Upload
dangduong
View
226
Download
0
Embed Size (px)
Citation preview
COMPREHENSIVE INTERNET SECURITY™
S o n i c WALL Internet Security Ap p l i a n c e s
SonicOS Log Event Reference Guide
Using the SonicOS Log Event Reference Guide
This reference guide lists and describes SonicOS log event messages. Reference a log event mes-sage by using the alphabetical index of log event messages. This document contains the following sections:• “SonicOS Log Event Messages Overview” on page 1• “Configuring SonicOS ‘Log’ > ‘View’” on page 4• “Referencing the SonicOS ‘Log’ > ‘View ’ Field Display” on page 7• “Index of Log Event Messages” on page 9• “Index of Syslog Tag Field Description” on page 57
SonicOS Log Event Messages OverviewDuring the operation of a SonicWALL security appliance, SonicOS software sends log event mes-sages to the ‘Log’ > ‘View’ page in the SonicWALL management interface.In Figure 1, the ‘Log’ > ‘View’ page is displayed.Figure 1 SonicOS Enhanced ‘Log’ > ‘View’ page
Event logging automatically begins when the SonicWALL security appliance is powered on and con-figured. SonicOS supports a traffic log containing entries with multiple fields. Log event messages provide operational informational and debugging information to help you diag-nose problems with communication lines, internal hardware, or your firmware configuration.
Note: For the SonicOS CLI console display, use the show log command to display log events. Refer to the SonicOS CLI Reference Guide located on the SonicWALL Web site: <http://www.sonicwall.com/support/documentation.html>
SONICOS LOG EVENT REFERENCE GUIDE 1
Note: Not all log event messages indicate operational issues with your SonicWALL security appliance.
SonicOS Log EntriesEach log entry contains the date and time of the event and a brief message describing the event. The SonicWALL manages log events in the following manner:• TCP, UDP, or ICMP packets dropped
When IP packets are dropped by the SonicWALL security appliance, dropped TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address. Log event messages usually include the name of the service in quotation marks.
• Web, FTP, Gopher, or Newsgroup blockedWhen a computer attempts to connect to the blocked site or newsgroup, a log event is displayed. Blocked is defined as a Web site, connection, or event that is denied access from the SonicWALL security appliance. The computer’s IP address, Ethernet address, the name of the blocked Web site, and the Content Filter List Code is displayed. Code definitions for the 12 Content Filter List categories are shown below.
• ActiveX, Java, Cookie or Code Archive blockedWhen ActiveX, Java or Web cookies are blocked, messages with the source and destination IP addresses of the connection attempt is displayed.
• Ping of Death, IP Spoof, and SYN Flood AttacksThe IP address of the machine under attack and the source of the attack is displayed. In most attacks, the source address shown is fake and does not reflect the real source of the attack.
SonicOS ‘Log View Settings’The ‘Log View Settings’ section of the ‘Log’ > ‘View’ page provides you the filtering controls to filter log event messages based on your configured log filter logic. It also contains the following log manage-ment buttons:• Refresh—Renews the ‘Log View’ table with current log event messages.• Clear Log—Empties the entries in the ‘Log View’ table.• E-mail Log—E-mails log event messages to your configured SMTP server or list of e-mail
addresses.• Export Log—Exports the log into a plain .txt or .csv file format.
1. Violence 7. Cult
2. Intimate Apparel/Swim-suit
8. Drugs/Illegal Drugs
3. Nudism 9. Criminal Skills/Illegal Skills
4. Adult/Mature Content/Pornography
10. Sex Education
5. Weapons 11. Gambling
6. Hate/Racism 12. Alcohol & Tobacco
2 SONICOS LOG EVENT REFERENCE GUIDE
SonicOS ‘Log View’ Display FormatThe ‘Log’ > ‘View’ page displays log event messages in following format for alert notification:• Time—Displays the hour and minute the event occurred.• Priority—Displays the level urgency for the event.• Category—Displays the event type.• Message—Displays a description of the event.• Source—Displays the source IP address of incoming IP packet.• Destination—Displays the destination IP address of incoming IP packet.• Note—Displays displays additional information specific to a particular event occurrence.• Rule—Displays the source and destination zones for the access rule. This field provides a link to
the access rule defined in the ‘Firewall’ > ‘Access Rules’ page.The display fields for a log event message provides you with data to verify your configurations, trou-ble-shoot your security appliance, and track IP traffic.
SONICOS LOG EVENT REFERENCE GUIDE 3
Configuring SonicOS ‘Log’ > ‘View’ The ‘Log’ > ‘View” page in the Web-based SonicWALL management interface allows you to export log reports, e-mail log reports, and monitor real-time Syslog data. As soon as you power on your Son-icWALL security appliance, SonicOS software sends Syslog data to your log. In the SonicWALL man-agement interface, you can navigate through the subcategories of the ‘Log’ setting for reporting and customizing log reports.In Figure 2, the ‘Log’ > ‘View’ page is displayed.Figure 2 SonicOS Enhanced ‘Log’ > ‘View’ page
4 SONICOS LOG EVENT REFERENCE GUIDE
Setting the Log Filter LogicBy default, the SonicOS filter logic is set to “Priority && Category && Source && Destination.” The double ampersand symbols (&&) indicate the boolean expression “and.” The default SonicOS filter logic displays all log events.In Figure 3, the ‘Log’ > ‘View’ > ‘Log View Settings’ page is displayed.Figure 3 SonicOS ‘Log View Settings’
Applying Custom Log Event Message FiltersThis section provides examples on using the ‘Log View Settings’ to filter log event messages dis-played in the ‘Log View’ page.
Configuration Example: Filtering Log Event Messages by Priority ValueTo set the log filter logic to display only log event messages with a priority level of Emergency:1. Select Emergency from the filter-Priority Value pull-down menu.
2. Click on the Apply Filters button.
Configuration Example: Filtering Log Event Messages by Category ValueTo set the log filter logic to display only log event messages with a category event type of Attacks:1. Select Attacks from the filter-Category Value pull-down menu.
2. Click on the Apply Filters button.
Apply filters
Reset filters
Export logsDefault filter logic
Group filtersDefault filter logic value
Log Event Message Filters
SONICOS LOG EVENT REFERENCE GUIDE 5
Configuration Example: Filtering Log Event Messages by Source ValueTo set the log filter logic to display only log event messages associated to a source IP address:1. Enter the source IP address or select an interface from the filter-Source Value pull-down menu.
2. Click on the Apply Filters button.
Configuration Example: Filtering Log Event Messages by Destination ValueTo set the log filter logic to display only log event messages associated to a destination IP address:1. Enter the destination IP address or select an interface from the filter-Source Value pull-down
menu. 2. Click on the Apply Filters button.
Using Group FiltersUse Group filters to change the default SonicOS filter logic (Priority && Category && Source && Des-tination) from double ampersand symbols (&&) to double pipe symbols (||) to indicate the boolean expression “or.” When using group filters, select two or more Group Filters checkboxes.
Note: If you select only one Group Filter checkbox, the filter logic will remain the same. Selecting only the Priority-Group Filter checkbox provides you with the following filter logic:
(Priority) && Category && Source && Destination
Configuration Example: Using the ‘Priority’ Group Filter and ‘Category Group’ FilterTo set the log filter logic to display log event messages with a priority level of Emergency or a category event type of Attack:1. Select the ‘Priority’ group filter checkbox.
2. Select the ‘Category’ group filter checkbox.3. Select Emergency from the filter-Priority Value pull-down menu. 4. Select Attacks from the filter-Category Value pull-down menu. Figure 4 illustrates the SonicOS filter logic updated as follows:
(Priority || Category) && Source && Destination
Figure 4 SonicOS Log Group Filters
A filter logic using the boolean expression “||” is less restrictive than the default filter logic using the boolean expression “&&”. With the boolean expression “||”, log event messages are displayed if they match either filter values. With the boolean expression “&&”, log event messages are displayed if they match both filter values.
6 SONICOS LOG EVENT REFERENCE GUIDE
Exporting the Logs to a FileThis section provides instructions to export your log to a file. To export the log to a file:1. Click on the Export Log button. You will be prompted to select a export file format type as
illustrated in Figure 5.Figure 5 SonicOS Export Log
2. Select a file format: Plain text format used in log and alert e-mail—Saves the log file as plain text, which can be used for alert e-mails.Comma-Separated Value (CSV) format—Saves the log file for importing into Microsoft Excel or other presentation development application.
3. Click on the Export button.4. Save the exported log file to a location on your personal computer’s hard drive.
Note: You can export a log to a file with applied filter settings.
Referencing the SonicOS ‘Log’ > ‘View ’ Field Display
SonicOS 2.5 Enhanced and Standard releases and greater provide the SonicOS ‘Log’ > ‘View’ field display as illustrated in Figure 6.Figure 6 SonicOS ‘Log’ > ‘View’ Field Display
Time and Date Stamp
Priority
Category
Message Descrition
Source IP Address
Destination IP
Log Event Notes
Network Rule
SONICOS LOG EVENT REFERENCE GUIDE 7
Referencing the SonicWALL Firmware ‘Log’ > ‘View Log’ Field DisplaySonicWALL Firmware 6.6.0.0 release and greater provide the SonicWALL Firmware ‘Log’ > ‘View Log’ field display as illustrated in Figure 7. Figure 7 SonicWALL Firmware Log’ > ‘View Log’ Field Display
Time and Date Stamp
Event Message
Source IP Address
Destination IP Address
Additional Information
Rule Number (If Applicable)
8 SONICOS LOG EVENT REFERENCE GUIDE
Index of Log Event MessagesThis section contains a list of log event messages for all SonicWALL Firmware and SonicOS Software Releases, ordered alphabetically. Use your web browser’s Find function to search for a command.
Log Event Message Symbols Key
TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message.
Each log event message described in the following table provides the following log event details:• SonicOS Category—Displays the SonicOS Software category event type.• Legacy Category—Displays the SonicWALL Firmware Software category event type.• Priority Level—Displays the level of urgency of the log event message.• Log Message ID Number—Displays the ID number of the log event message.• SNMP Trap Type—Displays the SNMP Trap ID number of the log event message.
Log Event Message Symbol Description Context
%s Ethernet Port Down Represents a character string. [WAN | LAN | DMZ] Ethernet Port Down
The cache is full; %u openconnections; some will be dropped
Represents a numerical string. The cache is full; [40,000] openconnections; some will be dropped
Log Event Message
SonicOS Category
Legacy Category
Priority Level
Log Message ID Number
SNMP Trap Type
Log Event Type
#Web site hit Network Traffic Connection Traffic Information 97 --- Standard HTTP Traffic Report
%s VPN IKE User Activity Information 171 --- Standard Message String
%s High Availability
--- Error 826 --- Simple Message String
%s High Availability
--- Warning 827 --- Simple Message String
%s High Availability
--- Information 828 --- Simple Message String
%s High Availability
--- Alert 829 --- Simple |Message String
%s High Availability
--- Notice 830 --- Simple Message String
%s High Availability
--- Debug 831 --- Simple Message String
%s ARS --- Information 840 --- Standard Message String
%s ARS --- Notice 841 --- Standard Message String
SONICOS LOG EVENT REFERENCE GUIDE 9
%s ARS --- Debug 842 --- Standard Message String
%s Ethernet Port Down
Firewall Event System Error Error 333 641 Simple Message String
%s Ethernet Port Up Firewall Event System Error Warning 332 640 Simple Message String
%s-payload processing error
VPN IKE Debug Error 616 --- Standard Message String
SonicWALL Registration Update Needed: Restore your existing security service subscriptions by clicking here.
Security Services Maintenance Warning 496 --- Simple
802.11b Management
Wireless 802.11b Management
Information 518 --- Simple Destination
A prior version of preferences was loaded because the most recent preferences file was inaccessible
Firewall Event System Error Warning 572 648 Simple
A SonicOS Standard to Enhanced Upgrade was performed
Firewall Event Maintenance Information 611 --- Simple
Access attempt from host out of compliance with GSC policy
Security Services Maintenance Information 761 --- Standard
Access attempt from host without Anti-Virus agent installed
Security Services Maintenance Information 123 --- Standard
Access attempt from host without GSC installed
Security Services Maintenance Information 763 524 Standard
Access rule added Security Services User Activity Information 440 --- Simple Rule
Access rule deleted Firewall Rule User Activity Information 442 --- Simple Rule String
Access rule modified
Firewall Rule User Activity Information 441 --- Simple Rule
Access to proxy server denied
Network Access Blocked Sites Notice 60 705 Standard Note Blocked
ActiveX access denied
Network Access Blocked Code Notice 18 --- Standard Note Blocked
10 SONICOS LOG EVENT REFERENCE GUIDE
ActiveX or Java archive access denied
Network Access Blocked Code Notice 20 --- Standard Note Blocked
ADConnector %s response timed-out; applying caching policy
Security Services --- Error 769 --- Standard Message String
Add an attack message
Firewall Event Attack Error 143 525 Simple String
Adding Dynamic Entry for Bound MAC Address
Network --- Information 813 --- Standard Note ENET
Adding L2TP IP pool Address object Failed.
L2TP Server System Error Error 603 661 Simple
Adding to multicast policyList, interface:%s
Multicast --- Debug 697 --- Standard Message String
Adding to Multicast policyList, VPN SPI:%s
Multicast --- Debug 699 --- Standard Message String
Administrator logged out
Authentication Access
User Activity Information 261 --- Standard
Administrator logged out -inactivity timer expired
Authentication Access
User Activity Information 262 --- Standard
Administrator login allowed
Authentication Access
User Activity Information 29 --- Standard
Administrator login denied due to bad credentials
Authentication Access
Attack Alert 30 560 Standard
Administrator login denied from %s; logins disabled from this interface
Authentication Access
Attack Alert 35 506 Standard Message String
Adminstrator name changed
Authentication Access
Maintenance Information 328 --- Standard
All DDNS associations have been deleted
DDNS Maintenance Information 783 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 11
All preference values have been set to factory default values
Firewall Event System Error Warning 574 650 Simple
Allowed LDAP server certificate with wrong host name
RADIUS User Activity Warning 752 --- Standard Note String
Anti-Spyware Detection Alert: %s
Intrusion Detection
Attack Alert 795 576 Standard AS Message String
Anti-Spyware Prevention Alert: %s
Intrusion Detection
Attack Alert 794 575 Standard AS Message String
Anti-Spyware Service Expired
Security Services Maintenance Warning 796 577 Simple
Anti-Virus agent out-of-date on host
Security Services Maintenance Information 124 --- Standard
Anti-Virus Licenses Exceeded
Security Services Maintenance Information 408 --- Standard
ARP request packet received
Network --- Information 717 --- Standard Note ENET
ARP request packet sent
Network --- Information 715 --- Standard Note ENET
ARP response packet received
Network --- Information 716 --- Standard Note ENET
ARP response packet sent
Network --- Information 718 --- Standard Note ENET
ARP timeout Network Debug Debug 45 --- Standard
Association Flood from WLAN station
WLAN IDS WLAN IDS Alert 548 903 Simple Destination
Authentication timeout during Remotely Triggered Dial-out session
Authentication Access
User Activity Information 821 --- Simple
Back Orifice attack dropped
Intrusion Detection
Attack Alert 73 512 Standard
Backup active High Availability System Error Information 825 --- Simple
Backup firewall being preempted by Primary
High Availability System Error Error 152 619 Simple
Backup firewall has transitioned to Active
High Availability Maintenance Information 145 --- Simple
12 SONICOS LOG EVENT REFERENCE GUIDE
Backup firewall has transitioned to Idle
High Availability Maintenance Information 147 --- Simple
Backup going Active in preempt mode after reboot
High Availability System Error Error 170 622 Simple
Backup missed heartbeats from Primary
High Availability System Error Error 149 616 Simple
Backup received error signal from Primary
High Availability System Error Error 151 618 Simple
Backup received reboot signal from Primary
High Availability System Error Error 672 666 Simple
Backup shut down because license is expired
High Availability System Error Error 824 --- Simple
Backup will be shut down in %s minutes
High Availability System Error Error 823 --- Simple Message String
Bad CRL format VPN PKI User Activity Alert 277 --- Simple Destination
Blocked Quick Mode for Client using Default KeyID
VPN Client System Error Error 505 660 Standard
BOOTP Client IP address on LAN conflicts with remote device IP, deleting IP address from remote table
BOOTP Maintenance Information 619 --- Standard Destination
BOOTP reply relayed to local device
BOOTP Maintenance Information 620 --- Standard Destination
BOOTP Request received from remote device
BOOTP Debug Debug 621 --- Standard Destination
BOOTP server response relayed to remote device
BOOTP Debug Debug 618 --- Standard Destination
Broadcast packet dropped
Network Access Debug Debug 46 --- Standard Note Protocol
Cannot connect to the CRL server
VPN PKI User Activity Alert 274 --- Simple Destination
Cannot Validate Issuer Path
VPN PKI User Activity Alert 878 --- Simple Destination
Certificate on Revoked list (CRL)
VPN PKI User Activity Alert 279 --- Simple Destination
SONICOS LOG EVENT REFERENCE GUIDE 13
CFL auto-download dis-abled, time prob-lem detected
Security Services Maintenance Information 268 --- Simple
CLI administrator logged out
Authentication Access
User Activity Information 520 --- Simple
CLI administrator login allowed
Authentication Access
User Activity Information 199 --- Simple
CLI administrator login denied due to bad credentials
Authentication Access
User Activity Warning 200 --- Simple
Computed hash does not match hash received from peer
VPN IKE User Activity Warning 410 --- Standard Destination
Connection Closed Network Traffic Connection Traffic Information 537 --- Standard Traffic Report
Connection Opened Network Traffic Connection Information 98 --- Standard Note Protocol
Connection timed out
VPN PKI User Activity Alert 273 --- Simple Destination
Cookie removed Network Access Blocked Code Notice 21 --- Standard String Service
CRL has expired VPN PKI User Activity Alert 874 --- Simple Destination
CRL loaded from VPN PKI User Activity Information 270 --- Simple Destination
CRL missing - Issuer requires CRL checking.
VPN PKI User Activity Alert 876 --- Simple Destination
CRL validation failure for Root Certificate
VPN PKI User Activity Alert 877 --- Simple Destination
Crypto DES test failed
Crypto Test Maintenance Error 360 --- Simple
Crypto DH test failed
Crypto Test Maintenance Error 361 --- Simple
Crypto Hardware 3Des test failed
Crypto Test Maintenance Error 367 --- Simple
Crypto Hardware 3DES with SHA test failed
Crypto Test Maintenance Error 369 --- Simple
Crypto Hardware AES test failed
Crypto Test Maintenance Error 610 --- Standard
Crypto hardware DES test failed
Crypto Test Maintenance Error 366 --- Simple
Crypto Hardware DES with SHA test failed
Crypto Test Maintenance Error 368 --- Simple
14 SONICOS LOG EVENT REFERENCE GUIDE
Crypto Hmac-MD5 fest failed
Crypto Test Maintenance Error 362 --- Simple
Crypto Hmac-Sha1 test failed
Crypto Test Maintenance Error 363 --- Simple
Crypto MD5 test failed
Crypto Test Maintenance Error 370 --- Simple
Crypto RSA test failed
Crypto Test Maintenance Error 364 --- Simple
Crypto Sha1 test failed
Crypto Test Maintenance Error 365 --- Simple
DDNS association %s disabled
DDNS Maintenance Information 781 --- Simple Message String
DDNS association %s enabled
DDNS Maintenance Information 780 --- Simple Message String
DDNS association %s added
DDNS Maintenance Information 779 --- Simple Message String
DDNS association %s deactivated
DDNS Maintenance Information 784 --- Simple Message String
DDNS association %s deleted
DDNS Maintenance Information 785 --- Simple Message String
DDNS Association %s put on line
DDNS Maintenance Information 782 --- Simple Message String
DDNS association %s taken Offline locally
DDNS Maintenance Information 778 --- Simple Message String
DDNS Failure: Provider %s
DDNS System Error Error 774 --- Simple Message String
DDNS Failure: Provider %s
DDNS System Error Error 775 --- Simple Message String
DDNS Failure: Provider %s
DDNS System Error Error 773 --- Simple Message String
DDNS Update success for domain %s
DDNS Maintenance Information 776 --- Standard Message String
DDNS Warning: Provider %s
DDNS System Error Warning 777 --- Simple Message String
SONICOS LOG EVENT REFERENCE GUIDE 15
Deleting from Multicast policy list, interface: %s
Multicast --- Debug 698 --- Standard Message String
Deleting from Multicast policy list, VPN SPI: %s
Multicast --- Debug 700 --- Standard Message String
Deleting IPSec SA VPN IKE User Activity Information 92 --- Standard Note SPI
DHCP client enabled but not ready
DHCP Client Maintenance Information 504 --- Simple
DHCP Client did not get DHCP ACK.
DHCP Client Maintenance Information 109 --- Standard
DHCP Client failed to verify and lease has expired. Go to INIT state.
DHCP Client Maintenance Information 119 --- Standard
DHCP Client got a new IP address lease.
DHCP Client Maintenance Information 121 --- Standard Destination
DHCP Client got ACK from server.
DHCP Client Maintenance Information 111 --- Standard Destination
DHCP Client got NACK.
DHCP Client Maintenance Information 110 --- Standard
DHCP Client is declining address offered by the server.
DHCP Client Maintenance Information 112 --- Standard Destination
DHCP Client sending REQUEST and going to REBIND state.
DHCP Client Maintenance Information 113 --- Standard Destination
DHCP Client sending REQUEST and going to RENEW state.
DHCP Client Maintenance Information 114 --- Standard Destination
DHCP DISCOVER received from remote device
DHCP Relay Debug Information 474 --- Standard Destination
DHCP lease dropped. Lease from Central Gateway conflicts with Relay IP
DHCP Relay Maintenance Warning 228 --- Standard Destination
16 SONICOS LOG EVENT REFERENCE GUIDE
DHCP lease dropped. Lease from Central Gateway conflicts with Remote Management IP
DHCP Relay Maintenance Warning 484 --- Standard Destination
DHCP lease relayed to local device
DHCP Relay Maintenance Information 223 --- Standard Destination
DHCP lease relayed to remote device
DHCP Relay Debug Information 225 --- Standard Destination
DHCP lease to LAN device conflicts with remote device, deleting remote IP entry
DHCP Relay Maintenance Information 226 --- Standard Destination
DHCP NAK received from server
DHCP Relay Debug Information 477 --- Standard Destination
DHCP OFFER received from server
DHCP Relay Debug Information 476 --- Standard Destination
DHCP Ranges altered automatically due to change in network settings for interface %s
Firewall Event --- Information 832 --- Simple Message String
DHCP RELEASE received from remote device
DHCP Relay Debug Information 224 --- Standard Destination
DHCP RELEASE relayed to Central Gateway
DHCP Relay Maintenance Information 222 --- Standard Destination
DHCP REQUEST received from remote device
DHCP Relay Debug Information 473 --- Standard Destination
DHCP Server not available. Did not get any DHCP OFFER.
DHCP Client Maintenance Information 106 --- Standard
Diagnostic Code A
Firewall Hardware
System Error Error 93 611 Simple Note String
Diagnostic Code B
Firewall Hardware
System Error Error 94 612 Simple Note String
Diagnostic Code C
Firewall Hardware
System Error Error 95 613 Simple Note String
SONICOS LOG EVENT REFERENCE GUIDE 17
Diagnostic Code D
Firewall Hardware
System Error Error 64 610 Standard Note Code
Diagnostic Code D
Firewall Hardware
System Error Error 517 642 Simple Note String
Diagnostic Code E
VPN IPSec System Error Error 61 609 Standard Note Code
Diagnostic Code F
Firewall Hardware
System Error Error 164 621 Simple Note String
Diagnostic Code G
Firewall Hardware
System Error Error 599 655 Simple Note String
Diagnostic Code H
Firewall Hardware
System Error Error 600 656 Simple Note String
Diagnostic Code I
Firewall Hardware
System Error Error 601 657 Simple Note String
Disconnecting L2TP Tunnel due to traffic timeout
L2TP Client Maintenance Information 215 --- Simple
Disconnecting PPPoE due to traffic timeout
PPPPoE Maintenance Information 168 --- Simple
Disconnecting PPTP Tunnel due to traffic timeout
PPTP Maintenance Information 389 --- Simple
Discovered HA Backup Firewall
High Availability Maintenance Information 156 --- Simple
DNS packet allowed Network Access Debug Information 602 --- Standard Policy
Drop WLAN traffic from non SonicPoint devices
Intrusion Detection
Attack Error 662 572 Standard
Dynamic IPSec client connected
VPN IPSec User Activity Information 62 --- Standard Destination
EIGRP packet dropped
Network Access Debug Notice 714 --- Standard Note String
E-Mail fragment dropped
Intrusion Detection
Attack Error 437 550 Standard
Error initializing Hardware acceleration for VPN
Firewall Hardware
Maintenance Error 374 --- Simple
Error Rebooting HA Peer Firewall
High Availability System Error Error 669 663 Simple
18 SONICOS LOG EVENT REFERENCE GUIDE
Error setting the IP address of the backup, please manually set to backup LAN IP
High Availability System Error Error 191 629 Simple
Error synchronizing HA peer firewall (%s)
High Availability System Error Error 158 662 Simple Message String
Exceeded Max multicast address limit
Multicast --- Warning 703 --- Standard
Failed payload validation
VPN IKE User Activity Warning 405 --- Standard
Failed payload verification after decryption. Possible preshared key mismatch
VPN IKE User Activity Warning 404 --- Standard
Failed to find certificate
VPN PKI User Activity Alert 875 --- Simple Destination
Failed to get CRL from
VPN PKI User Activity Alert 271 --- Simple Destination
Failed to Process CRL from
VPN PKI User Activity Alert 276 --- Simple Destination
Failed to resolve name
Network Maintenance Information 84 --- Simple Destination
Failed to synchronize Relay IP Table
DHCP Relay System Error Warning 234 632 Standard
Failure to reach Interface %s probe
High Availability System Error Error 675 647 Simple Message String
Fan Failure Firewall Hardware
System Environment
Alert 576 102 Simple
Forbidden E-Mail attachment deleted
Intrusion Detection
Attack Error 248 534 Standard Destination
Forbidden E-Mail attachment disabled
Intrusion Detection
Attack Alert 165 527 Standard Destination
Found Rogue Access Point
WLAN IDS WLAN IDS Alert 546 901 Simple Destination
Found Rogue Access Point
WLAN IDS WLAN IDS Alert 556 901 Simple Destination
Fragmented packet dropped
Network TCP | UDP | ICMP Notice 28 --- Standard Note Protocol
SONICOS LOG EVENT REFERENCE GUIDE 19
Fraudulent Microsoft certificate found; access denied
Intrusion Detection
Attack Error 193 532 Standard
FTP: Data connection from non default port dropped
Network Access Attack Alert 538 557 Standard
FTP: PASV response bounce attack dropped.
Intrusion Detection
Attack Alert 528 556 Standard Note String
FTP: PASV response spoof attack dropped
Intrusion Detection
Attack Error 446 551 Standard
FTP: PORT bounce attack dropped.
Intrusion Detection
Attack Alert 527 555 Standard Note String
Gateway Anti-Virus Alert: %s
Security Services Attack Alert 809 --- Standard Message String
Gateway Anti-Virus Service expired
Security Services Maintenance Warning 810 --- Simple
Global VPN Client connection is not allowed. Appliance is not registered.
VPN Client System Error Information 529 643 Standard
Global VPN Client License Exceeded: Connection denied.
VPN Client System Error Information 494 658 Standard
Global VPN Client version cannot enforce personal firewall. Minimum Version required is 2.1
VPN Client User Activity Information 604 --- Standard Destination
Got DHCP OFFER. Selecting.
DHCP Client Maintenance Information 107 --- Standard Destination
GSC policy out-of-date on host
Security Services Maintenance Information 762 --- Standard
Guest account '%s' created
Authentication Access
User Activity Information 558 --- Standard Message String
Guest account '%s' deleted
Authentication Access
User Activity Information 559 --- Standard Message String
Guest account '%s' disabled
Authentication Access
User Activity Information 560 --- Standard Message String
20 SONICOS LOG EVENT REFERENCE GUIDE
Guest account '%s' pruned
Authentication Access
User Activity Information 562 --- Standard Message String
Guest account '%s' re-enabled
Authentication Access
User Activity Information 561 --- Standard Message String
Guest account '%s' re-generated
Authentication Access
User Activity Information 563 --- Standard Message String
Guest login denied. Guest '%s' is already logged in. Please try again later.
Authentication Access
User Activity Information 557 --- Standard Message String
H.323/H.225 Connect
VoIP VoIP Debug 634 --- Standard Note String
H.323/H.225 Setup VoIP VoIP Debug 633 --- Standard Note String
H.323/H.245 Address
VoIP VoIP Debug 635 --- Standard Note String
H.323/H.245 End Session
VoIP VoIP Debug 636 --- Standard Note String
H.323/RAS Admission Confirm
VoIP VoIP Debug 625 --- Standard Note String
H.323/RAS Admission Reject
VoIP VoIP Debug 624 --- Standard Note String
H.323/RAS Admission Request
VoIP VoIP Debug 626 --- Standard Note String
H.323/RAS Bandwidth Reject
VoIP VoIP Debug 627 --- Standard Note String
H.323/RAS Disengage Confirm
VoIP VoIP Debug 628 --- Standard Note String
H.323/RAS Disengage Reject
VoIP VoIP Debug 641 --- Standard Note String
H.323/RAS Gatekeeper Reject
VoIP VoIP Debug 629 --- Standard Note String
H.323/RAS Location Confirm
VoIP VoIP Debug 630 --- Standard Note String
H.323/RAS Location Reject
VoIP VoIP Debug 631 --- Standard Note String
H.323/RAS Registration Reject
VoIP VoIP Debug 632 --- Standard Note String
H.323/RAS Unknown Message Response
VoIP VoIP Debug 640 --- Standard Note String
SONICOS LOG EVENT REFERENCE GUIDE 21
H.323/RAS Unregistration Reject
VoIP VoIP Debug 642 --- Standard Note String
HA packet processing error
High Availability Maintenance Information 162 --- Simple
HA Peer Firewall Rebooted
High Availability Maintenance Information 668 --- Simple
HA Peer Firewall Synchronized
High Availability Maintenance Information 157 --- Simple
Hardware Failover settings were not upgraded.
Firewall Event Maintenance Information 743 --- Simple
Header verification failed
VPN IKE User Activity Warning 587 --- Standard
HTTP management port has changed
Firewall Event Maintenance Information 340 --- Simple Note String
HTTP method detected; examining stream for host header
Network Access TCP Debug 882 --- Standard Policy
HTTPS management port has changed
Firewall Event Maintenance Information 341 --- Simple Note String
ICMP checksum error
Network Access UDP Notice 886 --- Standard
ICMP packet allowed
Network Access Debug Information 597 --- Standard Policy
ICMP packet dropped
Network Access ICMP Notice 38 --- Standard Policy
ICMP packet dropped
Network Access ICMP Notice 523 --- Standard ICMP Service
ICMP packet from LAN allowed
Network Access Debug Information 598 --- Standard ICMP Service
ICMP packet from LAN dropped
Network Access LAN ICMP | LAN TCP
Notice 175 --- Standard ICMP Service
If not already enabled, enabling NTP is recommended
Firewall Hardware
System Error Warning 540 645 Simple
IGMP packet dropped, wrong checksum received on interface %s
Multicast --- Notice 683 --- Standard Message String
22 SONICOS LOG EVENT REFERENCE GUIDE
IGMP Leave group message Received on interface %s
Multicast --- Information 682 --- Standard Message String
IGMP packet dropped, decoding error
Multicast --- Notice 686 --- Standard
IGMP Packet Not handled. Packet type: %s
Multicast --- Notice 687 --- Standard Message String
IGMP querier Router detected on interface %s
Multicast --- Debug 701 --- Standard Message String
IGMP querier Router detected on VPN tunnel, SPI %S
Multicast --- Debug 702 --- Standard Message String
IGMP state table entry time out,deleting interface: %s for multicast address: %s
Multicast --- Debug 692 --- Standard Message String
IGMP state table entry time out,deleting VPN SPI:%s for Multicast address: %s
Multicast --- Debug 693 --- Standard Message String
IGMP V2 client joined multicast Group: %s
Multicast --- Information 676 --- Standard Message String
IGMP V2 Membership report received from interface %s
Multicast --- Debug 679 --- Standard Message String
IGMP V3 client joined multicast Group: %s
Multicast --- Information 677 --- Standard Message String
IGMP V3 Membership report received from inter-face %s
Multicast --- Debug 678 --- Standard Message String
IGMP V3 packet dropped, unsupported Record type: %s
Multicast --- Notice 688 --- Standard Message String
IGMP V3 reord type: %s not Handled
Multicast --- Debug 689 --- Standard Message String
IKE ID mismatch %s VPN IKE Debug Debug 658 --- Simple Message String
SONICOS LOG EVENT REFERENCE GUIDE 23
IKE Initiator drop: Packet dest address does not match selected local interface address
VPN IKE User Activity Information 544 --- Standard
IKE Initiator: Accepting IPSec proposal (Phase 2)
VPN IKE User Activity Information 372 --- Standard Note String
IKE Initiator: Accepting peer lifetime. (Phase 1)
VPN IKE User Activity Information 445 --- Standard Destination
IKE Initiator: Aggressive Mode complete (Phase 1).
VPN IKE User Activity Information 354 --- Standard Destination
IKE Initiator: Main Mode complete (Phase 1)
VPN IKE User Activity Information 353 --- Standard Destination
IKE Initiator: Received notify. NO_PROPOSAL_CHOSEN
VPN IKE User Activity Warning 401 --- Standard Destination
IKE Initiator: Start Aggressive Mode negotiation (Phase 1)
VPN IKE User Activity Information 358 --- Standard
IKE Initiator: Start Main Mode negotiation (Phase 1)
VPN IKE User Activity Information 351 --- Standard
IKE Initiator: Start Quick Mode (Phase 2).
VPN IKE User Activity Information 346 --- Standard
IKE Initiator: Using secondary gateway to negotiate
VPN IKE User Activity Information 543 --- Standard Destination
IKE negotiation aborted due to timeout
VPN IKE User Activity Information 403 --- Standard
IKE negotiation complete. Adding IPSec SA. (Phase 2)
VPN IKE User Activity Information 89 --- Standard
24 SONICOS LOG EVENT REFERENCE GUIDE
IKE Responder drop: Packet dest address does not match selected local interface address
VPN IKE User Activity Information 545 --- Standard
IKE Responder: %s policy does not allow static IP for Virtual Adapter.
VPN Client System Error Error 660 --- Standard Message String
IKE Responder: Accepting IPSec proposal (Phase 2)
VPN IKE User Activity Information 87 --- Standard Note String
IKE Responder: Aggressive Mode complete (Phase 1)
VPN IKE User Activity Information 373 --- Standard Destination
IKE Responder: AH Perfect Forward Secrecy mismatch
VPN IKE User Activity Warning 258 544 Standard
IKE Responder: Algorithms and/or keys do not match
VPN IKE User Activity Warning 260 546 Standard
IKE Responder: Default LAN gateway is not set but peer is proposing to use this SA as a default route
VPN IKE Attack Error 516 553 Standard Note String
IKE Responder: Default LAN gateway is set but peer is not proposing to use this SA as a default route
VPN IKE User Activity Warning 253 539 Standard Note String
IKE Responder: ESP Perfect Forward Secrecy mismatch
VPN IKE User Activity Warning 259 545 Standard
IKE Responder: IKE proposal does not match (Phase 1)
VPN IKE User Activity Warning 402 --- Standard Destination
SONICOS LOG EVENT REFERENCE GUIDE 25
IKE Responder: IP Address already exists in the DHCP relay table. Client traffic not allowed.
VPN Client System Error Error 659 --- Standard Note String
IKE Responder: IPSec proposal does not match (Phase 2)
VPN IKE User Activity Warning 88 523 Standard Note String
IKE Responder: Main Mode complete (Phase 1)
VPN IKE User Activity Information 357 --- Standard Destination
IKE Responder: Mode %d - not transport mode. Xauth is required but not supported by peer.
VPN IKE Debug Warning 342 --- Standard Message Number
IKE Responder: Mode %d - nottunnel mode
VPN IKE User Activity Warning 249 535 Standard Message Number
IKE Responder: No match for proposed remote network address
VPN IKE User Activity Warning 252 538 Standard Note String
IKE Responder: No matching Phase 1 ID found for proposed remote network
VPN IKE User Activity Warning 250 536 Standard Note String
IKE Responder: Proposed local network is 0.0.0.0 but SA has no LAN Default Gateway
VPN IKE User Activity Warning 418 549 Standard Note String
IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route
VPN IKE User Activity Warning 251 537 Standard
IKE Responder: Received Aggressive Mode request (Phase 1)
VPN IKE User Activity Information 356 --- Standard
IKE Responder: Received Main Mode request (Phase 1)
VPN IKE User Activity Information 355 --- Standard
26 SONICOS LOG EVENT REFERENCE GUIDE
IKE Responder: Received Quick Mode Request (Phase 2)
VPN IKE User Activity Information 352 --- Standard
IKE Responder: Tunnel terminates inside firewall but proposed local network is not inside firewall
VPN IKE User Activity Warning 255 541 Standard Note String
IKE Responder: Tunnelterminates on DMZ but proposed local network is on LAN
VPN IKE User Activity Warning 256 542 Standard Note String
IKE Responder: Tunnel terminates on LAN but pro-posed local network is on DMZ
VPN IKE User Activity Warning 257 543 Standard Note String
IKE Responder: Tunnel terminates outside firewall but proposed local network is not NAT public address
VPN IKE User Activity Warning 254 540 Standard Note String
IKE Responder: Tunnelterminates outside firewall but proposed remote network is not NAT public address
VPN IKE User Activity Warning 345 548 Standard Note String
IKE SA lifetime expired.
VPN IKE User Activity Information 350 --- Standard
Illegal IPSec SPI VPN IPSec User Activity Information 65 --- Standard Destination
Imported VPN SA is invalid - disabled
Firewall Event Maintenance Warning 348 --- Standard Note String
Inbound connection from RBL-listed SMTP server dropped
RBL --- Notice 798 --- Standard
SONICOS LOG EVENT REFERENCE GUIDE 27
Incoming call received for Remotely Triggered Dial-out session
Authentication Access
User Activity Information 817 --- Simple
Incompatible IPSec Security Association
VPN IPSec User Activity Information 69 --- Standard Destination
Incorrect authentication received for Remotely Triggered Dial-out
Authentication Access
User Activity Information 819 --- Simple
Ini Killer attack dropped
Intrusion Detec-tion
Attack Alert 80 519 Standard
Interface %s Link Is Down
Firewall Event System Error Error 566 647 Simple Message String
Interface %s Link Is Up
Firewall Event System Error Warning 565 646 Simple Message String
Interface IP Assignment: Binding and initializing %s
Firewall Event Maintenance Information 568 --- Simple Message String
Interface IP Assignment changed: Shutting down %s
Firewall Event Maintenance Information 567 --- Simple Message String
Interface statistics report
GMS --- Information 805 --- Simple Interface Status
Invalid VLAN packet dropped
Network --- Alert 836 --- Standard Note String
IP Header checksum error
Network Access TCP|UDP Notice 883 --- Standard
IP spoof detected on packet to Central Gateway, packet dropped
DHCP Relay Attack Error 229 533 Standard Note ENET
IP spoof dropped Intrusion Detection
Attack Alert 23 502 Standard Note ENET
IP type %s packet dropped
Network Access LAN UDP | LAN TCP
Notice 590 --- Standard Message String
IPS Detection Alert: %s
Intrusion Detection
Attack Alert 608 569 Standard IDP Message String
IPS Detection Alert: %s
Intrusion Detection
Attack Alert 789 573 Standard Message String
28 SONICOS LOG EVENT REFERENCE GUIDE
IPS Prevention Alert: %s
Intrusion Detection
Attack Alert 609 570 Standard IDP Message String
IPS Prevention Alert: %s
Intrusion Detection
Attack Alert 790 574 Standard Message String
IPSec (AH) packet dropped
VPN IPSec TCP | UDP | ICMP Notice 534 --- Standard Note String
IPSec (AH) packet dropped; waiting for pending IPSec connection
VPN IPSec Debug Debug 536 --- Standard
IPSec (ESP) packet dropped
VPN IPSec TCP | UDP | ICMP Notice 533 --- Standard Note String
IPSec (ESP) packet dropped; waiting for pending IPSec connection
VPN IPSec Debug Debug 535 --- Standard
IPSec Authentication Failed
VPN IPSec Attack Error 67 508 Standard Destination
IPSec connection interrupt
Network Access Debug Debug 43 --- Standard
IPSec Decryption Failed
VPN IPSec Attack Error 68 509 Standard Destination
IPSec packet dropped
Network Access TCP | UDP | ICMP Notice 40 --- Standard
IPSec packet dropped; waiting for pending IPSec connection
Network Access Debug Debug 42 --- Standard
IPSec packet from an illegal host
VPN IPSec Maintenance Information 247 --- Standard Destination
IPSec packet from or to an illegal host
VPN IPSec Attack Error 70 510 Standard Destination
IPSEC Replay Detected
VPN IPSec Attack Alert 180 531 Standard Note String
IPSecTunnel status changed
VPN VPN Tunnel Status Information 427 801 Simple
ISDN Driver Firmware successfully updated
Firewall Event Maintenance Information 493 --- Simple
Issuer match failed VPN PKI User Activity Alert 278 --- Simple Destination
Java access denied Network Access Blocked Code Notice 19 --- Standard Note Blocked
SONICOS LOG EVENT REFERENCE GUIDE 29
L2TP Max Retransmission Exceeded
L2TP Client Maintenance Information 203 --- Simple
L2TP PPP Authenti-cation Failed
L2TP Client Maintenance Information 212 --- Simple
L2TP PPP Down L2TP Client Maintenance Information 211 --- Simple
L2TP PPP link down L2TP Client Maintenance Information 217 --- Simple
L2TP PPP Negotiation Started
L2TP Client Maintenance Information 208 --- Simple
L2TP PPP Session Up
L2TP Client Maintenance Information 210 --- Simple
L2TP Server: Deleting the L2TP active Session
L2TP Server Maintenance Information 337 --- Standard Destination
L2TP Server: Deleting the Tunnel
L2TP Server Maintenance Information 336 --- Standard Destination
L2TP Server: L2TP Session Established.
L2TP Server Maintenance Information 309 --- Standard Destination
L2TP Server: L2TP Tunnel Established.
L2TP Server Maintenance Information 308 --- Standard Destination
L2TP Server: Retransmission Timeout, Deleting the Tunnel
L2TP Server Maintenance Information 338 --- Standard Destination
L2TP Server: User Name authentication Failure locally.
L2TP Server Maintenance Information 344 --- Standard Destination
L2TP Server: Local Authentication Failure
L2TP Server Maintenance Information 312 --- Standard Destination
L2TP Server: Local Authentication Success.
L2TP Server Maintenance Information 318 --- Standard Destination
L2TP Server: Radius Authentication Success
L2TP Server Maintenance Information 319 --- Standard Destination
L2TP Server: Radius reports Authentication Failure
L2TP Server Maintenance Information 311 --- Standard Destination
30 SONICOS LOG EVENT REFERENCE GUIDE
L2TP Server: Radius server not assigned IP address
L2TP Server Maintenance Information 313 --- Standard Destination
L2TP Server: Call Disconnect from Remote.
L2TP Server Maintenance Information 334 --- Standard Destination
L2TP Server: Tunnel Disconnect from Remote.
L2TP Server Maintenance Information 335 --- Standard Destination
L2TP Session Disconnect from Remote
L2TP Client Maintenance Information 207 --- Simple
L2TP Session Established
L2TP Client Maintenance Information 206 --- Simple
L2TP Session Negotiation Started
L2TP Client Maintenance Information 202 --- Simple
L2TP Tunnel Disconnect from Remote
L2TP Client Maintenance Information 205 --- Simple
L2TP Tunnel Established
L2TP Client Maintenance Information 204 --- Simple
L2TP Tunnel Negotiation Started
L2TP Client Maintenance Information 201 --- Simple
LAN Subnet configurations were not upgraded.
Firewall Event Maintenance Information 741 --- Simple
Land attack dropped
IntrusionDetection
Attack Alert 27 505 Standard
License exceeded: Connection dropped because too many IP addresses are in use on your LAN
Firewall Event System Error Error 58 608 Standard
License of HA pair doesn't match
High Availability System Error Error 670 664 Simple
Local user login allowed
Authentication Access
User Activity Information 31 --- Standard String Service
Local user login denied due to bad credentials
Authentication Access
User Activity Information 32 --- Standard String Service
Locked-out user logins allowed - lockout period expired
Authentication Access
User Activity Information 438 --- Standard Note String
SONICOS LOG EVENT REFERENCE GUIDE 31
Locked-out user logins allowed by administrator
Authentication Access
User Activity Information 439 --- Standard Note String
Log Cleared Firewall Logging Maintenance Information 5 --- Simple
Log Debug Firewall Event Debug Error 142 --- Simple String
Log successfully sent via email
Firewall Logging Maintenance Information 6 --- Simple
Login screen timed out
Authentication Access
User Activity Information 34 --- Standard String Service
MAC address collides with Static ARP Entry with Bound MAC address; packet dropped
Network --- Notice 814 --- Standard Note ENET
Machine %s removed from SYN flood blacklist
Intrusion Detection
--- Alert 865 --- Simple Message String
Malformed or unhandled IP packet dropped
Network Access Debug Alert 522 554 Standard Destination
Maximum events per second threshold exceeded
Firewall Logging System Error Critical 654 --- Simple
Maximum sequential failed dial attempts (10) to a single dial-up number: %s
PPP Dial-Up Attack Error 591 566 Standard Message String
Maximum syslog data per second threshold exceeded
Firewall Logging System Error Critical 655 --- Simple
Multicast application %s not supported
Multicast --- Information 696 --- Standard Message String
Multicast packet dropped, Invalid src IP received on interface: %s
Multicast --- Alert 685 --- Standard Message String
Multicast packet dropped, wrong MAC address received on inter-face: %s
Multicast --- Alert 684 --- Standard Message String
Multicast TCP packet dropped
Multicast --- Notice 691 --- Standard
32 SONICOS LOG EVENT REFERENCE GUIDE
Multicast UDP packet dropped,no state entry
Multicast --- Notice 690 --- Standard
Multicast UDP packet dropped, RTCP stateful failed
Multicast --- Warning 695 --- Standard
Multicast UDP packet dropped, RTP stateful failed
Multicast --- Warning 694 --- Standard
NAT device may not support IPSec AH passthrough
VPN IPSec Maintenance Information 266 --- Simple
NAT Discovery: No NAT/NAPT device detected between IPSec Security gateways
VPN IKE User Activity Information 241 --- Standard
NAT Discovery: Local IPSec Security Gateway behind a NAT/NAPT Device
VPN IKE User Activity Information 240 --- Standard
NAT Discovery: Peer IPSec Security Gateway behind a NAT/NAPT Device
VPN IKE User Activity Information 239 --- Standard
NAT Discovery: Peer IPSec Security Gateway doesn't support VPN NAT Traversal
VPN IKE User Activity Information 242 --- Standard
NAT translated packet exceeds size limit, packet dropped
Network Debug Debug 339 --- Standard
Net Spy attack dropped
Intrusion Detection
Attack Alert 74 513 Standard
NetBIOS settings were not upgraded. Use Network>IP Helper to configure NetBIOS support
Firewall Event Maintenance Information 740 --- Simple
NetBus attack dropped
Intrusion Detection
Attack Alert 72 511 Standard
SONICOS LOG EVENT REFERENCE GUIDE 33
Network for interface %soverlaps with another interface.
Firewall Event Maintenance Information 569 --- Simple Message String
Network Modem Mode Disabled: re-enabling NAT
PPP Dial-Up Maintenance Information 531 --- Simple
Network Modem Mode Enabled: turning off NAT
PPP Dial-Up Maintenance Information 530 --- Simple
New URL List loaded
Security Services Maintenance Information 8 --- Simple
Newsgroup access allowed
Network Access Blocked Sites Notice 17 704 Standard Note Blocked
Newsgroup access denied
Network Access Blocked Sites Notice 15 702 Standard Note Blocked
No Certificate for VPN PKI User Activity Alert 280 --- Simple Destination
No new URL List available
Security Services Maintenance Information 9 --- Simple
No response from ISP Disconnecting PPPoE.
PPPPoE Maintenance Information 169 --- Simple
No response from PPTP server to call requests
PPTP Maintenance Information 431 --- Simple
No response from PPTP server to control connection requests
PPTP Maintenance Information 430 --- Simple
No response from server to Echo Requests, disconnecting PPTP Tunnel
PPTP Maintenance Information 429 --- Simple
No valid DNS server specified for RBL lookups
RBL --- Error 800 --- Simple
Not all configurations may have been completely upgraded
Firewall Event Maintenance Information 612 --- Simple
Not enough memory to hold the CRL
VPN PKI User Activity Warning 272 --- Simple Destination
34 SONICOS LOG EVENT REFERENCE GUIDE
Obtained Relay IP Table from Remote Gateway
DHCP Relay Maintenance Information 233 --- Standard
OCSP Failed to Resolve Domain Name.
VPN PKI User Activity Error 853 --- Standard Note String
OCSP Internal error handling received response.
VPN PKI User Activity Error 854 --- Standard Note String
OCSP received response error.
VPN PKI User Activity Error 851 --- Standard Note String
OCSP received response.
VPN PKI User Activity Information 850 --- Standard Note String
OCSP Resolved Domain Name.
VPN PKI User Activity Information 852 --- Standard Note String
OCSP send request message failed.
VPN PKI User Activity Error 849 --- Standard Note String
OCSP sending request.
VPN PKI User Activity Information 848 --- Standard Note String
Outbound connection toRBL-listed SMTP server dropped
RBL --- Notice 797 --- Standard
Out-of-order command packet dropped
Network Access Debug Debug 48 --- Standard
Packet dropped by WLAN guest check
Wireless TCP | UDP | ICMP Warning 488 --- Standard Destination
Packet dropped by WLAN VPN traversal check
Wireless TCP | UDP | ICMP Warning 495 --- Standard Destination
Packet dropped. No firewall rule associated with VPN policy.
VPN System Error Alert 739 --- Standard Note String
Ping of death dropped
Intrusion Detec-tion
Attack Alert 22 501 Standard
PKI Failure: CA certificates store exceeded. Cannot verify this Local Certificate
VPN PKI Maintenance Error 453 --- Simple
PKI Failure: Cannot alloc memory
VPN PKI Maintenance Error 449 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 35
PKI Failure: Certificate's ID does not match this SonicWALL
VPN PKI Maintenance Error 455 --- Simple
PKI Failure: Duplicate local certificate
VPN PKI Maintenance Error 458 --- Simple
PKI Failure: Duplicate local certificate name
VPN PKI Maintenance Error 457 --- Simple
PKI Failure: Import failed
VPN PKI Maintenance Error 451 --- Simple
PKI Failure: Improper file format. Please select PKCS#12 (*.p12) file
VPN PKI Maintenance Error 454 --- Simple
PKI Failure: Incorrect admin password
VPN PKI Maintenance Error 452 --- Simple
PKI Failure: Internal error
VPN PKI Maintenance Error 460 --- Simple
PKI Failure: Loaded but could not verify certificate
VPN PKI Maintenance Error 469 --- Simple
PKI Failure: Loaded the certificate but could not verify it's chain
VPN PKI Maintenance Error 470 --- Simple
PKI Failure: No CA certificates yet loaded
VPN PKI Maintenance Error 459 --- Simple
PKI Failure: Output buffer too small
VPN PKI Maintenance Error 448 --- Simple
PKI Failure: public-private key mismatch
VPN PKI Maintenance Error 456 --- Simple
PKI Failure: Reached the limit for local certs, cant load any more
VPN PKI Maintenance Error 450 --- Simple
PKI Failure: Temporary memory shortage, try again
VPN PKI Maintenance Error 461 --- Simple
36 SONICOS LOG EVENT REFERENCE GUIDE
PKI Failure: The certificate chain has no root
VPN PKI Maintenance Error 464 --- Simple
PKI Failure: The certificate chain is circular
VPN PKI Maintenance Error 462 --- Simple
PKI Failure: The certificate chain is incomplete
VPN PKI Maintenance Error 463 --- Simple
PKI Failure: The certificate or a cer-tificate in the chain has a bad signature
VPN PKI Maintenance Error 468 --- Simple
PKI Failure: The certificate or a certificate in the chain has a validity period in the future
VPN PKI Maintenance Error 466 --- Simple
PKI Failure: The certificate or a certificate in the chain has expired
VPN PKI Maintenance Error 465 --- Simple
PKI Failure: The certificate or a certificate in the chain is corrupt
VPN PKI Maintenance Error 467 --- Simple
Please connect interface %s to another network to function properly
Firewall Event Maintenance Information 570 --- Simple Message String
Please manually check all system configurations for correctness of Upgrade
Firewall Event Maintenance Information 613 --- Simple
Port configured to receive IPSEC ONLY. Drop packet received in the clear.
Network Access TCP | UDP | ICMP Warning 347 --- Standard Destination
Possible port scan dropped
Intrusion Detection
Attack Alert 82 521 Standard Note String
Possible SYN flood attack detected
IntrusionDetection
Attack Warning 25 503 Standard
SONICOS LOG EVENT REFERENCE GUIDE 37
Possible SYN flood detected on WAN IF %s - switching to connection-proxy mode
Intrusion Detection
--- Alert 859 --- Simple Message String
Possible SYN Flood on IF %s
Intrusion Detection
--- Alert 860 --- Simple Message String
Possible SYN Flood on IF %s continues
Intrusion Detection
--- Warning 866 --- Simple Message String
Possible SYN Flood on IF %s has ceased
Intrusion Detection
--- Alert 867 --- Simple Message String
PPP Dial-Up: Connect request canceled
PPP Dial-Up User Activity Information 306 --- Simple
PPP Dial-Up: Connected at %s bps - starting PPP
PPP Dial-Up User Activity Information 286 --- Simple Message String
PPP Dial-Up: Connection disconnected as scheduled.
PPP Dial-Up --- Information 666 --- Standard
PPP Dial-Up: Dial initiated by %s
PPP Dial-Up Maintenance Information 324 --- Standard Message String
PPP Dial-Up: Dialed number did not answer
PPP Dial-Up User Activity Information 285 --- Simple
PPP Dial-Up: Dialed number is busy
PPP Dial-Up User Activity Information 284 --- Simple
PPP Dial-Up: Dialing not allowed by schedule. %s
PPP Dial-Up --- Information 665 --- Standard Message String
PPP Dial-Up: Dialing: %s
PPP Dial-Up User Activity Information 281 --- Simple Message String
PPP Dial-Up: Idle time limit exceeded - disconnecting
PPP Dial-Up User Activity Information 297 --- Simple
PPP Dial-Up: Initialization: %s
PPP Dial-Up User Activity Information 303 --- Simple Message String
PPP Dial-Up: Link carrier lost
PPP Dial-Up User Activity Information 288 --- Simple
38 SONICOS LOG EVENT REFERENCE GUIDE
PPP Dial-Up: Man-ual intervention needed. Check Pri-mary Profile or Pro-file details
PPP Dial-Up User Activity Information 321 --- Simple
PPP Dial-Up: Maximum connection time exceeded - disconnecting
PPP Dial-Up User Activity Information 327 --- Simple
PPP Dial-Up: No dialtone detected - check phone-line connection
PPP Dial-Up User Activity Information 282 --- Simple
PPP Dial-Up: No link carrier detected - check phone num-ber
PPP Dial-Up User Activity Information 283 --- Simple
PPP Dial-Up: No peer IP address from Dial-Up ISP, local and remote IPs will be the same
PPP Dial-Up Maintenance Information 481 --- Simple
PPP Dial-Up: PPP link down
PPP Dial-Up User Activity Information 301 --- Simple
PPP Dial-Up: PPP link established
PPP Dial-Up User Activity Information 300 --- Simple
PPP Dial-Up: Previous session was connected for %s
PPP Dial-Up User Activity Information 542 --- Simple Message String
PPP Dial-Up: Received new IP address
PPP Dial-Up User Activity Information 299 --- Standard
PPP Dial-Up: Shutting down link
PPP Dial-Up User Activity Information 302 --- Simple
PPP Dial-Up: The profile in use disabled VPN networking.
PPP Dial-Up Maintenance Information 330 --- Simple
PPP Dial-Up: Trying to failover but Alternate Pro-file is manual
WAN Failover User Activity Information 434 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 39
PPP Dial-Up: Trying to failover but Primary Profile is manual
PPP Dial-Up User Activity Information 322 --- Simple
PPP Dial-Up: Unknown dialing failure
PPP Dial-Up User Activity Information 287 --- Simple
PPP Dial-Up: User requested connect
PPP Dial-Up User Activity Information 305 --- Simple
PPP Dial-Up: User requested disconnect
PPP Dial-Up User Activity Information 304 --- Simple
PPP Dial-Up: VPN networking restored.
PPP Dial-Up Maintenance Information 331 --- Simple
PPP: Authentication successful
PPP User Activity Information 289 --- Simple
PPP: CHAP authentication failed - check username / password
PPP User Activity Information 291 --- Simple
PPP: MS-CHAP authentication failed - check username / password
PPP User Activity Information 292 --- Simple
PPP: PAP Authentication failed - check username / password
PPP User Activity Information 290 --- Simple
PPP: Starting CHAP authentication
PPP User Activity Information 294 --- Simple
PPP: Starting MS-CHAP authentication
PPP User Activity Information 293 --- Simple
PPP: Starting PAP authentication
PPP User Activity Information 295 --- Simple
PPPoE terminated
PPPPoE Maintenance Information 130 --- Simple
PPPoE discovery process complete
PPPPoE Maintenance Information 133 --- Simple
PPPoE enabled but not ready
PPPPoE Maintenance Information 499 --- Simple
40 SONICOS LOG EVENT REFERENCE GUIDE
PPPoE LCP Link Down
PPPPoE Maintenance Information 129 --- Simple
PPPoE LCP Link Up PPPPoE Maintenance Information 128 --- Simple
PPPoE Network Connected
PPPPoE Maintenance Information 131 --- Simple
PPPoE Network Disconnected
PPPPoE Maintenance Information 132 --- Simple
PPPoE starting CHAP Authentication
PPPPoE Maintenance Information 134 --- Simple
PPTP enabled but not ready
PPTP Maintenance Information 501 --- Simple
PPTP Connect Initiated by the User
PPTP Maintenance Information 390 --- Standard Destination
PPTP Control Connection Established
PPTP Maintenance Information 378 --- Simple
PPTP Control Connection Negotiation Started
PPTP Maintenance Information 375 --- Simple
PPTP decodefailure
PPTP Debug Debug 596 --- Standard
PPTP Disconnect Initiated by the User
PPTP Maintenance Information 388 --- Standard Destination
PPTP PAP Authentication success.
PPTP Maintenance Information 396 --- Simple
PPTP PPP Down PPTP Maintenance Information 385 --- Simple
PPTP PPP Link down
PPTP Maintenance Information 399 --- Simple
PPTP PPP Link Finished
PPTP Maintenance Information 400 --- Simple
PPTP PPP Link Up PPTP Maintenance Information 398 --- Simple
PPTP PPP Negotiation Started
PPTP Maintenance Information 382 --- Simple
PPTP PPP Session Up
PPTP Maintenance Information 384 --- Simple
PPTP Server is not responding, check if the server is UP and running.
PPTP Maintenance Information 444 --- Simple
PPTP server rejected control connection
PPTP Maintenance Information 432 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 41
PPTP server rejected the call request
PPTP Maintenance Information 433 --- Simple
PPTP Session Disconnect from Remote
PPTP Maintenance Information 381 --- Simple
PPTP Session Established
PPTP Maintenance Information 380 --- Simple
PPTP Session Negotiation Started
PPTP Maintenance Information 376 --- Simple
PPTP starting CHAP Authentication
PPTP Maintenance Information 392 --- Simple
PPTP starting PAP Authentication
PPTP Maintenance Information 393 --- Simple
PPTP Tunnel Disconnect from Remote
PPTP Maintenance Information 379 --- Simple
Primary firewall has transitioned to Active
High Availability Maintenance Information 144 --- Simple
Primary firewall has transitioned to Idle
High Availability System Error Error 146 614 Simple
Primary firewall preempting Backup
High Availability System Error Error 153 620 Simple
Primary missed heartbeats from Backup
High Availability System Error Error 148 615 Simple
Primary received error signal from Backup
High Availability System Error Error 150 617 Simple
Primary received reboot signal from Backup
High Availability System Error Error 671 665 Simple
Priority attack dropped
Intrusion Detec-tion
Attack Alert 79 518 Standard
Probable port scan dropped
Intrusion Detec-tion
Attack Alert 83 522 Standard Note String
Probable TCP FIN scan dropped
Intrusion Detec-tion
Attack Alert 177 528 Standard
Probable TCP NULL scan dropped
Intrusion Detec-tion
Attack Alert 179 530 Standard Note String
Probable TCP XMAS scan dropped
Intrusion Detec-tion
Attack Alert 178 529 Standard Note String
42 SONICOS LOG EVENT REFERENCE GUIDE
Probing failure on %s
WAN Failover System Error Alert 326 637 Standard Message String
Probing succeeded on %s
WAN Failover System Error Alert 436 638 Standard Message String
Problem loading the URL List; Appli-ance not registered.
Security Services System Error Error 183 623 Simple
Problem loading the URL List; check Filter settings
Security Services System Error Error 10 602 Standard Note Code
Problem loading the URL List; check your DNS server
Security Services System Error Error 11 603 Simple
Problem loading the URL List; Flash write failure.
Security Services System Error Error 187 627 Simple
Problem loading the URL List; Retrying later.
Security Services System Error Error 186 626 Standard
Problem loading the URL List; Subscription expired.
Security Services System Error Error 184 624 Standard
Problem loading the URL List; Try loading it again.
Security Services System Error Error 185 625 Simple
Problem sending log e-mail; check log settings
Firewall Logging System Error Warning 12 604 Simple
Real time clock battery failure Time values may be incorrect
Firewall Hardware
System Error Warning 539 644 Simple
Received a path MTU ICMP message from router/gateway
Network User Activity Information 182 --- Standard Note SPI
Received a path MTU ICMP message from router/gateway
Network User Activity Information 188 --- Standard Note MTU
Received AV Alert: %s
Security Services Maintenance Warning 125 524 Simple Message String
SONICOS LOG EVENT REFERENCE GUIDE 43
Received AV Alert: Your SonicWALL Network Anti-Virus subscription has expired. %s
Security Services Maintenance Warning 159 526 Simple Message String
Received AV Alert: Your SonicWALL Network Anti-Virus subscription will expire in 7 days. %s
Security Services Maintenance Warning 482 552 Simple Message String
Received CFS Alert: Your SonicWALL Content Filtering subscription has expired.
Security Services Maintenance Warning 490 563 Simple
Received CFS Alert: Your SonicWALL Content Filtering subscription will expire in 7 days.
Security Services Maintenance Warning 489 562 Simple
Received DHCP offer packet has errors
DHCP Client Maintenance Information 588 --- Standard Destination
Received E-Mail Filter Alert: Your SonicWALL E-Mail Filtering subscription has expired.
Security Services Maintenance Warning 492 565 Simple
Received E-Mail Filter Alert: Your SonicWALL E-Mail Filtering subscription will expire in 7 days.
Security Services Maintenance Warning 491 564 Simple
Received fragmented packet or fragmentation needed
Network Debug Debug 63 --- Standard
Received IKE SA delete request
VPN IKE User Activity Information 413 --- Standard
Received IPS Alert: Your SonicWALL Intrusion Prevention (IDP) subscription has expired.
Security Services Maintenance Warning 614 571 Simple
Received IPSEC SA delete request
VPN IKE User Activity Information 412 --- Standard Destination
44 SONICOS LOG EVENT REFERENCE GUIDE
Received ISAKMP packet destined to port %s
VPN IKE Debug | UDP Information 607 --- Standard Message String
Received LCP Echo Reply
PPPPoE Maintenance Information 723 --- Simple
Received LCP Echo Request
PPPPoE Maintenance Information 721 --- Simple
Received notify: INVALID_COOKIES
VPN IKE User Activity Information 414 --- Standard Destination
Received notify: INVALID_ID_INFO
VPN IPSec User Activity Warning 483 --- Standard
Received notify: INVALID_PAYLOAD
VPN IKE User Activity Error 661 --- Standard
Received notify: INVALID_SPI
VPN IKE User Activity Information 416 --- Standard Destination
Received notify: ISAKMP_AUTH_FAILED
VPN IKE User Activity Warning 409 --- Standard Destination
Received notify: PAYLOAD_MALFORMED
VPN IKE User Activity Warning 411 --- Standard Destination
Received notify: RESPONDER_LIFETIME
VPN IKE User Activity Information 415 --- Standard Destination
Received packet retransmission. Drop duplicate packet
VPN IKE User Activity Warning 406 --- Standard
Received PPPoE Active Discovery Offer
PPPPoE Maintenance Information 593 --- Simple
Received PPPoE Active Discovery Session_confirmation
PPPPoE Maintenance Information 594 --- Simple
Received response packet for DHCP request has errors
DHCP Client Maintenance Information 589 --- Standard Destination
Received unencrypted packet while crypto active
VPN IKE User Activity Warning 605 --- Standard
Regulatory requirements pro-hibit %s from being re-dialed for 30 minutes
PPP Dial-Up Attack Error 592 567 Standard Message String
SONICOS LOG EVENT REFERENCE GUIDE 45
Remotely Triggered Dial-out session ended. Valid WAN bound data found. Normal dial-up sequence will commence
Authentication Access
User Activity Information 822 --- Simple
Remotely Triggered Dial-out session started. Requesting authentication
Authentication Access
User Activity Information 818 --- Simple
Request for Relay IP Table from Central Gateway
DHCP Relay Maintenance Information 230 --- Standard
Requesting CRL from
VPN PKI User Activity Information 269 --- Simple Destination
Requesting Relay IP Table from Remote Gateway
DHCP Relay Maintenance Information 231 --- Standard
Retransmitting DHCP DISCOVER.
DHCP Client Maintenance Information 99 --- Standard Destination
Retransmitting DHCP REQUEST (Rebinding).
DHCP Client Maintenance Information 102 --- Standard Destination
Retransmitting DHCP REQUEST (Rebooting).
DHCP Client Maintenance Information 103 --- Standard Destination
Retransmitting DHCP REQUEST (Renewing).
DHCP Client Maintenance Information 101 --- Standard Destination
Retransmitting DHCP REQUEST (Requesting).
DHCP Client Maintenance Information 100 --- Standard Destination
Retransmitting DHCP REQUEST (Verifying).
DHCP Client Maintenance Information 104 --- Standard Destination
RIP disabled on interface %s
RIP Maintenance Information 419 --- Simple Message String
Ripper attack dropped
Intrusion Detection
Attack Alert 76 515 Standard
RIPv1 enabled on interface %s
RIP Maintenance Information 420 --- Simple Message String
RIPv2 compatibility (broadcast) mode enabled on interface %s
RIP Maintenance Information 422 --- Simple Message String
46 SONICOS LOG EVENT REFERENCE GUIDE
RIPv2 enabled on interface %s
RIP Maintenance Information 421 --- Simple Message String
Router IGMP General query received on interface %s
Multicast --- Debug 680 --- Standard Message String
Router IGMP Membership query received on interface %s
Multicast --- Debug 681 --- Standard Message String
Sending DHCP DISCOVER.
DHCP Client Maintenance Information 105 --- Standard Destination
Sending DHCP RELEASE.
DHCP Client Maintenance Information 122 --- Standard Destination
Sending DHCP REQUEST (Rebinding).
DHCP Client Maintenance Information 116 --- Standard Destination
Sending DHCP REQUEST (Rebooting).
DHCP Client Maintenance Information 117 --- Standard Destination
Sending DHCP REQUEST (Renewing).
DHCP Client Maintenance Information 115 --- Standard Destination
Sending DHCP REQUEST (Verifying).
DHCP Client Maintenance Information 118 --- Standard Destination
Sending DHCP REQUEST.
DHCP Client Maintenance Information 108 --- Standard Destination
Sending LCP Echo Reply
PPPPoE Maintenance Information 722 --- Simple
Sending LCP Echo Request
PPPPoE Maintenance Information 720 --- Simple
Sending PPPoE Active Discovery Request
PPPPoE Maintenance Information 595 --- Simple
Senna Spy attack dropped
Intrusion Detection
Attack Alert 78 517 Standard
Sent Relay IP Table to Central Gateway
DHCP Relay Maintenance Information 232 --- Standard
SIP Register expiration exceeds configured Signaling inactivity time out
VoIP VoIP Warning 645 --- Standard Note String
SIP Request VoIP VoIP Debug 643 --- Standard Note String
SONICOS LOG EVENT REFERENCE GUIDE 47
SIP Response VoIP VoIP Debug 644 --- Standard Note String
SMTP POP-Before-SMTP authentication failed
Firewall Logging System Error Warning 656 --- Simple
SMTP server found on RBL blacklist
RBL --- Notice 799 --- Standard Note String
Smurf Amplification attack dropped
Intrusion Detection
Attack Alert 81 520 Standard
SonicPoint Provision
SonicPoint SonicPoint Information 727 --- Simple Destination
SonicPoint statistics report
GMS --- Information 806 --- Simple SonicPoint Sta-tus
SonicPoint Status SonicPoint SonicPoint Information 667 --- Simple Destination
SonicWALL activated
Firewall Event Maintenance Alert 4 --- Simple
SonicWALL initializing
Firewall Event Maintenance Information 521 --- Simple
Source routed IP packet dropped
Intrusion |Detection
Debug Warning 428 --- Standard
Spank attack multicast packet dropped
Intrusion Detection
Attack Alert 606 568 Standard
Starting IKE negotiation
VPN IKE User Activity Information 90 --- Standard Note String
Starting PPPoE discovery
PPPPoE Maintenance Information 127 --- Simple
Status GMS Maintenance Emergency 96 --- Simple GMS Status
Striker attack dropped
Intrusion Detection
Attack Alert 77 516 Standard
Sub Seven attack dropped
Intrusion Detection
Attack Alert 75 514 Standard
Success to reach Interface %s probe
High Availability System Error Information 674 --- Simple Message String
Successful authentication received for Remotely Triggered Dial-out
Authentication Access
User Activity Information 820 --- Simple
SYN Flood Blacklist on IF %s continues
Intrusion Detection
--- Warning 868 --- Simple Message String
48 SONICOS LOG EVENT REFERENCE GUIDE
SYN Flood blacklisting dis-abled by user
Intrusion Detection
--- Warning 863 --- Standard
SYN Flood blacklisting enabled by user
IntrusionDetection
--- Warning 862 --- Standard
SYN flood ceased or flooding machines blacklisted - connection proxy disabled
Intrusion Detection
--- Alert 861 --- Standard
SYN Flood Mode changed by user to: Always proxy WAN connections
Intrusion Detection
--- Warning 858 --- Standard
SYN Flood Mode changed by user to: Watch and proxy WAN connections when under attack
Intrusion Detection
--- Warning 857 --- Standard
SYN Flood Mode changed by user to: Watch and report possible SYN floods
Intrusion Detection
--- Warning 856 --- Standard
Synchronizing pref-erences to HA Peer Firewall
High Availability Maintenance Information 673 --- Simple
SYN-Flooding machine %s blacklisted
Intrusion Detection
--- Alert 864 --- Simple Message String
System clock manually updated
Firewall Logging --- Notice 881 --- Simple Note String
TCP checksum error
Network Access TCP Notice 884 --- Standard
TCP connection abort received; TCP connection dropped
Network Debug Debug 713 --- Standard Note String
TCP connection dropped
Network Access TCP Notice 36 --- Standard Policy
TCP connection from LAN denied
Network Access LAN TCP Notice 173 --- Standard Service
TCP connection reject received; TCP connection dropped
Network Debug Debug 712 --- Standard Note String
TCP FIN packet dropped
Network Debug Debug 181 --- Standard Note String
SONICOS LOG EVENT REFERENCE GUIDE 49
TCP handshake violation detected; TCP connection dropped
Network Access --- Notice 760 --- Standard Note String
TCP packet received on a closing connection; TCP packet dropped
Network Debug Debug 891 --- Standard Note String
TCP packet received on non-existent/closed connection; TCP packet dropped
Network Debug Debug 888 --- Standard Note String
TCP packet received with invalid ACK number; TCP packet dropped
Network Debug Debug 709 --- Standard Note String
TCP packet received with invalid header length; TCP packet dropped
Network Debug Debug 887 --- Standard Note String
TCP packet received with invalid MSS option length; TCP packet dropped
Network Debug Debug 894 --- Standard Note String
TCP packet received with invalid option length; TCP packet dropped
Network Debug Debug 895 --- Standard Note String
TCP packet received with invalid SACK option length; TCP packet dropped
Network Debug Debug 893 --- Standard Note String
TCP packet received with invalid SEQ number; TCP packet dropped
Network Debug Debug 708 --- Standard Note String
TCP packet received with invalid source port; TCP packet dropped
Network Debug Debug 896 --- Standard Note String
50 SONICOS LOG EVENT REFERENCE GUIDE
TCP packet received with invalid SYN Flood cookie; TCP packet dropped
Network Debug Information 897 --- Standard Note String
TCP packet received with SYN flag on an existing connection; TCP packet dropped
Network Debug Information 892 --- Standard Note String
TCP packet received without mandatory ACK flag; TCP packet dropped
Network Debug Debug 890 --- Standard Note String
TCP packet received without mandatory SYN flag; TCP packet dropped
Network Debug Debug 889 --- Standard Note String
TCP SYN received Intrusion Detec-tion
--- Debug 869 --- Standard
TCP Syn/Fin packet dropped
Network Access Attack Alert 580 558 Standard Note String
TCP Xmas Tree dropped
Intrusion Detec-tion
Attack Alert 267 547 Standard
The cache is full; %u open connections; some will be dropped
Firewall Event System Error Error 53 607 Standard Message Number
The loaded content URL List has expired.
Security Services System Error Error 190 628 Simple
The network connection in use is %s
WAN Failover System Error Warning 307 639 Standard Message String
The preferences file is too large to be saved in available flash memory
Firewall Event System Error Warning 573 649 Simple
Thermal Red Firewall Hard-ware
System Environ-ment
Alert 578 104 Simple
Thermal Red Timer Exceeded
Firewall Hard-ware
System Environ-ment
Alert 579 105 Simple
Thermal Yellow Firewall Hard-ware
System Environ-ment
Alert 577 103 Simple
SONICOS LOG EVENT REFERENCE GUIDE 51
Time of day settings for firewall policies were not upgraded.
Firewall Event Maintenance Information 742 --- Simple
UDP checksum error
Network Access UDP Notice 885 --- Standard
UDP packet dropped
Network Access UDP Notice 37 --- Standard Policy
UDP packet from LAN dropped
Network Access LAN UDP | LAN TCP
Notice 174 --- Standard Service
Unknown protocol dropped
Network Access Debug Notice 41 --- Standard Note String
Unknown reason VPN PKI User Activity Error 275 --- Simple Destination
User logged out Authentication Access
User Activity Information 263 --- Standard String Service
User logged out - inactivity timer expired
Authentication Access
User Activity Information 265 --- Standard Note String
User logged out - max session time exceeded
Authentication Access
User Activity Information 264 --- Standard Note String
User logged out - user disconnect detected (heartbeat timer expired)
Authentication Access
User Activity Information 24 --- Standard Note String
User login denied - insufficient access on LDAP server
RADIUS User Activity Warning 750 --- Standard String Service
User login denied - invalid credentials on LDAP server
RADIUS User Activity Warning 749 --- Standard String Service
User login denied - LDAP authentica-tion failure
RADIUS User Activity Information 745 --- Standard String Service
User login denied - LDAP communica-tion problem
RADIUS User Activity Warning 748 --- Standard String Service
User login denied - LDAP directory mis-match
RADIUS User Activity Warning 757 --- Standard String Service
User login denied - LDAP schema mis-match
RADIUS User Activity Warning 751 --- Standard String Service
User login denied - LDAP server certifi-cate not valid
RADIUS User Activity Warning 755 --- Standard String Service
52 SONICOS LOG EVENT REFERENCE GUIDE
User login denied - LDAP server down or misconfigured
RADIUS User Activity Warning 747 --- Standard String Service
User login denied - LDAP server name resolution failed
RADIUS User Activity Warning 753 --- Standard String Service
User login denied - LDAP server time-out
RADIUS User Activity Warning 746 --- Standard String Service
User login denied - RADIUS authentica-tion failure
RADIUS User Activity Information 243 --- Standard String Service
User login denied - RADIUS communi-cation problem
RADIUS User Activity Warning 744 --- Standard String Service
User login denied - RADIUS configura-tion error
RADIUS User Activity Information 245 --- Standard String Service
User login denied - RADIUS server name resolution failed
RADIUS User Activity Warning 754 --- Standard String Service
User login denied - RADIUS server timeout
RADIUS User Activity Information 244 --- Standard String Service
User login denied - TLS or local certifi-cate problem
RADIUS User Activity Warning 756 --- Standard String Service
User login denied - User has no privileges for login from that location
RADIUS User Activity Information 246 --- Standard String Service
User login denied - User has no privileges for WLAN guest service
Authentication Access
User Activity Information 486 --- Standard Destination
User login denied due to bad creden-tials
Authentication Access
User Activity Information 33 --- Standard String Service
User login disabled from %s
Authentication Access
Attack Error 583 559 Standard Message String
User login failed - Guest service limit reached
Authentication Access
User Activity Information 549 --- Standard Note String
SONICOS LOG EVENT REFERENCE GUIDE 53
User login failure rate exceeded - logins from user IP address denied
Authentication Access
Attack Error 329 561 Standard Destination
Virtual Access Point is disabled
SonicPoint 802.11b Management
Information 731 --- Simple Destination
Virtual Access Point is enabled
SonicPoint 802.11b Management
Information 730 --- Simple Destination
VoIP %s Endpoint added
VoIP VoIP Debug 637 --- Simple Message String
VoIP %s Endpoint not added - configured 'public' endpoint limit reached
VoIP VoIP Warning 639 --- Simple Message String
VoIP %s Endpoint removed
VoIP VoIP Debug 638 --- Simple Message String
VoIP Call Connected
VoIP VoIP Information 622 --- Standard Note String
VoIP Call Disconnected
VoIP VoIP Information 623 --- Standard Note String
Voltages Out of Tolerance
Firewall Hard-ware
System Environ-ment
Error 575 101 Simple
VPN Cleanup: Dynamic network settings change
VPN User Activity Information 471 --- Standard
VPN Client Policy Provisioning
VPN Client User Activity Information 371 --- Standard Destination
VPN disabled by administrator
Authentication Access
Maintenance Information 506 --- Simple
VPN enabled by administrator
Authentication Access
Maintenance Information 507 --- Simple
VPN Log Debug VPN IKE Debug Information 172 --- Simple String
VPN policy count received exceeds the limit; %s
VPN System Error Error 719 --- Simple Message String
VPN zone administrator login allowed
Authentication Access
User Activity Information 235 --- Standard
VPN zone remote user login allowed
Authentication Access
User Activity Information 237 --- Standard String Service
WAN Interface not setup
Firewall Event Maintenance Information 498 --- Simple
Wan IP Changed Firewall Event System Error Warning 138 636 Standard
54 SONICOS LOG EVENT REFERENCE GUIDE
WAN not ready Firewall Event Maintenance Information 502 --- Simple
WAN zone administrator login allowed
Authentication Access
User Activity Information 236 --- Standard
WAN zone remote user login allowed
Authentication Access
User Activity Information 238 --- Standard String Service
WARNING: DHCP lease relayed from Central Gateway conflicts with IP in Static Devices list
DHCP Relay Maintenance Information 227 --- Standard Destination
Web access request dropped
Network Access TCP Notice 524 --- Standard Policy
Web management request allowed
Network Access User Activity Notice 526 --- Standard Service
Web site access allowed
Network Access Blocked Sites Notice 16 703 Standard Note Blocked
Web site access denied
Network Access Blocked Sites Error 14 701 Standard Note Blocked
Wireless MAC Filter List disabled by administrator
Authentication Access
Maintenance Information 513 --- Simple
Wireless MAC Filter List enabled by administrator
Authentication Access
Maintenance Information 512 --- Simple
WLAN client null probing
WLAN IDS WLAN IDS Warning 615 904 Standard Destination
WLAN disabled by administrator
Authentication Access
Maintenance Information 508 --- Simple
WLAN disabled by schedule
Authentication Access
Maintenance Information 728 --- Simple
WLAN drop traffic to deny network
Network Access --- Information 724 --- Standard Note String
WLAN enabled by administrator
Authentication Access
Maintenance Information 509 --- Simple
WLAN enabled by schedule
Authentication Access
Maintenance Information 729 --- Simple
WLAN firmware image has been updated
Wireless Maintenance Information 487 --- Simple String
WLAN Guest Account Timeout
Authentication Access
User Activity Information 551 --- Standard Note String
WLAN Guest Idle Timeout
Authentication Access
User Activity Information 564 --- Standard Note String
SONICOS LOG EVENT REFERENCE GUIDE 55
WLAN Guest Session Timeout
Authentication Access
User Activity Information 550 --- Standard Note String
WLAN max concurrent users reached already
Network Access --- Information 726 --- Standard Note String
WLAN not in AP mode, DHCP server will not provide lease to clients on WLAN
Wireless Maintenance Information 617 --- Simple
WLAN pass traffic to access allow network
Network Access --- Information 725 --- Standard Note String
WLAN recovery Wireless Maintenance Information 519 --- Simple String
WLAN sequence number out of order
WLAN IDS WLAN IDS Warning 547 902 Simple Destination
WLB Failback initiated by %s
WAN Failover System Error Alert 435 652 Standard Message String
WLB Failover in progress
WAN Failover System Error Alert 584 651 Standard
WLB Resource failed
WAN Failover System Error Alert 586 654 Standard
WLB Resource is now available
WAN Failover System Error Alert 585 653 Standard
WLB Spill-over started, configured threshold exceeded
WAN Failover Maintenance Warning 581 --- Simple
WLB Spill-over stopped
WAN Failover Maintenance Warning 582 --- Simple
WPA MIC Failure Wireless 802.11b Management
Warning 663 --- Simple Destination
WPA Radius Server Timeout
Wireless 802.11b Management
Information 664 --- Simple Destination
XAUTH Failed with VPN client, Authentication failure
VPN Client User Activity Information 140 --- Standard Destination
XAUTH Failed with VPN client, Cannot Contact RADIUS Server
VPN Client User Activity Information 141 --- Standard Destination
XAUTH Succeeded with VPN client
VPN Client User Activity Error 139 --- Standard Destination
56 SONICOS LOG EVENT REFERENCE GUIDE
Index of Syslog Tag Field DescriptionThis section provides an alphabetical listing of Syslog tags and the associated field description.
Tag Field Description
<ddd> Syslog message prefix The beginning of each syslog message has a string of the form <ddd> where ddd is a decimal number indicating facility and priority of the mes-sage. (See [1] Section 4.1.1)
arg URL Used to render a URL: arg represents the URL path name part.
bcastRx Interface statistics report Displays the broadcast packets received
bcastTx Interface statistics report Displays the broadcast packets transmitted
bytesRx Interface statistics report Displays the bytes received
bytesTx Interface statistics report Displays the bytes transmitted
c Message category (legacy only) Indicates the legacy category number (Note: We are not currently sending new category informa-tion.)
change Configuration change webpage Displays the basename of the firewall web page that performed the last configuration change
code Blocking code Indicates the CFS block code category
code ICMP type and code Indicates the ICMP code
conns Firewall status report Indicates the number of connections in use
cpuUtil Firewall status report Displays the CPU utilization (not in use)
dst Destination Destination IP address, and optionally, port, net-work interface, and resolved name.
dstname Destination URL Displays the URL of web site hit and other legacy destination strings
dstname URL Used to render a URL: dstname represents the URL host part
dyn Firewall status report Displays the HA and dialup connection state (ren-dered as “h.d” where “h” is “n” (not enabled), “b” (backup), or “p” (primary) and “d” is “1” (enabled) or “0” (disabled))
fw Firewall WAN IP Indicates the WAN IP Address
fwlan Firewall status report Indicates the LAN zone IP address
goodRxBytes SonicPoint statistics report Indicates the well formed bytes recevied
goodTxBytes SonicPoint statistics report Indicates the well formed bytes transmitted
SONICOS LOG EVENT REFERENCE GUIDE 57
i Firewall status report Displays the GMS message interval in seconds
id=firewall Webtrends prefix Syntactic sugar for WebTrends (and GMS by habit)
if Interface statistics report Displays the interface on which statistics are reported
ipscat IPS message Displays the IPS category
ipspri IPS message Displays the IPS priority
lic Firewall status report Indicates the number of licenses for firewalls with limited modes
m Message ID Provides the message ID number
mac MAC address Provides the MAC address
msg Static message Displays the event message (from spreadsheet)
msg Dynamically-defined message Displays a dynamically defined message string
msg Static message with dynamic string Displays a message using the predefined mes-sage string containing a “%s” and a dynamic string argument.
msg Static message with dynamic num-ber
Displays a message using the predefined string string containing a “%s” and a dynamic numeric argument.
msg IPS message Displays a message using the predefined mes-sage string containing a “%s” and a dynamic string argument.
msg Anti-Spyware message Displays the event message (from spreadsheet)
n Message count Indicates the number of times event occurs
op HTTP OP code Displays the HTTP operation (GET, POST, etc.) of web site hit
pri Message priority Displays the event priority level (0=emer-gency..7=debug)
proto IP protocol Indicates the IP protocol and detail information
proto Protocol and service Displays the protocol information (rendered as “proto/service”)
proto Protocol and service Displays the protocol information (rendered as “proto/service”)
pt Firewall status report Displays the HTTP/HTTPS management port (rendered as “hhh.sss”)
radio SonicPoint statistics report Displays the SonicPoint radio on which event occurred
ramUtil Firewall status report Displays the RAM utilization (not in use)
58 SONICOS LOG EVENT REFERENCE GUIDE
rcvd Bytes received Indicates the number of bytes received within connection
result HTTP Result code Displays the HTTP result code (200, 403, etc.) of web site hit
rule Rule ID Displays the Access Rule number causing packet drop
sent Bytes sent Displays the number of bytes sent within connec-tion
sid IPS message Provides the IPS signature ID
sid Anti-Spyware message Provides the AntiSpyware signature ID
sn Firewall serial number Indicates the device serial number
spycat Anti-Spyware message Displays the antiSpyware category
spypri Anti-Spyware message Displays the AntiSpyware priority
src Source Indicates the source IP address, and optionally, port, network interface, and resolved name.
station SonicPoint statistics report Displays the client (station) on which event occurred
time Time Reports the time of event
type ICMP type and code Indicates the ICMP type
ucastRx Interface statistics report Displays the unicast packets received
ucastTx Interface statistics report Displays the unicast packets transmitted
unsynched Firewall status report Reports the time since last local change in sec-onds
usesstandbysa Firewall status report Displays whether standby SA is in use (“1” or “0”) for GMS management
usr (or user) User Displays the user name (“user” is the tag used by WebTrends)
vpnpolicy VPN policy name Displays the VPN policy name of event
SONICOS LOG EVENT REFERENCE GUIDE 59
60 SONICOS LOG EVENT REFERENCE GUIDE
© 2002 SonicWALL, I n c . SonicWALL is a registered trademark of SonicWALL, I n c . Other product and company names mentioned herein may bet rademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.
T: 408.745.9600F: 408.745.9300
www.sonicwall.comSonicWALL,Inc.1143 Borregas AvenueSunnyvale,CA 94089-1306
P/ N 232-000827-00Rev B 10/05