snpt NAT source port Display NAT ed source port src src Source Indicates the source IP address, and optionally, port, network interface, and resolved name. station station SonicPoint statistics report Displays the client (station) on which event occurred SWSPstats SonicPoint statistics report Display SonicPoint statistics time Time Reports the time of event type cn1 ICMP type and code Indicates the ICMP type 75

78 ucastrx ucastrx Interface statistics report ucasttx ucasttx Interface statistics report Displays the unicast packets received Displays the unicast packets transmitted unsynched Firewall status report via GMS heartbeat Reports the time since last local change in seconds usestandbys a Firewall status report via GMS heartbeat Displays whether standby SA is in use ( 1 or 0 ) for GMS management usr (or user) susr User Displays the user name ( user is the tag used by WebTrends) vpnpolicy cs2 (source) or cs3 (destination) Source VPN policy name Displays the source VPN policy name of event vpnpolicydst cs2 (source) or cs3 (destination) Destination VPN policy name Displays the destination VPN policy name of event dstzone cs3label (source) cs4label (destination) Destination zone name Displays destination zone srczone cs3label (source) cs4label (destination) Source zone name Displays source zone 76

79 Examples of Standard Syslogs The following examples show the content of the Syslog packet. This type of message can be viewed on the Syslog server or any packet analyzer application. Note that this is the Default Syslog Format. id=firewall123 sn=0017c time=" :56:53" fw= pri=6 c=1024 m=97 n=1 src= :5432:x0 dst= :2345:x1 proto=tcp/2345 op=1 sent=9876 rcvd=6789 result=403 dstname=http: arg=// code=20 Category="Online Banking" id=firewall123 sn=0017c time=" :57:04" fw= pri=6 c= m=98 msg="connection Opened" n=1437 usr="admin" src= :61505:x0 dst= :443:x0 proto=tcp/https sent=52 id=firewall123 sn=0017c time=" :57:06" fw= pri=6 c=1024 m=537 msg="connection Closed" n=3683 usr="admin" src= :61505:x0 dst= :443:x0 proto=tcp/https sent=1519 rcvd=951 spkt=7 rpkt=8 cdur=2133 id=firewall123 sn=0017c time=" :56:53" fw= pri=1 c=32 m=609 msg="ips Prevention Alert: P2P BitTorrent -- Peer Sync" sid=1994 ipscat=p2p ipspri=3 P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low n=1 src= :5432:x0 dst= :2345:x1 id=firewall123 sn=0017c time=" :38:24" bid=1 fw= pri=1 c=16 m=793 msg="app Rules Alert" af_polid=1 af_policy="test" af_type="smtp Client Request" af_service="smtp (Send )" af_action="no Action" n=0 src= :50613:x0 dst= :25:x1" id=firewall123 sn=0017c mgmtip= time=" :14:30 UTC" fw= m=96 n=25 i=60 lic=0 unsynched=893 pt= usestandbysa=0 dyn=n.n ai=1 fwlan= conns=0 77

80 Examples of ArcSight Syslog The following examples show the content of the Syslog packet. This type of message can be viewed on the Syslog server or any packet analyzer application. MAR :07: C CEF:0 SonicWALL NSA d_75o 97 Syslog Website Accessed 4 cat=1024 gcat=2 src= spt=5432 deviceinboundinterface=x0 cs1label= snpt=1 dst= dpt=2345 deviceoutboundinterface=x1 cs2label= dnpt=2 proto=tcp/2345 out=9876 in=6789 requestmethod=1 outcome=403 request= reason=20 Category-"Online Banking" MAR :07: C CEF:0 SonicWALL NSA d_75o 98 Syslog Connection Logged 4 cat= gcat=2 src= spt=61693 deviceinboundinterface=x0 dst= dpt=443 deviceoutboundinterface=x0 susr="admin" proto=tcp/https out=52 cnt=1570 MAR :07: C CEF:0 SonicWALL NSA d_75o 537 Syslog Close 4 cat=1024 gcat=2 smac=00:00:c5:b3:6b:e5 src= spt=61693 deviceinboundinterface=x0 cs3label=trusted dst= dpt=443 deviceoutboundinterface=x0 cs4label=trusted susr="admin" proto=tcp/https out=1519 in=967 cn2label=7 cn1label=8 cn3label=2333 cnt=3815 MAR :07: C CEF:0 SonicWALL NSA d_75o 609 IDP Prevention Alert 9 cat=32 gcat=3 src= spt=5432 deviceinboundinterface=x0 cs1label= snpt=1 dst= dpt=2345 deviceoutboundinterface=x1 cs2label= dnpt=2 msg="ips Prevention Alert: P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low" cnt=3 MAR :07: C CEF:0 SonicWALL NSA d_75o 793 Application Firewall Alert 9 cat=16 gcat=10 src= spt=5432 deviceinboundinterface=x0 dst= dpt=2345 deviceoutboundinterface=x1 msg="application Firewall Alert: Policy: foobar, Action Type: Block SMTP - Send Error Reply, Mail From: an unknown string of unknown length" cnt=3 78

81 Table of Values This section can be used as a reference for understanding different categories and their descriptions. Legacy Categories The following table describes the Legacy categories shared in the SonicOS,, and releases. Table 1 Legacy Category ID (used in Syslog) Name Description 0 Event is not Legacy Category, not backward compatible. 1 Maintenance Logs general system activity, such as system activations. 2 Errors Logs problems with DNS or . 4 Blocked Web Sites Logs Web sites or news groups blocked by the Content Filter List or by customized filtering. 8 Blocked Java Etc Logs Java, ActiveX, and Cookies blocked by the Dell SonicWALL security appliance. 16 User Activity Logs successful and unsuccessful log in attempts. 32 Attacks Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP Spoofing. 64 Dropped TCP Logs blocked incoming TCP connections. 128 Dropped UDP Logs blocked incoming UDP packets. 256 Dropped ICMP Logs blocked incoming ICMP packets. 512 Network Debug Logs NetBIOS broadcasts, ARP resolution problems, and NAT resolution problems. Also, detailed messages for VPN connections are displayed to assist the network administrator with troubleshooting problems with active VPN tunnels. Network Debug information is intended for experienced network administrators Syslog Only For Traffic Reporting Used for Syslog only to report HTTP connections opened and closed, and bytes transferred. 79

82 ID (used in Syslog) Name Description 2048 Dropped LAN TCP Used for Syslog only to report that the TCP packet is dropped due to LAN management policy Dropped LAN UDP Used for Syslog only to report that the UDP packet is dropped due to LAN management policy Dropped LAN ICMP Used for Syslog only to report that the ICMP packet is dropped due to LAN management policy Modem Debug Logs Modem Debug activity VPN Tunnel Status Logs status information on VPN tunnels Management Logs WLAN IEEE connections Syslog Only For Traffic Reporting Used for Syslog only to report that the Network Traffic is logged when connection is opened Environment Logs system environment activity Expanded WLAN IDS Activity Used for Syslog only to log WLAN IDS activity Expanded VOIP Activity Used for Syslog only to log VoIP H.323/ RAS, H.323/H.225, and H.323/H.245 activity Expanded SonicPoint Activity Used for Syslog only to log SonicPoint activity. Expanded Categories The following table displays expanded category information, also known as the SonicOS Category, for all firmware releases and platforms. Table 2 Expanded Categories Category Description Management Logs management activity Advanced Routing Logs Advanced Routing activity Advanced Switching Logs Advanced Switching activity Anti-Spam Service Logs the Anti-Spam service App Flow Server Logs App Flow Server activity App Rules Logs App Rules activity Application Control Logs Application Control activity Attacks Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP Spoofing. Access Logs Access activity WAN Acceleration Logs the WAN Acceleration activity 80

83 Blocked Java Etc Blocked WebSites BOOTP Botnet Blocking SSO Agent Authentication Crypto Test DDNS Denied LAN IP DHCP Client DHCP Relay DHCP Server DPI-SSL Dropped ICMP Dropped TCP Dropped UDP DSL Dynamic Address Objects E1-T1 Firewall Event Firewall Hardware Firewall Logging Firewall Rule FTP Geolocation GMS High Availability Intrusion Prevention IPComp IPNet IPv6 Tunnel L2TP Client L2TP Server MAC-IP Anti-Spoof Modem Logs Java, ActiveX, and Cookies blocked Logs Websites blocked Logs Bootstrap Protocol (BOOTP) activity Logs the Botnet Blocking activity Logs the SSO Agent Authentication activity Logs Crypto Test activity Logs Dynamic Domain Name (DDNS) activity Logs LAN IP denied activity Logs DHCP Client activity Logs DHCP Relay activity Logs DHCP Server activity Logs the Deep Packet Inspection of Secure Socket Layer (DPI-SSL) activity Logs blocked incoming Internet Control Message Protocol (ICMP) packet activity Logs blocked incoming Transmission Control Protocol (TCP) connection activity Logs blocked incoming User Datagram Protocol (UDP) packet activity Logs DSL activity Logs Dynamic Address Object activity Logs E1-T1 activity Logs Firewall Event alerts and activity Logs Firewall Hardware alerts and activity Logs other Firewall-related activity Logs Firewall Rule alerts and activity Logs File Transfer Protocol (FTP) activity Logs the Geolocation service activity Logs Dell SonicWALL Global Management (GMS) activity Logs High Availability activity Logs Intrusion Prevention activity Logs IP Compression (IPComp) activity Logs IPNet activity Logs IPv6 activity Logs Layer 2 Tunnel Protocol (L2TP) client activity Logs Layer 2 Tunnel Protocol (L2TP) server activity Logs the MAC-IP Spoofing activity Logs the Modem activity 81

84 Modem Debug MSAD Multicast Network Network Debug Network Access Network Monitor Network Traffic PPP PPP Dial-Up PPPoE PPTP Remote Authentication RBL RF Monitoring RIP Security Services SNMP SonicPoint SonicPointN SSLVPN Environment Errors Maintenance User Activity VOIP VPN VPN Tunnel Status VPN Client VPN IKE VPN IPSec WAN Availability Logs the Modem Debug activity Logs Microsoft Active Directory (MSAD) activity Logs Multicast activity Logs Network activity Logs NetBios broadcasts, ARP resolution problems, and NAT resolution problems. Logs successful and unsuccessful Network Access activity Logs Network Monitor activity Logs Network Traffic activity Logs Point-to-Point Protocol (PPP) activity Logs Point-to-Point Protocol (PPP) Dial-Up activity Logs Point-to-Point Protocol over Ethernet (PPPoE) activity Logs Point-to-Point Tunneling Protocol (PPTP) activity Logs Remote Authentication activity Logs Realtime Black List (RBL) activity Logs RF Monitoring activity Logs Routing Information Protocol (RIP) activity Logs Security Services activity Logs the Simple Network Management Protocol (SNMP) activity Logs the SonicPoint activity Logs the SonicPointN activity Logs Secure Socket Layer Virtual Private Network (SSLVPN) activity Logs Environment activity Logs Errors activity Logs Maintenance activity Logs successful and unsuccessful log in attempts Logs Voice over IP (VOIP) activity Logs Virtual Private Network (VPN) activity Logs VPN Tunnel Status activity Logs VPN Client activity Logs VPN IKE activity Logs VPN IP Security activity Logs WAN Availability activity 82

85 Wireless WLAN IDS Logs Wireless activity Logs Wireless LAN Intrusion Detection (IDS) activity Priority Level The following table displays the Priority Number and Name for Syslog Tags. The value here is taken from the Priority Level column of the Index of Log Event Messages on page 2, or the pri tag in Index of Syslog Tag Field Descriptions on page 68. For example, a tag with pri=0 means Emergency Priority. Table 3 Priority Leve Priority Number Priority Name 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Info 7 Debug 83

86 84

87 85