COMPREHENSIVE INTERNET SECURITY S o n i c WALL Internet Security Ap p l i a n c e s SonicOS Log Event Reference Guide
Using the SonicOS Log Event Reference Guide This reference guide lists and describes SonicOS log event messages. Reference a log event message by using the alphabetical index of log event messages. This document contains the following sections: SonicOS Log Event s Overview on page 1 Configuring SonicOS Log > View on page 4 Referencing the SonicOS Log > View Field Display on page 7 Index of Log Event s on page 9 Index of Syslog Tag Field Description on page 63 SonicOS Log Event s Overview During the operation of a SonicWALL security appliance, SonicOS software sends log event messages to the Log > View page in the SonicWALL management interface. In Figure 1, the Log > View page is displayed. Figure 1 SonicOS Enhanced Log > View page Note: Event logging automatically begins when the SonicWALL security appliance is powered on and configured. SonicOS supports a traffic log containing entries with multiple fields. Log event messages provide operational informational and debugging information to help you diagnose problems with communication lines, internal hardware, or your firmware configuration. For the SonicOS CLI console display, use the show log command to display log events. Refer to the SonicOS CLI Reference Guide located on the SonicWALL Web site: <http://www.sonicwall.com/support/documentation.html> SONICOS LOG EVENT REFERENCE GUIDE 1
Note: Not all log event messages indicate operational issues with your SonicWALL security appliance. SonicOS Log Entries Each log entry contains the date and time of the event and a brief message describing the event. The SonicWALL manages log events in the following manner: TCP, UDP, or ICMP packets When IP packets are by the SonicWALL security appliance, TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address. Log event messages usually include the name of the service in quotation marks. Web, FTP, Gopher, or Newsgroup blocked When a computer attempts to connect to the blocked site or newsgroup, a log event is displayed. Blocked is defined as a Web site, connection, or event that is denied access from the SonicWALL security appliance. The computer s IP address, Ethernet address, the name of the blocked Web site, and the Content Filter List Code is displayed. Code definitions for the 12 Content Filter List categories are shown below. 1. Violence 7. Cult 2. Intimate Apparel/Swimsuit 8. Drugs/Illegal Drugs 3. Nudism 9. Criminal Skills/Illegal Skills 4. Adult/Mature Content/ Pornography 10. Sex Education 5. Weapons 11. Gambling 6. Hate/Racism 12. Alcohol & Tobacco ActiveX, Java, Cookie or Code Archive blocked When ActiveX, Java or Web cookies are blocked, messages with the source and destination IP addresses of the connection attempt is displayed. Ping of Death, IP Spoof, and SYN Flood Attacks The IP address of the machine under attack and the source of the attack is displayed. In most attacks, the source address shown is fake and does not reflect the real source of the attack. SonicOS Log View Settings The Log View Settings section of the Log > View page provides you the filtering controls to filter log event messages based on your configured log filter logic. It also contains the following log management buttons: Refresh Renews the Log View table with current log event messages. Clear Log Empties the entries in the Log View table. E-mail Log E-mails log event messages to your configured SMTP server or list of e-mail addresses. Export Log Exports the log into a plain.txt or.csv file format. 2 SONICOS LOG EVENT REFERENCE GUIDE
SonicOS Log View Display Format The Log > View page displays log event messages in following format for alert notification: Time Displays the hour and minute the event occurred. Priority Displays the level urgency for the event. Category Displays the event type. Displays a description of the event. Source Displays the source IP address of incoming IP packet. Displays the destination IP address of incoming IP packet. Note Displays displays additional information specific to a particular event occurrence. Rule Displays the source and destination zones for the access rule. This field provides a link to the access rule defined in the Firewall > Rules page. The display fields for a log event message provides you with data to verify your configurations, trouble-shoot your security appliance, and track IP traffic. SONICOS LOG EVENT REFERENCE GUIDE 3
Configuring SonicOS Log > View The Log > View page in the Web-based SonicWALL management interface allows you to export log reports, e-mail log reports, and monitor real-time Syslog data. As soon as you power on your SonicWALL security appliance, SonicOS software sends Syslog data to your log. In the SonicWALL management interface, you can navigate through the subcategories of the Log setting for reporting and customizing log reports. In Figure 2, the Log > View page is displayed. Figure 2 SonicOS Enhanced Log > View page 4 SONICOS LOG EVENT REFERENCE GUIDE
Setting the Log Filter Logic By default, the SonicOS filter logic is set to Priority && Category && Source &&. The double ampersand symbols (&&) indicate the boolean expression and. The default SonicOS filter logic displays all log events. In Figure 3, the Log > View > Log View Settings page is displayed. Figure 3 SonicOS Log View Settings Log Event Filters Default filter logic value Group filters Apply filters Default filter logic Export logs Reset filters Applying Custom Log Event Filters This section provides examples on using the Log View Settings to filter log event messages displayed in the Log View page. Configuration Example: Filtering Log Event s by Priority Value To set the log filter logic to display only log event messages with a priority level of Emergency: 1. Select Emergency from the filter-priority Value pull-down menu. 2. Click on the Apply Filters button. Configuration Example: Filtering Log Event s by Category Value To set the log filter logic to display only log event messages with a category event type of Attacks: 1. Select Attacks from the filter-category Value pull-down menu. 2. Click on the Apply Filters button. SONICOS LOG EVENT REFERENCE GUIDE 5
Configuration Example: Filtering Log Event s by Source Value To set the log filter logic to display only log event messages associated to a source IP address: 1. Enter the source IP address or select an interface from the filter-source Value pull-down menu. 2. Click on the Apply Filters button. Configuration Example: Filtering Log Event s by Value To set the log filter logic to display only log event messages associated to a destination IP address: 1. Enter the destination IP address or select an interface from the filter-source Value pull-down menu. 2. Click on the Apply Filters button. Using Group Filters Note: Use Group filters to change the default SonicOS filter logic (Priority && Category && Source && ) from double ampersand symbols (&&) to double pipe symbols ( ) to indicate the boolean expression or. When using group filters, select two or more Group Filters checkboxes. If you select only one Group Filter checkbox, the filter logic will remain the same. Selecting only the Priority-Group Filter checkbox provides you with the following filter logic: (Priority) && Category && Source && Configuration Example: Using the Priority Group Filter and Category Group Filter To set the log filter logic to display log event messages with a priority level of Emergency or a category event type of Attack: 1. Select the Priority group filter checkbox. 2. Select the Category group filter checkbox. 3. Select Emergency from the filter-priority Value pull-down menu. 4. Select Attacks from the filter-category Value pull-down menu. Figure 4 illustrates the SonicOS filter logic updated as follows: (Priority Category) && Source && Figure 4 SonicOS Log Group Filters A filter logic using the boolean expression is less restrictive than the default filter logic using the boolean expression &&. With the boolean expression, log event messages are displayed if they match either filter values. With the boolean expression &&, log event messages are displayed if they match both filter values. 6 SONICOS LOG EVENT REFERENCE GUIDE
Exporting the Logs to a File This section provides instructions to export your log to a file. To export the log to a file: 1. Click on the Export Log button. You will be prompted to select a export file format type as illustrated in Figure 5. Figure 5 SonicOS Export Log Note: 2. Select a file format: Plain text format used in log and alert e-mail Saves the log file as plain text, which can be used for alert e-mails. Comma-Separated Value (CSV) format Saves the log file for importing into Microsoft Excel or other presentation development application. 3. Click on the Export button. 4. Save the exported log file to a location on your personal computer s hard drive. You can export a log to a file with applied filter settings. Referencing the SonicOS Log > View Field Display SonicOS 2.5 Enhanced and Standard releases and greater provide the SonicOS Log > View field display as illustrated in Figure 6. Figure 6 SonicOS Log > View Field Display Time and Date Stamp Category Source IP Address Log Event Notes Priority Descrition IP Rule SONICOS LOG EVENT REFERENCE GUIDE 7
Referencing the SonicWALL Firmware Log > View Log Field Display SonicWALL Firmware 6.6.0.0 release and greater provide the SonicWALL Firmware Log > View Log field display as illustrated in Figure 7. Figure 7 SonicWALL Firmware Log > View Log Field Display Time and Date Stamp Source IP Address Additional Information Event IP Address Rule Number (If Applicable) 8 SONICOS LOG EVENT REFERENCE GUIDE
Index of Log Event s This section contains a list of log event messages for all SonicWALL Firmware and SonicOS Software Releases, ordered alphabetically. Use your web browser s Find function to search for a command. Log Event Symbols Key Log Event Symbol Description Context %s Ethernet Port Down Represents a character string. [WAN LAN DMZ] Ethernet Port Down The cache is full; %u open connections; some will be Represents a numerical string. The cache is full; [40,000] open connections; some will be TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message. Each log event message described in the following table provides the following log event details: SonicOS Category Displays the SonicOS Software category event type. Legacy Category Displays the SonicWALL Firmware Software category event type. Priority Level Displays the level of urgency of the log event message. Log ID Number Displays the ID number of the log event message. SNMP Trap Type Displays the SNMP Trap ID number of the log event message. Log Event SonicOS Category Legacy Category Priority Level Log ID Number SNMP Trap Type Log Event Type #Web site hit Traffic Connection Traffic Information 97 --- Standard HTTP Traffic Report %s VPN IKE User Activity Information 171 --- Standard %s ARS --- Information 840 --- Standard %s ARS --- Notice 841 --- Standard %s ARS --- Debug 842 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 9
%s Ethernet Port Down %s Ethernet Port Up %s-payload processing error Firewall Event System Error Error 333 641 Standard Firewall Event System Error Warning 332 640 Standard VPN IKE Debug Error 616 --- Standard SonicWALL Registration Update Needed: Restore your existing security service subscriptions by clicking here. Security s Maintenance Warning 496 --- Simple 802.11b Management Wireless 802.11b Management Information 518 --- Simple A prior version of preferences was loaded because the most recent preferences file was inaccessible A SonicOS Standard to Enhanced Upgrade was performed Firewall Event System Error Warning 572 648 Simple Firewall Event Maintenance Information 611 --- Simple attempt from host out of compliance with GSC policy attempt from host without Anti-Virus agent installed attempt from host without GSC installed Security s Security s Security s Maintenance Information 761 --- Standard Maintenance Information 123 --- Standard Maintenance Information 763 524 Standard rule added Firewall Rule User Activity Information 440 --- Simple Rule rule deleted Firewall Rule User Activity Information 442 --- Simple Rule 10 SONICOS LOG EVENT REFERENCE GUIDE
rule modified Firewall Rule User Activity Information 441 --- Simple Rule to proxy server denied ActiveX access denied ActiveX or Java archive access denied Blocked Sites Notice 60 705 Standard Note Blocked Blocked Code Notice 18 --- Standard Note Blocked Blocked Code Notice 20 --- Standard Note Blocked AD agent %s is not responding Add an attack message Adding Dynamic Entry for Bound MAC Address Adding L2TP IP pool Address object Failed Adding to multicast policylist, interface: %s Adding to Multicast policylist, VPN SPI: %s Administrator logged out Administrator logged out - inactivity timer expired Administrator login allowed Administrator login denied due to bad credentials MS AD --- Error 769 --- Standard Firewall Event Attack Error 143 525 Simple --- Information 813 --- Standard Note ENET L2TP Server System Error Error 603 661 Simple Multicast --- Debug 697 --- Standard Multicast --- Debug 699 --- Standard Authentication User Activity Information 261 --- Standard Authentication User Activity Information 262 --- Standard Authentication User Activity Information 29 --- Standard Authentication Attack Alert 30 560 Standard SONICOS LOG EVENT REFERENCE GUIDE 11
Administrator login denied from %s; logins disabled from this interface Adminstrator name changed All DDNS associations have been deleted All preference values have been set to factory default values Allowed LDAP server certificate with wrong host name Authentication Attack Alert 35 506 Standard Authentication Maintenance Information 328 --- Standard DDNS Maintenance Information 783 --- Simple Firewall Event System Error Warning 574 650 Simple RADIUS User Activity Warning 752 --- Standard Note Anti-Spyware Alert: %s Anti-Spyware Prevention Alert: %s Anti-Spyware Expired Anti-Virus agent out-of-date on host Anti-Virus Licenses Exceeded Security s Security s Security s Attack Alert 795 576 Standard Anti-Spy Attack Alert 794 575 Standard Anti-Spy Maintenance Warning 796 577 Simple Maintenance Information 124 --- Standard Maintenance Information 408 --- Standard Arp request packet received Arp request packet sent Arp response packet received Arp response packet sent --- Information 717 --- Standard Note ENET --- Information 715 --- Standard Note ENET --- Information 716 --- Standard Note ENET --- Information 718 --- Standard Note ENET ARP timeout Debug Debug 45 --- Standard Association Flood from wlan station WLAN IDS WLAN IDS Alert 548 903 Simple 12 SONICOS LOG EVENT REFERENCE GUIDE
Authentication timeout during Remotely Triggered Dial-out session Authentication User Activity Information 821 --- Simple Back Orifice attack Backup active Backup firewall being preempted by Primary Backup firewall has transitioned to Active Backup firewall has transitioned to Idle Backup going Active in preempt mode after reboot Backup missed heartbeats from Primary Backup received error signal from Primary Backup received reboot signal from Primary Backup shut down because license is expired Backup will be shut down in %s minutes High Avaiability High Availability High Availability High Availability High Availability High Availability High Availability High Availability High Availability High Availability Attack Alert 73 512 Standard System Error Information 825 --- Simple System Error Error 152 619 Simple Maintenance Information 145 --- Simple Maintenance Information 147 --- Simple System Error Error 170 622 Simple System Error Error 149 616 Simple System Error Error 151 618 Simple System Error Error 672 666 Simple System Error Error 824 --- Simple System Error Error 823 --- Standard Bad CRL format VPN PKI User Activity Alert 277 --- Simple Blocked Quick Mode for Client using Default KeyId VPN Client System Error Error 505 660 Standard SONICOS LOG EVENT REFERENCE GUIDE 13
BOOTP Client IP address on LAN conflicts with remote device IP, deleting IP address from remote table BOOTP reply relayed to local device BOOTP Request received from remote device BOOTP server response relayed to remote device BOOTP Maintenance Information 619 --- Standard BOOTP Maintenance Information 620 --- Standard BOOTP Debug Debug 621 --- Standard BOOTP Debug Debug 618 --- Standard Broadcast packet Debug Debug 46 --- Standard Note Protocol Cannot connect to the CRL server Cannot Validate Issuer Path Certificate on Revoked list (CRL) VPN PKI User Activity Alert 274 --- Simple VPN PKI User Activity Alert 878 --- Simple VPN PKI User Activity Alert 279 --- Simple CFL auto-download disabled, time problem detected Security s Maintenance Information 268 --- Simple CLI administrator logged out CLI administrator login allowed CLI administrator login denied due to bad credentials Computed hash does not match hash received from peer Authentication User Activity Information 520 --- Simple Authentication User Activity Information 199 --- Simple Authentication User Activity Warning 200 --- Simple VPN IKE User Activity Warning 410 --- Standard 14 SONICOS LOG EVENT REFERENCE GUIDE
Connection Closed Note: In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message. Traffic Connection Traffic Information 537 --- Standard Traffic Report Connection Opened Note: In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message. Traffic Connection Information 98 --- Standard Note Protocol Connection timed out VPN PKI User Activity Alert 273 --- Simple Cookie removed Blocked Code Notice 21 --- Standard CRL has expired VPN PKI User Activity Alert 874 --- Simple CRL loaded from VPN PKI User Activity Information 270 --- Simple CRL missing - Issuer requires CRL checking CRL validation failure for Root Certificate Crypto DES test failed Crypto DH test failed VPN PKI User Activity Alert 876 --- Simple VPN PKI User Activity Alert 877 --- Simple Crypto Test Maintenance Error 360 --- Simple Crypto Test Maintenance Error 361 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 15
Crypto Hardware 3Des test failed Crypto Hardware 3DES with SHA test failed Crypto Hardware AES test failed Crypto hardware DES test failed Crypto Haredware DES with SHA test failed Crypto Hmac-MD5 fest failed Crypto Hmac-Sha1 test failed Crypto MD5 test failed Crypto RSA test failed Crypto Sha1 test failed DDNS association %s disabled DDNS association %s enabled DDNS association %s added DDNS association %s deactivated DDNS association %s deleted DDNS Association %s put on line Crypto Test Maintenance Error 367 --- Simple Crypto Test Maintenance Error 369 --- Simple Crypto Test Maintenance Error 610 --- Standard Crypto Test Maintenance Error 366 --- Simple Crypto Test Maintenance Error 368 --- Simple Crypto Test Maintenance Error 362 --- Simple Crypto Test Maintenance Error 363 --- Simple Crypto Test Maintenance Error 370 --- Simple Crypto Test Maintenance Error 364 --- Simple Crypto Test Maintenance Error 365 --- Simple DDNS Maintenance Information 781 --- Simple DDNS Maintenance Information 780 --- Simple DDNS Maintenance Information 779 --- Simple DDNS Maintenance Information 784 --- Simple DDNS Maintenance Information 785 --- Simple DDNS Maintenance Information 782 --- Simple 16 SONICOS LOG EVENT REFERENCE GUIDE
DDNS association %s taken Offline locally DDNS Failure: Provider %s DDNS Failure: Provider %s DDNS Failure: Provider %s DDNS Update success for domain %s DDNS Warning: Provider %s Deleting from Multicast policy list, interface : %s Deleting from Multicast policy list, VPN SPI : %s DDNS Maintenance Information 778 --- Simple DDNS System Error Error 774 --- Simple DDNS System Error Error 775 --- Simple DDNS System Error Error 773 --- Simple DDNS Maintenance Information 776 --- Standard DDNS System Error Warning 777 --- Simple Multicast --- Debug 698 --- Standard Multicast --- Debug 700 --- Standard Deleting IPSec SA VPN IKE User Activity Information 92 --- Standard Note SPI DHCP client enabled but not ready DHCP Client did not get DHCP ACK DHCP Client failed to verify and lease has expired. Go to INIT state. DHCP Client got a new IP address lease. DHCP Client got ACK from server DHCP Client got NACK DHCP Client Maintenance Information 504 --- Simple DHCP Client Maintenance Information 109 --- Standard DHCP Client Maintenance Information 119 --- Standard DHCP Client Maintenance Information 121 --- Standard DHCP Client Maintenance Information 111 --- Standard DHCP Client Maintenance Information 110 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 17
DHCP Client is declining address offered by the server. DHCP Client sending REQUEST and going to REBIND state DHCP Client sending REQUEST and going to RENEW state DHCP DISCOVER received from remote device DHCP lease. Lease from Central Gateway conflicts with Relay IP DHCP lease. Lease from Central Gateway conflicts with Remote Management IP DHCP lease relayed to local device DHCP lease relayed to remote device DHCP lease to LAN device conflicts with remote device, deleting remote IP entry DHCP NAK received from server DHCP OFFER received from server DHCP Client Maintenance Information 112 --- Standard DHCP Client Maintenance Information 113 --- Standard DHCP Client Maintenance Information 114 --- Standard DHCP Relay Debug Information 474 --- Standard DHCP Relay Maintenance Warning 228 --- Standard DHCP Relay Maintenance Warning 484 --- Standard DHCP Relay Maintenance Information 223 --- Standard DHCP Relay Debug Information 225 --- Standard DHCP Relay Maintenance Information 226 --- Standard DHCP Relay Debug Information 477 --- Standard DHCP Relay Debug Information 476 --- Standard 18 SONICOS LOG EVENT REFERENCE GUIDE
DHCP Ranges altered automatically due to change in network settings for interface %s DHCP RELEASE received from remote device DHCP RELEASE relayed to Central Gateway DHCP REQUEST received from remote device DHCP Server not available. Did not get any DHCP OFFER. Firewall Event --- Information 832 --- Standard DHCP Relay Debug Information 224 --- Standard DHCP Relay Maintenance Information 222 --- Standard DHCP Relay Debug Information 473 --- Standard DHCP Client Maintenance Information 106 --- Standard Diagnostic Code A Diagnostic Code B Diagnostic Code C Diagnostic Code D Diagnostic Code D Firewall Hardware Firewall Hardware Firewall Hardware Firewall Hardware Firewall Hardware System Error Error 93 611 Simple Note System Error Error 94 612 Simple Note System Error Error 95 613 Simple Note System Error Error 64 610 Standard Note Code System Error Error 517 642 Simple Note Diagnostic Code E VPN IPSec System Error Error 61 609 Standard Note Code Diagnostic Code F Diagnostic Code G Diagnostic Code H Diagnostic Code I Firewall Hardware Firewall Hardware Firewall Hardware Firewall Hardware System Error Error 164 621 Simple Note System Error Error 599 655 Simple Note System Error Error 600 656 Simple Note System Error Error 601 657 Simple Note Disconnecting L2TP Tunnel due to traffic timeout L2TP Client Maintenance Information 215 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 19
Disconnecting PPPoE due to traffic timeout Disconnecting PPTP Tunnel due to traffic timeout PPPoE Maintenance Information 168 --- Simple PPTP Maintenance Information 389 --- Simple Discovered HA Backup Firewall DNS packet allowed Drop Wlan traffic from non SonicPoint devcies High Availability Maintenance Information 156 --- Simple Debug Information 602 --- Standard Policy Attack Error 662 572 Standard Dynamic IPSec client connected VPN IPSec User Activity Information 62 --- Standard EIGRP packet E-Mail fragment Error initializing Hardware acceleration for VPN Error Rebooting HA Peer Firewall Error setting the IP address of the backup, please manually set to backup LAN IP Error Synchronizing HA Peer Firewall Firewall Hardware High Availability High Availability High Availability Debug Notice 714 --- Standard Note Attack Error 437 550 Standard Maintenance Error 374 --- Simple System Error Error 669 663 Simple System Error Error 191 629 Simple System Error Error 158 662 Simple Exceeded Max multicast address limit Failed payload validation Failed payload verification after decryption. Possible preshared key mismatch. Multicast --- Warning 703 --- Standard VPN IKE User Activity Warning 405 --- Standard VPN IKE User Activity Warning 404 --- Standard 20 SONICOS LOG EVENT REFERENCE GUIDE
Failed to find certificate Failed to get CRL from Failed to Process CRL from Failed to resolve name Failed to synchronize Relay IP Table Failure to add data channel VPN PKI User Activity Alert 875 --- Simple VPN PKI User Activity Alert 271 --- Simple VPN PKI User Activity Alert 276 --- Simple Maintenance Information 84 --- Simple DHCP Relay System Error Warning 234 632 Standard Unused Debug Debug 49 --- Standard Failure to reach Interface %s probe High Availability System Error Error 675 647 Standard Fan Failure Firewall Hardware System Environment Alert 576 102 Simple Forbidden E-Mail attachment deleted Forbidden E-Mail attachment disabled Attack Error 248 534 Standard Attack Alert 165 527 Standard Found Rogue Point Found Rogue Point WLAN IDS WLAN IDS Alert 546 901 Simple WLAN IDS WLAN IDS Alert 556 901 Simple Fragmented packet TCP UDP ICMP Notice 28 --- Standard Note Protocol Fraudulent Microsoft certificate found; access denied FTP: Data connection from non default port FTP: PASV response bounce attack. Attack Error 193 532 Standard Attack Alert 538 557 Standard Attack Alert 528 556 Standard Note SONICOS LOG EVENT REFERENCE GUIDE 21
FTP: PASV response spoof attack. FTP: PORT bounce attack. Gateway Anti-Virus Alert: %s Gateway Anti-Virus expired Security s Security s Attack Error 446 551 Standard Attack Alert 527 555 Standard Note Attack Alert 809 --- Standard Maintenance Warning 810 --- Simple Global VPN Client connection is not allowed. Appliance is not registered. Global VPN Client License Exceeded: Connection denied. Global VPN Client version cannot enforce personal firewall. Minimum Version required is 2.1. Got DHCP OFFER. Selecting. VPN Client System Error Information 529 643 Standard VPN Client System Error Information 494 658 Standard VPN Client User Activity Information 604 --- Standard DHCP Client Maintenance Information 107 --- Standard GSC policy out-of-date on host Security s Maintenance Information 762 --- Standard Guest account '%s' created Guest account '%s' deleted Guest account '%s' disabled Guest account '%s' pruned Guest account '%s' re-enabled Authentication User Activity Information 558 --- Standard Authentication User Activity Information 559 --- Standard Authentication User Activity Information 560 --- Standard Authentication User Activity Information 562 --- Standard Authentication User Activity Information 561 --- Standard 22 SONICOS LOG EVENT REFERENCE GUIDE
Guest account '%s' re-generated Guest login denied. Guest '%s' is already logged in. Please try again later. H.323/H.225 Connect Authentication User Activity Information 563 --- Standard Authentication User Activity Information 557 --- Standard VoIP VoIP Debug 634 --- Standard Note H.323/H.225 Setup VoIP VoIP Debug 633 --- Standard Note H.323/H.245 Address H.323/H.245 End Session H.323/RAS Admission Confirm H.323/RAS Admission Reject H.323/RAS Admission Request H.323/RAS Bandwidth Reject H.323/RAS Disengage Confirm H.323/RAS Disengage Reject H.323/RAS Gatekeeper Reject H.323/RAS Location Confirm H.323/RAS Location Reject H.323/RAS Registration Reject H.323/RAS Unknown Response VoIP VoIP Debug 635 --- Standard Note VoIP VoIP Debug 636 --- Standard Note VoIP VoIP Debug 625 --- Standard Note VoIP VoIP Debug 624 --- Standard Note VoIP VoIP Debug 626 --- Standard Note VoIP VoIP Debug 627 --- Standard Note VoIP VoIP Debug 628 --- Standard Note VoIP VoIP Debug 641 --- Standard Note VoIP VoIP Debug 629 --- Standard Note VoIP VoIP Debug 630 --- Standard Note VoIP VoIP Debug 631 --- Standard Note VoIP VoIP Debug 632 --- Standard Note VoIP VoIP Debug 640 --- Standard Note SONICOS LOG EVENT REFERENCE GUIDE 23
H.323/RAS Unregistration Reject VoIP VoIP Debug 642 --- Standard Note HA packet processing error High Availability Maintenance Information 162 --- Simple Hardware Failover settings were not upgraded Header verification failed HTTP management port has changed HTTPS management port has changed Firewall Event Maintenance Information 743 --- Simple VPN IKE User Activity Warning 587 --- Standard Firewall Event Maintenance Information 340 --- Simple Note Firewall Event Maintenance Information 341 --- Simple Note ICMP checksum error ICMP packet allowed ICMP packet ICMP packet ICMP packet from LAN allowed UDP Notice 886 --- Standard Debug Information 597 --- Standard Policy ICMP Notice 38 --- Standard Policy ICMP Notice 523 --- Standard ICMP Debug Information 598 --- Standard ICMP ICMP packet from LAN LAN ICMP LAN TCP Notice 175 --- Standard ICMP If not already enabled, enabling NTP is recommended Firewall Hardware System Error Warning 540 645 Simple IGMP packet, wrong checksum received on interface %s IGMP Leave group message Received on interface %s Multicast --- Notice 683 --- Standard Multicast --- Information 682 --- Standard 24 SONICOS LOG EVENT REFERENCE GUIDE
IGMP packet, decoding error IGMP Packet Not handled. Packet type : %s IGMP querier Router detected on interface %s IGMP querier Router detected on VPN tunnel, SPI %S IGMP state table entry time out,deleting interface : %s for multicast address : %s IGMP state table entry time out,deleting VPN SPI :%s for Multicast address : %s IGMP V2 client joined multicast Group : %s IGMP V2 Membership report received from interface %s IGMP V3 client joined multicast Group : %s IGMP V3 Membership report received from interface %s IGMP V3 packet, unsupported Record type : %s Multicast --- Notice 686 --- Standard Multicast --- Notice 687 --- Standard Multicast --- Debug 701 --- Standard Multicast --- Debug 702 --- Standard Multicast --- Debug 692 --- Standard Multicast --- Debug 693 --- Standard Multicast --- Information 676 --- Standard Multicast --- Debug 679 --- Standard Multicast --- Information 677 --- Standard Multicast --- Debug 678 --- Standard Multicast --- Notice 688 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 25
IGMP V3 reord type : %s not Handled IKE ID mismatch %s IKE Initiator drop: Packet dest address does not match selected local interface address IKE Initiator: Accepting IPSec proposal (Phase 2) IKE Initiator: Accepting peer lifetime (Phase 1) IKE Initiator: Aggressive Mode complete (Phase 1) IKE Initiator: Main Mode complete (Phase 1) IKE Initiator: Received notify. NO_PROPOSAL_ CHOSEN IKE Initiator: Start Aggressive Mode negotiation (Phase 1) IKE Initiator: Start Main Mode negotiation (Phase 1) IKE Initiator: Start Quick Mode (Phase 2) IKE Initiator: Using secondary gateway to negotiate Multicast --- Debug 689 --- Standard VPN IKE Debug Debug 658 --- Standard VPN IKE User Activity Information 544 --- Standard VPN IKE User Activity Information 372 --- Standard Note VPN IKE User Activity Information 445 --- Standard VPN IKE User Activity Information 354 --- Standard VPN IKE User Activity Information 353 --- Standard VPN IKE User Activity Warning 401 --- Standard VPN IKE User Activity Information 358 --- Standard VPN IKE User Activity Information 351 --- Standard VPN IKE User Activity Information 346 --- Standard VPN IKE User Activity Information 543 --- Standard 26 SONICOS LOG EVENT REFERENCE GUIDE
IKE negotiation aborted due to timeout IKE negotiation complete. Adding IPSec SA. (Phase 2) IKE Responder drop: Packet dest address does not match selected local interface address IKE Responder: %s policy does not allow static IP for Virtual Adapter. IKE Responder: Accepting IPSec proposal (Phase 2) IKE Responder: Aggressive Mode complete (Phase 1) IKE Responder: AH Perfect Forward Secrecy mismatch IKE Responder: Algorithms and/or keys do not match IKE Responder: Default LAN gateway is not set but peer is proposing to use this SA as a default route IKE Responder: Default LAN gateway is set but peer is not proposing to use this SA as a default route VPN IKE User Activity Information 403 --- Standard VPN IKE User Activity Information 89 --- Standard VPN IKE User Activity Information 545 --- Standard VPN Client System Error Error 660 --- Standard VPN IKE User Activity Information 87 --- Standard Note VPN IKE User Activity Information 373 --- Standard VPN IKE User Activity Warning 258 544 Standard VPN IKE User Activity Warning 260 546 Standard VPN IKE Attack Error 516 553 Standard Note VPN IKE User Activity Warning 253 539 Standard Note SONICOS LOG EVENT REFERENCE GUIDE 27
IKE Responder: ESP Perfect Forward Secrecy mismatch IKE Responder: IKE proposal does not match (Phase 1) IKE Responder: IP Address already exists in the DHCP relay table. Client traffic not allowed. IKE Responder: IPSec proposal does not match (Phase 2) IKE Responder: Main Mode complete (Phase 1) IKE Responder: Mode %d - not transport mode. Xauth is required but not supported by peer. IKE Responder: Mode %d - not tunnel mode IKE Responder: No match for proposed remote network address IKE Responder: No matching Phase 1 ID found for proposed remote network IKE Responder: Proposed local network is 0.0.0.0 but SA has no LAN Default Gateway VPN IKE User Activity Warning 259 545 Standard VPN IKE User Activity Warning 402 --- Standard VPN Client System Error Error 659 --- Standard Note VPN IKE User Activity Warning 88 523 Standard Note VPN IKE User Activity Information 357 --- Standard VPN IKE Debug Warning 342 --- Standard Number VPN IKE User Activity Warning 249 535 Standard Number VPN IKE User Activity Warning 252 538 Standard Note VPN IKE User Activity Warning 250 536 Standard Note VPN IKE User Activity Warning 418 549 Standard Note 28 SONICOS LOG EVENT REFERENCE GUIDE
IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route IKE Responder: Received Aggressive Mode request (Phase 1) IKE Responder: Received Main Mode request (Phase 1) IKE Responder: Received Quick Mode Request (Phase 2) IKE Responder: Tunnel terminates inside firewall but proposed local network is not inside firewall IKE Responder: Tunnel terminates on DMZ but proposed local network is on LAN IKE Responder: Tunnel terminates on LAN but proposed local network is on DMZ IKE Responder: Tunnel terminates outside firewall but proposed local network is not NAT public address IKE Responder: Tunnel terminates outside firewall but proposed remote network is not NAT public address VPN IKE User Activity Warning 251 537 Standard VPN IKE User Activity Information 356 --- Standard VPN IKE User Activity Information 355 --- Standard VPN IKE User Activity Information 352 --- Standard VPN IKE User Activity Warning 255 541 Standard Note VPN IKE User Activity Warning 256 542 Standard Note VPN IKE User Activity Warning 257 543 Standard Note VPN IKE User Activity Warning 254 540 Standard Note VPN IKE User Activity Warning 345 548 Standard Note SONICOS LOG EVENT REFERENCE GUIDE 29
IKE SA lifetime expired. VPN IKE User Activity Information 350 --- Standard Illegal IPSec SPI VPN IPSec User Activity Information 65 --- Standard Imported VPN SA is invalid - disabled Inbound connection from RBL-listed SMTP server Incoming call received for Remotely Triggered Dial-out session Incompatible IPSec Security Association Incorrect authentication received for Remotely Triggered Dial-out Firewall Event Maintenance Warning 348 --- Standard Note RBL --- Notice 798 --- Standard Authentication User Activity Information 817 --- Simple VPN IPSec User Activity Information 69 --- Standard Authentication User Activity Information 819 --- Simple Ini Killer attack Attack Alert 80 519 Standard Interface %s Link Is Down Interface %s Link Is Up Interface IP Assignment : Binding and initializing %s Interface IP Assignment changed: Shutting down %s Interface statistics report Firewall Event System Error Error 566 647 Standard Firewall Event System Error Warning 565 646 Standard Firewall Event Maintenance Information 568 --- Standard Firewall Event Maintenance Information 567 --- Standard GMS --- Information 805 --- Simple Interface Statistics 30 SONICOS LOG EVENT REFERENCE GUIDE
Invalid TCP flags on an incomplete connection --- Notice 760 --- Standard Note Invalid VLAN packet --- Alert 836 --- Standard Note IP Header checksum error TCP UDP Notice 883 --- Standard IP spoof detected on packet to Central Gateway, packet DHCP Relay Attack Error 229 533 Standard Note ENET IP spoof Attack Alert 23 502 Standard Note ENET IP type %s packet LAN UDP LAN TCP Notice 590 --- Standard IPS Alert: %s IPS Alert: %s IPS Prevention Alert: %s IPS Prevention Alert: %s Attack Alert 608 569 Standard IDP Attack Alert 789 573 Standard Attack Alert 609 570 Standard IDP Attack Alert 790 574 Standard IPSec (AH) packet VPN IPSec TCP UDP ICMP Notice 534 --- Standard Note IPSec (AH) packet ; waiting for pending IPSec connection VPN IPSec Debug Debug 536 --- Standard IPSec (ESP) packet VPN IPSec TCP UDP ICMP Notice 533 --- Standard Note IPSec (ESP) packet ; waiting for pending IPSec connection VPN IPSec Debug Debug 535 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 31
IPSec Authentication Failed VPN IPSec Attack Error 67 508 Standard IPSec connection interrupt Debug Debug 43 --- Standard IPSec Decryption Failed VPN IPSec Attack Error 68 509 Standard IPSec packet TCP UDP ICMP Notice 40 --- Standard IPSec packet ; waiting for pending IPSec connection Debug Debug 42 --- Standard IPSec packet from an illegal host IPSec packet from or to an illegal host IPSEC Replay Detected VPN IPSec Maintenance Information 247 --- Standard VPN IPSec Attack Error 70 510 Standard VPN IPSec Attack Alert 180 531 Standard Note IPSecTunnel status changed VPN VPN Tunnel Status Information 427 801 Simple ISDN Driver Firmware successfully updated Firewall Event Maintenance Information 493 --- Simple Issuer match failed VPN PKI User Activity Alert 278 --- Simple Java access denied Blocked Code Notice 19 --- Standard Note Blocked L2TP enabled but not ready L2TP Max Retransmission Exceeded L2TP PPP Authentication Failed Unused Maintenance Information 500 --- Simple L2TP Client Maintenance Information 203 --- Simple L2TP Client Maintenance Information 212 --- Simple L2TP PPP Down L2TP Client Maintenance Information 211 --- Simple L2TP PPP link down L2TP Client Maintenance Information 217 --- Simple 32 SONICOS LOG EVENT REFERENCE GUIDE
L2TP PPP Negotiation Started L2TP PPP Session Up L2TP Server : Deleting the L2TP active Session L2TP Server : Deleting the Tunnel L2TP Server : L2TP Session Established. L2TP Server : L2TP Tunnel Established. L2TP Server : Retransmission Timeout, Deleting the Tunnel L2TP Server : User Name authentication Failure locally. L2TP Server: Local Authentication Failure L2TP Server: Local Authentication Success. L2TP Server: Radius Authentication Success L2TP Server: Radius reports Authentication Failure L2TP Server: Radius server not assigned IP address L2TP Client Maintenance Information 208 --- Simple L2TP Client Maintenance Information 210 --- Simple L2TP Server Maintenance Information 337 --- Standard L2TP Server Maintenance Information 336 --- Standard L2TP Server Maintenance Information 309 --- Standard L2TP Server Maintenance Information 308 --- Standard L2TP Server Maintenance Information 338 --- Standard L2TP Server Maintenance Information 344 --- Standard L2TP Server Maintenance Information 312 --- Standard L2TP Server Maintenance Information 318 --- Standard L2TP Server Maintenance Information 319 --- Standard L2TP Server Maintenance Information 311 --- Standard L2TP Server Maintenance Information 313 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 33
L2TP Server: Call Disconnect from Remote. L2TP Server: Tunnel Disconnect from Remote. L2TP Session Disconnect from Remote L2TP Session Established L2TP Session Negotiation Started L2TP Tunnel Disconnect from Remote L2TP Tunnel Established L2TP Tunnel Negotiation Started LAN Subnet configurations were not upgraded. L2TP Server Maintenance Information 334 --- Standard L2TP Server Maintenance Information 335 --- Standard L2TP Client Maintenance Information 207 --- Simple L2TP Client Maintenance Information 206 --- Simple L2TP Client Maintenance Information 202 --- Simple L2TP Client Maintenance Information 205 --- Simple L2TP Client Maintenance Information 204 --- Simple L2TP Client Maintenance Information 201 --- Simple Firewall Event Maintenance Information 741 --- Simple Land attack Attack Alert 27 505 Standard License exceeded: Connection because too many IP addresses are in use on your LAN Firewall Event System Error Error 58 608 Standard License of HA pair doesn't match High Availability System Error Error 670 664 Simple Local user login allowed Local user login denied due to bad credentials Locked-out user logins allowed - lockout period expired Authentication User Activity Information 31 --- Standard Authentication User Activity Information 32 --- Standard Authentication User Activity Information 438 --- Standard Note 34 SONICOS LOG EVENT REFERENCE GUIDE
Locked-out user logins allowed by administrator Authentication User Activity Information 439 --- Standard Note Log Cleared Firewall Logging Maintenance Information 5 --- Simple Log Debug Firewall Event Debug Error 142 --- Simple Log successfully sent via email Firewall Logging Maintenance Information 6 --- Simple Login screen timed out MAC address collides with Static ARP Entry with Bound MAC address; packet Authentication User Activity Information 34 --- Standard --- Notice 814 --- Standard Note ENET Machine %s removed from SYN flood blacklist Malformed or unhandled IP packet Maximum events per second threshold exceeded Firewall Logging --- Alert 865 --- Standard Attack Alert 522 554 Standard System Error Critical 654 --- Simple Maximum sequential failed dial attempts (10) to a single dial-up number: %s PPP Dial-up Attack Error 591 566 Standard Maximum syslog data per second threshold exceeded Firewall Logging System Error Critical 655 --- Simple Multicast application %s not supported Multicast packet, Invalid src IP received on interface : %s Multicast --- Information 696 --- Standard Multicast --- Alert 685 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 35
Multicast packet, wrong MAC address receieved on interface : %s Multicast TCP packet Multicast UDP packet, no state entry Multicast UDP packet, RTCP stateful failed Multicast UDP packet, RTP stateful failed NAT device may not support IPSec AH passthrough NAT Discovery : No NAT/NAPT device detected between IPSec Security gateways NAT Discovery : Local IPSec Security Gateway behind a NAT/ NAPT Device NAT Discovery : Peer IPSec Security Gateway behind a NAT/ NAPT Device NAT Discovery : Peer IPSec Security Gateway doesn't support VPN NAT Traversal NAT translated packet exceeds size limit, packet Multicast --- Alert 684 --- Standard Multicast --- Notice 691 --- Standard Multicast --- Notice 690 --- Standard Multicast --- Warning 695 --- Standard Multicast --- Warning 694 --- Standard VPN IPSec Maintenance Information 266 --- Simple VPN IKE User Activity Information 241 --- Standard VPN IKE User Activity Information 240 --- Standard VPN IKE User Activity Information 239 --- Standard VPN IKE User Activity Information 242 --- Standard Debug Debug 339 --- Standard 36 SONICOS LOG EVENT REFERENCE GUIDE
Net Spy attack Attack Alert 74 513 Standard NetBIOS settings were not upgraded. Use >IP Helper to configure NetBIOS support Firewall Event Maintenance Information 740 --- Simple NetBus attack Attack Alert 72 511 Standard for interface %s overlaps with another interface. Modem Mode Disabled: re-enabling NAT Modem Mode Enabled: turning off NAT Firewall Event Maintenance Information 569 --- Standard PPP Dial-up Maintenance Information 531 --- Simple PPP Dial-up Maintenance Information 530 --- Simple New URL List loaded Newsgroup access allowed Newsgroup access denied Security s Maintenance Information 8 --- Simple Blocked Sites Notice 17 704 Standard Note Blocked Blocked Sites Notice 15 702 Standard Note Blocked No Certificate for VPN PKI User Activity Alert 280 --- Simple No new URL List available Security s Maintenance Information 9 --- Simple No response from ISP Disconnecting PPPoE. No response from PPTP server to call requests No response from PPTP server to control connection requests PPPoE Maintenance Information 169 --- Simple PPTP Maintenance Information 431 --- Simple PPTP Maintenance Information 430 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 37
No response from server to Echo Requests, disconnecting PPTP Tunnel No valid DNS server specified for RBL lookups Not all configurations may have been completely upgraded Not enough memory to hold the CRL Obtained Relay IP Table from Remote Gateway OCSP Failed to Resolve Domain Name. OCSP Internal error handling received response. OCSP received response error. OCSP received response. OCSP Resolved Domain Name. OCSP send request message failed. OCSP sending request. Outbound connection to RBL-listed SMTP server PPTP Maintenance Information 429 --- Simple RBL --- Error 800 --- Simple Firewall Event Maintenance Information 612 --- Simple VPN PKI User Activity Warning 272 --- Simple DHCP Relay Maintenance Information 233 --- Standard VPN PKI User Activity Error 853 --- Standard Note VPN PKI User Activity Error 854 --- Standard Note VPN PKI User Activity Error 851 --- Standard Note VPN PKI User Activity Information 850 --- Standard Note VPN PKI User Activity Information 852 --- Standard Note VPN PKI User Activity Error 849 --- Standard Note VPN PKI User Activity Information 848 --- Standard Note RBL --- Notice 797 --- Standard Out-of-order command packet Debug Debug 48 --- Standard 38 SONICOS LOG EVENT REFERENCE GUIDE
Packet by wlan guest check Packet by wlan vpn traversal check Wireless TCP UDP ICMP Wireless TCP UDP ICMP Warning 488 --- Standard Warning 495 --- Standard Packet. No firewall rule associated with VPN policy. VPN System Error Alert 739 --- Standard Note Ping of death Attack Alert 22 501 Standard PKI Failure: CA certificates store exceeded. Cannot verify this Local Certificate PKI Failure: Cannot alloc memory PKI Failure: Certificate's ID does not match this SonicWall PKI Failure: Duplicate local certificate PKI Failure: Duplicate local certificate name PKI Failure: Import failed PKI Failure: Improper file format. Please select PKCS#12 (*.p12) file PKI Failure: Incorrect admin password PKI Failure: Internal error PKI Failure: Loaded but could not verify certificate VPN PKI Maintenance Error 453 --- Simple VPN PKI Maintenance Error 449 --- Simple VPN PKI Maintenance Error 455 --- Simple VPN PKI Maintenance Error 458 --- Simple VPN PKI Maintenance Error 457 --- Simple VPN PKI Maintenance Error 451 --- Simple VPN PKI Maintenance Error 454 --- Simple VPN PKI Maintenance Error 452 --- Simple VPN PKI Maintenance Error 460 --- Simple VPN PKI Maintenance Error 469 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 39
PKI Failure: Loaded the certificate but could not verify it's chain PKI Failure: No CA certificates yet loaded PKI Failure: Output buffer too small PKI Failure: public-private key mismatch PKI Failure: Reached the limit for local certs, cant load any more PKI Failure: Temporary memory shortage, try again PKI Failure: The certificate chain has no root PKI Failure: The certificate chain is circular PKI Failure: The certificate chain is incomplete PKI Failure: The certificate or a certificate in the chain has a bad signature PKI Failure: The certificate or a certificate in the chain has a validity period in the future PKI Failure: The certificate or a certificate in the chain has expired VPN PKI Maintenance Error 470 --- Simple VPN PKI Maintenance Error 459 --- Simple VPN PKI Maintenance Error 448 --- Simple VPN PKI Maintenance Error 456 --- Simple VPN PKI Maintenance Error 450 --- Simple VPN PKI Maintenance Error 461 --- Simple VPN PKI Maintenance Error 464 --- Simple VPN PKI Maintenance Error 462 --- Simple VPN PKI Maintenance Error 463 --- Simple VPN PKI Maintenance Error 468 --- Simple VPN PKI Maintenance Error 466 --- Simple VPN PKI Maintenance Error 465 --- Simple 40 SONICOS LOG EVENT REFERENCE GUIDE
PKI Failure: The certificate or a certificate in the chain is corrupt Please connect interface %s to another network to function properly Please manually check all system configurations for correctness of Upgrade VPN PKI Maintenance Error 467 --- Simple Firewall Event Maintenance Information 570 --- Standard Firewall Event Maintenance Information 613 --- Simple Port configured to receive IPSEC ONLY. Drop packet received in the clear. TCP UDP ICMP Warning 347 --- Standard Possible port scan Possible SYN flood attack detected Possible SYN flood detected on WAN IF %s - switching to connection-proxy mode Possible SYN Flood on IF %s Possible SYN Flood on IF %s continues Possible SYN Flood on IF %s has ceased Attack Alert 82 521 Standard Note Attack Warning 25 503 Standard --- Alert 859 --- Standard --- Alert 860 --- Standard --- Warning 866 --- Standard --- Alert 867 --- Standard PPP Dial-Up: Connect request canceled PPP Dial-Up: Connected at %s bps - starting PPP PPP Dial-up User Activity Information 306 --- Simple PPP Dial-up User Activity Information 286 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 41
PPP Dial-Up: Connection disconnected as scheduled. PPP Dial-Up: Dial initiated by %s PPP Dial-Up: Dialed number did not answer PPP Dial-Up: Dialed number is busy PPP Dial-Up: Dialing not allowed by schedule. %s PPP Dial-Up: Dialing: %s PPP Dial-Up: Idle time limit exceeded - disconnecting PPP Dial-Up: Initialization : %s PPP Dial-Up: Link carrier lost PPP Dial-Up: Manual intervention needed. Check Primary Profile or Profile details PPP Dial-Up: Maximum connection time exceeded - disconnecting PPP Dial-Up: No dialtone detected - check phone-line connection PPP Dial-up --- Information 666 --- Standard PPP Dial-up Maintenance Information 324 --- Standard PPP Dial-up User Activity Information 285 --- Simple PPP Dial-up User Activity Information 284 --- Simple PPP Dial-up --- Information 665 --- Standard PPP Dial-up User Activity Information 281 --- Standard PPP Dial-up User Activity Information 297 --- Simple PPP Dial-up User Activity Information 303 --- Standard PPP Dial-up User Activity Information 288 --- Simple PPP Dial-up User Activity Information 321 --- Simple PPP Dial-up User Activity Information 327 --- Simple PPP Dial-up User Activity Information 282 --- Simple 42 SONICOS LOG EVENT REFERENCE GUIDE
PPP Dial-Up: No link carrier detected - check phone number PPP Dial-Up: No peer IP address from Dial-Up ISP, local and remote IPs will be the same PPP Dial-Up: PPP link down PPP Dial-Up: PPP link established PPP Dial-Up: Previous session was connected for %s PPP Dial-Up: Received new IP address PPP Dial-Up: Shutting down link PPP Dial-Up: The profile in use disabled VPN networking. PPP Dial-Up: Trying to failover but Alternate Profile is manual PPP Dial-Up: Trying to failover but Primary Profile is manual PPP Dial-Up: Unknown dialing failure PPP Dial-Up: User requested connect PPP Dial-up User Activity Information 283 --- Simple PPP Dial-up Maintenance Information 481 --- Simple PPP Dial-up User Activity Information 301 --- Simple PPP Dial-up User Activity Information 300 --- Simple PPP Dial-up User Activity Information 542 --- Standard PPP Dial-up User Activity Information 299 --- Standard PPP Dial-up User Activity Information 302 --- Simple PPP Dial-up Maintenance Information 330 --- Simple WAN Failover User Activity Information 434 --- Simple PPP Dial-up User Activity Information 322 --- Simple PPP Dial-up User Activity Information 287 --- Simple PPP Dial-up User Activity Information 305 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 43
PPP Dial-Up: User requested disconnect PPP Dial-Up: VPN networking restored. PPP: Authentication successful PPP: CHAP authentication failed - check username / password PPP: MS-CHAP authentication failed - check username / password PPP: PAP Authentication failed - check username / password PPP: Starting CHAP authentication PPP: Starting MS-CHAP authentication PPP: Starting PAP authentication PPP Dial-up User Activity Information 304 --- Simple PPP Dial-up Maintenance Information 331 --- Simple PPP User Activity Information 289 --- Simple PPP User Activity Information 291 --- Simple PPP User Activity Information 292 --- Simple PPP User Activity Information 290 --- Simple PPP User Activity Information 294 --- Simple PPP User Activity Information 293 --- Simple PPP User Activity Information 295 --- Simple PPPoE terminated PPPoE Maintenance Information 130 --- Simple PPPoE discovery process complete PPPoE enabled but not ready PPPoE LCP Link Down PPPoE LCP Link Up PPPoE Connected PPPoE Maintenance Information 133 --- Simple PPPoE Maintenance Information 499 --- Simple PPPoE Maintenance Information 129 --- Simple PPPoE Maintenance Information 128 --- Simple PPPoE Maintenance Information 131 --- Simple 44 SONICOS LOG EVENT REFERENCE GUIDE
PPPoE Disconnected PPPoE starting CHAP Authentication PPTP enabled but not ready PPTP Connect Initiated by the User PPTP Control Connection Established PPTP Control Connection Negotiation Started PPTP decode failure PPTP Disconnect Initiated by the User PPTP PAP Authentication success. PPPoE Maintenance Information 132 --- Simple PPPoE Maintenance Information 134 --- Simple PPTP Maintenance Information 501 --- Simple PPTP Maintenance Information 390 --- Standard PPTP Maintenance Information 378 --- Simple PPTP Maintenance Information 375 --- Simple PPTP Debug Debug 596 --- Standard PPTP Maintenance Information 388 --- Standard PPTP Maintenance Information 396 --- Simple PPTP PPP Down PPTP Maintenance Information 385 --- Simple PPTP PPP Link down PPTP PPP Link Finished PPTP Maintenance Information 399 --- Simple PPTP Maintenance Information 400 --- Simple PPTP PPP Link Up PPTP Maintenance Information 398 --- Simple PPTP PPP Negotiation Started PPTP PPP Session Up PPTP Server is not responding, check if the server is UP and running. PPTP server rejected control connection PPTP Maintenance Information 382 --- Simple PPTP Maintenance Information 384 --- Simple PPTP Maintenance Information 444 --- Simple PPTP Maintenance Information 432 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 45
PPTP server rejected the call request PPTP Session Disconnect from Remote PPTP Session Established PPTP Session Negotiation Started PPTP starting CHAP Authentication PPTP starting PAP Authentication PPTP Tunnel Disconnect from Remote PPTP Maintenance Information 433 --- Simple PPTP Maintenance Information 381 --- Simple PPTP Maintenance Information 380 --- Simple PPTP Maintenance Information 376 --- Simple PPTP Maintenance Information 392 --- Simple PPTP Maintenance Information 393 --- Simple PPTP Maintenance Information 379 --- Simple Primary firewall has transitioned to Active Primary firewall has transitioned to Idle Primary firewall preempting Backup Primary missed heartbeats from Backup Primary received error signal from Backup Primary received reboot signal from Backup Priority attack Probable port scan Probable TCP FIN scan High Availability High Availability High Availability High Availability High Availability High Availability Maintenance Information 144 --- Simple System Error Error 146 614 Simple System Error Error 153 620 Simple System Error Error 148 615 Simple System Error Error 150 617 Simple System Error Error 671 665 Simple Attack Alert 79 518 Standard Attack Alert 83 522 Standard Note Attack Alert 177 528 Standard 46 SONICOS LOG EVENT REFERENCE GUIDE
Probable TCP NULL scan Probable TCP XMAS scan Attack Alert 179 530 Standard Attack Alert 178 529 Standard Probing failure on %s Probing succeeded on %s WAN Failover System Error Alert 326 637 Standard WAN Failover System Error Alert 436 638 Standard Problem loading the URL List; Appliance not registered. Problem loading the URL List; check Filter settings Problem loading the URL List; check your DNS server Problem loading the URL List; Flash write failure. Problem loading the URL List; Retrying later. Problem loading the URL List; Subscription expired. Problem loading the URL List; Try loading it again. Problem sending log email; check log settings. Real time clock battery failure. Time values may be incorrect. Security s Security s Security s Security s Security s Security s Security s Firewall Logging Firewall Hardware System Error Error 183 623 Simple System Error Error 10 602 Standard Note Code System Error Error 11 603 Simple System Error Error 187 627 Simple System Error Error 186 626 Standard System Error Error 184 624 Standard System Error Error 185 625 Simple System Error Warning 12 604 Simple System Error Warning 539 644 Simple SONICOS LOG EVENT REFERENCE GUIDE 47
Received a path MTU icmp message from router/gateway Received a path MTU icmp message from router/gateway User Activity Information 182 --- Standard Note SPI User Activity Information 188 --- Standard Note MTU Received AV Alert: %s Received AV Alert: Your SonicWALL Anti-Virus subscription has expired. %s Received AV Alert: Your SonicWALL Anti-Virus subscription will expire in 7 days. %s Received CFS Alert: Your SonicWALL Content Filtering subscription has expired. Received CFS Alert: Your SonicWALL Content Filtering subscription will expire in 7 days. Security s Security s Security s Security s Security s Maintenance Warning 125 524 Standard Maintenance Warning 159 526 Standard Maintenance Warning 482 552 Standard Maintenance Warning 490 563 Simple Maintenance Warning 489 562 Simple Received DHCP offer packet has errors DHCP Client Maintenance Information 588 --- Standard Received E-Mail Filter Alert: Your SonicWALL E-Mail Filtering subscription has expired. Security s Maintenance Warning 492 565 Simple 48 SONICOS LOG EVENT REFERENCE GUIDE
Received E-Mail Filter Alert: Your SonicWALL E-Mail Filtering subscription will expire in 7 days. Security s Maintenance Warning 491 564 Simple Received fragmented packet or fragmentation needed Received IKE SA delete request Debug Debug 63 --- Standard VPN IKE User Activity Information 413 --- Standard Received IPS Alert: Your SonicWALL Prevention (IDP) subscription has expired. Security s Maintenance Warning 614 571 Simple Received IPSEC SA delete request Received ISAKMP packet destined to port %s Received LCP Echo Reply Received LCP Echo Request Received notify: INVALID_COOKIES Received notify: INVALID_ID_INFO Received notify: INVALID_PAYLOAD Received notify: INVALID_SPI Received notify: ISAKMP_AUTH_ FAILED Received notify: PAYLOAD_ MALFORMED VPN IKE User Activity Information 412 --- Standard VPN IKE Debug UDP Information 607 --- Standard PPPoE Maintenance Information 723 --- Simple PPPoE Maintenance Information 721 --- Simple VPN IKE User Activity Information 414 --- Standard VPN IPSec User Activity Warning 483 --- Standard VPN IKE User Activity Error 661 --- Standard VPN IKE User Activity Information 416 --- Standard VPN IKE User Activity Warning 409 --- Standard VPN IKE User Activity Warning 411 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 49
Received notify: RESPONDER_ LIFETIME Received packet retransmission. Drop duplicate packet Received PPPoE Active Discovery Offer Received PPPoE Active Discovery Session_ confirmation Received response packet for DHCP request has errors Received unencrypted packet while crypto active Regulatory requirements prohibit %s from being re-dialed for 30 minutes Remotely Triggered Dial-out session ended. Valid WAN bound data found. Normal dial-up sequence will commence Remotely Triggered Dial-out session started. Requesting authentication Request for Relay IP Table from Central Gateway Requesting CRL from VPN IKE User Activity Information 415 --- Standard VPN IKE User Activity Warning 406 --- Standard PPPoE Maintenance Information 593 --- Simple PPPoE Maintenance Information 594 --- Simple DHCP Client Maintenance Information 589 --- Standard VPN IKE User Activity Warning 605 --- Standard PPP Dial-up Attack Error 592 567 Standard Authentication User Activity Information 822 --- Simple Authentication User Activity Information 818 --- Simple DHCP Relay Maintenance Information 230 --- Standard VPN PKI User Activity Information 269 --- Simple 50 SONICOS LOG EVENT REFERENCE GUIDE
Requesting Relay IP Table from Remote Gateway Retransmitting DHCP DISCOVER Retransmitting DHCP REQUEST (Rebinding) Retransmitting DHCP REQUEST (Rebooting) Retransmitting DHCP REQUEST (Renewing) Retransmitting DHCP REQUEST (Requesting) Retransmitting DHCP REQUEST (Verifying) RIP disabled on interface %s DHCP Relay Maintenance Information 231 --- Standard DHCP Client Maintenance Information 99 --- Standard DHCP Client Maintenance Information 102 --- Standard DHCP Client Maintenance Information 103 --- Standard DHCP Client Maintenance Information 101 --- Standard DHCP Client Maintenance Information 100 --- Standard DHCP Client Maintenance Information 104 --- Standard RIP Maintenance Information 419 --- Standard Ripper attack Attack Alert 76 515 Standard RIPv1 enabled on interface %s RIPv2 compatibility (broadcast) mode enabled on interface %s RIPv2 enabled on interface %s Router IGMP General query received on interface %s Router IGMP Membership query received on interface %s RIP Maintenance Information 420 --- Standard RIP Maintenance Information 422 --- Standard RIP Maintenance Information 421 --- Standard Multicast --- Debug 680 --- Standard Multicast --- Debug 681 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 51
Sending DHCP DISCOVER. Sending DHCP RELEASE. Sending DHCP REQUEST (Rebinding). Sending DHCP REQUEST (Rebooting). Sending DHCP REQUEST (Renewing). Sending DHCP REQUEST (Verifying). Sending DHCP REQUEST. Sending LCP Echo Reply Sending LCP Echo Request Sending PPPoE Active Discovery Request DHCP Client Maintenance Information 105 --- Standard DHCP Client Maintenance Information 122 --- Standard DHCP Client Maintenance Information 116 --- Standard DHCP Client Maintenance Information 117 --- Standard DHCP Client Maintenance Information 115 --- Standard DHCP Client Maintenance Information 118 --- Standard DHCP Client Maintenance Information 108 --- Standard PPPoE Maintenance Information 722 --- Simple PPPoE Maintenance Information 720 --- Simple PPPoE Maintenance Information 595 --- Simple Senna Spy attack Attack Alert 78 517 Standard Sent Relay IP Table to Central Gateway SIP Register expiration exceeds configured Signaling inactivity time out DHCP Relay Maintenance Information 232 --- Standard VoIP VoIP Warning 645 --- Standard Note SIP Request VoIP VoIP Debug 643 --- Standard Note SIP Response VoIP VoIP Debug 644 --- Standard Note SMTP POP-Before-SMTP authentication failed Firewall Logging System Error Warning 656 --- Simple 52 SONICOS LOG EVENT REFERENCE GUIDE
SMTP server found on RBL blacklist RBL --- Notice 799 --- Standard Note Smurf Amplification attack Attack Alert 81 520 Standard SonicPoint Provision SonicPoint statistics report SonicPoint SonicPoint Information 727 --- Simple GMS --- Information 806 --- Simple SonicPoint Statistics SonicPoint Status SonicPoint SonicPoint Information 667 --- Simple SonicWALL activated SonicWALL initializing Firewall Event Maintenance Alert 4 --- Simple Firewall Event Maintenance Information 521 --- Simple Source routed IP packet Spank attack multicast packet Debug Warning 428 --- Standard Attack Alert 606 568 Standard Starting IKE negotiation Starting PPPoE discovery VPN IKE User Activity Information 90 --- Standard Note PPPoE Maintenance Information 127 --- Simple Status GMS Maintenance Emergency 96 --- Simple GMS Status Striker attack Sub Seven attack Success to reach Interface %s probe High Availability Attack Alert 77 516 Standard Attack Alert 75 514 Standard System Error Information 674 --- Standard Successful authentication received for Remotely Triggered Dial-out Authentication User Activity Information 820 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 53
SYN Flood Blacklist on IF %s continues SYN Flood blacklisting disabled by user SYN Flood blacklisting enabled by user SYN flood ceased or flooding machines blacklisted - connection proxy disabled SYN Flood Mode changed by user to: Always proxy WAN connections SYN Flood Mode changed by user to: Watch and proxy WAN connections when under attack SYN Flood Mode changed by user to: Watch and report possible SYN floods Synchronizing preferences to HA Peer Firewall SYN-Flooding machine %s blacklisted TCP checksum error TCP connection TCP connection from LAN denied High Availability --- Warning 868 --- Standard --- Warning 863 --- Standard --- Warning 862 --- Standard --- Alert 861 --- Standard --- Warning 858 --- Standard --- Warning 857 --- Standard --- Warning 856 --- Standard Maintenance Information 673 --- Simple --- Alert 864 --- Standard UDP Notice 884 --- Standard UDP Notice 36 --- Standard Policy LAN TCP Notice 173 --- Standard TCP FIN packet Debug Debug 181 --- Standard 54 SONICOS LOG EVENT REFERENCE GUIDE
TCP stateful inspection enforcement: Bad header TCP stateful inspection enforcement: Connection aborted TCP stateful inspection enforcement: Connection refused TCP stateful inspection enforcement: Invalid ack TCP stateful inspection enforcement: Invalid flag TCP stateful inspection enforcement: Invalid sequence Debug Debug 711 --- Standard Debug Debug 713 --- Standard Debug Debug 712 --- Standard Debug Debug 709 --- Standard Debug Information 710 --- Standard Debug Debug 708 --- Standard TCP SYN received TCP Syn/Fin packet TCP Xmas Tree --- Debug 869 --- Standard Attack Alert 580 558 Standard Attack Alert 267 547 Standard The cache is full; %u open connections; some will be Firewall Event System Error Error 53 607 Standard Number The loaded content URL List has expired Security s System Error Error 190 628 Simple SONICOS LOG EVENT REFERENCE GUIDE 55
The network connection in use is %s The preferences file is too large to be saved in available flash memory WAN Failover System Error Warning 307 639 Standard Firewall Event System Error Warning 573 649 Simple Thermal Red Firewall Hardware System Environment Alert 578 104 Simple Thermal Red Timer Exceeded Firewall Hardware System Environment Alert 579 105 Simple Thermal Yellow Firewall Hardware System Environment Alert 577 103 Simple Time of day settings for firewall policies were not upgraded. Firewall Event Maintenance Information 742 --- Simple UDP checksum error UDP packet UDP Notice 885 --- Standard UDP Notice 37 --- Standard Policy UDP packet from LAN LAN UDP LAN TCP Notice 174 --- Standard Unable to download IPS/GAV/ Aspy Signature database. Firewall must first be restarted to free memory used by downloaded firmware. Unused --- Warning 873 --- Simple Unknown protocol Debug Notice 41 --- Standard Note Unknown reason VPN PKI User Activity Error 275 --- Simple User logged out Authentication User Activity Information 263 --- Standard User logged out - inactivity timer expired Authentication User Activity Information 265 --- Standard Note 56 SONICOS LOG EVENT REFERENCE GUIDE
User logged out - max session time exceeded User logged out - user disconnect detected (heartbeat timer expired) User login denied - insufficient access on LDAP server User login denied - invalid credentials on LDAP server User login denied - LDAP authentication failure User login denied - LDAP communication problem User login denied - LDAP directory mismatch User login denied - LDAP schema mismatch User login denied - LDAP server certificate not valid User login denied - LDAP server down or misconfigured User login denied - LDAP server name resolution failed User login denied - LDAP server timeout User login denied - RADIUS authentication failure Authentication User Activity Information 264 --- Standard Note Authentication User Activity Information 24 --- Standard Note RADIUS User Activity Warning 750 --- Standard RADIUS User Activity Warning 749 --- Standard RADIUS User Activity Information 745 --- Standard RADIUS User Activity Warning 748 --- Standard RADIUS User Activity Warning 757 --- Standard RADIUS User Activity Warning 751 --- Standard RADIUS User Activity Warning 755 --- Standard RADIUS User Activity Warning 747 --- Standard RADIUS User Activity Warning 753 --- Standard RADIUS User Activity Warning 746 --- Standard RADIUS User Activity Information 243 --- Standard SONICOS LOG EVENT REFERENCE GUIDE 57
User login denied - RADIUS communication problem User login denied - RADIUS configuration error User login denied - RADIUS server name resolution failed User login denied - RADIUS server timeout User login denied - TLS or local certificate problem User login denied - User has no privileges for login from that location User login denied - User has no privileges for WLAN guest service User login denied due to bad credentials User login disabled from %s User login failed - Guest service limit reached User login failure rate exceeded - logins from user IP address denied RADIUS User Activity Warning 744 --- Standard RADIUS User Activity Information 245 --- Standard RADIUS User Activity Warning 754 --- Standard RADIUS User Activity Information 244 --- Standard RADIUS User Activity Warning 756 --- Standard RADIUS User Activity Information 246 --- Standard Authentication User Activity Information 486 --- Standard Authentication User Activity Information 33 --- Standard Authentication Attack Error 583 559 Standard Authentication User Activity Information 549 --- Standard Note Authentication Attack Error 329 561 Standard Virtual Point is disabled Virtual Point is enabled SonicPoint 802.11b Management SonicPoint 802.11b Management Information 731 --- Simple Information 730 --- Simple 58 SONICOS LOG EVENT REFERENCE GUIDE
VoIP %s Endpoint added VoIP %s Endpoint not added - configured 'public' endpoint limit reached VoIP %s Endpoint removed VoIP Call Connected VoIP Call Disconnected VoIP VoIP Debug 637 --- Standard VoIP VoIP Warning 639 --- Standard VoIP VoIP Debug 638 --- Standard VoIP VoIP Information 622 --- Standard Note VoIP VoIP Information 623 --- Standard Note Voltages Out of Tolerance Firewall Hardware System Environment Error 575 101 Simple VPN Cleanup: Dynamic network settings change VPN Client Policy Provisioning VPN disabled by administrator VPN disabled for active dial up VPN enabled by administrator VPN User Activity Information 471 --- Standard VPN Client User Activity Information 371 --- Standard Authentication Maintenance Information 506 --- Simple Unused Maintenance Information 503 --- Simple Authentication Maintenance Information 507 --- Simple VPN Log Debug VPN IKE Debug Information 172 --- Simple VPN policy count received exceeds the limit; %s VPN zone administrator login allowed VPN zone remote user login allowed WAN Interface not setup VPN System Error Error 719 --- Standard Authentication User Activity Information 235 --- Standard Authentication User Activity Information 237 --- Standard Firewall Event Maintenance Information 498 --- Simple WAN IP Changed Firewall Event System Error Warning 138 636 Standard SONICOS LOG EVENT REFERENCE GUIDE 59
WAN not ready Firewall Event Maintenance Information 502 --- Simple WAN zone administrator login allowed WAN zone remote user login allowed WARNING: DHCP lease relayed from Central Gateway conflicts with IP in Static Devices list Authentication User Activity Information 236 --- Standard Authentication User Activity Information 238 --- Standard DHCP Relay Maintenance Information 227 --- Standard Web access request Web management request allowed Web site access allowed Web site access denied UDP Notice 524 --- Standard Policy User Activity Notice 526 --- Standard Blocked Sites Notice 16 703 Standard Note Blocked Blocked Sites Notice 14 701 Standard Note Blocked Wireless MAC Filter List disabled by administrator Wireless MAC Filter List enabled by administrator WLAN client null probing WLAN disabled by administrator WLAN disabled by schedule Authentication Maintenance Information 513 --- Simple Authentication Maintenance Information 512 --- Simple WLAN IDS WLAN IDS Warning 615 904 Standard Authentication Maintenance Information 508 --- Simple Authentication Maintenance Information 728 --- Simple Wlan drop traffic to deny network --- Information 724 --- Standard Note WLAN enabled by administrator WLAN enabled by schedule Authentication Maintenance Information 509 --- Simple Authentication Maintenance Information 729 --- Simple 60 SONICOS LOG EVENT REFERENCE GUIDE
WLAN firmware image has been updated WLAN Guest Account Timeout WLAN Guest Idle Timeout WLAN Guest Session Timeout Wireless Maintenance Information 487 --- Simple Authentication User Activity Information 551 --- Standard Note Authentication User Activity Information 564 --- Standard Note Authentication User Activity Information 550 --- Standard Note WLAN max concurrent users reached already --- Information 726 --- Standard Note WLAN not in AP mode, DHCP server will not provide lease to clients on WLAN Wireless Maintenance Information 617 --- Simple WLAN pass traffic to access allow network --- Information 725 --- Standard Note WLAN recovery Wireless Maintenance Information 519 --- Simple WLAN sequence number out of order WLB Failback initiated by %s WLB Failover in progress WLB Resource failed WLB Resource is now available WLB Spill-over started, configured threshold exceeded WLB Spill-over stopped WLAN IDS WLAN IDS Warning 547 902 Simple WAN Failover System Error Alert 435 652 Standard WAN Failover System Error Alert 584 651 Standard WAN Failover System Error Alert 586 654 Standard WAN Failover System Error Alert 585 653 Standard WAN Failover Maintenance Warning 581 --- Simple WAN Failover Maintenance Warning 582 --- Simple SONICOS LOG EVENT REFERENCE GUIDE 61
WPA MIC Failure Wireless 802.11b Management Warning 663 --- Simple WPA Radius Server Timeout Wireless 802.11b Management Information 664 --- Simple XAUTH Failed with VPN client, Authentication failure XAUTH Failed with VPN client, Cannot Contact RADIUS Server XAUTH Succeeded with VPN client VPN Client User Activity Information 140 --- Standard VPN Client User Activity Information 141 --- Standard VPN Client User Activity Information 139 --- Standard 62 SONICOS LOG EVENT REFERENCE GUIDE
Index of Syslog Tag Field Description This section provides an alphabetical listing of Syslog tags and the associated field description. Tag Field Description <ddd> Syslog message prefix The beginning of each syslog message has a string of the form <ddd> where ddd is a decimal number indicating facility and priority of the message. (See [1] Section 4.1.1) arg URL Used to render a URL: arg represents the URL path name part. bcastrx Interface statistics report Displays the broadcast packets received bcasttx Interface statistics report Displays the broadcast packets transmitted bytesrx Interface statistics report Displays the bytes received bytestx Interface statistics report Displays the bytes transmitted c category (legacy only) Indicates the legacy category number (Note: We are not currently sending new category information.) change Configuration change webpage Displays the basename of the firewall web page that performed the last configuration change code Blocking code Indicates the CFS block code category code ICMP type and code Indicates the ICMP code conns Firewall status report Indicates the number of connections in use cpuutil Firewall status report Displays the CPU utilization (not in use) dst IP address, and optionally, port, network interface, and resolved name. dstname URL Displays the URL of web site hit and other legacy destination strings dstname URL Used to render a URL: dstname represents the URL host part dyn Firewall status report Displays the HA and dialup connection state (rendered as h.d where h is n (not enabled), b (backup), or p (primary) and d is 1 (enabled) or 0 (disabled)) fw Firewall WAN IP Indicates the WAN IP Address fwlan Firewall status report Indicates the LAN zone IP address goodrxbytes SonicPoint statistics report Indicates the well formed bytes recevied goodtxbytes SonicPoint statistics report Indicates the well formed bytes transmitted SONICOS LOG EVENT REFERENCE GUIDE 63
i Firewall status report Displays the GMS message interval in seconds id=firewall Webtrends prefix Syntactic sugar for WebTrends (and GMS by habit) if Interface statistics report Displays the interface on which statistics are reported ipscat IPS message Displays the IPS category ipspri IPS message Displays the IPS priority lic Firewall status report Indicates the number of licenses for firewalls with limited modes m ID Provides the message ID number mac MAC address Provides the MAC address msg Static message Displays the event message (from spreadsheet) msg Dynamically-defined message Displays a dynamically defined message string msg Static message with dynamic string Displays a message using the predefined message string containing a %s and a dynamic string argument. msg Static message with dynamic number Displays a message using the predefined string string containing a %s and a dynamic numeric argument. msg IPS message Displays a message using the predefined message string containing a %s and a dynamic string argument. msg Anti-Spyware message Displays the event message (from spreadsheet) n count Indicates the number of times event occurs op HTTP OP code Displays the HTTP operation (GET, POST, etc.) of web site hit pri priority Displays the event priority level (0=emergency..7=debug) proto IP protocol Indicates the IP protocol and detail information proto Protocol and service Displays the protocol information (rendered as proto/service ) proto Protocol and service Displays the protocol information (rendered as proto/service ) pt Firewall status report Displays the HTTP/HTTPS management port (rendered as hhh.sss ) radio SonicPoint statistics report Displays the SonicPoint radio on which event occurred ramutil Firewall status report Displays the RAM utilization (not in use) 64 SONICOS LOG EVENT REFERENCE GUIDE
rcvd Bytes received Indicates the number of bytes received within connection result HTTP Result code Displays the HTTP result code (200, 403, etc.) of web site hit rule Rule ID Displays the Rule number causing packet drop sent Bytes sent Displays the number of bytes sent within connection sid IPS message Provides the IPS signature ID sid Anti-Spyware message Provides the AntiSpyware signature ID sn Firewall serial number Indicates the device serial number spycat Anti-Spyware message Displays the antispyware category spypri Anti-Spyware message Displays the AntiSpyware priority src Source Indicates the source IP address, and optionally, port, network interface, and resolved name. station SonicPoint statistics report Displays the client (station) on which event occurred time Time Reports the time of event type ICMP type and code Indicates the ICMP type ucastrx Interface statistics report Displays the unicast packets received ucasttx Interface statistics report Displays the unicast packets transmitted unsynched Firewall status report Reports the time since last local change in seconds usesstandbysa Firewall status report Displays whether standby SA is in use ( 1 or 0 ) for GMS management usr (or user) User Displays the user name ( user is the tag used by WebTrends) vpnpolicy VPN policy name Displays the VPN policy name of event SONICOS LOG EVENT REFERENCE GUIDE 65
66 SONICOS LOG EVENT REFERENCE GUIDE
SonicWALL,Inc. 1143 Borregas Avenue Sunnyvale,CA 94089-1306 T: 408.745.9600 F: 408.745.9300 www.sonicwall.com 2002 SonicWALL, I n c.sonicwall is a registered trademark of SonicWALL, I n c.other product and company names mentioned herein may be t rademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice. P/ N 232-000827-00 Rev B 6/05