Using the SonicOS Log Event Reference Guide

Using the SonicOS Log Event Reference Guide This reference guide lists and describes SonicOS log event messages. Reference a log event message by using the alphabetical index of log event messages. This document contains the following sections: SonicOS Log Event Messages Overview on page 1 Configuring SonicOS Log > View on page 3 Referencing the SonicOS Log > View Field Display on page 5 Index of Log Event Messages on page 6 Index of Syslog Tag Field Description on page 53 SonicOS Log Event Messages Overview During the operation of a SonicWALL security appliance, SonicOS software sends log event messages to the Log > View page in the SonicWALL management interface. In Figure 1, the Log > View page is displayed. Figure 1 SonicOS Enhanced Log > View page Note: Event logging automatically begins when the SonicWALL security appliance is powered on and configured. SonicOS supports a traffic log containing entries with multiple fields. Log event messages provide operational informational and debugging information to help you diagnose problems with communication lines, internal hardware, or your firmware configuration. For the SonicOS CLI console display, use the show log command to display log events. Refer to the SonicOS CLI Reference Guide located on the SonicWALL Web site: <http://www.sonicwall.com/support/documentation.html> SONICOS LOG EVENT REFERENCE GUIDE 1

Note: Not all log event messages indicate operational issues with your SonicWALL security appliance. SonicOS Log Entries Each log entry contains the date and time of the event and a brief message describing the event. The SonicWALL manages log events in the following manner: TCP, UDP, or ICMP packets When IP packets are by the SonicWALL security appliance, TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address. Log event messages usually include the name of the service in quotation marks. Web, FTP, Gopher, or Newsgroup blocked When a computer attempts to connect to the blocked site or newsgroup, a log event is displayed. Blocked is defined as a Web site, connection, or event that is denied access from the SonicWALL security appliance. The computer s IP address, Ethernet address, the name of the blocked Web site, and the Content Filter List Code is displayed. Code definitions for the 12 Content Filter List categories are shown below. 1. Violence 7. Cult 2. Intimate Apparel/Swimsuit 8. Drugs/Illegal Drugs 3. Nudism 9. Criminal Skills/Illegal Skills 4. Adult/Mature Content/ Pornography 10. Sex Education 5. Weapons 11. Gambling 6. Hate/Racism 12. Alcohol & Tobacco ActiveX, Java, Cookie or Code Archive blocked When ActiveX, Java or Web cookies are blocked, messages with the source and destination IP addresses of the connection attempt is displayed. Ping of Death, IP Spoof, and SYN Flood Attacks The IP address of the machine under attack and the source of the attack is displayed. In most attacks, the source address shown is fake and does not reflect the real source of the attack. SonicOS Log View Settings The Log View Settings section of the Log > View page provides you the filtering controls to filter log event messages based on your configured log filter logic. It also contains the following log management buttons: Refresh Renews the Log View table with current log event messages. Clear Log Empties the entries in the Log View table. E-mail Log E-mails log event messages to your configured SMTP server or list of e-mail addresses. Export Log Exports the log into a plain.txt or.csv file format. 2 SONICOS LOG EVENT REFERENCE GUIDE

SonicOS Log View Display Format The Log > View page displays log event messages in following format for alert notification: Time Displays the hour and minute the event occurred. Priority Displays the level urgency for the event. Category Displays the event type. Message Displays a description of the event. Source Displays the source IP address of incoming IP packet. Displays the destination IP address of incoming IP packet. Note Displays displays additional information specific to a particular event occurrence. Rule Displays the source and destination zones for the access rule. This field provides a link to the access rule defined in the Firewall > Rules page. The display fields for a log event message provides you with data to verify your configurations, trouble-shoot your security appliance, and track IP traffic. Configuring SonicOS Log > View The Log > View page in the Web-based SonicWALL management interface allows you to export log reports, e-mail log reports, and monitor real-time Syslog data. As soon as you power on your SonicWALL security appliance, SonicOS software sends Syslog data to your log. In the SonicWALL management interface, you can navigate through the subcategories of the Log setting for reporting and customizing log reports. In Figure 2, the Log > View page is displayed. Setting the Log Filter Logic By default, the SonicOS filter logic is set to Priority && Category && Source &&. The double ampersand symbols (&&) indicate the boolean expression and. The default SonicOS filter logic displays all log events. Figure 2 SonicOS Log View Settings SONICOS LOG EVENT REFERENCE GUIDE 3

Applying Custom Log Event Message Filters This section provides examples on using the Log View Settings to filter log event messages displayed in the Log View page. Configuration Example: Filtering Log Event Messages by Priority Value To set the log filter logic to display only log event messages with a priority level of Emergency: 1. Select Emergency from the filter-priority Value pull-down menu. 2. Click on the Apply Filters button. Configuration Example: Filtering Log Event Messages by Category Value To set the log filter logic to display only log event messages with a category event type of Attacks: 1. Select Attacks from the filter-category Value pull-down menu. 2. Click on the Apply Filters button. Configuration Example: Filtering Log Event Messages by Source Value To set the log filter logic to display only log event messages associated to a source IP address: 1. Enter the source IP address or select an interface from the filter-source Value pull-down menu. 2. Click on the Apply Filters button. Configuration Example: Filtering Log Event Messages by Value To set the log filter logic to display only log event messages associated to a destination IP address: 1. Enter the destination IP address or select an interface from the filter-source Value pull-down menu. 2. Click on the Apply Filters button. Using Group Filters Note: Use Group filters to change the default SonicOS filter logic (Priority && Category && Source && ) from double ampersand symbols (&&) to double pipe symbols ( ) to indicate the boolean expression or. When using group filters, select two or more Group Filters checkboxes. If you select only one Group Filter checkbox, the filter logic will remain the same. Selecting only the Priority-Group Filter checkbox provides you with the following filter logic: (Priority) && Category && Source && Configuration Example: Using the Priority Group Filter and Category Group Filter To set the log filter logic to display log event messages with a priority level of Emergency or a category event type of Attack: 1. Select the Priority group filter checkbox. 2. Select the Category group filter checkbox. 3. Select Emergency from the filter-priority Value pull-down menu. 4. Select Attacks from the filter-category Value pull-down menu. Figure 3 illustrates the SonicOS filter logic updated as follows: 4 SONICOS LOG EVENT REFERENCE GUIDE

Figure 3 (Priority Category) && Source && SonicOS Log Group Filters A filter logic using the boolean expression is less restrictive than the default filter logic using the boolean expression &&. With the boolean expression, log event messages are displayed if they match either filter values. With the boolean expression &&, log event messages are displayed if they match both filter values. Exporting the Logs to a File This section provides instructions to export your log to a file. To export the log to a file: 1. Click on the Export Log button. You will be prompted to select a export file format type as illustrated in Figure 4. Figure 4 SonicOS Export Log Note: 2. Select a file format: Plain text format used in log and alert e-mail Saves the log file as plain text, which can be used for alert e-mails. Comma-Separated Value (CSV) format Saves the log file for importing into Microsoft Excel or other presentation development application. 3. Click on the Export button. 4. Save the exported log file to a location on your personal computer s hard drive. You can export a log to a file with applied filter settings. Referencing the SonicOS Log > View Field Display SonicOS 2.5 Enhanced and Standard releases and greater provide the SonicOS Log > View field display as illustrated in Figure 5. SONICOS LOG EVENT REFERENCE GUIDE 5

Figure 5 SonicOS Log > View Field Display Referencing the SonicWALL Firmware Log > View Log Field Display SonicWALL Firmware 6.6.0.0 release and greater provide the SonicWALL Firmware Log > View Log field display. Index of Log Event Messages This section contains a list of log event messages for all SonicWALL Firmware and SonicOS Software Releases, ordered alphabetically. Use your web browser s Find function to search for a command. Log Event Message Symbols Key Log Event Message Symbol Description Context %s Ethernet Port Down Represents a character string. [WAN LAN DMZ] Ethernet Port Down The cache is full; %u open connections; some will be Represents a numerical string. The cache is full; [40,000] open connections; some will be TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message. Each log event message described in the following table provides the following log event details: SonicOS Category Displays the SonicOS Software category event type. Legacy Category Displays the SonicWALL Firmware Software category event type. Priority Level Displays the level of urgency of the log event message. Log Message ID Number Displays the ID number of the log event message. SNMP Trap Type Displays the SNMP Trap ID number of the log event message. Log Event Messages "As per Diagnostic Autorestart configuration request, restarting system" #Web site hit SonicOS Category Legacy Category Priority Level Log SNMP Messa TrapT ge ID ype Numb er Firewall Event --- Info 1047 --- Simple Network Traffic Connection Traffic Log Event Type Info 97 --- Standard HTTP Traffic Report 6 SONICOS LOG EVENT REFERENCE GUIDE

%s Auto-dial failed: Current Connection Model is configured as Ethernet Only PPP Dial Up System Error Alert 1028 --- Simple Message %s Ethernet Port Down Firewall Event System Error Error 333 641 Simple Message %s Ethernet Port Up Firewall Event System Error Warning 332 640 Simple Message Dumped to email at None --- Debug 1 --- Unused *** Alert from SonicWALL None --- Debug 3 --- Unused *** SonicWALL Registration Security Maintenance Warning 496 --- Simple Update Needed: Restore s your existing security service subscriptions by clicking here. 802.11b Management Wireless 80211bmgmt Info 518 --- Simple A prior version of Firewall Event System Error Warning 572 648 Simple preferences was loaded because the most recent preferences file was inaccessible A SonicOS Standard to Firewall Event Maintenance Info 611 --- Simple Enhanced Upgrade was performed attempt from host Security Maintenance Info 761 --- Standard out of compliance with s GSC policy attempt from host without Anti-Virus agent installed Security s Maintenance Info 123 --- Standard attempt from host Security Maintenance Info 763 8627 Standard without GSC installed s rule added Firewall Rule User Activity Info 440 --- Simple Rule rule deleted Firewall Rule User Activity Info 442 --- Simple Rule rule modified Firewall Rule User Activity Info 441 --- Simple Rule rules restored to defaults to proxy server denied Active Backup detects Active Primary: Backup going Idle Firewall Rule User Activity Info 443 --- Unused Network High Availability Blocked Sites Notice 60 705 Standard Note Blocked Maintenance Info 154 --- Unused ActiveX access denied Network Blocked Code Notice 18 --- Standard Note Blocked ActiveX or Java archive access denied Network Blocked Code Notice 20 --- Standard Note Blocked AD Connector %s response timed-out; Microsoft Active --- Error 769 --- Standard Message applying caching policy Directory Add an attack message Firewall Event Attack Error 143 525 Simple SONICOS LOG EVENT REFERENCE GUIDE 7

Added host entry to dynamic address object Dynamic Address Objects Maintenance Info 911 --- Standard Adding dynamic entry for Network --- Info 813 --- Standard Note bound MAC address Ethernet Network Adding L2TP IP pool L2TP Server System Error Error 603 661 Simple address object Failed. Adding to multicast policy Multicast --- Debug 697 --- Standard list, interface : %s Message Adding to Multicast policy Multicast --- Debug 699 --- Standard list, VPN SPI : %s Message Administrator logged out User Activity Info 261 --- Standard Note Administrator logged out - User Activity Info 262 --- Standard inactivity timer expired Administrator login allowed User Activity Info 29 --- Standard Administrator login denied due to bad credentials Attack Alert 30 560 Standard Administrator login denied from %s; logins disabled from this interface Administrator name changed Agent returned no user name All DDNS associations have been deleted All preference values have been set to factory default values Allowed LDAP server certificate with wrong host name Anti-Spyware detection alert: %s Anti-Spyware prevention alert: %s Anti-Spyware service expired Anti-Virus agent out-ofdate on host Anti-Virus licenses exceeded Application Filter detection Alert: %s Application filters block alert: %s Application firewall alert: %s Attack Alert 35 506 Standard Message Maintenance Info 328 --- Standard CIA User Activity Warning 1008 --- Standard DDNS Maintenance Info 783 --- Simple Firewall Event System Error Warning 574 650 Simple RADIUS User Activity Warning 752 --- Standard Note Intrusion Intrusion Security s Security s Security s Intrusion Intrusion Network Attack Alert 795 6438 Standard As Message Attack Alert 794 6437 Standard As Message Maintenance Warning 796 8631 Simple Maintenance Info 124 --- Standard Maintenance Info 408 --- Standard Attack Alert 650 --- Standard Message Attack Alert 649 --- Standard Message User Activity Alert 793 7241 Standard Application Firewall Message 8 SONICOS LOG EVENT REFERENCE GUIDE

ARP request packet received Network --- Info 717 --- Standard Note Ethernet Network ARP request packet sent Network --- Info 715 --- Standard Note Ethernet Network ARP response packet received Network --- Info 716 --- Standard Note Ethernet Network ARP response packet sent Network --- Info 718 --- Standard Note Ethernet Network ARP timeout Network Debug Debug 45 --- Standard ARP unused/spare Network --- Debug 816 --- Unused ARS unused/spare Unused --- Debug 843 --- Unused ARS unused/spare Unused --- Debug 844 --- Unused ARS unused/spare Unused --- Debug 845 --- Unused ARS unused/spare Unused --- Debug 846 --- Unused Association Flood from WLAN station WLAN IDS WLAN IDs Alert 548 903 Simple timeout User Activity Info 821 --- Simple during Remotely Triggered Dial-out session AV unused/spare Unused --- Debug 126 --- Unused Back orifice attack Intrusion Attack Alert 73 512 Standard Backup active High System Error Info 825 --- Simple Availability Backup firewall being High System Error Error 152 619 Simple preempted by Primary Availability Backup firewall has High Maintenance Info 145 --- Simple transitioned to Active Availability Backup firewall has High Maintenance Info 147 --- Simple transitioned to Idle Availability Backup firewall rebooting High itself as it transitioned Availability from Active to Idle while Preempt Backup going active in High preempt mode after Availability reboot Backup missed High heartbeats from Primary Availability Backup received error High signal from Primary Availability Backup received High heartbeat from wrong Availability source Backup received reboot High signal from Primary Availability Backup shut down High because license is Availability expired Backup WAN link down, High Primary going Active Availability Backup will be shut down High in %s minutes Availability --- Info 1059 --- Simple System Error Error 170 622 Simple System Error Error 149 616 Simple System Error Error 151 618 Simple Maintenance Info 161 --- Unused System Error Error 672 666 Simple System Error Error 824 --- Simple System Error Error 219 633 Unused System Error Error 823 --- Simple Message SONICOS LOG EVENT REFERENCE GUIDE 9

Bad CRL format VPN PKI User Activity Alert 277 --- Simple Bind to LDAP server failed RADIUS System Error Error 1009 --- Simple Note Blocked Quick Mode for VPN Client System Error Error 505 660 Standard Client using Default Key ID BOOTP Client IP address BOOTP Maintenance Info 619 --- Standard on LAN conflicts with remote device IP, deleting IP address from remote table BOOTP reply relayed to local device BOOTP Maintenance Info 620 --- Standard BOOTP Request received from remote BOOTP Debug Debug 621 --- Standard device BOOTP server response BOOTP Debug Debug 618 --- Standard relayed to remote device Broadcast packet Network Debug Debug 46 --- Standard Note Protocol Cannot connect to the CRL server VPN PKI User Activity Alert 274 --- Simple Cannot Validate Issuer Path VPN PKI User Activity Alert 878 --- Simple Category: None --- Debug 485 --- Unused Certificate on Revoked list(crl) VPN PKI User Activity Alert 279 --- Simple CFL auto-download Security Maintenance Info 268 --- Simple disabled, time problem detected s Chat %s PPP Dial Up User Activity Info 1022 --- Standard Message Chat completed PPP Dial Up User Activity Info 1020 --- Standard Message Chat failed: %s PPP Dial Up User Activity Info 1023 --- Standard Message Chat started PPP Dial Up User Activity Info 1019 --- Standard Message Chat started by '%s' PPP Dial Up User Activity Info 1032 --- Standard Message Chat wrote '%s' PPP Dial Up User Activity Info 1021 --- Standard Message CLI administrator logged User Activity Info 520 --- Simple out CLI administrator login allowed User Activity Info 199 --- Standard Note CLI administrator login denied due to bad User Activity Warning 200 --- Standard Note credentials Code: None --- Debug 54 --- Unused Computed hash does not VPN IKE User Activity Warning 410 --- Standard match hash received from peer; preshared key mismatch 10 SONICOS LOG EVENT REFERENCE GUIDE

Configuration mode administration session ended Configuration mode administration session started Connection closed User Activity Info 995 --- Standard Note User Activity Info 994 --- Standard Note Network Traffic Connection Traffic Info 537 --- Standard Traffic Report Connection opened Network Traffic Connection Info 98 --- Standard Note Protocol Connection timed out VPN PKI User Activity Alert 273 --- Simple Content filter subscription Security System Error Error 197 631 Unused expired. s Cookie removed Network Blocked Code Notice 21 --- Standard CRL has expired VPN PKI User Activity Alert 874 --- Simple CRL loaded from VPN PKI User Activity Info 270 --- Simple CRL missing - Issuer requires CRL checking. VPN PKI User Activity Alert 876 --- Simple CRL validation failure for VPN PKI User Activity Alert 877 --- Simple Root Certificate Crypto DES test failed Crypto Test Maintenance Error 360 --- Simple Crypto DH test failed Crypto Test Maintenance Error 361 --- Simple Crypto hardware 3DES Crypto Test Maintenance Error 367 --- Simple test failed Crypto hardware 3DES Crypto Test Maintenance Error 369 --- Simple with SHA test failed Crypto hardware AES Crypto Test Maintenance Error 610 --- Standard test failed Crypto hardware DES Crypto Test Maintenance Error 366 --- Simple test failed Crypto hardware DES Crypto Test Maintenance Error 368 --- Simple with SHA test failed Crypto Hmac-MD5 fest Crypto Test Maintenance Error 362 --- Simple failed Crypto Hmac-Sha1 test Crypto Test Maintenance Error 363 --- Simple failed Crypto MD5 test failed Crypto Test Maintenance Error 370 --- Simple Crypto RSA test failed Crypto Test Maintenance Error 364 --- Simple Crypto SHA1 based Crypto Test --- Error 1060 --- Simple DRNG KAT test failed Crypto Sha1 test failed Crypto Test Maintenance Error 365 --- Simple DDNS association %s disabled DDNS Maintenance Info 781 --- Simple Message DDNS association %s enabled DDNS Maintenance Info 780 --- Simple Message DDNS association %s added DDNS Maintenance Info 779 --- Simple Message DDNS association %s deactivated DDNS Maintenance Info 784 --- Simple Message DDNS association %s deleted DDNS Maintenance Info 785 --- Simple Message SONICOS LOG EVENT REFERENCE GUIDE 11

DDNS Association %s put on line DDNS Maintenance Info 782 --- Simple Message DDNS association %s taken Offline locally DDNS Maintenance Info 778 --- Simple Message DDNS failure: provider %s DDNS System Error Error 774 --- Simple Message DDNS failure: Provider %s DDNS System Error Error 775 --- Simple Message DDNS failure: Provider %s DDNS System Error Error 773 --- Simple Message DDNS update success for domain %s DDNS Maintenance Info 776 --- Standard Message DDNS warning: Provider %s DDNS System Error Warning 777 --- Simple Message Deleting from Multicast policy list, interface: %s Multicast --- Debug 698 --- Standard Message Deleting from multicast policy list, VPN SPI: %s Multicast --- Debug 700 --- Standard Message Deleting IPsec SA VPN IKE User Activity Info 92 --- Standard Note SPI Deleting IPsec SA for VPN IKE User Activity Info 91 --- Unused destination IP address connection status: %s Firewall Event --- Info 735 --- Standard Message : None --- Debug 57 --- Unused DHCP client enabled but DHCP Client Maintenance Info 504 --- Simple not ready DHCP Client did not get DHCP Client Maintenance Info 109 --- Standard DHCP ACK. DHCP Client failed to DHCP Client Maintenance Info 119 --- Standard verify and lease has expired. Go to INIT state. DHCP Client failed to DHCP Client Maintenance Info 120 --- Unused verify and lease is still valid. Go to BOUND state. DHCP Client got a new IP DHCP Client Maintenance Info 121 --- Standard address lease. DHCP Client got ACK from server. DHCP Client Maintenance Info 111 --- Standard DHCP Client got NACK. DHCP Client Maintenance Info 110 --- Standard DHCP Client is declining address offered by the server. DHCP Client Maintenance Info 112 --- Standard DHCP Client sending REQUEST and going to REBIND state. DHCP Client sending REQUEST and going to RENEW state. DHCP DECLINE received from remote device DHCP Client Maintenance Info 113 --- Standard DHCP Client Maintenance Info 114 --- Standard DHCP Relay Debug Info 475 --- Unused 12 SONICOS LOG EVENT REFERENCE GUIDE

DHCP DISCOVER DHCP Relay Debug Info 479 --- Unused received from local device DHCP DISCOVER received from remote DHCP Relay Debug Info 474 --- Standard device DHCP lease. Lease from Central DHCP Relay Maintenance Warning 228 --- Standard Gateway conflicts with Relay IP DHCP lease. Lease from Central DHCP Relay Maintenance Warning 484 --- Standard Gateway conflicts with Remote Management IP DHCP lease file in the Firewall Event System Error Warning 833 --- Simple flash is corrupted; read failed DHCP lease relayed to local device DHCP Relay Maintenance Info 223 --- Standard DHCP lease relayed to remote device DHCP Relay Debug Info 225 --- Standard DHCP lease to LAN device conflicts with DHCP Relay Maintenance Info 226 --- Standard remote device, deleting remote IP entry DHCP leases written to Firewall Event Maintenance Info 835 --- Simple flash DHCP NACK received from server DHCP Relay Debug Info 477 --- Standard DHCP OFFER received from server DHCP Relay Debug Info 476 --- Standard DHCP Ranges altered automatically due to Firewall Event --- Info 832 --- Simple Message change in network settings for interface %s DHCP RELEASE received from remote DHCP Relay Debug Info 224 --- Standard device DHCP RELEASE relayed DHCP Relay Maintenance Info 222 --- Standard to Central Gateway DHCP REQUEST DHCP Relay Debug Info 480 --- Unused received from local device DHCP REQUEST received from remote DHCP Relay Debug Info 473 --- Standard device DHCP Server not DHCP Client Maintenance Info 106 --- Standard available. Did not get any DHCP OFFER. DHCP Server: IP conflict Firewall Event --- Alert 1040 --- Standard detected DHCP Server: Received DHCP decline from client Firewall Event --- Alert 1041 --- Standard Diagnostic Auto-restart canceled Firewall Event --- Info 1046 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 13

Diagnostic Auto-restart scheduled for %s minutes from now Diagnostic Code A Firewall Event --- Info 1045 --- Simple Message Firewall Hardware System Error Error 93 611 Simple Note Diagnostic Code B Firewall Hardware System Error Error 94 612 Simple Note Diagnostic Code C Firewall Hardware System Error Error 95 613 Simple Note Diagnostic Code D Firewall Hardware System Error Error 64 61--- Standard Note Code Diagnostic Code E VPN IPsec System Error Error 61 609 Standard Note Code Diagnostic Code F Firewall Hardware System Error Error 164 621 Simple Note Diagnostic Code G Firewall Hardware System Error Error 599 655 Simple Note Diagnostic Code H Firewall Hardware System Error Error 600 656 Simple Note Diagnostic Code I Firewall Hardware System Error Error 601 657 Simple Note Diagnostic Code J Firewall Hardware System Error Error 1025 5423 Simple Note Dial-up: Session initiated PPP Dial Up --- Info 1039 --- Standard by data packet Dial-up: Traffic generated PPP Dial Up --- Info 1038 --- Standard by '%s' Message Disconnecting L2TP Tunnel due to traffic timeout L2TP Client Maintenance Info 215 --- Simple Disconnecting PPPoE due to traffic timeout Disconnecting PPTP Tunnel due to traffic timeout PPPoE Maintenance Info 168 --- Simple PPTP Maintenance Info 389 --- Simple Discovered HA %s Firewall High Availability --- Info 1044 --- Simple Message Discovered HA Backup High Maintenance Info 156 --- Simple Firewall Availability DNS packet allowed Network Debug Info 602 --- Standard Policy Drop WLAN traffic from Intrusion Attack Error 662 6434 Standard non-sonicpoint devices Duplicate packet Network Debug Debug 51 --- Unused Dynamic IPsec client connected VPN IPsec User Activity Info 62 --- Standard EIGRP packet Network Debug Notice 714 --- Standard Note E-Mail fragment Intrusion Attack Error 437 550 Standard Entering FIPS ERROR Crypto Test Maintenance Error 359 --- Unused state Entering FIPS Error State. Crypto Test System Error Error 497 659 Unused 14 SONICOS LOG EVENT REFERENCE GUIDE

Error initializing Hardware Firewall Maintenance Error 374 --- Simple acceleration for VPN Hardware Error Rebooting HA Peer High System Error Error 669 663 Simple Firewall Availability Error setting the IP High System Error Error 191 629 Simple address of the backup, please manually set to backup LAN IP Availability Error synchronizing HA peer firewall (%s) High Availability System Error Error 158 662 Simple Message Error updating HA peer High System Error Error 192 630 Unused configuration Availability ERROR: DHCP over DHCP Relay Maintenance Info 478 --- Unused VPN policy is not defined. Cannot start IKE. Exceeded Max multicast Multicast --- Warning 703 --- Standard address limit Failed payload validation VPN IKE User Activity Warning 405 --- Standard Note Failed payload verification after VPN IKE User Activity Warning 404 --- Standard Note decryption; possible preshared key mismatch Failed to find certificate VPN PKI User Activity Alert 875 --- Simple Failed to get CRL from VPN PKI User Activity Alert 271 --- Simple Failed to Process CRL from VPN PKI User Activity Alert 276 --- Simple Failed to resolve name Network Maintenance Info 84 --- Simple Failed to synchronize license information with Security s Maintenance Warning 766 8628 Simple Message Licensing Server. Please see HTTP:// help.mysonicwall.com/ licsyncfail.html (code: %s) Failed to synchronize DHCP Relay System Error Warning 234 632 Standard Relay IP Table Failed to write DHCP Firewall Event System Error Warning 834 --- Simple leases to flash Failure to add data Unused Debug Debug 49 --- Standard channel Failure to reach Interface High System Error Error 675 6234 Simple Message %s probe Availability Fan Failure Firewall System Alert 576 102 Simple Hardware Environment FIN Flood Blacklist on IF %s continues Intrusion Debug Warning 902 --- Simple Message FIN-Flooding machine Intrusion Debug Alert 901 --- Simple Message %s blacklisted Forbidden E-Mail attachment deleted Intrusion Attack Error 248 534 Standard SONICOS LOG EVENT REFERENCE GUIDE 15

Forbidden E-Mail attachment disabled Intrusion Attack Alert 165 527 Standard Found Rogue Point WLAN IDS WLAN IDs Alert 546 901 Simple Found Rogue Point WLAN IDS WLAN IDs Alert 556 10804 Simple Fragmented packet Network TCP UDP ICMP Notice 28 --- Standard Note Protocol Fraudulent Microsoft Intrusion Attack Error 193 532 Standard certificate found; access denied FTP: Data connection Network Attack Alert 538 557 Standard from non default port FTP: PASV response bounce attack. Intrusion Attack Alert 528 556 Standard Note FTP: PASV response Intrusion Attack Error 446 551 Standard spoof attack FTP: PORT bounce attack. Intrusion Attack Alert 527 555 Standard Note Gateway Anti-Virus Alert: Security Attack Alert 809 8632 Standard %s s Message Gateway Anti-Virus Security Maintenance Warning 810 8633 Simple expired s Global VPN Client VPN Client System Error Info 529 643 Standard connection is not allowed. Appliance is not registered. Global VPN Client VPN Client System Error Info 494 658 Standard License Exceeded: Connection denied. Global VPN Client version cannot enforce VPN Client User Activity Info 604 --- Standard personal firewall. Minimum Version required is 2.1 Got DHCP OFFER. Selecting. DHCP Client Maintenance Info 107 --- Standard GSC policy out-of-date Security Maintenance Info 762 --- Standard on host s Guest account '%s' created User Activity Info 558 --- Standard Message Guest account '%s' deleted User Activity Info 559 --- Standard Message Guest account '%s' disabled User Activity Info 560 --- Standard Message Guest account '%s' pruned User Activity Info 562 --- Standard Message Guest account '%s' re- User Activity Info 561 --- Standard enabled Guest account '%s' regenerated Message User Activity Info 563 --- Standard Message 16 SONICOS LOG EVENT REFERENCE GUIDE

Guest login denied. Guest '%s' is already logged in. Please try again later. GUI administration User Activity Info 557 --- Standard Message User Activity Info 998 --- Standard Note session ended H.323/H.225 Connect VOIP VOIP Debug 634 --- Standard Note H.323/H.225 Setup VOIP VOIP Debug 633 --- Standard Note H.323/H.245 Address VOIP VOIP Debug 635 --- Standard Note H.323/H.245 End Session H.323/RAS Admission Confirm H.323/RAS Admission Reject H.323/RAS Admission Request H.323/RAS Bandwidth Reject H.323/RAS Disengage Confirm H.323/RAS Disengage Reject H.323/RAS Gatekeeper Reject H.323/RAS Location Confirm H.323/RAS Location Reject H.323/RAS Registration Reject H.323/RAS Unknown Message Response H.323/RAS Unregistration Reject HA packet processing error HA Peer Firewall Rebooted HA Peer Firewall Synchronized Hardware Failover settings were not upgraded. VOIP VOIP Debug 636 --- Standard Note VOIP VOIP Debug 625 --- Standard Note VOIP VOIP Debug 624 --- Standard Note VOIP VOIP Debug 626 --- Standard Note VOIP VOIP Debug 627 --- Standard Note VOIP VOIP Debug 628 --- Standard Note VOIP VOIP Debug 641 --- Standard Note VOIP VOIP Debug 629 --- Standard Note VOIP VOIP Debug 630 --- Standard Note VOIP VOIP Debug 631 --- Standard Note VOIP VOIP Debug 632 --- Standard Note VOIP VOIP Debug 640 --- Standard Note VOIP VOIP Debug 642 --- Standard Note High Maintenance Info 162 --- Simple Availability High Maintenance Info 668 --- Simple Availability High Maintenance Info 157 --- Simple Availability Firewall Event Maintenance Info 743 --- Simple Header verification failed VPN IKE User Activity Warning 587 --- Standard Heartbeat received from High Maintenance Info 163 --- Unused incompatible source Availability HTTP management port has changed Firewall Event Maintenance Info 340 --- Simple Note HTTP method detected; examining stream for host header Network TCP Debug 882 --- Standard Policy SONICOS LOG EVENT REFERENCE GUIDE 17

HTTPS management port Firewall Event Maintenance Info 341 --- Simple Note has changed ICMP checksum error Network UDP Notice 886 --- Standard ICMP packet allowed Network Debug Info 597 --- Standard Policy ICMP packet Network ICMP Notice 38 --- Standard Policy due to policy ICMP packet no Network ICMP Notice 523 --- Standard ICMP match ICMP packet from LAN allowed Network Debug Info 598 --- Standard ICMP ICMP packet from LAN Network LAN ICMP LAN TCP Notice 175 --- Standard ICMP If not already enabled, enabling NTP is recommended Firewall Hardware System Error Warning 540 645 Simple IGMP packet, wrong checksum received on interface %s IGMP Leave group message Received on interface %s IGMP packet, decoding error IGMP Packet Not handled. Packet type : %s IGMP querier Router detected on interface %s IGMP querier Router detected on VPN tunnel, SPI %S IGMP state table entry time out, deleting interface : %s for multicast address : %s IGMP state table entry time out, deleting VPN SPI :%s for Multicast address : %s IGMP V2 client joined multicast Group : %s IGMP V2 Membership report received from interface %s IGMP V3 client joined multicast Group : %s IGMP V3 Membership report received from interface %s IGMP V3 packet, unsupported Record type : %s Multicast --- Notice 683 --- Standard Message Multicast --- Info 682 --- Standard Message Multicast --- Notice 686 --- Standard Multicast --- Notice 687 --- Standard Message Multicast --- Debug 701 --- Standard Message Multicast --- Debug 702 --- Standard Message Multicast --- Debug 692 --- Standard Message Multicast --- Debug 693 --- Standard Message Multicast --- Info 676 --- Standard Message Multicast --- Debug 679 --- Standard Message Multicast --- Info 677 --- Standard Message Multicast --- Debug 678 --- Standard Message Multicast --- Notice 688 --- Standard Message 18 SONICOS LOG EVENT REFERENCE GUIDE

IGMP V3 record type : %s not Handled Multicast --- Debug 689 --- Standard Message IKE Initiator drop: VPN VPN IKE User Activity Info 544 --- Standard tunnel end point does not match configured VPN Policy Bound to scope IKE Initiator: Accepting IPsec proposal (Phase 2) VPN IKE User Activity Info 372 --- Standard Note IKE Initiator: Accepting peer lifetime. (Phase 1) VPN IKE User Activity Info 445 --- Standard IKE Initiator: Aggressive Mode complete (Phase VPN IKE User Activity Info 354 --- Standard Note 1). IKE Initiator: IKE proposal VPN IKE User Activity Warning 937 --- Standard Note does not match (Phase 1) IKE Initiator: Main Mode complete (Phase 1) VPN IKE User Activity Info 353 --- Standard Note IKE Initiator: Proposed IKE ID mismatch VPN IKE User Activity Warning 933 --- Standard Note IKE Initiator: Remote party timeout - VPN IKE User Activity Info 930 --- Standard Note Retransmitting IKE request. IKE Initiator: Start Aggressive Mode VPN IKE User Activity Info 358 --- Standard Note negotiation (Phase 1) IKE Initiator: Start Main Mode negotiation (Phase VPN IKE User Activity Info 351 --- Standard Note 1) IKE Initiator: Start Quick Mode (Phase 2). VPN IKE User Activity Info 346 0 Standard Note IKE Initiator: Using secondary gateway to VPN IKE User Activity Info 543 --- Standard negotiate IKE negotiation aborted VPN IKE User Activity Info 403 --- Standard Note due to timeout IKE negotiation complete. VPN IKE User Activity Info 89 --- Standard Note Adding IPsec SA. (Phase 2) IKE Responder drop: VPN IKE User Activity Info 545 --- Standard VPN tunnel end point does not match configured VPN Policy Bound to scope IKE Responder: %s VPN Client System Error Error 660 --- Standard policy does not allow Message static IP for Virtual Adapter. IKE Responder: Accepting IPsec proposal (Phase 2) IKE Responder: Aggressive Mode complete (Phase 1) VPN IKE User Activity Info 87 --- Standard Note VPN IKE User Activity Info 373 --- Standard Note SONICOS LOG EVENT REFERENCE GUIDE 19

IKE Responder: AH authentication algorithm does not match IKE Responder: AH authentication key length does not match IKE Responder: AH authentication key rounds does not match IKE Responder: AH Perfect Forward Secrecy mismatch IKE Responder: Algorithms and/or keys do not match IKE Responder: Client Policy has no VPN Networks assigned. Check Configuration. IKE Responder: Default LAN gateway is not set but peer is proposing to use this SA as a default route IKE Responder: Default LAN gateway is set but peer is not proposing to use this SA as a default route IKE Responder: ESP authentication algorithm does not match IKE Responder: ESP authentication key length does not match IKE Responder: ESP authentication key rounds does not match IKE Responder: ESP encryption algorithm does not match IKE Responder: ESP encryption key length does not match IKE Responder: ESP encryption key rounds does not match IKE Responder: ESP Perfect Forward Secrecy mismatch IKE Responder: IKE Phase 1 exchange does not match VPN IKE User Activity Warning 920 --- Standard Note VPN IKE User Activity Warning 923 --- Standard Note VPN IKE User Activity Warning 926 --- Standard Note VPN IKE User Activity Warning 258 544 Standard Note VPN IKE User Activity Warning 260 546 Standard Note VPN IKE System Error Error 965 --- Standard Note VPN IKE Attack Error 516 553 Standard Note VPN IKE User Activity Warning 253 539 Standard Note VPN IKE User Activity Warning 922 --- Standard Note VPN IKE User Activity Warning 925 --- Standard Note VPN IKE User Activity Warning 928 --- Standard Note VPN IKE User Activity Warning 921 --- Standard Note VPN IKE User Activity Warning 924 --- Standard Note VPN IKE User Activity Warning 927 --- Standard Note VPN IKE User Activity Warning 259 545 Standard Note VPN IKE User Activity Error 1036 --- Standard Note 20 SONICOS LOG EVENT REFERENCE GUIDE

IKE Responder: IKE proposal does not match (Phase 1) IKE Responder: IP Address already exists in the DHCP relay table. VPN IKE User Activity Warning 402 --- Standard Note VPN Client System Error Error 659 --- Standard Note Client traffic not allowed. IKE Responder: IP VPN IKE User Activity Warning 929 --- Standard Note Compression algorithm does not match IKE Responder: IPsec VPN IKE User Activity Warning 88 523 Standard Note proposal does not match (Phase 2) IKE Responder: IPsec VPN IKE User Activity Warning 932 --- Standard Note protocol mismatch IKE Responder: Main VPN IKE User Activity Info 357 --- Standard Note Mode complete (Phase 1) IKE Responder: Mode VPN IKE Debug Warning 342 --- Standard %d - not transport mode. Message Number Xauth is required but not supported by peer. IKE Responder: Mode VPN IKE User Activity Warning 249 535 Standard %d - not tunnel mode IKE Responder: No match for proposed remote network address IKE Responder: No matching Phase 1 ID found for proposed remote network IKE Responder: Peer's destination network does not match VPN policy's <b>local Network</b> IKE Responder: Peer's local network does not match VPN policy's <b> Network</b> IKE Responder: Phase 1 Method does not match IKE Responder: Phase 1 DH Group does not match IKE Responder: Phase 1 encryption algorithm does not match IKE Responder: Phase 1 encryption algorithm key length does not match IKE Responder: Phase 1 hash algorithm does not match Message Number VPN IKE User Activity Warning 252 538 Standard Note VPN IKE User Activity Warning 250 536 Standard Note VPN IKE User Activity Warning 935 --- Standard Note VPN IKE User Activity Warning 934 --- Standard Note VPN IKE User Activity Warning 913 --- Standard Note VPN IKE User Activity Warning 919 --- Standard Note VPN IKE User Activity Warning 914 --- Standard Note VPN IKE User Activity Warning 915 --- Standard Note VPN IKE User Activity Warning 916 --- Standard Note SONICOS LOG EVENT REFERENCE GUIDE 21

IKE Responder: Phase 1 XAUTH required but policy has no user name IKE Responder: Phase 1 XAUTH required but policy has no user password IKE Responder: Proposed IKE ID mismatch IKE Responder: Proposed local network is 0.0.0.0 but SA has no LAN Default Gateway IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route IKE Responder: Received Aggressive Mode request (Phase 1) IKE Responder: Received Main Mode request (Phase 1) IKE Responder: Received Quick Mode Request (Phase 2) IKE Responder: Remote party timeout - Retransmitting IKE request. IKE Responder: Route table overrides VPN policy IKE Responder: Tunnel terminates inside firewall but proposed local network is not inside firewall IKE Responder: Tunnel terminates on DMZ but proposed local network is on LAN IKE Responder: Tunnel terminates on LAN but proposed local network is on DMZ IKE Responder: Tunnel terminates outside firewall but proposed local network is not NAT public address VPN IKE User Activity Warning 917 --- Standard Note VPN IKE User Activity Warning 918 --- Standard Note VPN IKE System Error Warning 658 --- Standard Note VPN IKE User Activity Warning 418 549 Standard Note VPN IKE User Activity Warning 251 537 Standard Note VPN IKE User Activity Info 356 --- Standard Note VPN IKE User Activity Info 355 --- Standard Note VPN IKE User Activity Info 352 --- Standard Note VPN IKE User Activity Info 931 --- Standard Note VPN IKE User Activity Warning 936 --- Standard Note VPN IKE User Activity Warning 255 541 Standard Note VPN IKE User Activity Warning 256 542 Standard Note VPN IKE User Activity Warning 257 543 Standard Note VPN IKE User Activity Warning 254 540 Standard Note 22 SONICOS LOG EVENT REFERENCE GUIDE

IKE Responder: Tunnel terminates outside firewall but proposed remote network is not NAT public address VPN IKE User Activity Warning 345 548 Standard Note IKE SA lifetime expired. VPN IKE User Activity Info 350 --- Standard Note IKEv2 Accept IKE SA Proposal VPN IKE User Activity Info 943 --- Standard Note IKEv2 Accept IPsec SA Proposal VPN IKE User Activity Info 944 --- Standard Note IKEv2 successful VPN IKE User Activity Info 942 --- Standard Note IKEv2 Decrypt packet failed VPN IKE User Activity Warning 960 --- Standard Note IKEv2 Function sendto() failed to transmit packet. VPN IKE User Activity Error 979 --- Standard Note IKEv2 IKE attribute not found VPN IKE User Activity Warning 970 --- Standard Note IKEv2 IKE proposal does VPN IKE User Activity Warning 981 --- Standard Note not match IKEv2 Initiator: Negotiations failed. Extra payloads present. VPN IKE User Activity Warning 954 --- Standard Note IKEv2 Initiator: Negotiations failed. Invalid input state. IKEv2 Initiator: Negotiations failed. Invalid output state. IKEv2 Initiator: Negotiations failed. Missing required payloads. VPN IKE User Activity Warning 956 --- Standard Note VPN IKE User Activity Warning 957 --- Standard Note VPN IKE User Activity Warning 955 --- Standard Note IKEv2 Initiator: Proposed VPN IKE User Activity Warning 980 --- Standard Note IKE ID mismatch IKEv2 Initiator: Received VPN IKE User Activity Info 975 --- Standard Note CREATE CHILD SA response IKEv2 Initiator: Received IKE AUTH response IKEv2 Initiator: Received IKE SA INT response IKEv2 Initiator: Remote party timeout - Retransmitting IKEv2 request. IKEv2 Initiator: Send CREATE CHILD SA request IKEv2 Initiator: Send IKE AUTH request IKEv2 Initiator: Send IKE SA INIT request VPN IKE User Activity Info 974 --- Standard Note VPN IKE User Activity Info 973 --- Standard Note VPN IKE User Activity Info 972 --- Standard Note VPN IKE User Activity Info 945 --- Standard Note VPN IKE User Activity Info 940 --- Standard Note VPN IKE User Activity Info 938 --- Standard Note SONICOS LOG EVENT REFERENCE GUIDE 23

IKEv2 Invalid SPI size VPN IKE User Activity Warning 966 --- Standard Note IKEv2 Invalid state VPN IKE User Activity Warning 964 --- Standard Note IKEv2 IPsec attribute not VPN IKE User Activity Warning 969 --- Standard Note found IKEv2 IPsec proposal does not match VPN IKE User Activity Warning 968 --- Standard Note IKEv2 NAT device detected between VPN IKE User Activity Info 985 --- Standard Note negotiating peers IKEv2 negotiation complete VPN IKE User Activity Info 978 --- Standard Note IKEv2 No NAT device detected between VPN IKE User Activity Info 984 --- Standard Note negotiating peers IKEv2 Out of memory VPN IKE User Activity Warning 961 --- Standard Note IKEv2 Payload processing error VPN IKE User Activity Warning 953 --- Standard Note IKEv2 Payload validation VPN IKE User Activity Warning 958 --- Standard Note failed. IKEv2 Peer is not responding. Negotiation VPN IKE User Activity Warning 971 --- Standard Note aborted. IKEv2 Process Message queue failed VPN IKE User Activity Warning 963 --- Standard Note IKEv2 Received delete IKE SA request VPN IKE User Activity Info 948 --- Standard Note IKEv2 Received delete IKE SA response VPN IKE User Activity Info 1015 --- Standard Note IKEv2 Received delete IPsec SA request VPN IKE User Activity Info 950 --- Standard Note IKEv2 Received delete IPsec SA response VPN IKE User Activity Info 1016 --- Standard Note IKEv2 Received notify error payload VPN IKE User Activity Warning 983 --- Standard Note IKEv2 Received notify VPN IKE User Activity Info 982 --- Standard Note status payload IKEv2 Responder: Peer's destination network does not match VPN policy's <b>local Network</b> IKEv2 Responder: Peer's local network does not match VPN policy's <b> Network</b> IKEv2 Responder: Policy for remote IKE ID not found IKEv2 Responder: Received CREATE CHILD SA request VPN IKE User Activity Info 951 --- Standard Note VPN IKE User Activity Info 952 --- Standard Note VPN IKE User Activity Error 962 --- Standard Note VPN IKE User Activity Info 946 --- Standard Note 24 SONICOS LOG EVENT REFERENCE GUIDE

IKEv2 Responder: Received IKE AUTH VPN IKE User Activity Info 941 --- Standard Note request IKEv2 Responder: Received IKE SA INIT VPN IKE User Activity Info 939 --- Standard Note request IKEv2 Responder: Send CREATE CHILD SA VPN IKE User Activity Info 1012 --- Standard Note response IKEv2 Responder: Send IKE AUTH response VPN IKE User Activity Info 977 --- Standard Note IKEv2 Responder: Send IKE SA INIT response VPN IKE User Activity Info 976 --- Standard Note IKEv2 Send delete IKE SA request VPN IKE User Activity Info 947 --- Standard Note IKEv2 Send delete IKE SA response VPN IKE User Activity Info 1013 --- Standard Note IKEv2 Send delete IPsec VPN IKE User Activity Info 949 --- Standard Note SA request IKEv2 Send delete IPsec VPN IKE User Activity Info 1014 --- Standard Note SA response IKEv2 Unable to find IKE VPN IKE User Activity Warning 959 --- Standard Note SA IKEv2 VPN Policy not found VPN IKE User Activity Warning 967 --- Standard Note Illegal IPsec SPI VPN IPsec User Activity Info 65 --- Standard Imported HA hardware ID High Maintenance Info 155 --- Unused did not match this firewall Availability Imported VPN SA is invalid - disabled Firewall Event Maintenance Warning 348 --- Standard Note Inbound connection from RBL --- Notice 798 --- Standard RBL-listed SMTP server Incoming call received for User Activity Info 817 --- Simple Remotely Triggered Dialout session Incompatible IPsec Security Association VPN IPsec User Activity Info 69 --- Standard Incorrect authentication User Activity Info 819 --- Simple received for Remotely Triggered Dial-out Ini Killer attack Intrusion Attack Alert 80 519 Standard Interface %s Link Is Down Firewall Event System Error Error 566 647 Simple Message Interface %s Link Is Up Firewall Event System Error Warning 565 646 Simple Message Interface IP Assignment : Firewall Event Maintenance Info 568 --- Simple Message Binding and initializing %s Interface IP Assignment changed: Shutting down %s Firewall Event Maintenance Info 567 --- Simple Message SONICOS LOG EVENT REFERENCE GUIDE 25

Interface statistics report GMS --- Info 805 --- Simple Interface Stats Internet restricted Wireless TCP UDP Warning 532 --- Unused to authorized users. Dropped packet received in the clear. ICMP Invalid Product Code Upgrade request received: %s Invalid VLAN packet IP address conflict detected from Ethernet address %s Firewall Event --- Error 704 --- Standard Message Network --- Alert 836 --- Standard Note Network Maintenance Warning 847 --- Standard Message IP Header checksum Network TCP UDP Notice 883 --- Standard error IP spoof detected on packet to Central DHCP Relay Attack Error 229 533 Standard Note Ethernet Network Gateway, packet IP spoof Intrusion Attack Alert 23 502 Standard Note Ethernet Network IP type %s packet Network LAN UDP LAN TCP Notice 590 --- Standard Message IP Comp connection IP Comp Debug Debug 651 --- Standard interrupt IP Comp packet IP Comp TCP UDP ICMP Notice 652 --- Standard Note IP Comp packet ; IP Comp Debug Debug 653 --- Standard waiting for pending IP Comp connection IPS Alert: %s IPS Alert: %s IPS Prevention Alert: %s IPS Prevention Alert: %s IPsec (AH) packet IPsec (AH) packet ; waiting for pending IPsec connection Intrusion Attack Alert 608 569 Standard IDP Message Intrusion Attack Alert 789 6435 Standard Message Intrusion Attack Alert 609 570 Standard IDP Message Intrusion Attack Alert 790 6436 Standard Message VPN IPsec TCP UDP Notice 534 --- Standard Note ICMP VPN IPsec Debug Debug 536 --- Standard IPsec (ESP) packet VPN IPsec TCP UDP ICMP Notice 533 --- Standard Note IPsec (ESP) packet ; waiting for pending IPsec connection VPN IPsec Debug Debug 535 --- Standard IPsec Failed VPN IPsec Attack Error 67 508 Standard IPsec connection Network Debug Debug 43 --- Standard interrupt IPsec Decryption Failed VPN IPsec Attack Error 68 509 Standard 26 SONICOS LOG EVENT REFERENCE GUIDE

IPsec packet Network IPsec packet ; Network waiting for pending IPsec connection IPsec packet from an TCP UDP Notice 40 --- Standard ICMP Debug Debug 42 --- Standard VPN IPsec Maintenance Info 247 --- Standard VPN IPsec Attack Error 70 510 Standard illegal host IPsec packet from or to an illegal host IPsec Replay Detected VPN IPsec Attack Alert 180 531 Standard Note IPsec SA lifetime expired. VPN IPsec User Activity Info 349 --- Unused IPsec Tunnel status VPN VPN Tunnel Info 427 801 Simple changed Status ISDN Driver Firmware Firewall Event Maintenance Info 493 --- Simple successfully updated Issuer match failed VPN PKI User Activity Alert 278 --- Simple Java access denied Network Blocked Code Notice 19 --- Standard Note Blocked L2TP Connect Initiated L2TP Client Maintenance Info 216 --- Unused by the User L2TP Disconnect Initiated L2TP Client Maintenance Info 214 --- Unused by the User L2TP enabled but not Unused Maintenance Info 500 --- Simple ready L2TP LCP Down L2TP Client Maintenance Info 209 --- Unused L2TP LCP Up L2TP Client Maintenance Info 213 --- Unused L2TP Max L2TP Client Maintenance Info 203 --- Simple Retransmission Exceeded L2TP PPP L2TP Client Maintenance Info 212 --- Simple Failed L2TP PPP Down L2TP Client Maintenance Info 211 --- Simple L2TP PPP link down L2TP Client Maintenance Info 217 --- Simple L2TP PPP Negotiation L2TP Client Maintenance Info 208 --- Simple Started L2TP PPP Session Up L2TP Client Maintenance Info 210 --- Simple L2TP Server: L2TP Server Maintenance Info 343 --- Unused from L2TP VPN Client Privilege not enabled for RADIUS Users. L2TP Server : Deleting the L2TP active Session L2TP Server Maintenance Info 337 --- Standard L2TP Server: Deleting the Tunnel L2TP Server Maintenance Info 336 --- Standard L2TP Server: L2TP PPP L2TP Server Maintenance Info 310 --- Unused Session Established. L2TP Server: L2TP Session Established. L2TP Server Maintenance Info 309 --- Standard L2TP Server: L2TP Tunnel Established. L2TP Server Maintenance Info 308 --- Standard L2TP Server : Retransmission Timeout, Deleting the Tunnel L2TP Server Maintenance Info 338 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 27

L2TP Server: User Name L2TP Server Maintenance Info 344 --- Standard authentication Failure locally. L2TP Server: Keep alive L2TP Server Maintenance Info 320 --- Unused Failure. Closing Tunnel L2TP Server: L2TP L2TP Server Maintenance Info 317 --- Unused Remote terminated the PPP session L2TP Server: L2TP L2TP Server Maintenance Info 316 --- Unused Session Disconnect from the Remote. L2TP Server: L2TP L2TP Server Maintenance Info 315 --- Unused Tunnel Disconnect from the Remote. L2TP Server: Local Failure L2TP Server Maintenance Info 312 --- Standard L2TP Server: Local Success. L2TP Server Maintenance Info 318 --- Standard L2TP Server: No IP L2TP Server Maintenance Info 314 --- Unused address available in the Local IP Pool L2TP Server: RADIUS/ LDAP Success L2TP Server Maintenance Info 319 --- Standard L2TP Server: RADIUS/ LDAP reports Failure L2TP Server: RADIUS/ LDAP server not assigned IP address L2TP Server Maintenance Info 311 --- Standard L2TP Server Maintenance Info 313 --- Standard L2TP Server: Call Disconnect from Remote. L2TP Server Maintenance Info 334 --- Standard L2TP Server: Tunnel Disconnect from Remote. L2TP Server Maintenance Info 335 --- Standard L2TP Session Disconnect L2TP Client Maintenance Info 207 --- Simple from Remote L2TP Session L2TP Client Maintenance Info 206 --- Simple Established L2TP Session L2TP Client Maintenance Info 202 --- Simple Negotiation Started L2TP Tunnel Disconnect L2TP Client Maintenance Info 205 --- Simple from Remote L2TP Tunnel Established L2TP Client Maintenance Info 204 --- Simple L2TP Tunnel Negotiation L2TP Client Maintenance Info 201 --- Simple Started LAN Subnet configurations were not upgraded. Firewall Event Maintenance Info 741 --- Simple Land attack LDAP server does not allow CHAP Intrusion Attack Alert 27 505 Standard RADIUS User Activity Warning 758 --- Standard 28 SONICOS LOG EVENT REFERENCE GUIDE

LDAP using nonadministrative account - VPN client user will not be able to change passwords License exceeded: Connection because too many IP addresses are in use on your LAN License of HA pair doesn't match: %s RADIUS System Error Warning 1011 --- Simple Note Firewall Event System Error Error 58 608 Standard High Availability System Error Error 670 664 Simple Message local range: None --- Debug 85 --- Unused Local user login allowed User Activity Info 31 --- Standard Local user login denied - user already logged in User Activity Info 759 --- Standard Local user login denied due to bad credentials User Activity Info 32 --- Standard Locked-out user logins allowed - lockout period expired User Activity Info 438 --- Standard Note Locked-out user logins allowed by administrator User Activity Info 439 --- Standard Note Log (part None --- Debug 0 --- Unused Log Cleared Firewall Maintenance Info 5 --- Simple Logging Log Debug Firewall Event Debug Error 142 --- Simple Log file from SonicWALL None --- Debug 2 --- Unused Log full; deactivating Firewall System Error Error 7 601 Unused SonicWALL Logging Log successfully sent via Firewall Maintenance Info 6 --- Simple email Logging Login screen timed out User Activity Info 34 --- Standard MAC address collides with Static ARP Entry with Bound MAC address; packet Network --- Notice 814 --- Standard Note Ethernet Network Machine %s removed from FIN flood blacklist Machine %s removed from RST flood blacklist Machine %s removed from SYN flood blacklist Malformed or unhandled IP packet Maximum events per second threshold exceeded Intrusion Intrusion Intrusion Network Firewall Logging Debug Alert 903 --- Simple Message Debug Alert 900 --- Simple Message Debug Alert 865 --- Simple Message Debug Alert 522 554 Standard System Error Critical 654 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 29

Maximum number of Bandwidth Managed rules exceeded upon upgrade to this version. Some Bandwidth settings ignored. Maximum sequential failed dial attempts (10) to a single dial-up number: Firewall Event Maintenance Notice 541 --- Unused PPP Dial Up Attack Error 591 566 Standard Message %s Maximum syslog data per Firewall System Error Critical 655 --- Simple second threshold Logging exceeded MTU: None --- Debug 189 --- Unused Multicast application %s Multicast --- Info 696 --- Standard not supported Message Multicast packet, Multicast --- Alert 685 --- Standard Invalid src IP received on Message interface : %s Multicast packet, wrong MAC address received on interface : %s Multicast TCP packet Multicast UDP packet, no state entry Multicast UDP packet, RTCP stateful failed Multicast UDP packet, RTP stateful failed NAT could not remap incoming packet NAT device may not support IPsec AH passthrough NAT Discovery : No NAT/ NAPT device detected between IPsec Security gateways NAT Discovery : Local IPsec Security Gateway behind a NAT/NAPT Device NAT Discovery : Peer IPsec Security Gateway behind a NAT/NAPT Device NAT Discovery : Peer IPsec Security Gateway doesn't support VPN NAT Traversal Multicast --- Alert 684 --- Standard Message Multicast --- Notice 691 --- Standard Multicast --- Notice 690 --- Standard Multicast --- Warning 695 --- Standard Multicast --- Warning 694 --- Standard Unused System Error Error 44 606 Unused VPN IPsec Maintenance Info 266 --- Simple VPN IKE User Activity Info 241 --- Standard Note VPN IKE User Activity Info 240 --- Standard Note VPN IKE User Activity Info 239 --- Standard Note VPN IKE User Activity Info 242 --- Standard Note 30 SONICOS LOG EVENT REFERENCE GUIDE

NAT translated packet exceeds size limit, packet Net Spy attack NetBIOS settings were not upgraded. Use Network>IP Helper to configure NetBIOS support NetBus attack Network for interface %s overlaps with another interface. Network Modem Mode Disabled: re-enabling NAT Network Modem Mode Enabled: turning off NAT Network Monitor: Host %s is offline Network Monitor: Host %s is online Network Debug Debug 339 --- Standard Intrusion Attack Alert 74 513 Standard Firewall Event Maintenance Info 740 --- Simple Intrusion Attack Alert 72 511 Standard Firewall Event Maintenance Info 569 --- Simple Message PPP Dial Up Maintenance Info 531 --- Simple PPP Dial Up Maintenance Info 530 --- Simple Firewall Event Connection Alert 706 --- Simple Message Firewall Event Connection Alert 707 --- Simple Message New firmware available. Firewall Event Maintenance Info 198 --- Unused New URL List loaded Security Maintenance Info 8 --- Simple s Newsgroup access Network Blocked Sites Notice 17 704 Standard Note allowed Blocked Newsgroup access Network Blocked Sites Notice 15 702 Standard Note denied Blocked No Certificate for VPN PKI User Activity Alert 280 --- Simple No HOST tag found in Network Debug Debug 52 --- Unused HTTP request No ICMP redirect sent Unused Debug Debug 47 --- Unused No new URL List Security Maintenance Info 9 --- Simple available s No response from ISP PPPoE Maintenance Info 169 --- Simple Disconnecting PPPoE. No response from PPTP PPTP Maintenance Info 431 --- Simple server to call requests No response from PPTP PPTP Maintenance Info 430 --- Simple server to control connection requests No response from server to Echo Requests, disconnecting PPTP Tunnel PPTP Maintenance Info 429 --- Simple No valid DNS server RBL --- Error 800 --- Simple specified for RBL lookups Non-config mode GUI administration session started User Activity Info 997 --- Standard Note SONICOS LOG EVENT REFERENCE GUIDE 31

Not all configurations Firewall Event Maintenance Info 612 --- Simple may have been completely upgraded Not enough memory to hold the CRL VPN PKI User Activity Warning 272 --- Simple Obtained Relay IP Table DHCP Relay Maintenance Info 233 --- Standard from Remote Gateway OCSP Failed to Resolve Domain Name. VPN PKI User Activity Error 853 --- Standard Note OCSP Internal error handling received VPN PKI User Activity Error 854 --- Standard Note response. OCSP received response VPN PKI User Activity Error 851 --- Standard Note error. OCSP received response. VPN PKI User Activity Info 850 --- Standard Note OCSP Resolved Domain VPN PKI User Activity Info 852 --- Standard Note Name. OCSP send request message failed. VPN PKI User Activity Error 849 --- Standard Note OCSP sending request. VPN PKI User Activity Info 848 --- Standard Note OCSP unused/spare Unused --- Debug 855 --- Unused Outbound connection to RBL --- Notice 797 --- Standard RBL-listed SMTP server Out-of-order command Network Debug Debug 48 --- Standard packet Overriding Product Code Firewall Event --- Error 705 --- Standard Upgrade to: %s Message Packet destination not in VPN list VPN IPsec Attack Error 648 572 Standard Packet Dropped - IP TTL Network Debug Warning 910 --- Standard Note expired Packet by WLAN guest check Wireless TCP UDP ICMP Warning 488 --- Standard Packet by WLAN SSL-VPN enforcement check Wireless TCP UDP ICMP Warning 732 --- Standard Packet by WLAN vpn traversal check Packet. No firewall rule associated with VPN policy. Packet ; connection limit for this destination IP address has been reached Packet ; connection limit for this source IP address has been reached Wireless TCP UDP ICMP Warning 495 --- Standard VPN System Error Alert 739 --- Standard Note Firewall Event System Error Alert 647 5239 Standard Note Firewall Event System Error Alert 646 5238 Standard Note Payload processing failed VPN IKE Debug Error 616 0 Standard Note 32 SONICOS LOG EVENT REFERENCE GUIDE

PC Card inserted. Rebooting. Firewall Hardware --- Alert 1054 5419 Simple Message PC Card removed. Rebooting. Firewall Hardware --- Alert 1053 5418 Simple Message PC Card: No device detected Firewall Hardware --- Alert 1056 --- Simple Message Peer firewall rebooting (%s) High Availability --- Info 1057 --- Simple Message Physical environment Firewall --- Info 1042 5424 Simple normal Hardware Ping of death Intrusion Attack Alert 22 501 Standard PKI Error: VPN PKI Maintenance Error 417 --- Unused PKI Failure VPN PKI Maintenance Error 447 --- Unused PKI Failure: CA VPN PKI Maintenance Error 453 --- Simple certificates store exceeded. Cannot verify this Local Certificate PKI Failure: Cannot VPN PKI Maintenance Error 449 --- Simple allocate memory PKI Failure: Certificate's VPN PKI Maintenance Error 455 --- Simple ID does not match this SonicWALL PKI Failure: Duplicate VPN PKI Maintenance Error 458 --- Simple local certificate PKI Failure: Duplicate VPN PKI Maintenance Error 457 --- Simple local certificate name PKI Failure: Import failed VPN PKI Maintenance Error 451 --- Simple PKI Failure: Improper file VPN PKI Maintenance Error 454 --- Simple format. Please select PKCS#12 (*.p12) file PKI Failure: Incorrect VPN PKI Maintenance Error 452 --- Simple admin password PKI Failure: Internal error VPN PKI Maintenance Error 460 --- Simple PKI Failure: Loaded but VPN PKI Maintenance Error 469 --- Simple could not verify certificate PKI Failure: Loaded the VPN PKI Maintenance Error 470 --- Simple certificate but could not verify it's chain PKI Failure: No CA VPN PKI Maintenance Error 459 --- Simple certificates yet loaded PKI Failure: Output buffer VPN PKI Maintenance Error 448 --- Simple too small PKI Failure: public-private VPN PKI Maintenance Error 456 --- Simple key mismatch PKI Failure: Reached the VPN PKI Maintenance Error 450 --- Simple limit for local certificates, cant load any more PKI Failure: Temporary VPN PKI Maintenance Error 461 --- Simple memory shortage, try again PKI Failure: The certificate chain has no root VPN PKI Maintenance Error 464 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 33

PKI Failure: The VPN PKI Maintenance Error 462 --- Simple certificate chain is circular PKI Failure: The VPN PKI Maintenance Error 463 --- Simple certificate chain is incomplete PKI Failure: The VPN PKI Maintenance Error 468 --- Simple certificate or a certificate in the chain has a bad signature PKI Failure: The VPN PKI Maintenance Error 466 --- Simple certificate or a certificate in the chain has a validity period in the future PKI Failure: The VPN PKI Maintenance Error 465 --- Simple certificate or a certificate in the chain has expired PKI Failure: The VPN PKI Maintenance Error 467 --- Simple certificate or a certificate in the chain is corrupt Please connect interface Firewall Event Maintenance Info 570 --- Simple Message %s to another network to function properly Please manually check all system configurations for correctness of Firewall Event Maintenance Info 613 --- Simple Upgrade Port configured to receive Network IPsec protocol ONLY; drop packet received in the clear Possible FIN Flood on IF Intrusion %s Possible FIN Flood on IF Intrusion %s continues Possible FIN Flood on IF Intrusion %s has ceased Possible port scan Intrusion detected Possible RST Flood on IF Intrusion %s Possible RST Flood on IF Intrusion %s continues Possible RST Flood on IF Intrusion %s has ceased Possible SYN flood Intrusion attack detected Possible SYN flood Intrusion detected on WAN IF %s - switching to connectionproxy mode Possible SYN Flood on IF Intrusion %s Possible SYN Flood on IF Intrusion %s continues TCP UDP ICMP Warning 347 --- Standard Debug Alert 905 --- Simple Message Debug Warning 909 --- Simple Message Debug Alert 907 --- Simple Message Attack Alert 82 521 Standard Note Debug Alert 904 --- Simple Message Debug Warning 908 --- Simple Message Debug Alert 906 --- Simple Message Attack Warning 25 503 Standard Debug Alert 859 --- Simple Message Debug Alert 860 --- Simple Message Debug Warning 866 --- Simple Message 34 SONICOS LOG EVENT REFERENCE GUIDE

Possible SYN Flood on IF Intrusion Debug Alert 867 --- Simple Message %s has ceased Power supply without Firewall --- Error 1043 5425 Simple redundancy Hardware PPP Dial-Up: Connect PPP Dial Up User Activity Info 306 --- Simple request canceled PPP Dial-Up: Connected PPP Dial Up User Activity Info 286 --- Simple Message at %s bps - starting PPP PPP Dial-Up: Connection PPP Dial Up --- Info 666 --- Standard disconnected as scheduled. PPP Dial-Up: Dial initiated by %s PPP Dial Up Maintenance Info 324 --- Standard Message PPP Dial-Up: Dialed PPP Dial Up User Activity Info 285 --- Simple number did not answer PPP Dial-Up: Dialed PPP Dial Up User Activity Info 284 --- Simple number is busy PPP Dial-Up: Dialing not allowed by schedule. %s PPP Dial Up --- Info 665 --- Standard Message PPP Dial-Up: Dialing: %s PPP Dial Up User Activity Info 281 --- Simple Message PPP Dial-Up: Failed to PPP Dial Up User Activity Info 298 --- Unused get IP address PPP Dial-Up: Idle time PPP Dial Up User Activity Info 297 --- Simple limit exceeded - disconnecting PPP Dial-Up: Initialization PPP Dial Up User Activity Info 303 --- Simple Message : %s PPP Dial-Up: Invalid DNS PPP Dial Up Maintenance Info 811 --- Simple IP address returned from Dial-Up ISP; overriding using dial-up profile settings PPP Dial-Up: Link carrier PPP Dial Up User Activity Info 288 --- Simple lost PPP Dial-Up: Manual PPP Dial Up User Activity Info 321 --- Simple intervention needed. Check Primary Profile or Profile details PPP Dial-Up: Maximum PPP Dial Up User Activity Info 327 --- Simple connection time exceeded - disconnecting PPP Dial-Up: No dialtone PPP Dial Up User Activity Info 282 --- Simple detected - check phoneline connection PPP Dial-Up: No link PPP Dial Up User Activity Info 283 --- Simple carrier detected - check phone number PPP Dial-Up: No peer IP PPP Dial Up Maintenance Info 481 --- Simple address from Dial-Up ISP, local and remote IPs will be the same PPP Dial-Up: PPP link down PPP Dial Up User Activity Info 301 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 35

PPP Dial-Up: PPP link PPP Dial Up User Activity Info 300 --- Simple established PPP Dial-Up: PPP PPP Dial Up User Activity Info 296 --- Unused negotiation failed - disconnecting PPP Dial-Up: Previous session was connected PPP Dial Up User Activity Info 542 --- Simple Message for %s PPP Dial-Up: Received PPP Dial Up User Activity Info 299 --- Standard new IP address PPP Dial-Up: Shutting PPP Dial Up User Activity Info 302 --- Simple down link PPP Dial-Up: Starting PPP PPP Dial Up --- Info 1037 --- Simple Message PPP Dial-Up: Startup PPP Dial Up User Activity Info 323 --- Unused without Ethernet cable, will try to dial on outbound traffic PPP Dial-Up: The profile PPP Dial Up Maintenance Info 330 --- Simple in use disabled VPN networking. PPP Dial-Up: Trying to WAN Failover User Activity Info 434 --- Simple failover but Alternate Profile is manual PPP Dial-Up: Trying to PPP Dial Up User Activity Info 322 --- Simple failover but Primary Profile is manual PPP Dial-Up: Unknown PPP Dial Up User Activity Info 287 --- Simple dialing failure PPP Dial-Up: User PPP Dial Up User Activity Info 305 --- Simple requested connect PPP Dial-Up: User PPP Dial Up User Activity Info 304 --- Simple requested disconnect PPP Dial-Up: VPN PPP Dial Up Maintenance Info 331 --- Simple networking restored. PPP message: %s PPP System Environment Info 1018 --- Standard Message PPP: PPP User Activity Info 289 --- Simple successful PPP: CHAP PPP User Activity Info 291 --- Simple authentication failed - check username / password PPP: MS-CHAP PPP User Activity Info 292 --- Simple authentication failed - check username / password PPP: PAP authentication PPP User Activity Info 290 --- Simple failed - check username / password PPP: Starting CHAP PPP User Activity Info 294 --- Simple authentication PPP: Starting MS-CHAP authentication PPP User Activity Info 293 --- Simple 36 SONICOS LOG EVENT REFERENCE GUIDE

PPP: Starting PAP PPP User Activity Info 295 --- Simple authentication PPPoE terminated PPPoE Maintenance Info 130 --- Simple PPPoE CHAP PPPoE Maintenance Info 136 --- Unused authentication failed PPPoE Client: Previous session was connected PPPoE Maintenance Info 738 --- Simple Message for %s PPPoE discovery PPPoE Maintenance Info 133 --- Simple process complete PPPoE enabled but not PPPoE Maintenance Info 499 --- Simple ready PPPoE LCP link down PPPoE Maintenance Info 129 --- Simple PPPoE LCP link up PPPoE Maintenance Info 128 --- Simple PPPoE network PPPoE Maintenance Info 131 --- Simple connected PPPoE network PPPoE Maintenance Info 132 --- Simple disconnected PPPoE PAP PPPoE Maintenance Info 137 --- Unused authentication Failed PPPoE PAP PPPoE Maintenance Info 167 --- Unused authentication Failed. Please verify PPPoE username and password PPPoE PAP PPPoE Maintenance Info 166 --- Unused authentication success. PPPoE password User Activity Info 515 --- Unused changed by administrator PPPoE starting CHAP PPPoE Maintenance Info 134 --- Simple authentication PPPoE starting PAP PPPoE Maintenance Info 135 --- Unused authentication PPPoE user name User Activity Info 514 --- Unused changed by Administrator PPTP enabled but not PPTP Maintenance Info 501 --- Simple ready PPTP CHAP PPTP Maintenance Info 394 --- Unused authentication failed. Please verify PPTP username and password PPTP connect initiated by PPTP Maintenance Info 390 --- Standard the User PPTP control connection PPTP Maintenance Info 378 --- Simple Established PPTP control connection PPTP Maintenance Info 375 --- Simple negotiation started PPTP decode failure PPTP Debug Debug 596 --- Standard PPTP disconnect initiated PPTP Maintenance Info 388 --- Standard by the user PPTP LCP down PPTP Maintenance Info 383 --- Unused PPTP LCP up PPTP Maintenance Info 387 --- Unused PPTP Max Retransmission Exceeded PPTP Maintenance Info 377 --- Unused SONICOS LOG EVENT REFERENCE GUIDE 37

PPTP packet Network TCP UDP Notice 39 --- Unused ICMP PPTP PAP authentication PPTP Maintenance Info 395 --- Unused failed PPTP PAP authentication PPTP Maintenance Info 397 --- Unused failed. Please verify PPTP username and password PPTP PAP authentication PPTP Maintenance Info 396 --- Simple success. PPTP PPP authentication PPTP Maintenance Info 386 --- Unused failed PPTP PPP down PPTP Maintenance Info 385 --- Simple PPTP PPP link down PPTP Maintenance Info 391 --- Unused PPTP PPP link down PPTP Maintenance Info 399 --- Simple PPTP PPP link finished PPTP Maintenance Info 400 --- Simple PPTP PPP link up PPTP Maintenance Info 398 --- Simple PPTP PPP negotiation PPTP Maintenance Info 382 --- Simple started PPTP PPP session up PPTP Maintenance Info 384 --- Simple PPTP server is not PPTP Maintenance Info 444 --- Simple responding, check if the server is UP and running. PPTP server rejected PPTP Maintenance Info 432 --- Simple control connection PPTP server rejected the PPTP Maintenance Info 433 --- Simple call request PPTP session disconnect PPTP Maintenance Info 381 --- Simple from Remote PPTP session PPTP Maintenance Info 380 --- Simple established PPTP session negotiation PPTP Maintenance Info 376 --- Simple started PPTP starting CHAP PPTP Maintenance Info 392 --- Simple authentication PPTP starting PAP PPTP Maintenance Info 393 --- Simple authentication PPTP tunnel disconnect PPTP Maintenance Info 379 --- Simple from Remote Primary firewall has High Maintenance Info 144 --- Simple transitioned to Active Availability Primary firewall has High System Error Error 146 614 Simple transitioned to Idle Availability Primary firewall High System Error Error 153 620 Simple preempting backup Availability Primary firewall rebooting High --- Info 1058 --- Simple itself as it transitioned Availability from active to idle while preempt Primary missed High System Error Error 148 615 Simple heartbeats from Backup Primary received error signal from Backup Availability High Availability System Error Error 150 617 Simple 38 SONICOS LOG EVENT REFERENCE GUIDE

Primary received heartbeat from wrong source Primary received reboot signal from Backup Primary WAN link down, Backup going Active Primary WAN link down, Primary going Idle Primary WAN link up, preempting Backup Priority attack High Availability Maintenance Info 160 --- Unused High Availability System Error Error 671 665 Simple High System Error Error 220 634 Unused Availability High Maintenance Info 218 --- Unused Availability High Maintenance Info 221 --- Unused Availability Intrusion Attack Alert 79 518 Standard Probable port scan Intrusion Attack Alert 83 522 Standard Note detected Probable TCP FIN scan Intrusion Attack Alert 177 528 Standard Note detected Probable TCP NULL Intrusion Attack Alert 179 530 Standard Note scan detected Probable TCP XMAS Intrusion Attack Alert 178 529 Standard Note scan detected Probing failure on %s WAN Failover System Error Alert 326 637 Standard Message Probing succeeded on WAN Failover System Error Alert 436 638 Standard %s Message Problem loading the URL Security System Error Error 183 623 Simple list; Appliance not s registered. Problem loading the URL Security list; check Filter settings s Problem loading the URL Security list; check your DNS s server Problem loading the URL Security list; Flash write failure. s Problem loading the URL Security list; Retrying later. s Problem loading the URL Security list; Subscription expired. s System Error Error 10 602 Standard Note Code System Error Error 11 603 Simple System Error Error 187 627 Simple System Error Error 186 626 Standard System Error Error 184 624 Standard Problem loading the URL Security System Error Error 185 625 Simple list; Try loading it again. s Problem occurred during User Activity Warning 1033 --- Standard Note user group membership retrieval Problem sending log Firewall System Error Warning 12 604 Simple email; check log settings Logging Protocol: None --- Debug 525 --- Unused Read-only mode GUI administration session started User Activity Info 996 --- Standard Note Real time clock battery failure Time values may be incorrect Firewall Hardware System Error Warning 539 644 Simple RealAudio decode failure Unused Debug Debug 50 --- Unused SONICOS LOG EVENT REFERENCE GUIDE 39

Received a path MTU ICMP message from router/gateway Received a path MTU ICMP message from router/gateway Received Application Security Firewall alert: Your s SonicWALL Application Firewall (AF) subscription has expired. Received AV Alert: %s Security Received AV Alert: Your SonicWALL Network Anti-Virus subscription has expired. %s Received AV Alert: Your SonicWALL Network Anti-Virus subscription Network User Activity Info 182 --- Standard Note SPI Network User Activity Info 188 --- Standard Note Mtu s Security s Security s Maintenance Warning 1034 8635 Simple Maintenance Warning 125 524 Simple Message Maintenance Warning 159 526 Simple Message Maintenance Warning 482 552 Simple Message will expire in 7 days. %s Received CFS Alert: Your Security Maintenance Warning 490 563 Simple SonicWALL content s filtering subscription has expired. Received CFS Alert: Your Security Maintenance Warning 489 562 Simple SonicWALL content s filtering subscription will expire in 7 days. Received DHCP offer DHCP Client Maintenance Info 588 --- Standard packet has errors Received E-Mail filter Security Maintenance Warning 492 565 Simple alert: Your SonicWALL E- s Mail filtering subscription has expired. Received E-Mail filter alert: Your SonicWALL E- Mail filtering subscription will expire in 7 days. Received fragmented packet or fragmentation needed Received IKE SA delete request Received IPS alert: Your SonicWALL Intrusion Prevention (IDP) subscription has expired. Security s Maintenance Warning 491 564 Simple Network Debug Debug 63 --- Standard VPN IKE User Activity Info 413 --- Standard Note Security Maintenance Warning 614 571 Simple s Received IPsec SA delete request VPN IKE User Activity Info 412 --- Standard Received ISAKMP packet VPN IKE Debug UDP Info 607 --- Standard destined to port %s Message Received LCP Echo Reply PPPoE Maintenance Info 723 --- Simple 40 SONICOS LOG EVENT REFERENCE GUIDE

Received LCP Echo PPPoE Maintenance Info 721 --- Simple Request Received notify. NO PROPOSAL CHOSEN VPN IKE User Activity Warning 401 --- Standard Note Received notify: INVALID VPN IKE User Activity Info 414 --- Standard COOKIES Received notify: INVALID VPN IPsec User Activity Warning 483 --- Standard Note ID INFO Received notify: INVALID VPN IKE User Activity Error 661 --- Standard Note PAYLOAD Received notify: INVALID VPN IKE User Activity Info 416 --- Standard SPI Received notify: ISAKMP VPN IKE User Activity Warning 409 --- Standard AUTH FAILED Received notify: PAYLOAD MALFORMED VPN IKE User Activity Warning 411 --- Standard Received notify: RESPONDER LIFETIME VPN IKE User Activity Info 415 --- Standard Received packet retransmission. Drop VPN IKE User Activity Warning 406 --- Standard Note duplicate packet Received PPPoE active PPPoE Maintenance Info 593 --- Simple discovery Offer Received PPPoE active PPPoE Maintenance Info 594 --- Simple discovery session confirmation Received response packet for DHCP request has errors DHCP Client Maintenance Info 589 --- Standard Received unencrypted packet in crypto active state Regulatory requirements prohibit %s from being redialed for 30 minutes VPN IKE User Activity Warning 605 --- Standard Note PPP Dial Up Attack Error 592 567 Standard Message remote range: None --- Debug 86 --- Unused Remotely triggered dialout session ended. Valid WAN bound data found. Normal dial-up sequence will commence User Activity Info 822 --- Simple Remotely triggered dialout session started. Requesting authentication Removed host entry from dynamic address object Request for relay IP table from central gateway Dynamic Address Objects User Activity Info 818 --- Simple Maintenance Info 912 --- Standard DHCP Relay Maintenance Info 230 --- Standard Requesting CRL from VPN PKI User Activity Info 269 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 41

Requesting relay IP table from remote gateway Restarting SonicWALL; dumping log to email Retransmitting DHCP discover Retransmitting DHCP request (Rebinding). Retransmitting DHCP request (Rebooting). Retransmitting DHCP request (Renewing). Retransmitting DHCP request (Requesting). Retransmitting DHCP request (Verifying). RIP Broadcasts for LAN Network %s are being broadcast over Dial Upconnection RIP disabled on DMZ interface RIP disabled on interface %s RIP disabled on WAN interface Ripper attack RIPv1 enabled on DMZ interface RIPv1 enabled on interface %s RIPv1 enabled on WAN interface RIPv2 compatibility (broadcast) mode enabled on DMZ interface RIPv2 compatibility (broadcast) mode enabled on interface %s RIPv2 compatibility (broadcast) mode enabled on WAN interface RIPv2 enabled on DMZ interface RIPv2 enabled on interface %s RIPv2 enabled on WAN interface Router IGMP General query received on interface %s DHCP Relay Maintenance Info 231 --- Standard Firewall Event Maintenance Info 13 --- Unused DHCP Client Maintenance Info 99 --- Standard DHCP Client Maintenance Info 102 --- Standard DHCP Client Maintenance Info 103 --- Standard DHCP Client Maintenance Info 101 --- Standard DHCP Client Maintenance Info 100 --- Standard DHCP Client Maintenance Info 104 --- Standard Rip Maintenance Info 571 --- Unused Rip Maintenance Info 423 --- Unused Rip Maintenance Info 419 --- Simple Message Rip Maintenance Info 552 --- Unused Intrusion Attack Alert 76 515 Standard Rip Maintenance Info 424 --- Unused Rip Maintenance Info 420 --- Simple Message Rip Maintenance Info 553 --- Unused Rip Maintenance Info 426 --- Unused Rip Maintenance Info 422 --- Simple Message Rip Maintenance Info 555 --- Unused Rip Maintenance Info 425 --- Unused Rip Maintenance Info 421 --- Simple Message Rip Maintenance Info 554 --- Unused Multicast --- Debug 680 --- Standard Message 42 SONICOS LOG EVENT REFERENCE GUIDE

Router IGMP membership query received on interface %s RST flood blacklist on IF %s continues RST-flooding machine %s blacklisted Multicast --- Debug 681 --- Standard Message Intrusion Debug Warning 899 --- Simple Message Intrusion Debug Alert 898 --- Simple Message Rule None --- Debug 59 --- Unused SA is disabled. Check VPN IKE User Activity Info 407 --- Unused VPN SA settings Sending DHCP discover. DHCP Client Maintenance Info 105 --- Standard Sending DHCP request DHCP Client Maintenance Info 122 --- Standard Sending DHCP request (Rebinding). DHCP Client Maintenance Info 116 --- Standard Sending DHCP request (Rebooting). DHCP Client Maintenance Info 117 --- Standard Sending DHCP request (Renewing). DHCP Client Maintenance Info 115 --- Standard Sending DHCP request (Verifying). DHCP Client Maintenance Info 118 --- Standard Sending DHCP request DHCP Client Maintenance Info 108 --- Standard Sending LCP echo reply PPPoE Maintenance Info 722 --- Simple Sending LCP echo PPPoE Maintenance Info 720 --- Simple request Sending PPPoE Active PPPoE Maintenance Info 595 --- Simple Discovery Request Senna Spy attack Intrusion Attack Alert 78 517 Standard Sent relay IP Table to DHCP Relay Maintenance Info 232 --- Standard central gateway Settings Import: %s Firewall Event --- Info 1049 --- Simple Message SIP register expiration exceeds configured Signaling inactivity time out VOIP VOIP Warning 645 --- Standard Note SIP request VOIP VOIP Debug 643 --- Standard Note SIP response VOIP VOIP Debug 644 --- Standard Note SMTP authentication problem:%s SMTP POP-Before- SMTP authentication failed Firewall Logging Firewall Logging System Error Warning 737 --- Standard Message System Error Warning 656 --- Simple SMTP server found on RBL blacklist RBL --- Notice 799 --- Standard Note Smurf amplification attack Intrusion Attack Alert 81 520 Standard SonicPoint Provision SonicPoint SonicPoint Info 727 --- Simple SonicPoint statistics report GMS --- Info 806 --- Simple SonicPoint Stats SONICOS LOG EVENT REFERENCE GUIDE 43

SonicPoint Status SonicPoint SonicPoint Info 667 --- Simple SonicWALL activated Firewall Event Maintenance Alert 4 --- Simple SonicWALL initializing Firewall Event Maintenance Info 521 --- Simple SonicWALL SSO agent returned domain name too long SonicWALL SSO agent returned user name too long CIA User Activity Warning 993 --- Standard Note CIA User Activity Warning 992 --- Standard Note Source IP address connection status: %s Firewall Event --- Info 734 --- Standard Message Source routed IP packet Intrusion Debug Warning 428 --- Standard Source: None --- Debug 56 --- Unused Spank attack multicast Intrusion Attack Alert 606 568 Standard packet SPI: None --- Debug 71 --- Unused SSL Control: Certificate chain not complete Network Blocked Sites Info 1006 --- Standard Note SSL Control: Certificate with invalid date Network Blocked Sites Info 1002 --- Standard Note SSL Control: Failed to decode Server Hello Network Blocked Sites Info 1007 --- Standard Note SSL Control: HTTPS via SSL2 Network Blocked Sites Info 1001 --- Standard Note SSL Control: Self-signed Network Blocked Sites Info 1003 --- Standard Note certificate SSL Control: Untrusted CA Network Blocked Sites Info 1005 --- Standard Note SSL Control: Weak cipher being used Network Blocked Sites Info 1004 --- Standard Note SSL Control: Website found in blacklist Network Blocked Sites Info 999 --- Standard Note SSL Control: Website found in whitelist Network Blocked Sites Info 1000 --- Standard Note SSL-VPN enforcement Wireless Maintenance Info 733 --- Simple Starting IKE negotiation VPN IKE User Activity Info 90 --- Standard Note Starting PPPoE discovery PPPoE Maintenance Info 127 --- Simple Status GMS Maintenance Emergenc 96 --- Simple GMS y Status StrIKEr attack Intrusion Attack Alert 77 516 Standard Sub seven attack Intrusion Attack Alert 75 514 Standard Success to reach Interface %s probe High Availability System Error Info 674 --- Simple Message Successful authentication User Activity Info 820 --- Simple received for Remotely Triggered Dial-out SYN flood blacklist on IF %s continues SYN flood blacklisting disabled by user Intrusion Intrusion Debug Warning 868 --- Simple Message Debug Warning 863 --- Standard 44 SONICOS LOG EVENT REFERENCE GUIDE

SYN flood blacklisting Intrusion Debug Warning 862 --- Standard enabled by user SYN flood ceased or Intrusion Debug Alert 861 --- Standard flooding machines blacklisted - connection proxy disabled SYN Flood Mode Intrusion Debug Warning 858 --- Standard changed by user to: Always proxy WAN connections SYN Flood Mode Intrusion Debug Warning 857 --- Standard changed by user to: Watch and proxy WAN connections when under attack SYN Flood Mode Intrusion Debug Warning 856 --- Standard changed by user to: Watch and report possible SYN floods SYN unused/spare Unused --- Debug 870 --- Unused SYN unused/spare Unused --- Debug 871 --- Unused Synchronizing High Maintenance Info 673 --- Simple preferences to HA Peer Firewall Availability SYN-Flooding machine %s blacklisted Intrusion Debug Alert 864 --- Simple Message Syslog Server cannot be Network Maintenance Info 657 --- Standard reached System clock manually updated Firewall Logging --- Notice 881 --- Simple Note TCP checksum error Network TCP Notice 884 --- Standard TCP connection abort received; TCP connection TCP connection Network TCP connection from Network LAN denied TCP connection reject received; TCP connection Network Debug Debug 713 --- Standard Note TCP Notice 36 --- Standard Policy LAN TCP Notice 173 --- Standard Network Debug Debug 712 --- Standard Note TCP FIN packet Network Debug Debug 181 --- Standard TCP handshake violation Network --- Notice 760 --- Standard Note detected; TCP connection TCP packet received on a closing connection; TCP packet TCP packet received on non-existent/closed connection; TCP packet Network Debug Debug 891 --- Standard Note Network Debug Debug 888 --- Standard Note SONICOS LOG EVENT REFERENCE GUIDE 45

TCP packet received with invalid ACK number; TCP packet TCP packet received with invalid header length; Network Debug Debug 709 --- Standard Note Network Debug Debug 887 --- Standard Note TCP packet TCP packet received with Network Debug Debug 894 --- Standard Note invalid MSS option length; TCP packet TCP packet received with Network Debug Debug 895 --- Standard Note invalid option length; TCP packet TCP packet received with Network Debug Debug 893 --- Standard Note invalid SACK option length; TCP packet TCP packet received with Network Debug Debug 708 --- Standard Note invalid SEQ number; TCP packet TCP packet received with Network Debug Debug 896 --- Standard Note invalid source port; TCP packet TCP packet received with Network Debug Info 897 --- Standard Note invalid SYN Flood cookie; TCP packet TCP packet received with Network Debug Debug 1030 --- Standard Note invalid window scale option length; TCP packet TCP packet received with Network Debug Debug 1031 --- Standard Note invalid window scale option value; TCP packet TCP packet received with Network Debug Debug 1029 --- Standard Note non-permitted option; TCP packet TCP packet received with Network Debug Info 892 --- Standard Note SYN flag on an existing connection; TCP packet TCP packet received without mandatory ACK Network Debug Debug 890 --- Standard Note flag; TCP packet TCP packet received without mandatory SYN Network Debug Debug 889 --- Standard Note flag; TCP packet TCP stateful inspection: Network Debug Debug 711 --- Unused Bad header; TCP packet TCP stateful inspection: Network Debug Info 710 --- Unused Invalid flag; TCP packet TCP SYN received Intrusion Debug Debug 869 --- Standard 46 SONICOS LOG EVENT REFERENCE GUIDE

TCP Syn/Fin packet Network TCP Xmas Tree Intrusion The cache is full; %u open connections; some will be The current WAN interface is not ready to route packets. The loaded content URL List has expired. The network connection in use is %s The preferences file is too large to be saved in available flash memory Thermal Red Thermal Red Timer Exceeded Thermal Yellow Time of day settings for firewall policies were not upgraded. Too many gratuitous ARPs detected Attack Alert 580 558 Standard Note Attack Alert 267 547 Standard Firewall Event System Error Error 53 607 Standard Message Number Firewall Event System Error Error 325 635 Unused Security s System Error Error 190 628 Simple WAN Failover System Error Warning 307 639 Standard Message Firewall Event System Error Warning 573 649 Simple Firewall Hardware System Environment Alert 578 104 Simple Firewall System Alert 579 105 Simple Hardware Environment Firewall System Alert 577 103 Simple Hardware Environment Firewall Event Maintenance Info 742 --- Simple Network --- Warning 815 --- Simple Type: None --- Debug 55 --- Unused UDP checksum error Network UDP Notice 885 --- Standard UDP packet Network UDP Notice 37 --- Standard Policy UDP packet from LAN Network LAN UDP Notice 174 --- Standard LAN TCP Unable to download IPS/ GAV/Anti-Spyware Signature database. Firewall must first be restarted to free memory used by downloaded firmware. Unused --- Warning 873 --- Simple Unable to resolve dynamic address object Dynamic Address Objects Maintenance Info 880 --- Standard Unable to send message PPP Dial Up System Error Error 1024 --- Simple Message to dial-up task Unknown IPsec SPI VPN IPsec Attack Error 66 507 Unused Unknown protocol Network Debug Notice 41 --- Standard Note Unknown reason VPN PKI User Activity Error 275 --- Simple User logged out User Activity Info 263 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 47

User logged out - inactivity timer expired User Activity Info 265 --- Standard Note User logged out - max session time exceeded User Activity Info 264 --- Standard Note User logged out - user disconnect detected User Activity Info 24 --- Standard Note (heartbeat timer expired) User login denied - insufficient access on RADIUS User Activity Warning 750 --- Standard LDAP server User login denied - invalid RADIUS User Activity Warning 749 --- Standard credentials on LDAP server User login denied - LDAP RADIUS User Activity Info 745 --- Standard authentication failure User login denied - LDAP RADIUS User Activity Warning 748 --- Standard communication problem User login denied - LDAP RADIUS User Activity Warning 757 --- Standard directory mismatch User login denied - LDAP RADIUS User Activity Warning 751 --- Standard schema mismatch User login denied - LDAP RADIUS User Activity Warning 755 --- Standard server certificate not valid User login denied - LDAP RADIUS User Activity Warning 747 --- Standard server down or misconfigured User login denied - LDAP server name resolution failed RADIUS User Activity Warning 753 --- Standard User login denied - LDAP RADIUS User Activity Warning 746 --- Standard server timeout User login denied - not allowed by policy rule User Activity Warning 986 --- Standard Note User login denied - not found locally User Activity Warning 987 --- Standard Note User login denied - password doesn't meet constraints 0 Warning 1048 --- Standard User login denied - password expired User login denied - RADIUS authentication failure User login denied - RADIUS communication problem User login denied - RADIUS configuration error User login denied - RADIUS server name resolution failed User login denied - RADIUS server timeout User Activity Warning 1035 --- Standard RADIUS User Activity Info 243 --- Standard RADIUS User Activity Warning 744 --- Standard RADIUS User Activity Info 245 --- Standard RADIUS User Activity Warning 754 --- Standard RADIUS User Activity Info 244 --- Standard 48 SONICOS LOG EVENT REFERENCE GUIDE

User login denied - SonicWALL SSO agent communication problem User login denied - SonicWALL SSO agent configuration error User login denied - SonicWALL SSO agent name resolution failed User login denied - SonicWALL SSO agent timeout User login denied - TLS or local certificate problem User login denied - User has no privileges for login from that location User login denied - User has no privileges for WLAN guest service User login denied due to bad credentials User login disabled from %s User login failed - Guest service limit reached User login failure rate exceeded - logins from user IP address denied Using LDAP without TLS highly insecure CIA User Activity Warning 990 --- Standard CIA User Activity Warning 989 --- Standard CIA User Activity Warning 991 --- Standard CIA User Activity Warning 988 --- Standard RADIUS User Activity Warning 756 --- Standard User Activity Info 246 --- Standard User Activity Info 486 --- Standard User Activity Info 33 --- Standard Attack Error 583 559 Standard Message User Activity Info 549 --- Standard Note Attack Error 329 561 Standard RADIUS System Error Alert 1010 --- Simple Virtual access point is disabled SonicPoint 80211bmgmt Info 731 --- Simple Virtual access point is enabled SonicPoint 80211bmgmt Info 730 --- Simple VLAN unused/spare Unused --- Debug 837 --- Unused VLAN unused/spare Unused --- Debug 838 --- Unused VLAN unused/spare Unused --- Debug 839 --- Unused VOIP %s endpoint added VOIP VOIP Debug 637 --- Simple Message VOIP %s endpoint not added - configured 'public' endpoint limit reached VOIP VOIP Warning 639 --- Simple Message VOIP %s endpoint removed VOIP VOIP Debug 638 --- Simple Message VOIP call connected VOIP VOIP Info 622 --- Standard Note VOIP call disconnected VOIP VOIP Info 623 --- Standard Note Voltages out of tolerance Firewall Hardware System Environment Error 575 101 Simple SONICOS LOG EVENT REFERENCE GUIDE 49

VPN Cleanup: Dynamic VPN User Activity Info 471 --- Standard network settings change VPN client policy provisioning VPN Client User Activity Info 371 --- Standard VPN disabled by Maintenance Info 506 --- Simple administrator VPN disabled for active Unused Maintenance Info 503 --- Simple dial up VPN enabled by Maintenance Info 507 --- Simple administrator VPN log debug VPN IKE Debug Info 172 --- Standard Message VPN policy added VPN --- Info 1050 --- Standard Note VPN policy count received exceeds the VPN System Error Error 719 --- Simple Message limit; %s VPN Policy Deleted VPN --- Info 1051 --- Standard Note VPN Policy Modified VPN --- Info 1052 --- Standard Note VPN TCP FIN VPN VPN Stat Info 195 --- Unused VPN TCP PSH VPN VPN Stat Info 196 --- Unused VPN TCP SYN VPN VPN Stat Info 194 --- Unused VPN zone administrator login allowed User Activity Info 235 --- Standard VPN zone remote user login allowed User Activity Info 237 --- Standard WAN Interface not setup Firewall Event Maintenance Info 498 --- Simple Wan IP Changed Firewall Event System Error Warning 138 636 Standard WAN node exceeded: Firewall Event System Error Error 812 --- Standard Connection because too many IP addresses are in use on your LAN WAN not ready Firewall Event Maintenance Info 502 --- Simple WAN zone administrator login allowed User Activity Info 236 --- Standard WAN zone remote user login allowed User Activity Info 238 --- Standard WARNING: Central DHCP Relay Maintenance Info 472 --- Unused gateway does not have a relay IP Address. DHCP message. WARNING: DHCP lease relayed from central DHCP Relay Maintenance Info 227 --- Standard gateway conflicts with IP in Static devices list Web access request Network TCP Notice 524 --- Standard Policy Web management Network User Activity Notice 526 --- Standard request allowed Web site access allowed Network Blocked Sites Notice 16 703 Standard Note Blocked 50 SONICOS LOG EVENT REFERENCE GUIDE

Web site access denied Network Blocked Sites Error 14 701 Standard Note Blocked WiFiSec enforcement Maintenance Info 510 --- Unused disabled by administrator WiFiSec enforcement Maintenance Info 511 --- Unused enabled by administrator Wireless MAC filter list Maintenance Info 513 --- Simple disabled by administrator Wireless MAC filter list Maintenance Info 512 --- Simple enabled by administrator WLAN client null probing WLAN IDS WLAN IDs Warning 615 904 Standard WLAN disabled by Maintenance Info 508 --- Simple administrator WLAN disabled by Maintenance Info 728 --- Simple schedule WLAN drop traffic to deny Network --- Info 724 --- Standard Note network WLAN enabled by Maintenance Info 509 --- Simple administrator WLAN enabled by Maintenance Info 729 --- Simple schedule WLAN firmware image Wireless Maintenance Info 487 --- Simple has been updated WLAN guest session timeout User Activity Info 551 --- Standard Note WLAN guest session timeout User Activity Info 564 --- Standard Note WLAN guest session timeout User Activity Info 550 --- Standard Note WLAN max concurrent users reached already Network --- Info 726 --- Standard Note WLAN not in AP mode, Wireless Maintenance Info 617 --- Simple DHCP server will not provide lease to clients on WLAN WLAN pass traffic to access allow network Network --- Info 725 --- Standard Note WLAN radio frequency threat detected RF Management --- Warning 879 --- Simple WLAN reboot Firewall System Error Error 517 642 Hardware WLAN recovery Wireless Maintenance Info 519 --- Simple WLAN sequence number WLAN IDS WLAN IDs Warning 547 902 Simple out of order WLB fail back initiated by WAN Failover System Error Alert 435 652 Standard %s Message WLB failover in progress WAN Failover System Error Alert 584 651 Standard WLB resource failed WAN Failover System Error Alert 586 654 Standard WLB resource is now WAN Failover System Error Alert 585 653 Standard available WLB SPIll-over started, WAN Failover Maintenance Warning 581 --- Simple configured threshold exceeded WLB SPIll-over stopped WAN Failover Maintenance Warning 582 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 51

WPA MIC Failure Wireless 80211bmgmt Warning 663 --- Simple WPA RADIUS Server Timeout Wireless 80211bmgmt Info 664 --- Simple WWAN %s %s device detected Firewall Hardware System Environment Info 1017 --- Simple Message WWAN Dial-up: %s. PPP Dial Up User Activity Alert 1026 --- Simple Message WWAN Dial-up: data usage limit reached for PPP Dial Up User Activity Alert 1027 7643 Simple Message the '%s' billing cycle. Disconnecting the WWAN session. WWAN: No SIM detected Firewall --- Alert 1055 --- Simple Message XAUTH failed with VPN client, failure XAUTH failed with VPN client, Cannot Contact RADIUS Server XAUTH succeeded with VPN client Hardware VPN Client User Activity Error 140 --- Standard VPN Client User Activity Info 141 --- Standard VPN Client User Activity Info 139 --- Standard 52 SONICOS LOG EVENT REFERENCE GUIDE

Index of Syslog Tag Field Description This section provides an alphabetical listing of Syslog tags and the associated field description. Tag Field Description <ddd> Syslog message prefix The beginning of each syslog message has a string of the form <ddd> where ddd is a decimal number indicating facility and priority of the message. (See [1] Section 4.1.1) arg URL Used to render a URL: arg represents the URL path name part. bcastrx Interface statistics report Displays the broadcast packets received bcasttx Interface statistics report Displays the broadcast packets transmitted bytesrx Interface statistics report Displays the bytes received bytestx Interface statistics report Displays the bytes transmitted c Message category (legacy only) Indicates the legacy category number (Note: We are not currently sending new category information.) change Configuration change webpage Displays the basename of the firewall web page that performed the last configuration change code Blocking code Indicates the CFS block code category code ICMP type and code Indicates the ICMP code conns Firewall status report Indicates the number of connections in use cpuutil Firewall status report Displays the CPU utilization (not in use) dst IP address, and optionally, port, network interface, and resolved name. dstname URL Displays the URL of web site hit and other legacy destination strings dstname URL Used to render a URL: dstname represents the URL host part dyn Firewall status report Displays the HA and dialup connection state (rendered as h.d where h is n (not enabled), b (backup), or p (primary) and d is 1 (enabled) or 0 (disabled)) fw Firewall WAN IP Indicates the WAN IP Address fwlan Firewall status report Indicates the LAN zone IP address goodrxbytes SonicPoint statistics report Indicates the well formed bytes recevied goodtxbytes SonicPoint statistics report Indicates the well formed bytes transmitted SONICOS LOG EVENT REFERENCE GUIDE 53

i Firewall status report Displays the GMS message interval in seconds id=firewall Webtrends prefix Syntactic sugar for WebTrends (and GMS by habit) if Interface statistics report Displays the interface on which statistics are reported ipscat IPS message Displays the IPS category ipspri IPS message Displays the IPS priority lic Firewall status report Indicates the number of licenses for firewalls with limited modes m Message ID Provides the message ID number mac MAC address Provides the MAC address msg Static message Displays the event message (from spreadsheet) msg Dynamically-defined message Displays a dynamically defined message string msg Static message with dynamic string Displays a message using the predefined message string containing a %s and a dynamic string argument. msg Static message with dynamic number Displays a message using the predefined string string containing a %s and a dynamic numeric argument. msg IPS message Displays a message using the predefined message string containing a %s and a dynamic string argument. msg Anti-Spyware message Displays the event message (from spreadsheet) n Message count Indicates the number of times event occurs op HTTP OP code Displays the HTTP operation (GET, POST, etc.) of web site hit pri Message priority Displays the event priority level (0=emergency..7=debug) proto IP protocol Indicates the IP protocol and detail information proto Protocol and service Displays the protocol information (rendered as proto/service ) proto Protocol and service Displays the protocol information (rendered as proto/service ) pt Firewall status report Displays the HTTP/HTTPS management port (rendered as hhh.sss ) radio SonicPoint statistics report Displays the SonicPoint radio on which event occurred ramutil Firewall status report Displays the RAM utilization (not in use) 54 SONICOS LOG EVENT REFERENCE GUIDE

rcvd Bytes received Indicates the number of bytes received within connection result HTTP Result code Displays the HTTP result code (200, 403, etc.) of web site hit rule Rule ID Displays the Rule number causing packet drop sent Bytes sent Displays the number of bytes sent within connection sid IPS message Provides the IPS signature ID sid Anti-Spyware message Provides the AntiSpyware signature ID sn Firewall serial number Indicates the device serial number spycat Anti-Spyware message Displays the antispyware category spypri Anti-Spyware message Displays the AntiSpyware priority src Source Indicates the source IP address, and optionally, port, network interface, and resolved name. station SonicPoint statistics report Displays the client (station) on which event occurred time Time Reports the time of event type ICMP type and code Indicates the ICMP type ucastrx Interface statistics report Displays the unicast packets received ucasttx Interface statistics report Displays the unicast packets transmitted unsynched Firewall status report Reports the time since last local change in seconds usesstandbysa Firewall status report Displays whether standby SA is in use ( 1 or 0 ) for GMS management usr (or user) User Displays the user name ( user is the tag used by WebTrends) vpnpolicy VPN policy name Displays the VPN policy name of event SONICOS LOG EVENT REFERENCE GUIDE 55

56 SONICOS LOG EVENT REFERENCE GUIDE