Using the SonicOS Log Event Reference Guide - SonicWALL

Using the SonicOS Log Event Reference 

Guide 

This reference guide lists and describes SonicOS log event messages. Reference a log event 

message by using the alphabetical index of log event messages. 

This document contains the following sections: 

• “Log > View” section on page 2 

• “Log > Categories” section on page 5 

• “Log > Syslog” section on page 9 

• “Log > Automation” section on page 10 

• “Log > Name Resolution” section on page 14 

• “Log > Reports” section on page 16 

• “Log > ViewPoint” section on page 17 

• “Index of Log Event Messages” section on page 19 

• “Index of Syslog Tag Field Description” section on page 57 

SonicOS Log Event Reference Guide 

1

Log > View 


The SonicWALL security appliance maintains an Event log for tracking potential security 

threats. This log can be viewed in the Log > View page, or it can be automatically sent to an 

e-mail address for convenience and archiving. The log is displayed in a table and can be sorted 

by column. 

The SonicWALL security appliance can alert you of important events, such as an attack to the 

SonicWALL security appliance. Alerts are immediately e-mailed, either to an e-mail address or 

to an e-mail pager. Each log entry contains the date and time of the event and a brief message 

describing the event. 

Log View Table 

The log is displayed in a table and is sortable by column. The log table columns include: 

• Time - the date and time of the event. 

• Priority - the level of priority associated with your log event. 

Syslog uses eight categories to characterize messages – in descending order of severity, 

the categories include: 

– Emergency 

– Alert 

– Critical 

– Error 

– Warning 

– Notice 

– Informational 

– Debug 

Specify a priority level on a SonicWALL security appliance on the Log > Categories page 

to log messages for that priority level, plus all messages tagged with a higher severity. For 

example, select ‘error’ as the priority level to log all messages tagged as ‘error,’ as well as 

any messages tagged with ‘critical,’ ‘alert,’ and ‘emergency.’ Select ‘debug’ to log all 

messages. 

Note 

Refer to Log Event Messages section for more information on your specific log event. 

• Category - the type of traffic, such as Network Access or Authenticated Access. 

• Message - provides description of the event. 

• Source - displays source network and IP address. 

• Destination - displays the destination network and IP address. 

• Notes - provides additional information about the event. 

• Rule - notes Network Access Rule affected by event. 

2 SonicOS Log Event Reference Guide


Navigating and Sorting Log View Table Entries 

The Log View table provides easy pagination for viewing large numbers of log events. You can 

navigate these log events by using the navigation control bar located at the top right of the Log 

View table. Navigation control bar includes four buttons. The far left button displays the first 

page of the table. The far right button displays the last page. The inside left and right arrow 

buttons moved the previous or next page respectively. 

You can sort the entries in the table by clicking on the column header. The entries are sorted 

by ascending or descending order. The arrow to the right of the column entry indicates the 

sorting status. A down arrow means ascending order. An up arrow indicates a descending 

order. 

Refresh 

To update log messages, clicking the Refresh button near the top right corner of the page. 

Clear Log 

To delete the contents of the log, click the Clear Log button near the top right corner of the 

page. 

Export Log 

To export the contents of the log to a defined destination, click the Export Log button below 

the filter table.You can export log content to two formats: 

• Plain text format--Used in log and alert e-mail. 

• Comma-separated value (CSV) format--Used for importing into Excel or other 

presentation development applications. 

E-mail Log 

If you have configured the SonicWALL security appliance to e-mail log files, clicking E-mail Log 

near the top right corner of the page sends the current log files to the e-mail address specified 

in the Log > Automation > E-mail section. 

Note 

The SonicWALL security appliance can alert you of important events, such as an attack to 

the SonicWALL security appliance. Alerts are immediately sent via e-mail, either to an e-mail 

address or to an e-mail pager. For sending alerts, you must enter your e-mail address and 

server information in the Log > Automation page. 


3


Filtering Log Records Viewed 

You can filter the results to display only event logs matching certain criteria. You can filter by 

Priority, Category, Source (IP or Interface), and Destination (IP or Interface). 

Step 1 

Step 2 

Step 3 

Step 4 

Enter your filter criteria in the Log View Settings table. 

The fields you enter values into are combined into a search string with a logical AND. For 

example, if you select an interface for Source and for Destination, the search string will look 

for connections matching: 

Source interface AND Destination interface 

Check the Group Filters box next to any two or more criteria to combine them with a logical 

OR. 

For example, if you enter values for Source IP, Destination IP, and Protocol, and check Group 

Filters next to Source IP and Destination IP, the search string will look for connections 

matching: 

(Source IP OR Destination IP) AND Protocol 

Click Apply Filter to apply the filter immediately to the Log View Settings table. Click Reset 

to clear the filter and display the unfiltered results again. 

The following example filters for log events resulting from traffic from the WAN to the LAN: 

Log Event Messages 

For a complete reference guide of log event messages, refer to the “Log Event Message Index” 

section on page 20. 


Log > Categories 


This guide provides configuration tasks to enable you to categorize and customize the logging 

functions on your SonicWALL security appliance for troubleshooting and diagnostics. 

Note 

You can extend your SonicWALL security appliance log reporting capabilities by using 

SonicWALL ViewPoint. ViewPoint is a Web-based graphical reporting tool for detailed and 

comprehensive reports. For more information on the SonicWALL ViewPoint reporting tool, 

refer to www.sonicwall.com. 

Log Severity/Priority 

This section provides information on configuring the level of priority log messages are captured 

and corresponding alert messages are sent through e-mail for notification. 

Logging Level 

Alert Level 

The Logging Level control filters events by priority. Events of equal of greater priority are 

passed, and events of lower priority are dropped. The Logging Level menu includes the 

following priority scale items from highest to lowest priority: 

• Emergency (highest priority) 

• Alert 

• Critical 

• Error 

• Warning 

• Notice 

• Informational 

• Debug (lowest priority) 

The Alert Level control determines how E-mail Alerts are sent. An event of equal or greater 

priority causes an E-mail alert to be issued. Lower priority events do not cause an alert to be 

sent. Events are pre-filtered by the Logging Level control, so if the Logging Level control is set 

to a higher priority than that of the Alert Level control, only alerts at the Logging Level or higher 

are sent. Alert levels include: 

• None (disables e-mail alerts) 

• Emergency (highest priority) 

• Alert 

• Critical 

• Error 

• Warning (lowest priority) 


5


Log Redundancy Filter 

The Log Redundancy Filter allows you to define the time in seconds that the same attack is 

logged on the Log > View page as a single entry in the SonicWALL log. Various attacks are often 

rapidly repeated, which can quickly fill up a log if each attack is logged. The Log Redundancy 

Filter has a default setting of 60 seconds. 

Alert Redundancy Filter 

The Alert Redundancy Filter allows you to define the time in seconds that the same attack is 

logged on the Log > View page as a single entry in the SonicWALL log before an alert is issued. 

The Alert Redundancy Filter has a default setting of 900 seconds. 

Log Categories 

SonicWALL security appliances provide automatic attack protection against well known 

exploits. The majority of these legacy attacks were identified by telltale IP or TCP/UDP 

characteristics, and recognition was limited to a set of fixed layer 3 and layer 4 values. As the 

breadth and sophistication of attacks evolved, it has become essential to dig deeper into the 

traffic, and to develop the sort of adaptability that could keep pace with the new threats. 

All SonicWALL security appliances, even those running SonicWALL IPS, continue to recognize 

these legacy port and protocol types of attacks. The current behavior on all SonicWALL security 

appliances devices is to automatically and holistically prevent these legacy attacks, meaning 

that it is not possible to disable prevention of these attacks either individually or globally. 

SonicWALL security appliances now include an expanded list of attack categories that can be 

logged. 

The View Style menu provides the following three log category views: 

• All Categories - Displays both Legacy Categories and Expanded Categories. 

• Legacy Categories - Displays log categories carried over from earlier SonicWALL log event 

categories. 

• Expanded Categories - Displays the expanded listing of categories that includes the older 

Legacy Categories log events rearranged into the new structure. 

The following table describes both the Legacy and Extended log categories. 

Log Type Category Description 

802.11 Management Legacy Logs WLAN IEEE 802.11 connections. 

Advanced Routing Expanded Logs messages related to RIPv2 and OSPF routing events. 

Attacks Legacy Logs messages showing Denial of Service attacks, such as SYN Flood, Ping 

of Death, and IP spoofing 

Authenticated Expanded Logs administrator, user, and guest account activity 

Access 

Blocked Java, etc. Legacy Logs Java, ActiveX, and Cookies blocked by the SonicWALL security 

appliance. 

Blocked Web Sites Legacy Logs Web sites or newsgroups blocked by the Content Filter List or by 

customized filtering. 

BOOTP Expanded Logs BOOTP activity 

Crypto Test Expanded Logs crypto algorithm and hardware testing 




DDNS Expanded Logs Dynamic DNS activity 

Denied LAN IP Legacy Logs all LAN IP addresses denied by the SonicWALL security appliance. 

DHCP Client Expanded Logs DHCP client protocol activity 

DHCP Relay Expanded Logs DHCP central and remote gateway activity 

Dropped ICMP Legacy Logs blocked incoming ICMP packets. 

Dropped TCP Legacy Logs blocked incoming TCP connections. 

Dropped UDP Legacy Logs blocked incoming UDP packets. 

Firewall Event Extended Logs internal firewall activity 

Firewall Hardware Extended Logs firewall hardware error events 

Firewall Logging Extended Logs general events and errors 

Firewall Rule Extended Logs firewall rule modifications 

GMS Extended Logs GMS status event 

High Availability Extended Logs High Availability activity 

IPcomp Extended Logs IP compression activity 

Intrusion Prevention Extended Logs intrusion prevention related activity 

L2TP Client Extended Logs L2TP client activity 

L2TP Server Extended Logs L2TP server activity 

Multicast Extended Logs multicast IGMP activity 

Network Extended Logs network ARP, fragmentation, and MTU activity 

Network Access Extended Logs network and firewall protocol access activity 

Network Debug Legacy Logs NetBIOS broadcasts, ARP resolution problems, and NAT resolution 

problems. Also, detailed messages for VPN connections are displayed to assist 

the network administrator with troubleshooting problems with active VPN 

tunnels. Network Debug information is intended for experienced network 

administrators. 

Network Traffic Expanded Logs network traffic reporting events 

PPP Extended Logs generic PPP activity 

PPP Dial-Up Extended Logs PPP dial-up activity 

PPPoE Extended Logs PPPoE activity 

PPTP Extended Logs PPTP activity 

RBL Extended Logs real-time black list activity 

RIP Extended Logs RIP activity 

Remote 

Extended Logs RADIUS and LDAP server activity 

Authentication 

Security Services Extended Logs security services activity 

SonicPoint Extended Logs SonicPoint activity 

System Errors Legacy Logs problems with DNS or e-mail. 

System 

Legacy Logs general system activity, such as system activations. 

Maintenance 

User Activity Legacy Logs successful and unsuccessful log in attempts. 

VOIP Extended Logs VoIP H.323/RAS, H.323/H.225, and H.323/H.245 activity 


7



VPN Extended Logs VPN activity 

VPN Client Extended Logs VPN client activity 

VPN IKE Extended Logs VPN IKE activity 

VPN IPsec Extended Logs VPN IPSec activity 

VPN PKI Extended Logs VPN PKI activity 

VPN Tunnel Status Legacy Logs status information on VPN tunnels. 

WAN Failover Extended Logs WAN failover activity 

Wireless Extended Logs wireless activity 

Wlan IDS Extended Logs WLAN IDS activity 

Managing Log Categories 

The Log Categories table displays log category information organized into the following 

columns: 

• Category - Displays log category name. 

• Description - Provides description of the log category activity type. 

• Log - Provides checkbox for enabling/disabling the display of the log events in on the Log 

> View page. 

• Alerts - Provides checkbox for enabling/disabling the sending of alerts for the category. 

• Syslog - Provides checkbox for enabling/disabling the capture of the log events into the 

SonicWALL security appliance Syslog. 

• Event Count - Displays the number of events for that category. Clicking the Refresh button 

updates these numbers. 

You can sort the log categories in the Log Categories table by clicking on the column header. 

For example, clicking on the Category header sorts the log categories in descending order from 

the default ascending order. An up or down arrow to the left of the column name indicates 

whether the column is assorted in ascending or descending order. 

You can enable or disable Log, Alerts, and Syslog on a category by category basis by clicking 

on the check box for the category in the table. You can enable or disable Log, Alerts, and Syslog 

for all categories by clicking the checkbox on the column header. 


Log > Syslog 

Log > Syslog 

In addition to the standard event log, the SonicWALL security appliance can send a detailed log 

to an external Syslog server. The SonicWALL Syslog captures all log activity and includes every 

connection source and destination IP address, IP service, and number of bytes transferred. The 

SonicWALL Syslog support requires an external server running a Syslog daemon on UDP Port 

514. Syslog Analyzers such as SonicWALL ViewPoint or WebTrends Firewall Suite can be used 

to sort, analyze, and graph the Syslog data. Messages from the SonicWALL security appliance 

are then sent to the server(s). Up to three Syslog server IP addresses can be added.Syslog 

Settings 

Syslog Facility 

• Syslog Facility - Allows you to select the facilities and severities of the messages based on 

the syslog protocol. 

Note 

See RCF 3164 - The BSD Syslog Protocol for more information. 

• Override Syslog Settings with ViewPoint Settings - Check this box to override Syslog 

settings, if you’re using SonicWALL ViewPoint for your reporting solution. 

Note 

For more information on SonicWALL ViewPoint, go to http://www.sonicwall.com. 

– Syslog Event Redundancy Filter (seconds) - This setting prevents repetitive messages 

from being written to Syslog. If duplicate events occur during the period specified in the 

Syslog Event Redundancy Rate field, they are not written to Syslog as unique events. 

Instead, the additional events are counted, and then at the end of the period, a 

message is written to the Syslog that includes the number of times the event occurred. 

The Syslog Event Redundancy Filter default value is 60 seconds and the maximum 

value is 86,400 seconds (24 hours). Setting this value to 0 seconds sends all Syslog 

messages without filtering. 

– Syslog Format - You can choose the format of the Syslog to be Default or WebTrends. 

If you select WebTrends, however, you must have WebTrends software installed on 

your system. 

Note 

If the SonicWALL security appliance is managed by SonicWALL GMS, the Syslog Server 

fields cannot be configured by the administrator of the SonicWALL security appliance. 

• Enable Event Rate Limiting - This control allows you to enable rate limiting of events to 

prevent the internal or external logging mechanism from being overwhelmed by log events. 

• Enable Data Rate Limiting - This control allows you to enable rate limiting of data to prevent 

the internal or external logging mechanism from being overwhelmed by log events. 


9

Log > Automation 

Syslog Servers 

Adding a Syslog Server 

To add syslog servers to the SonicWALL security appliance 

Step 1 

Step 2 

Step 3 

Step 4 

Step 5 

Click Add. The Add Syslog Server window is displayed. 

Type the Syslog server name or IP address in the Name or IP Address field. Messages from 

the SonicWALL security appliance are then sent to the servers. 

If your syslog is not using the default port of 514, type the port number in the Port Number field. 

Click OK. 

Click Accept to save all Syslog Server settings. 


The Log > Automation page includes settings for configuring the SonicWALL to send log files 

using e-mail and configuring mail server settings. 

E-mail Log Automation 

• Send Log to E-mail address - Enter your e-mail address (username@mydomain.com) in 

this field to receive the event log via e-mail. Once sent, the log is cleared from the 

SonicWALL memory. If this field is left blank, the log is not e-mailed. 

• Send Alerts to E-mail address - Enter your e-mail address (username@mydomain.com) in 

the Send alerts to field to be immediately e-mailed when attacks or system errors occur. 

Type a standard e-mail address or an e-mail paging service. If this field is left blank, e-mail 

alert messages are not sent. 

• Send Log - Determines the frequency of sending log files. The options are When Full, 

Weekly, or Daily. If the Weekly or Daily option is selected, then select the day of the week 

the log is sent in the every menu and the time of day in 24-hour format in the At field. 

• Email Format - Specifies whether log emails will be sent in Plain Text or HTML format. 

Mail Server Settings 

The mail server settings allow you to specify the name or IP address of your mail server, the 

from e-mail address, and authentication method. 

• Mail Server (name or IP address) - Enter the IP address or FQDN of the e-mail server used 

to send your log e-mails in this field. 

• From E-mail Address - Enter the E-mail address you want to display in the From field of the 

message. 

• Authentication Method - You can use the default None item or select POP Before SMTP. 

Note If the Mail Server (name or IP address) is left blank, log and alert messages are not e- 

mailed. 



Deep Packet Forensics 

SonicWALL UTM appliances have configurable deep-packet classification capabilities that 

intersect with forensic and content-management products. While the SonicWALL can reliably 

detect and prevent any ‘interesting-content’ events, it can only provide a record of the 

occurrence, but not the actual data of the event. 

Of equal importance are diagnostic applications where the interesting-content is traffic that is 

being unpredictably handled or inexplicably dropped. 

Although the SonicWALL can achieve interesting-content using our Enhanced packet capture 

diagnostic tool, data-recorders are application-specific appliances designed to record all the 

packets on a network. They are highly optimized for this task, and can record network traffic 

without dropping a single packet. 

While data-recorders are good at recording data, they lack the sort of deep-packet inspection 

intelligence afforded by IPS/GAV/ASPY/AF. Consider the minimal requirements of effective 

data analysis: 

• Reliable storage of data 

• Effective indexing of data 

• Classification of interesting-content 

Together, a UTM device (a SonicWALL appliance) and data-recorder (a Solera Networks 

appliance) satisfy the requirements to offer outstanding forensic and data-leakage capabilities. 

Distributed Event Detection and Replay 

The Solera appliance can search its data-repository, while also allowing the administrator to 

define “interesting-content” events on the SonicWALL. The level of logging detail and frequency 

of the logging can be configured by the administrator. Nearly all events include Source IP, 

Source Port, Destination IP, Destination Port, and Time. SonicOS Enhanced has an extensive 

set of log events, including: 

• Debug/Informational Events—Connection setup/tear down 

• User-events—Administrative access, single sign-on activity, user logins, content filtering 

details 

• Firewall Rule/Policy Events—Access to and from particular IP:Port combinations, also 

identifiable by time 

• Interesting-content at the Network or Application Layer—Port-scans, SYN floods, DPI or AF 

signature/policy hits 

The following is an example of the process of distributed event detection and replay: 

1. The administrator defines the event trigger. For example, an Application Firewall policy is 

defined to detect and log the transmission of an official document: 


11


2. A user (at IP address 192.168.19.1) on the network retrieves the file. 

3. The event is logged by the SonicWALL. 

4. The administrator selects the Recorder icon from the left column of the log entry. Icon/link 

only appears in the logs when a NPCS is defined on the SonicWALL (e.g. IP: 

[192.168.169.100], Port: [443]). The defined NPCS appliance will be the link’s target. The 

link will include the query string parameters defining the desired connection. 

5. The NPCS will (optionally) authenticate the user session. 

6. The requested data will be presented to the client as a .cap file, and can be saved or viewed 

on the local machine. 

Methods of Access 

The client and NPCS must be able to reach one another. Usually, this means the client and the 

NPCS will be in the same physical location, both connected to the SonicWALL appliance. In 

any case, the client will be able to directly reach the NPCS, or will be able to reach the NPCS 

through the SonicWALL. Administrators in a remote location will require some method of VPN 

connectivity to the internal network. Access from a centralized GMS console will have similar 

requirements. 

Log Persistence 

SonicOS currently allocates 32K to a rolling log buffer. When the log becomes full, it can be 

emailed to a defined recipient and flushed, or it can simply be flushed. Emailing provides a 

simple version of logging persistence, while GMS provides a more reliable and scalable 

method. 

By offering the administrator the option to deliver logs as either plain-text or HTML, the 

administrator has an easy method to review and replay events logged. 



GMS 

To provide the ability to identify and view events across an entire enterprise, a GMS update will 

be required. Device-specific interesting-content events at the GMS console appear in Reports 

> Log Viewer Search page, but are also found throughout the various reports, such as Top 

Intrusions Over Time. 

Solera Capture Stack 

Solera Networks makes a series of appliances of varying capacities and speeds designed to 

capture, archive, and regenerate network traffic. The Solera Networks Network Packet Capture 

System (NPCS) provides utilities that allow the captured data to be accessed in time 

sequenced playback, that is, analysis of captured data can be performed on a live network via 

NPCS while the device is actively capturing and archiving data. 


13

Log > Name Resolution 

To configure your SonicWALL appliance with Solera select the Enable Solera Capture Stack 

Integration option. 

Configure the following options: 

• Server - Select the host for the Solera server. You can dynamically create the host by 

selecting Create New Host... 

• Protocol - Select either HTTP or HTTPS. 

• Port - Specify the port number for connecting to the Solera server. 

• Interface(s) - Specify which interfaces you want to transmit data for to the Solera server. 

• User (optional) - Enter the username, if required. 

• Password (optional) - Enter the password, if required. 

• Confirm Password - Confirm the password. 

– Mask Password - Leave this enabled to send the password as encrypted text. 


The Log > Name Resolution page includes settings for configuring the name servers used to 

resolve IP addresses and server names in the log reports. 

The security appliance uses a DNS server or NetBIOS to resolve all IP addresses in log reports 

into server names. It stores the names/address pairs in a cache, to assist with future lookups. 

You can clear the cache by clicking Reset Name Cache in the top of the Log > Name Resolution 

page. 



Selecting Name Resolution Settings 

The security appliance can use DNS, NetBIOS, or both to resolve IP addresses and server 

names. 

In the Name Resolution Method list, select: 

• None: The security appliance will not attempt to resolve IP addresses and Names in the log 

reports. 

• DNS: The security appliance will use the DNS server you specify to resolve addresses and 

names. 

• NetBIOS: The security appliance will use NetBIOS to resolve addresses and names. If you 

select NetBIOS, no further configuration is necessary. 

• DNS then NetBIOS: The security appliance will first use the DNS server you specify to 

resolve addresses and names. If it cannot resolve the name, it will try again with NetBIOS. 

Specifying the DNS Server 

To choose specific DNS servers or use the same servers as the WAN zone, perform the 

following steps: 

Step 1 

Step 2 

Step 3 

Select Specify DNS Servers Manually or Inherit DNS Settings Dynamically from WAN Zone. 

The second choice is selected by default. 

If you selected to specify a DNS server, enter the IP address for at least one DNS server on 

your network. You can enter up to three servers. 

Click Accept in the top right corner of the Log > Name Resolution page to make your changes 

take effect. 


15

Log > Reports 

Log > Reports 

The SonicWALL security appliance can perform a rolling analysis of the event log to show the 

top 25 most frequently accessed Web sites, the top 25 users of bandwidth by IP address, and 

the top 25 services consuming the most bandwidth. You can generate these reports from the 

Log > Reports page. 

Note 

SonicWALL ViewPoint provides a comprehensive Web-based reporting solution for 

SonicWALL security appliances. For more information on SonicWALL ViewPoint, go to 

http://www.sonicwall.com 

Data Collection 

The Reports window includes the following functions and commands: 

• Start Data Collection 

Click Start Data Collection to begin log analysis. When log analysis is enabled, the button 

label changes to Stop Data Collection. 

• Reset Data 

Click Reset Data to clear the report statistics and begin a new sample period. The sample 

period is also reset when data collection is stopped or started, and when the SonicWALL 

security appliance is restarted. 

View Data 

Select the desired report from the Report to view menu. The options are Web Site Hits, 

Bandwidth Usage by IP Address, and Bandwidth Usage by Service. These reports are 

explained below. Click Refresh Data to update the report. The length of time analyzed by the 

report is displayed in the Current Sample Period. 

Web Site Hits 

Selecting Web Site Hits from the Report to view menu displays a table showing the URLs for 

the 25 most frequently accessed Web sites and the number of hits to a site during the current 

sample period. 

The Web Site Hits report ensures that the majority of Web access is to appropriate Web sites. 

If leisure, sports, or other inappropriate sites appear in the Web Site Hits Report, you can 

choose to block the sites. For information on blocking inappropriate Web sites, see . 

Click on the name of a Web site to open that site in a new window. 

Bandwidth Usage by IP Address 

Selecting Bandwidth Usage by IP Address from the Report to view menu displays a table 

showing the IP address of the 25 top users of Internet bandwidth and the number of megabytes 

transmitted during the current sample period. 


Log > ViewPoint 

Bandwidth Usage by Service 

Selecting Bandwidth Usage by Service from the Report to view menu displays a table showing 

the name of the 25 top Internet services, such as HTTP, FTP, RealAudio, etc., and the number 

of megabytes received from the service during the current sample period. 

The Bandwidth Usage by Service report shows whether the services being used are 

appropriate for your organization. If services such as video or push broadcasts are consuming 

a large portion of the available bandwidth, you can choose to block these services. 


SonicWALL ViewPoint is a Web-based graphical reporting tool that provides unprecedented 

security awareness and control over your network environment through detailed and 

comprehensive reports of your security and network activities. ViewPoint’s broad reporting 

capabilities allow administrators to easily monitor network access and Internet usage, enhance 

security, assess risks, understand more about employee Internet use and productivity, and 

anticipate future bandwidth needs. 

ViewPoint creates dynamic, real-time and historical network summaries, providing a flexible, 

comprehensive view of network events and activities. Reports are based on syslog data 

streams received from each SonicWALL appliance through LAN, Wireless LAN, WAN or VPN 

connections. With ViewPoint, your organization can generate individual or aggregate reports 

about virtually any aspect of appliance activity, including individual user or group usage 

patterns, evens on specific appliances or groups of appliances, types and times of attacks, 

resource consumption and constraints, and more. 

For more information on SonicWALL ViewPoint, go to http://www.sonicwall.com. 

For complete SonicWALL ViewPoint documentation, go to the SonicWALL documentation Web 

site at http://www.sonicwall.com/us/support/3340.html. 


17


Activating ViewPoint 

The Log > ViewPoint page allows you to activate the ViewPoint license directly from the 

SonicWALL Management Interface using two methods. 

If you received a license activation key, enter the activation key in the Enter upgrade key field, 

and click Accept. 

Warning 

You must have a mysonicwall.com account and your SonicWALL security appliance 

must be registered to activate SonicWALL ViewPoint for your SonicWALl security 

appliance. 

Step 1 

Step 2 

Step 3 

Step 4 

Click the Upgrade link in Click here to Upgrade on the Log > ViewPoint page. The 

mysonicwall.com Login page is displayed. 

Enter your mysonicwall.com account username and password in the User Name and Password 

fields, then click Submit. The System > Licenses page is displayed. If your SonicWALL security 

appliance is already connected to your mysonicwall.com account, the System > Licenses page 

appears after you click the SonicWALL Content Filtering Subscription link. 

Click Activate or Renew in the Manage Service column in the Manage Services Online table. 

Type in the Activation Key in the New License Key field and click Submit. 

If you activated SonicWALL ViewPoint at mysonicwall.com, the SonicWALL ViewPoint 

activation is automatically enabled on your SonicWALL within 24-hours or you can click the 

Synchronize button on the Security Services > Summary page to update your SonicWALL. 

Enabling ViewPoint Settings 

Once you have installed the SonicWALL ViewPoint software, you can point the SonicWALL 

security appliance to the server running ViewPoint, perform the following steps: 

Step 1 Check the Enable ViewPoint Settings checkbox in the Syslog Servers section of the Log > 

ViewPoint page. 

Step 2 

Step 3 

Step 4 

Step 5 

Click the Add button. The Add Syslog Server window is displayed. 

Enter the IP address or FQDN of the SonicWALL ViewPoint server in the Name or IP Address 

field. 

Enter the port number for the SonicWALL ViewPoint server traffic in the Port field or use the 

default port number. 

Click Accept. 

Note The Override Syslog Settings with ViewPoint Settings control on the Log > 

Syslog page is automatically checked when you enable ViewPoint from the Log > 

ViewPoint page. The IP address or FQDN you entered in the Add Syslog Server 

window is also displayed on the Log > Syslog page as well as in the Syslog Servers 

table on the Log > ViewPoint page. 

Clicking the Edit icon displays the Add Syslog Server window for editing the ViewPoint server 

information. Clicking the Delete icon, deletes the ViewPoint syslog server entry. 


Index of Log Event Messages 


This section contains a list of log event messages for all SonicWALL Firmware and SonicOS 

Software Releases, ordered alphabetically. Use your web browser’s Find function to search for 

a command. 

Log Event Message Symbols Key 

Log Event Message Symbol Description Context 

%s Ethernet Port Down Represents a character string. [WAN | LAN | DMZ] Ethernet Port 

Down 

The cache is full; %u open 

connections; some will be dropped 

Represents a numerical string. 

The cache is full; [40,000] open 

connections; some will be dropped 

TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling 

In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," 

will be rejected by a deeper layer of packet processing. In these cases, the connection request 

has not been forwarded by the SonicWALL security appliance, and the initial Connection Open 

SonicOS log event message should be ignored in favor of the TCP Connection Dropped log 

event message. 

Each log event message described in the following table provides the following log event details: 

• SonicOS Category—Displays the SonicOS Software category event type. 

• Legacy Category—Displays the SonicWALL Firmware Software category event type. 

• Priority Level—Displays the level of urgency of the log event message. 

• Log Message ID Number—Displays the ID number of the log event message. 

• SNMP Trap Type—Displays the SNMP Trap ID number of the log event message. 


19


Log Event Message Index 

Log Event Message New Category Legacy Category Priority ID 

SNMP 

Trap 

Type 

Network Security Appliance activated Firewall Event Maintenance Alert 4 --- 

Log cleared Firewall Logging Maintenance Information 5 --- 

Log successfully sent via email Firewall Logging Maintenance Information 6 --- 

Log full; deactivating Network Security Firewall Logging System Error Error 7 601 

Appliance 

New URL List loaded Security Services Maintenance Information 8 --- 

No new URL List available Security Services Maintenance Information 9 --- 

Problem loading the URL List; check Filter Security Services System Error Error 10 602 

settings 

Problem loading the URL List; check your Security Services System Error Error 11 603 

DNS server 

Problem sending log email; check log Firewall Logging System Error Warning 12 604 

settings 

Restarting Network Security Appliance; Firewall Event Maintenance Information 13 --- 

dumping log to email 

Web site access denied Network Access Blocked Sites Error 14 701 

Newsgroup access denied Network Access Blocked Sites Notice 15 702 

Web site access allowed Network Access Blocked Sites Notice 16 703 

Newsgroup access allowed Network Access Blocked Sites Notice 17 704 

ActiveX access denied Network Access Blocked Code Notice 18 --- 

Java access denied Network Access Blocked Code Notice 19 --- 

ActiveX or Java archive access denied Network Access Blocked Code Notice 20 --- 

Cookie removed Network Access Blocked Code Notice 21 --- 

Ping of death dropped Intrusion Detection Attack Alert 22 501 

IP spoof dropped Intrusion Detection Attack Alert 23 502 

User logged out - user disconnect detected Authenticate User Activity Information 24 --- 

(heartbeat timer expired) 

Access 

Possible SYN flood attack detected Intrusion Detection Attack Warning 25 503 

Land attack dropped Intrusion Detection Attack Alert 27 505 

Fragmented packet dropped Network TCP | UDP | ICMP Notice 28 --- 

Administrator login allowed 

Authenticate 

Access 

User Activity Information 29 --- 

Administrator login denied due to bad 

credentials 

User login from an internal zone allowed 

User login denied due to bad credentials 

User login denied due to bad credentials 

Login screen timed out 


Access 


Access 


Access 


Access 


Access 

Attack Alert 30 560 








Attack Alert 35 506 

Administrator login denied from %s; logins 

disabled from this interface 


Access 

TCP connection dropped Network Access TCP Notice 36 --- 

UDP packet dropped Network Access UDP Notice 37 --- 

ICMP packet dropped due to policy Network Access ICMP Notice 38 --- 

PPTP packet dropped Network Access TCP | UDP | ICMP Notice 39 --- 

IPsec packet dropped Network Access TCP | UDP | ICMP Notice 40 --- 

Unknown protocol dropped Network Access Debug Notice 41 --- 

IPsec packet dropped; waiting for pending Network Access Debug Debug 42 --- 

IPsec connection 

IPsec connection interrupt Network Access Debug Debug 43 --- 

NAT could not remap incoming packet Unused System Error Error 44 606 

ARP timeout Network Debug Debug 45 --- 

Broadcast packet dropped Network Access Debug Debug 46 --- 

No ICMP redirect sent Unused Debug Debug 47 --- 

Out-of-order command packet dropped Network Access Debug Debug 48 --- 

Failure to add data channel Unused Debug Debug 49 --- 

RealAudio decode failure Unused Debug Debug 50 --- 

Duplicate packet dropped Network Access Debug Debug 51 --- 

No HOST tag found in HTTP request Network Access Debug Debug 52 --- 

The cache is full; %u open connections; Firewall Event System Error Error 53 607 

some will be dropped 

License exceeded: Connection dropped Firewall Event System Error Error 58 608 

because too many IP addresses are in use 

on your LAN 

Access to proxy server denied Network Access Blocked Sites Notice 60 705 

Diagnostic Code E VPN IPsec System Error Error 61 609 

Dynamic IPsec client connected VPN IPsec User Activity Information 62 --- 

Received fragmented packet or 

Network Debug Debug 63 --- 

fragmentation needed 

Diagnostic Code D Firewall Hardware System Error Error 64 610 

Illegal IPsec SPI VPN IPsec User Activity Information 65 --- 

Unknown IPsec SPI VPN IPsec Attack Error 66 507 

IPsec Authentication Failed VPN IPsec Attack Error 67 508 

IPsec Decryption Failed VPN IPsec Attack Error 68 509 

Incompatible IPsec Security Association VPN IPsec User Activity Information 69 --- 

IPsec packet from or to an illegal host VPN IPsec Attack Error 70 510 

NetBus attack dropped Intrusion Detection Attack Alert 72 511 

Back Orifice attack dropped Intrusion Detection Attack Alert 73 512 

Net Spy attack dropped Intrusion Detection Attack Alert 74 513 

Sub Seven attack dropped Intrusion Detection Attack Alert 75 514 

Ripper attack dropped Intrusion Detection Attack Alert 76 515 

Striker attack dropped Intrusion Detection Attack Alert 77 516 

Senna Spy attack dropped Intrusion Detection Attack Alert 78 517 

SNMP 

Trap 

Type 


21



Priority attack dropped Intrusion Detection Attack Alert 79 518 

Ini Killer attack dropped Intrusion Detection Attack Alert 80 519 

Smurf Amplification attack dropped Intrusion Detection Attack Alert 81 520 

Possible port scan detected Intrusion Detection Attack Alert 82 521 

Probable port scan detected Intrusion Detection Attack Alert 83 522 

Failed to resolve name Network Maintenance Information 84 --- 

IKE Responder: Accepting IPsec proposal VPN IKE User Activity Information 87 --- 

(Phase 2) 

IKE Responder: IPsec proposal does not VPN IKE User Activity Warning 88 523 

match (Phase 2) 

IKE negotiation complete. Adding IPsec SA. VPN IKE User Activity Information 89 --- 

(Phase 2) 

Starting IKE negotiation VPN IKE User Activity Information 90 --- 

Deleting IPsec SA for destination VPN IKE User Activity Information 91 --- 

Deleting IPsec SA VPN IKE User Activity Information 92 --- 

Diagnostic Code A Firewall Hardware System Error Error 93 611 

Diagnostic Code B Firewall Hardware System Error Error 94 612 

Diagnostic Code C Firewall Hardware System Error Error 95 613 

Status GMS Maintenance Emergency 96 --- 

#Web site hit Network Traffic Connection Traffic Information 97 --- 

Connection Opened Network Traffic Connection Information 98 --- 

Retransmitting DHCP DISCOVER. DHCP Client Maintenance Information 99 --- 

Retransmitting DHCP REQUEST 

DHCP Client Maintenance Information 100 --- 

(Requesting). 



(Renewing). 



(Rebinding). 



(Rebooting). 

Retransmitting DHCP REQUEST (Verifying). DHCP Client Maintenance Information 104 --- 

Sending DHCP DISCOVER. DHCP Client Maintenance Information 105 --- 

DHCP Server not available. Did not get any DHCP Client Maintenance Information 106 --- 

DHCP OFFER. 

Got DHCP OFFER. Selecting. DHCP Client Maintenance Information 107 --- 

Sending DHCP REQUEST. DHCP Client Maintenance Information 108 --- 

DHCP Client did not get DHCP ACK. DHCP Client Maintenance Information 109 --- 

DHCP Client got NACK. DHCP Client Maintenance Information 110 --- 

DHCP Client got ACK from server. DHCP Client Maintenance Information 111 --- 

DHCP Client is declining address offered by DHCP Client Maintenance Information 112 --- 

the server. 

DHCP Client sending REQUEST and going 

to REBIND state. 


SNMP 

Trap 

Type 




DHCP Client sending REQUEST and going DHCP Client Maintenance Information 114 --- 

to RENEW state. 

Sending DHCP REQUEST (Renewing). DHCP Client Maintenance Information 115 --- 

Sending DHCP REQUEST (Rebinding). DHCP Client Maintenance Information 116 --- 

Sending DHCP REQUEST (Rebooting). DHCP Client Maintenance Information 117 --- 

Sending DHCP REQUEST (Verifying). DHCP Client Maintenance Information 118 --- 

DHCP Client failed to verify and lease has DHCP Client Maintenance Information 119 --- 

expired. Go to INIT state. 

DHCP Client failed to verify and lease is still DHCP Client Maintenance Information 120 --- 

valid. Go to BOUND state. 

DHCP Client got a new IP address lease. DHCP Client Maintenance Information 121 --- 

Sending DHCP RELEASE. DHCP Client Maintenance Information 122 --- 

Access attempt from host without Anti-Virus Security Services Maintenance Information 123 --- 

agent installed 

Anti-Virus agent out-of-date on host Security Services Maintenance Information 124 --- 

Received AV Alert: %s Security Services Maintenance Warning 125 524 

Starting PPPoE discovery PPPoE Maintenance Information 127 --- 

PPPoE LCP Link Up PPPoE Maintenance Information 128 --- 

PPPoE LCP Link Down PPPoE Maintenance Information 129 --- 

PPPoE terminated PPPoE Maintenance Information 130 --- 

PPPoE Network Connected PPPoE Maintenance Information 131 --- 

PPPoE Network Disconnected PPPoE Maintenance Information 132 --- 

PPPoE discovery process complete PPPoE Maintenance Information 133 --- 

PPPoE starting CHAP Authentication PPPoE Maintenance Information 134 --- 

PPPoE starting PAP Authentication PPPoE Maintenance Information 135 --- 

PPPoE CHAP Authentication Failed PPPoE Maintenance Information 136 --- 

PPPoE PAP Authentication Failed PPPoE Maintenance Information 137 --- 

Wan IP Changed Firewall Event System Error Warning 138 636 

XAUTH Succeeded with VPN client VPN Client User Activity Information 139 --- 

XAUTH Failed with VPN client, 

VPN Client User Activity Error 140 --- 

Authentication failure 

XAUTH Failed with VPN client, Cannot VPN Client User Activity Information 141 --- 

Contact RADIUS Server 

Log Debug Firewall Event Debug Error 142 --- 

Add an attack message Firewall Event Attack Error 143 525 

Primary firewall has transitioned to Active High Availability Maintenance Alert 144 --- 

Backup firewall has transitioned to Active High Availability Maintenance Alert 145 --- 

Primary firewall has transitioned to Idle High Availability System Error Alert 146 614 

Backup firewall has transitioned to Idle High Availability Maintenance Alert 147 --- 

Primary missed heartbeats from Backup High Availability System Error Error 148 615 

Backup missed heartbeats from Primary High Availability System Error Error 149 616 

Primary received error signal from Backup High Availability System Error Error 150 617 

Backup received error signal from Primary High Availability System Error Error 151 618 

Backup firewall being preempted by Primary High Availability System Error Error 152 619 

SNMP 

Trap 

Type 


23


SNMP 

Trap 

Log Event Message New Category Legacy Category Priority ID Type 

Primary firewall preempting Backup High Availability System Error Error 153 620 

Active Backup detects Active Primary: High Availability Maintenance Information 154 --- 

Backup going Idle 

Imported HA hardware ID did not match this High Availability Maintenance Information 155 --- 

firewall 

Discovered HA Backup Firewall High Availability Maintenance Information 156 --- 

HA Peer Firewall Synchronized High Availability Maintenance Information 157 --- 

Error synchronizing HA peer firewall (%s) High Availability System Error Error 158 662 

Received AV Alert: Your Network Anti-Virus Security Services Maintenance Warning 159 526 

subscription has expired. %s 

Primary received heartbeat from wrong High Availability Maintenance Information 160 --- 

source 

Backup received heartbeat from wrong High Availability Maintenance Information 161 --- 

source 

HA packet processing error High Availability Maintenance Information 162 --- 

Heartbeat received from incompatible source High Availability Maintenance Information 163 --- 

Diagnostic Code F Firewall Hardware System Error Error 164 621 

Forbidden E-Mail attachment disabled Intrusion Detection Attack Alert 165 527 

PPPoE PAP Authentication success. PPPoE Maintenance Information 166 --- 

PPPoE PAP Authentication Failed. Please PPPoE Maintenance Information 167 --- 

verify PPPoE username and password 

Disconnecting PPPoE due to traffic timeout PPPoE Maintenance Information 168 --- 

No response from ISP Disconnecting PPPoE Maintenance Information 169 --- 

PPPoE. 

Backup going Active in preempt mode after High Availability System Error Error 170 622 

reboot 

VPN Log Debug VPN IKE Debug Information 172 --- 

TCP connection from LAN denied Network Access LAN TCP Notice 173 --- 

UDP packet from LAN dropped Network Access LAN UDP | LAN Notice 174 --- 

TCP 

ICMP packet from LAN dropped Network Access LAN ICMP | LAN Notice 175 --- 

TCP 

Probable TCP FIN scan detected Intrusion Detection Attack Alert 177 528 

Probable TCP XMAS scan detected Intrusion Detection Attack Alert 178 529 

Probable TCP NULL scan detected Intrusion Detection Attack Alert 179 530 

IPsec Replay Detected VPN IPsec Attack Alert 180 531 

TCP FIN packet dropped Network Debug Debug 181 --- 

Received a path MTU icmp message from Network User Activity Information 182 --- 

router/gateway 

Problem loading the URL List; Appliance not Security Services System Error Error 183 623 

registered. 

Problem loading the URL List; Subscription Security Services System Error Error 184 624 

expired. 

Problem loading the URL List; Try loading it 

again. 

Security Services System Error Error 185 625 



SNMP 

Trap 


Problem loading the URL List; Retrying later. Security Services System Error Error 186 626 

Problem loading the URL List; Flash write Security Services System Error Error 187 627 

failure. 

Received a path MTU icmp message from Network User Activity Information 188 --- 

router/gateway 

The loaded content URL List has expired. Security Services System Error Error 190 628 

Error setting the IP address of the backup, High Availability System Error Error 191 629 

please manually set to backup LAN IP 

Error updating HA peer configuration High Availability System Error Error 192 630 

Fraudulent Microsoft certificate found; Intrusion Detection Attack Error 193 532 

access denied 

VPN TCP SYN VPN VPN Statistics Information 194 --- 

VPN TCP FIN VPN VPN Statistics Information 195 --- 

VPN TCP PSH VPN VPN Statistics Information 196 --- 

Content filter subscription expired. Security Services System Error Error 197 631 

New firmware available. Firewall Event Maintenance Information 198 --- 

CLI administrator login allowed 

Authenticate User Activity Information 199 --- 

Access 

CLI administrator login denied due to bad Authenticate User Activity Warning 200 --- 

credentials 

Access 

L2TP Tunnel Negotiation Started L2TP Client Maintenance Information 201 --- 

L2TP Session Negotiation Started L2TP Client Maintenance Information 202 --- 

L2TP Max Retransmission Exceeded L2TP Client Maintenance Information 203 --- 

L2TP Tunnel Established L2TP Client Maintenance Information 204 --- 

L2TP Tunnel Disconnect from Remote L2TP Client Maintenance Information 205 --- 

L2TP Session Established L2TP Client Maintenance Information 206 --- 

L2TP Session Disconnect from Remote L2TP Client Maintenance Information 207 --- 

L2TP PPP Negotiation Started L2TP Client Maintenance Information 208 --- 

L2TP LCP Down L2TP Client Maintenance Information 209 --- 

L2TP PPP Session Up L2TP Client Maintenance Information 210 --- 

L2TP PPP Down L2TP Client Maintenance Information 211 --- 

L2TP PPP Authentication Failed L2TP Client Maintenance Information 212 --- 

L2TP LCP Up L2TP Client Maintenance Information 213 --- 

L2TP Disconnect Initiated by the User L2TP Client Maintenance Information 214 --- 

Disconnecting L2TP Tunnel due to traffic L2TP Client Maintenance Information 215 --- 

timeout 

L2TP Connect Initiated by the User L2TP Client Maintenance Information 216 --- 

L2TP PPP link down L2TP Client Maintenance Information 217 --- 

Primary WAN link down, Primary going Idle High Availability Maintenance Information 218 --- 

Backup WAN link down, Primary going High Availability System Error Error 219 633 

Active 

Primary WAN link down, Backup going High Availability System Error Error 220 634 

Active 

Primary WAN link up, preempting Backup High Availability Maintenance Information 221 --- 


25


SNMP 

Trap 


DHCP RELEASE relayed to Central 

Gateway 

DHCP Relay Maintenance Information 222 --- 

DHCP lease relayed to local device DHCP Relay Maintenance Information 223 --- 

DHCP RELEASE received from remote DHCP Relay Debug Information 224 --- 

device 

DHCP lease relayed to remote device DHCP Relay Debug Information 225 --- 

DHCP lease to LAN device conflicts with DHCP Relay Maintenance Information 226 --- 

remote device, deleting remote IP entry 

WARNING: DHCP lease relayed from DHCP Relay Maintenance Information 227 --- 

Central Gateway conflicts with IP in Static 

Devices list 

DHCP lease dropped. Lease from Central DHCP Relay Maintenance Warning 228 --- 

Gateway conflicts with Relay IP 

IP spoof detected on packet to Central DHCP Relay Attack Error 229 533 

Gateway, packet dropped 

Request for Relay IP Table from Central DHCP Relay Maintenance Information 230 --- 

Gateway 

Requesting Relay IP Table from Remote DHCP Relay Maintenance Information 231 --- 

Gateway 

Sent Relay IP Table to Central Gateway DHCP Relay Maintenance Information 232 --- 

Obtained Relay IP Table from Remote DHCP Relay Maintenance Information 233 --- 

Gateway 

Failed to synchronize Relay IP Table DHCP Relay System Error Warning 234 632 

VPN zone administrator login allowed Authenticate User Activity Information 235 --- 

Access 

WAN zone administrator login allowed Authenticate User Activity Information 236 --- 

Access 

VPN zone remote user login allowed Authenticate User Activity Information 237 --- 

Access 

WAN zone remote user login allowed Authenticate User Activity Information 238 --- 

Access 

NAT Discovery : Peer IPsec Security VPN IKE User Activity Information 239 --- 

Gateway behind a NAT/NAPT Device 

NAT Discovery : Local IPsec Security VPN IKE User Activity Information 240 --- 

Gateway behind a NAT/NAPT Device 

NAT Discovery : No NAT/NAPT device VPN IKE User Activity Information 241 --- 

detected between IPsec Security gateways 

NAT Discovery : Peer IPsec Security VPN IKE User Activity Information 242 --- 

Gateway doesn't support VPN NAT 

Traversal 

User login denied - RADIUS authentication RADIUS User Activity Information 243 --- 

failure 

User login denied - RADIUS server timeout RADIUS User Activity Warning 244 --- 

User login denied - RADIUS configuration 

error 

RADIUS User Activity Warning 245 --- 





User login denied - User has no privileges for 

login from that location 


Access 

IPsec packet from an illegal host VPN IPsec Maintenance Information 247 --- 

Forbidden E-Mail attachment deleted Intrusion Detection Attack Error 248 534 

IKE Responder: Mode %d - not tunnel mode VPN IKE User Activity Warning 249 535 

IKE Responder: No matching Phase 1 ID VPN IKE User Activity Warning 250 536 

found for proposed remote network 

IKE Responder: Proposed remote network is VPN IKE User Activity Warning 251 537 

0.0.0.0 but not DHCP relay nor default route 

IKE Responder: No match for proposed VPN IKE User Activity Warning 252 538 

remote network address 

IKE Responder: Default LAN gateway is set VPN IKE User Activity Warning 253 539 

but peer is not proposing to use this SA as a 

default route 

IKE Responder: Tunnel terminates outside VPN IKE User Activity Warning 254 540 

firewall but proposed local network is not 

NAT public address 

IKE Responder: Tunnel terminates inside VPN IKE User Activity Warning 255 541 

firewall but proposed local network is not 

inside firewall 

IKE Responder: Tunnel terminates on DMZ VPN IKE User Activity Warning 256 542 

but proposed local network is on LAN 

IKE Responder: Tunnel terminates on LAN VPN IKE User Activity Warning 257 543 

but proposed local network is on DMZ 

IKE Responder: AH Perfect Forward VPN IKE User Activity Warning 258 544 

Secrecy mismatch 

IKE Responder: ESP Perfect Forward VPN IKE User Activity Warning 259 545 

Secrecy mismatch 

IKE Responder: Algorithms and/or keys do VPN IKE User Activity Warning 260 546 

not match 

Administrator logged out 


Access 

Administrator logged out - inactivity timer Authenticate User Activity Information 262 --- 

expired 

Access 

User logged out 


Access 


User logged out - max session time 

exceeded 

User logged out - inactivity timer expired 

NAT device may not support IPsec AH 

passthrough 


Access 



Access 

VPN IPsec Maintenance Information 266 --- 

TCP Xmas Tree dropped Intrusion Detection Attack Alert 267 547 

CFL auto-download disabled, time problem Security Services Maintenance Information 268 --- 

detected 

Requesting CRL from VPN PKI User Activity Information 269 --- 

SNMP 

Trap 

Type 


27


SNMP 

Trap 


CRL loaded from VPN PKI User Activity Information 270 --- 

Failed to get CRL from VPN PKI User Activity Alert 271 --- 

Not enough memory to hold the CRL VPN PKI User Activity Warning 272 --- 

Connection timed out VPN PKI User Activity Alert 273 --- 

Cannot connect to the CRL server VPN PKI User Activity Alert 274 --- 

Unknown reason VPN PKI User Activity Error 275 --- 

Failed to Process CRL from VPN PKI User Activity Alert 276 --- 

Bad CRL format VPN PKI User Activity Alert 277 --- 

Issuer match failed VPN PKI User Activity Alert 278 --- 

Certificate on Revoked list(CRL) VPN PKI User Activity Alert 279 --- 

No Certificate for VPN PKI User Activity Alert 280 --- 

PPP Dial-Up: Dialing: %s PPP Dial Up User Activity Information 281 --- 

PPP Dial-Up: No dialtone detected - check PPP Dial Up User Activity Information 282 --- 

phone-line connection 

PPP Dial-Up: No link carrier detected - check PPP Dial Up User Activity Information 283 --- 

phone number 

PPP Dial-Up: Dialed number is busy PPP Dial Up User Activity Information 284 --- 

PPP Dial-Up: Dialed number did not answer PPP Dial Up User Activity Information 285 --- 

PPP Dial-Up: Connected at %s bps - starting PPP Dial Up User Activity Information 286 --- 

PPP 

PPP Dial-Up: Unknown dialing failure PPP Dial Up User Activity Information 287 --- 

PPP Dial-Up: Link carrier lost PPP Dial Up User Activity Information 288 --- 

PPP: Authentication successful PPP --- Information 289 --- 

PPP: PAP Authentication failed - check PPP --- Information 290 --- 

username / password 

PPP: CHAP authentication failed - check PPP --- Information 291 --- 


PPP: MS-CHAP authentication failed - check PPP --- Information 292 --- 


PPP: Starting MS-CHAP authentication PPP --- Information 293 --- 

PPP: Starting CHAP authentication PPP --- Information 294 --- 

PPP: Starting PAP authentication PPP --- Information 295 --- 

PPP Dial-Up: PPP negotiation failed - PPP Dial Up User Activity Information 296 --- 

disconnecting 

PPP Dial-Up: Idle time limit exceeded - PPP Dial Up User Activity Information 297 --- 

disconnecting 

PPP Dial-Up: Failed to get IP address PPP Dial Up User Activity Information 298 --- 

PPP Dial-Up: Received new IP address PPP Dial Up User Activity Information 299 --- 

PPP Dial-Up: PPP link established PPP Dial Up User Activity Information 300 --- 

PPP Dial-Up: PPP link down PPP Dial Up User Activity Information 301 --- 

PPP Dial-Up: Shutting down link PPP Dial Up User Activity Information 302 --- 

PPP Dial-Up: Initialization : %s PPP Dial Up User Activity Information 303 --- 

PPP Dial-Up: User requested disconnect PPP Dial Up User Activity Information 304 --- 

PPP Dial-Up: User requested connect PPP Dial Up User Activity Information 305 --- 



SNMP 

Trap 


PPP Dial-Up: Connect request canceled PPP Dial Up User Activity Information 306 --- 

The network connection in use is %s WAN Failover System Error Warning 307 639 

L2TP Server : L2TP Tunnel Established. L2TP Server Maintenance Information 308 --- 

L2TP Server : L2TP Session Established. L2TP Server Maintenance Information 309 --- 

L2TP Server : L2TP PPP Session 

L2TP Server Maintenance Information 310 --- 

Established. 

L2TP Server: RADIUS/LDAP reports L2TP Server Maintenance Information 311 --- 

Authentication Failure 

L2TP Server: Local Authentication Failure L2TP Server Maintenance Information 312 --- 

L2TP Server: RADIUS/LDAP server not L2TP Server Maintenance Information 313 --- 

assigned IP address 

L2TP Server: No IP address available in the L2TP Server Maintenance Information 314 --- 

Local IP Pool 

L2TP Server: L2TP Tunnel Disconnect from L2TP Server Maintenance Information 315 --- 

the Remote. 

L2TP Server: L2TP Session Disconnect L2TP Server Maintenance Information 316 --- 

from the Remote. 

L2TP Server: L2TP Remote terminated the L2TP Server Maintenance Information 317 --- 

PPP session 

L2TP Server: Local Authentication L2TP Server Maintenance Information 318 --- 

Success. 

L2TP Server: RADIUS/LDAP Authentication L2TP Server Maintenance Information 319 --- 

Success 

L2TP Server: Keep alive Failure. Closing L2TP Server Maintenance Information 320 --- 

Tunnel 

PPP Dial-Up: Manual intervention needed. PPP Dial Up User Activity Information 321 --- 

Check Primary Profile or Profile details 

PPP Dial-Up: Trying to failover but Primary PPP Dial Up User Activity Information 322 --- 

Profile is manual 

PPP Dial-Up: Startup without Ethernet cable, PPP Dial Up User Activity Information 323 --- 

will try to dial on outbound traffic 

PPP Dial-Up: Dial initiated by %s PPP Dial Up Maintenance Information 324 --- 

The current WAN interface is not ready to Firewall Event System Error Error 325 635 

route packets. 

Probing failure on %s WAN Failover System Error Alert 326 637 

PPP Dial-Up: Maximum connection time PPP Dial Up User Activity Information 327 --- 

exceeded - disconnecting 

Administrator name changed 

Authenticate Maintenance Information 328 --- 

Access 

User login failure rate exceeded - logins from Authenticate Attack Error 329 561 

user IP address denied 

Access 

PPP Dial-Up: The profile in use disabled PPP Dial Up Maintenance Information 330 --- 

VPN networking. 

PPP Dial-Up: VPN networking restored. PPP Dial Up Maintenance Information 331 --- 

%s Ethernet Port Up Firewall Event System Error Warning 332 640 

%s Ethernet Port Down Firewall Event System Error Error 333 641 


29


SNMP 

Trap 


L2TP Server: Call Disconnect from Remote. L2TP Server Maintenance Information 334 --- 

L2TP Server: Tunnel Disconnect from L2TP Server Maintenance Information 335 --- 

Remote. 

L2TP Server : Deleting the Tunnel L2TP Server Maintenance Information 336 --- 

L2TP Server : Deleting the L2TP active L2TP Server Maintenance Information 337 --- 

Session 

L2TP Server : Retransmission Timeout, L2TP Server Maintenance Information 338 --- 

Deleting the Tunnel 

NAT translated packet exceeds size limit, Network Debug Debug 339 --- 

packet dropped 

HTTP management port has changed Firewall Event Maintenance Information 340 --- 

HTTPS management port has changed Firewall Event Maintenance Information 341 --- 

IKE Responder: Mode %d - not transport VPN IKE Debug Warning 342 --- 

mode. Xauth is required but not supported 

by peer. 

L2TP Server : Access from L2TP VPN Client L2TP Server Maintenance Information 343 --- 

Privilege not enabled for Radius Users. 

L2TP Server : User Name authentication L2TP Server Maintenance Information 344 --- 

Failure locally. 

IKE Responder: Tunnel terminates outside VPN IKE User Activity Warning 345 548 

firewall but proposed remote network is not 

NAT public address 

IKE Initiator: Start Quick Mode (Phase 2). VPN IKE User Activity Information 346 --- 

Port configured to receive IPsec protocol Network Access TCP | UDP | ICMP Warning 347 --- 

ONLY; drop packet received in the clear 

Imported VPN SA is invalid - disabled Firewall Event Maintenance Warning 348 --- 

IPsec SA lifetime expired. VPN IPsec User Activity Information 349 --- 

IKE SA lifetime expired. VPN IKE User Activity Information 350 --- 

IKE Initiator: Start Main Mode negotiation VPN IKE User Activity Information 351 --- 

(Phase 1) 

IKE Responder: Received Quick Mode VPN IKE User Activity Information 352 --- 

Request (Phase 2) 

IKE Initiator: Main Mode complete (Phase 1) VPN IKE User Activity Information 353 --- 

IKE Initiator: Aggressive Mode complete VPN IKE User Activity Information 354 --- 

(Phase 1). 

IKE Responder: Received Main Mode VPN IKE User Activity Information 355 --- 

request (Phase 1) 

IKE Responder: Received Aggressive Mode VPN IKE User Activity Information 356 --- 

request (Phase 1) 

IKE Responder: Main Mode complete VPN IKE User Activity Information 357 --- 

(Phase 1) 

IKE Initiator: Start Aggressive Mode VPN IKE User Activity Information 358 --- 

negotiation (Phase 1) 

Entering FIPS ERROR state Crypto Test Maintenance Error 359 --- 

Crypto DES test failed Crypto Test Maintenance Error 360 --- 

Crypto DH test failed Crypto Test Maintenance Error 361 --- 



SNMP 

Trap 


Crypto Hmac-MD5 fest failed Crypto Test Maintenance Error 362 --- 

Crypto Hmac-Sha1 test failed Crypto Test Maintenance Error 363 --- 

Crypto RSA test failed Crypto Test Maintenance Error 364 --- 

Crypto Sha1 test failed Crypto Test Maintenance Error 365 --- 

Crypto hardware DES test failed Crypto Test Maintenance Error 366 --- 

Crypto hardware 3DES test failed Crypto Test Maintenance Error 367 --- 

Crypto hardware DES with SHA test failed Crypto Test Maintenance Error 368 --- 

Crypto Hardware 3DES with SHA test failed Crypto Test Maintenance Error 369 --- 

Crypto MD5 test failed Crypto Test Maintenance Error 370 --- 

VPN Client Policy Provisioning VPN Client User Activity Information 371 --- 

IKE Initiator: Accepting IPsec proposal VPN IKE User Activity Information 372 --- 

(Phase 2) 

IKE Responder: Aggressive Mode complete VPN IKE User Activity Information 373 --- 

(Phase 1) 

Error initializing Hardware acceleration for Firewall Hardware Maintenance Error 374 --- 

VPN 

PPTP Control Connection Negotiation PPTP Maintenance Information 375 --- 

Started 

PPTP Session Negotiation Started PPTP Maintenance Information 376 --- 

PPTP Max Retransmission Exceeded PPTP Maintenance Information 377 --- 

PPTP Control Connection Established PPTP Maintenance Information 378 --- 

PPTP Tunnel Disconnect from Remote PPTP Maintenance Information 379 --- 

PPTP Session Established PPTP Maintenance Information 380 --- 

PPTP Session Disconnect from Remote PPTP Maintenance Information 381 --- 

PPTP PPP Negotiation Started PPTP Maintenance Information 382 --- 

PPTP LCP Down PPTP Maintenance Information 383 --- 

PPTP PPP Session Up PPTP Maintenance Information 384 --- 

PPTP PPP Down PPTP Maintenance Information 385 --- 

PPTP PPP Authentication Failed PPTP Maintenance Information 386 --- 

PPTP LCP Up PPTP Maintenance Information 387 --- 

PPTP Disconnect Initiated by the User PPTP Maintenance Information 388 --- 

Disconnecting PPTP Tunnel due to traffic PPTP Maintenance Information 389 --- 

timeout 

PPTP Connect Initiated by the User PPTP Maintenance Information 390 --- 

PPTP PPP link down PPTP Maintenance Information 391 --- 

PPTP starting CHAP Authentication PPTP Maintenance Information 392 --- 

PPTP starting PAP Authentication PPTP Maintenance Information 393 --- 

PPTP CHAP Authentication Failed. Please PPTP Maintenance Information 394 --- 

verify PPTP username and password 

PPTP PAP Authentication Failed PPTP Maintenance Information 395 --- 

PPTP PAP Authentication success. PPTP Maintenance Information 396 --- 

PPTP PAP Authentication Failed. Please PPTP Maintenance Information 397 --- 

verify PPTP username and password 

PPTP PPP Link Up PPTP Maintenance Information 398 --- 


31


SNMP 

Trap 


PPTP PPP Link down PPTP Maintenance Information 399 --- 

PPTP PPP Link Finished PPTP Maintenance Information 400 --- 

Received notify. NO_PROPOSAL_CHOSEN VPN IKE User Activity Warning 401 --- 

IKE Responder: IKE proposal does not VPN IKE User Activity Warning 402 --- 

match (Phase 1) 

IKE negotiation aborted due to timeout VPN IKE User Activity Information 403 --- 

Failed payload verification after decryption; VPN IKE User Activity Warning 404 --- 

possible preshared key mismatch 

Failed payload validation VPN IKE User Activity Warning 405 --- 

Received packet retransmission. Drop VPN IKE User Activity Warning 406 --- 

duplicate packet 

SA is disabled. Check VPN SA settings VPN IKE User Activity Information 407 --- 

Anti-Virus Licenses Exceeded Security Services Maintenance Information 408 --- 

Received notify: ISAKMP_AUTH_FAILED VPN IKE User Activity Warning 409 --- 

Computed hash does not match hash VPN IKE User Activity Warning 410 --- 

received from peer; preshared key mismatch 

Received notify: PAYLOAD_MALFORMED VPN IKE User Activity Warning 411 --- 

Received IPsec SA delete request VPN IKE User Activity Information 412 --- 

Received IKE SA delete request VPN IKE User Activity Information 413 --- 

Received notify: INVALID_COOKIES VPN IKE User Activity Information 414 --- 

Received notify: RESPONDER_LIFETIME VPN IKE User Activity Information 415 --- 

Received notify: INVALID_SPI VPN IKE User Activity Information 416 --- 

PKI Error: VPN PKI Maintenance Error 417 --- 

IKE Responder: Proposed local network is VPN IKE User Activity Warning 418 549 

0.0.0.0 but SA has no LAN Default Gateway 

RIP disabled on interface %s RIP Maintenance Information 419 8401 

RIPv1 enabled on interface %s RIP Maintenance Information 420 8402 

RIPv2 enabled on interface %s RIP Maintenance Information 421 8403 

RIPv2 compatibility (broadcast) mode RIP Maintenance Information 422 8404 

enabled on interface %s 

RIP disabled on DMZ interface RIP Maintenance Information 423 8405 

RIPv1 enabled on DMZ interface RIP Maintenance Information 424 8406 

RIPv2 enabled on DMZ interface RIP Maintenance Information 425 8407 


enabled on DMZ interface 

IPsecTunnel status changed VPN VPN Tunnel Information 427 801 

Status 

Source routed IP packet dropped Intrusion Detection Debug Warning 428 --- 

No response from server to Echo Requests, PPTP Maintenance Information 429 --- 

disconnecting PPTP Tunnel 

No response from PPTP server to control PPTP Maintenance Information 430 --- 

connection requests 

No response from PPTP server to call 

requests 

PPTP Maintenance Information 431 --- 



SNMP 

Trap 


PPTP server rejected control connection PPTP Maintenance Information 432 --- 

PPTP server rejected the call request PPTP Maintenance Information 433 --- 

PPP Dial-Up: Trying to failover but Alternate 

Profile is manual 

WAN Failover User Activity Information 434 --- 

WLB Failback initiated by %s WAN Failover System Error Alert 435 652 

Probing succeeded on %s WAN Failover System Error Alert 436 638 

E-Mail fragment dropped Intrusion Detection Attack Error 437 550 

Locked-out user logins allowed - lockout Authenticate User Activity Information 438 --- 

period expired 

Access 

Locked-out user logins allowed by 

administrator 


Access 


Access rule added Firewall Rule User Activity Information 440 --- 

Access rule modified Firewall Rule User Activity Information 441 --- 

Access rule deleted Firewall Rule User Activity Information 442 --- 

Access rules restored to defaults Firewall Rule User Activity Information 443 --- 

PPTP Server is not responding, check if the PPTP Maintenance Information 444 --- 

server is UP and running. 

IKE Initiator: Accepting peer lifetime. (Phase VPN IKE User Activity Information 445 --- 

1) 

FTP: PASV response spoof attack dropped Intrusion Detection Attack Error 446 551 

PKI Failure VPN PKI Maintenance Error 447 --- 

PKI Failure: Output buffer too small VPN PKI Maintenance Error 448 --- 

PKI Failure: Cannot alloc memory VPN PKI Maintenance Error 449 --- 

PKI Failure: Reached the limit for local certs, VPN PKI Maintenance Error 450 --- 

cant load any more 

PKI Failure: Import failed VPN PKI Maintenance Error 451 --- 

PKI Failure: Incorrect admin password VPN PKI Maintenance Error 452 --- 

PKI Failure: CA certificates store exceeded. VPN PKI Maintenance Error 453 --- 

Cannot verify this Local Certificate 

PKI Failure: Improper file format. Please VPN PKI Maintenance Error 454 --- 

select PKCS#12 (*.p12) file 

PKI Failure: Certificate's ID does not match VPN PKI Maintenance Error 455 --- 

this Network Security Appliance 

PKI Failure: public-private key mismatch VPN PKI Maintenance Error 456 --- 

PKI Failure: Duplicate local certificate name VPN PKI Maintenance Error 457 --- 

PKI Failure: Duplicate local certificate VPN PKI Maintenance Error 458 --- 

PKI Failure: No CA certificates yet loaded VPN PKI Maintenance Error 459 --- 

PKI Failure: Internal error VPN PKI Maintenance Error 460 --- 

PKI Failure: Temporary memory shortage, try VPN PKI Maintenance Error 461 --- 

again 

PKI Failure: The certificate chain is circular VPN PKI Maintenance Error 462 --- 

PKI Failure: The certificate chain is 

VPN PKI Maintenance Error 463 --- 

incomplete 

PKI Failure: The certificate chain has no root VPN PKI Maintenance Error 464 --- 


33



PKI Failure: The certificate or a certificate in 

the chain has expired 


the chain has a validity period in the future 


the chain is corrupt 


the chain has a bad signature 





PKI Failure: Loaded but could not verify VPN PKI Maintenance Error 469 --- 

certificate 

PKI Failure: Loaded the certificate but could VPN PKI Maintenance Error 470 --- 

not verify it's chain 

VPN Cleanup: Dynamic network settings VPN User Activity Information 471 --- 

change 

WARNING: Central Gateway does not have DHCP Relay Maintenance Information 472 --- 

a Relay IP Address. DHCP message 

dropped. 

DHCP REQUEST received from remote DHCP Relay Debug Information 473 --- 

device 

DHCP DISCOVER received from remote DHCP Relay Debug Information 474 --- 

device 

DHCP DECLINE received from remote DHCP Relay Debug Information 475 --- 

device 

DHCP OFFER received from server DHCP Relay Debug Information 476 --- 

DHCP NACK received from server DHCP Relay Debug Information 477 --- 

ERROR: DHCP over VPN policy is not DHCP Relay Maintenance Information 478 --- 

defined. Cannot start IKE. 

DHCP DISCOVER received from local DHCP Relay Debug Information 479 --- 

device 

DHCP REQUEST received from local device DHCP Relay Debug Information 480 --- 

PPP Dial-Up: No peer IP address from Dial- PPP Dial Up Maintenance Information 481 --- 

Up ISP, local and remote IPs will be the 

same 

Received AV Alert: Your Network Anti-Virus Security Services Maintenance Warning 482 552 

subscription will expire in 7 days. %s 

Received notify: INVALID_ID_INFO VPN IPsec User Activity Warning 483 --- 

DHCP lease dropped. Lease from Central DHCP Relay Maintenance Warning 484 --- 

Gateway conflicts with Remote Management 

IP 

Category: None --- Debug 485 --- 

User login denied - User has no privileges for 

guest service 


Access 


WLAN firmware image has been updated Wireless Maintenance Information 487 --- 

Packet dropped by guest check Network Access TCP | UDP | ICMP Warning 488 --- 

Received CFS Alert: Your Content Filtering 

subscription will expire in 7 days. 

Security Services Maintenance Warning 489 562 

SNMP 

Trap 

Type 




Received CFS Alert: Your Content Filtering 

subscription has expired. 


Received E-Mail Filter Alert: Your E-Mail Security Services Maintenance Warning 491 564 

Filtering subscription will expire in 7 days. 

Received E-Mail Filter Alert: Your E-Mail Security Services Maintenance Warning 492 565 

Filtering subscription has expired. 

ISDN Driver Firmware successfully updated Firewall Event Maintenance Information 493 --- 

Global VPN Client License Exceeded: VPN Client System Error Information 494 658 

Connection denied. 

Packet dropped by WLAN vpn traversal Wireless TCP | UDP | ICMP Warning 495 --- 

check 

Registration Update Needed: Restore your Security Services Maintenance Warning 496 --- 

existing security service subscriptions by 

clicking here. 

Entering FIPS Error State. Crypto Test System Error Error 497 659 

WAN Interface not setup Firewall Event Maintenance Information 498 --- 

PPPoE enabled but not ready PPPoE Maintenance Information 499 --- 

L2TP enabled but not ready Unused Maintenance Information 500 --- 

PPTP enabled but not ready PPTP Maintenance Information 501 --- 

WAN not ready Firewall Event Maintenance Information 502 --- 

VPN disabled for active dial up Unused Maintenance Information 503 --- 

DHCP client enabled but not ready DHCP Client Maintenance Information 504 --- 

Blocked Quick Mode for Client using Default VPN Client System Error Error 505 660 

KeyId 

VPN disabled by administrator 


Access 

VPN enabled by administrator 


Access 

WLAN disabled by administrator 


Access 

WLAN enabled by administrator 


Access 

Maintenance Information 509 --- 

WiFiSec Enforcement disabled by 

administrator 

WiFiSec Enforcement enabled by 

administrator 

Wireless MAC Filter List enabled by 

administrator 

Wireless MAC Filter List disabled by 

administrator 


Access 


Access 


Access 


Access 

PPPoE user name changed by Administrator Authenticate 

Access 

PPPoE password changed by Administrator Authenticate 

Access 







SNMP 

Trap 

Type 


35



IKE Responder: Default LAN gateway is not VPN IKE Attack Error 516 553 

set but peer is proposing to use this SA as a 

default route 

WLAN Reboot Firewall Hardware System Error Error 517 642 

802.11 Management Wireless 802.11b 

Information 518 --- 

Management 

WLAN recovery Wireless Maintenance Information 519 --- 

CLI administrator logged out 


Access 

Network Security Appliance initializing Firewall Event Maintenance Information 521 --- 

Malformed or unhandled IP packet dropped Network Access Debug Alert 522 554 

ICMP packet dropped no match Network Access ICMP Notice 523 --- 

Web access request dropped Network Access TCP Notice 524 --- 

Web management request allowed Network Access User Activity Notice 526 --- 

FTP: PORT bounce attack dropped. Intrusion Detection Attack Alert 527 555 

FTP: PASV response bounce attack Intrusion Detection Attack Alert 528 556 

dropped. 

Global VPN Client connection is not allowed. VPN Client System Error Information 529 643 

Appliance is not registered. 

Network Modem Mode Enabled: turning off PPP Dial Up Maintenance Information 530 --- 

NAT 

Network Modem Mode Disabled: re-enabling PPP Dial Up Maintenance Information 531 --- 

NAT 

Internet Access restricted to authorized Wireless TCP | UDP | ICMP Warning 532 --- 

users. Dropped packet received in the clear. 

IPsec (ESP) packet dropped VPN IPsec TCP | UDP | ICMP Notice 533 --- 

IPsec (AH) packet dropped VPN IPsec TCP | UDP | ICMP Notice 534 --- 

IPsec (ESP) packet dropped; waiting for VPN IPsec Debug Debug 535 --- 

pending IPsec connection 

IPsec (AH) packet dropped; waiting for VPN IPsec Debug Debug 536 --- 

pending IPsec connection 

Connection Closed Network Traffic Connection Traffic Information 537 --- 

FTP: Data connection from non default port Network Access Attack Alert 538 557 

dropped 

Real time clock battery failure Time values Firewall Hardware System Error Warning 539 644 

may be incorrect 

If not already enabled, enabling NTP is Firewall Hardware System Error Warning 540 645 

recommended 

Maximum number of Bandwidth Managed Firewall Event Maintenance Notice 541 --- 

rules exceeded upon upgrade to this version. 

Some Bandwith settings ignored. 

PPP Dial-Up: Previous session was PPP Dial Up User Activity Information 542 --- 

connected for %s 

IKE Initiator: Using secondary gateway to 

negotiate 

VPN IKE User Activity Information 543 --- 

SNMP 

Trap 

Type 




IKE Initiator drop: VPN tunnel end point does VPN IKE User Activity Information 544 --- 

not match configured VPN Policy Bound to 

scope 

IKE Responder drop: VPN tunnel end point VPN IKE User Activity Information 545 --- 

does not match configured VPN Policy 

Bound to scope 

Found Rogue Access Point WLAN IDS WLAN IDS Alert 546 901 

WLAN sequence number out of order WLAN IDS WLAN IDS Warning 547 902 

Association Flood from WLAN station WLAN IDS WLAN IDS Alert 548 903 

User login failed - Guest service limit 

reached 

Guest Session Timeout 

Guest Account Timeout 


Access 


Access 


Access 




SNMP 

Trap 

Type 

RIP disabled on WAN interface RIP Maintenance Information 552 8409 

RIPv1 enabled on WAN interface RIP Maintenance Information 553 8410 

RIPv2 enabled on WAN interface RIP Maintenance Information 554 8411 


enabled on WAN interface 

Found Rogue Access Point WLAN IDS WLAN IDS Alert 556 10804 

Guest login denied. Guest '%s' is already Authenticate User Activity Information 557 --- 

logged in. Please try again later. 

Access 

Guest account '%s' created 


Access 

Guest account '%s' deleted 


Access 

Guest account '%s' disabled 


Access 

Guest account '%s' re-enabled 


Access 

Guest account '%s' pruned 


Access 

Guest account '%s' re-generated 


Access 

Guest Idle Timeout 


Access 

Interface %s Link Is Up Firewall Event System Error Warning 565 646 

Interface %s Link Is Down Firewall Event System Error Error 566 647 

Interface IP Assignment changed: Shutting Firewall Event Maintenance Information 567 --- 

down %s 

Interface IP Assignment : Binding and Firewall Event Maintenance Information 568 --- 

initializing %s 

Network for interface %s overlaps with 

another interface. 

Firewall Event Maintenance Information 569 --- 


37



SNMP 

Trap 

Type 

Please connect interface %s to another Firewall Event Maintenance Information 570 --- 

network to function properly 

RIP Broadcasts for LAN Network %s are RIP Maintenance Information 571 8413 

being broadcast over dialup-connection 

A prior version of preferences was loaded Firewall Event System Error Warning 572 648 

because the most recent preferences file 

was inaccessible 

The preferences file is too large to be saved Firewall Event System Error Warning 573 649 

in available flash memory 

All preference values have been set to Firewall Event System Error Warning 574 650 

factory default values 

Voltages Out of Tolerance Firewall Hardware System 

Error 575 101 

Environment 

Fan Failure Firewall Hardware System 

Alert 576 102 

Environment 

Thermal Yellow Firewall Hardware System 

Alert 577 103 

Environment 

Thermal Red Firewall Hardware System 

Alert 578 104 

Environment 

Thermal Red Timer Exceeded Firewall Hardware System 

Alert 579 105 

Environment 

TCP Syn/Fin packet dropped Network Access Attack Alert 580 558 

WLB Spill-over started, configured threshold WAN Failover Maintenance Warning 581 --- 

exceeded 

WLB Spill-over stopped WAN Failover Maintenance Warning 582 --- 

User login disabled from %s 

Authenticate Attack Error 583 559 

Access 

WLB Failover in progress WAN Failover System Error Alert 584 651 

WLB Resource is now available WAN Failover System Error Alert 585 653 

WLB Resource failed WAN Failover System Error Alert 586 654 

Header verification failed VPN IKE User Activity Warning 587 --- 

Received DHCP offer packet has errors DHCP Client Maintenance Information 588 --- 

Received response packet for DHCP request DHCP Client Maintenance Information 589 --- 

has errors 

IP type %s packet dropped Network Access LAN UDP | LAN Notice 590 --- 

TCP 

Maximum sequential failed dial attempts (10) PPP Dial Up Attack Error 591 566 

to a single dial-up number: %s 

Regulatory requirements prohibit %s from PPP Dial Up Attack Error 592 567 

being re-dialed for 30 minutes 

Received PPPoE Active Discovery Offer PPPoE Maintenance Information 593 --- 

Received PPPoE Active Discovery 

PPPoE Maintenance Information 594 --- 

Session_confirmation 

Sending PPPoE Active Discovery Request PPPoE Maintenance Information 595 --- 

PPTP decode failure PPTP Debug Debug 596 --- 

ICMP packet allowed Network Access Debug Information 597 --- 




ICMP packet from LAN allowed Network Access Debug Information 598 --- 

Diagnostic Code G Firewall Hardware System Error Error 599 655 

Diagnostic Code H Firewall Hardware System Error Error 600 656 

Diagnostic Code I Firewall Hardware System Error Error 601 657 

DNS packet allowed Network Access Debug Information 602 --- 

Adding L2TP IP pool Address object Failed. L2TP Server System Error Error 603 661 

Global VPN Client version cannot enforce VPN Client User Activity Information 604 --- 

personal firewall. Minimum Version required 

is 2.1 

Received unencrypted packet in crypto VPN IKE User Activity Warning 605 --- 

active state 

Spank attack multicast packet dropped Intrusion Detection Attack Alert 606 568 

Received ISAKMP packet destined to port VPN IKE Debug | UDP Information 607 --- 

%s 

IPS Detection Alert: %s Intrusion Detection Attack Alert 608 569 

IPS Prevention Alert: %s Intrusion Detection Attack Alert 609 570 

Crypto Hardware AES test failed Crypto Test Maintenance Error 610 --- 

A SonicOS Standard to Enhanced Upgrade Firewall Event Maintenance Information 611 --- 

was performed 

Not all configurations may have been Firewall Event Maintenance Information 612 --- 

completely upgraded 

Please manually check all system 

Firewall Event Maintenance Information 613 --- 

configurations for correctness of Upgrade 

Received IPS Alert: Your Intrusion 


Prevention (IDP) subscription has expired. 

WLAN client null probing WLAN IDS WLAN IDS Warning 615 904 

Payload processing failed VPN IKE Debug Error 616 --- 

WLAN not in AP mode, DHCP server will not Wireless Maintenance Information 617 --- 

provide lease to clients on WLAN 

BOOTP server response relayed to remote BOOTP Debug Debug 618 --- 

device 

BOOTP Client IP address on LAN conflicts BOOTP Maintenance Information 619 --- 

with remote device IP, deleting IP address 

from remote table 

BOOTP reply relayed to local device BOOTP Maintenance Information 620 --- 

BOOTP Request received from remote BOOTP Debug Debug 621 --- 

device 

VoIP Call Connected VoIP VoIP Information 622 --- 

VoIP Call Disconnected VoIP VoIP Information 623 --- 

H.323/RAS Admission Reject VoIP VoIP Debug 624 --- 

H.323/RAS Admission Confirm VoIP VoIP Debug 625 --- 

H.323/RAS Admission Request VoIP VoIP Debug 626 --- 

H.323/RAS Bandwidth Reject VoIP VoIP Debug 627 --- 

H.323/RAS Disengage Confirm VoIP VoIP Debug 628 --- 

H.323/RAS Gatekeeper Reject VoIP VoIP Debug 629 --- 

SNMP 

Trap 

Type 


39


SNMP 

Trap 


H.323/RAS Location Confirm VoIP VoIP Debug 630 --- 

H.323/RAS Location Reject VoIP VoIP Debug 631 --- 

H.323/RAS Registration Reject VoIP VoIP Debug 632 --- 

H.323/H.225 Setup VoIP VoIP Debug 633 --- 

H.323/H.225 Connect VoIP VoIP Debug 634 --- 

H.323/H.245 Address VoIP VoIP Debug 635 --- 

H.323/H.245 End Session VoIP VoIP Debug 636 --- 

VoIP %s Endpoint added VoIP VoIP Debug 637 --- 

VoIP %s Endpoint removed VoIP VoIP Debug 638 --- 

VoIP %s Endpoint not added - configured VoIP VoIP Warning 639 --- 

'public' endpoint limit reached 

H.323/RAS Unknown Message Response VoIP VoIP Debug 640 --- 

H.323/RAS Disengage Reject VoIP VoIP Debug 641 --- 

H.323/RAS Unregistration Reject VoIP VoIP Debug 642 --- 

SIP Request VoIP VoIP Debug 643 --- 

SIP Response VoIP VoIP Debug 644 --- 

SIP Register expiration exceeds configured VoIP VoIP Warning 645 --- 

Signaling inactivity time out 

Packet dropped; connection limit for this Firewall Event System Error Alert 646 5238 

source IP address has been reached 

Packet dropped; connection limit for this Firewall Event System Error Alert 647 5239 

destination IP address has been reached 

Packet destination not in VPN Access list VPN IPsec Attack Error 648 572 

Application Filters Block Alert: %s Intrusion Detection Attack Alert 649 --- 

Application Filter Detection Alert: %s Intrusion Detection Attack Alert 650 --- 

IPComp connection interrupt IPComp Debug Debug 651 --- 

IPComp packet dropped IPComp TCP | UDP | ICMP Notice 652 --- 

IPComp packet dropped; waiting for pending IPComp Debug Debug 653 --- 

IPComp connection 

Maximum events per second threshold Firewall Logging System Error Critical 654 --- 

exceeded 

Maximum syslog data per second threshold Firewall Logging System Error Critical 655 --- 

exceeded 

SMTP POP-Before-SMTP authentication Firewall Logging System Error Warning 656 --- 

failed 

Syslog Server cannot be reached Network Maintenance Information 657 --- 

IKE Responder: Proposed IKE ID mismatch VPN IKE System Error Warning 658 --- 

IKE Responder: IP Address already exists in VPN Client System Error Error 659 --- 

the DHCP relay table. Client traffic not 

allowed. 

IKE Responder: %s policy does not allow VPN Client System Error Error 660 --- 

static IP for Virtual Adapter. 

Received notify: INVALID_PAYLOAD VPN IKE User Activity Error 661 --- 

Drop WLAN traffic from non-SonicPoint 

devices 

Intrusion Detection Attack Error 662 6434 




WPA MIC Failure Wireless 802.11b 

Management 

WPA Radius Server Timeout Wireless 802.11b 

Management 

Warning 663 --- 


SNMP 

Trap 

Type 

PPP Dial-Up: Dialing not allowed by PPP Dial Up --- Information 665 --- 

schedule. %s 

PPP Dial-Up: Connection disconnected as PPP Dial Up --- Information 666 --- 

scheduled. 

SonicPoint Status SonicPoint SonicPoint Information 667 --- 

HA Peer Firewall Rebooted High Availability Maintenance Information 668 --- 

Error Rebooting HA Peer Firewall High Availability System Error Error 669 663 

License of HA pair doesn't match: %s High Availability System Error Error 670 664 

Primary received reboot signal from Backup High Availability System Error Error 671 665 

Backup received reboot signal from Primary High Availability System Error Error 672 666 

Synchronizing preferences to HA Peer High Availability Maintenance Information 673 --- 

Firewall 

Success to reach Interface %s probe High Availability System Error Information 674 --- 

Failure to reach Interface %s probe High Availability System Error Error 675 6234 

IGMP V2 client joined multicast Group : %s Multicast --- Information 676 --- 

IGMP V3 client joined multicast Group : %s Multicast --- Information 677 --- 

IGMP V3 Membership report received from Multicast --- Debug 678 --- 

interface %s 

IGMP V2 Membership report received from Multicast --- Debug 679 --- 

interface %s 

Router IGMP General query received on Multicast --- Debug 680 --- 

interface %s 

Router IGMP Membership query received Multicast --- Debug 681 --- 

on interface %s 

IGMP Leave group message Received on Multicast --- Information 682 --- 

interface %s 

IGMP packet dropped, wrong checksum Multicast --- Notice 683 --- 

received on interface %s 

Multicast packet dropped, wrong MAC Multicast --- Alert 684 --- 

address received on interface : %s 

Multicast packet dropped, Invalid src IP Multicast --- Alert 685 --- 

received on interface : %s 

IGMP packet dropped, decoding error Multicast --- Notice 686 --- 

IGMP Packet Not handled. Packet type : %s Multicast --- Notice 687 --- 

IGMP V3 packet dropped, unsupported Multicast --- Notice 688 --- 

Record type : %s 

IGMP V3 reord type : %s not Handled Multicast --- Debug 689 --- 

Multicast UDP packet dropped, no state Multicast --- Notice 690 --- 

entry 

Multicast TCP packet dropped Multicast --- Notice 691 --- 


41



SNMP 

Trap 

Type 

IGMP state table entry time out,deleting Multicast --- Debug 692 --- 

interface : %s for multicast address : %s 

IGMP state table entry time out,deleting VPN Multicast --- Debug 693 --- 

SPI :%s for Multicast address : %s 

Multicast UDP packet dropped, RTP stateful Multicast --- Warning 694 --- 

failed 

Multicast UDP packet dropped, RTCP Multicast --- Warning 695 --- 

stateful failed 

Multicast application %s not supported Multicast --- Information 696 --- 

Adding to multicast policyList , interface : %s Multicast --- Debug 697 --- 

Deleting from Multicast policy list, interface : Multicast --- Debug 698 --- 

%s 

Adding to Multicast policyList , VPN SPI : %s Multicast --- Debug 699 --- 

Deleting from Multicast policy list, VPN SPI : Multicast --- Debug 700 --- 

%s 

IGMP querier Router detected on interface Multicast --- Debug 701 --- 

%s 

IGMP querier Router detected on VPN Multicast --- Debug 702 --- 

tunnel , SPI %S 

Exceeded Max multicast address limit Multicast --- Warning 703 --- 

Invalid Product Code Upgrade request Firewall Event --- Error 704 --- 

received: %s 

Overriding Product Code Upgrade to: %s Firewall Event --- Error 705 --- 

Network Monitor: Host %s is offline Network Monitor --- Alert 706 14005 

Network Monitor: Host %s is online Network Monitor --- Alert 707 14006 

TCP packet received with invalid SEQ Network Debug Debug 708 --- 

number; TCP packet dropped 

TCP packet received with invalid ACK Network Debug Debug 709 --- 

number; TCP packet dropped 

TCP stateful inspection: Invalid flag; TCP Network Debug Information 710 --- 


TCP stateful inspection: Bad header; TCP Network Debug Debug 711 --- 


TCP connection reject received; TCP Network Debug Debug 712 --- 

connection dropped 

TCP connection abort received; TCP Network Debug Debug 713 --- 


EIGRP packet dropped Network Access Debug Notice 714 --- 

ARP request packet sent Network --- Information 715 --- 

ARP response packet received Network --- Information 716 --- 

ARP request packet received Network --- Information 717 --- 

ARP response packet sent Network --- Information 718 --- 

VPN policy count received exceeds the limit; VPN System Error Error 719 --- 

%s 

Sending LCP Echo Request PPPoE Maintenance Information 720 --- 



SNMP 

Trap 


Received LCP Echo Request PPPoE Maintenance Information 721 --- 

Sending LCP Echo Reply PPPoE Maintenance Information 722 --- 

Received LCP Echo Reply PPPoE Maintenance Information 723 --- 

Guest Services drop traffic to deny network Network Access --- Information 724 --- 

Guest Services pass traffic to access allow Network Access --- Information 725 --- 

network 

WLAN max concurrent users reached Network Access --- Information 726 --- 

already 

SonicPoint Provision SonicPoint SonicPoint Information 727 --- 

WLAN disabled by schedule 


Access 

WLAN enabled by schedule 


Access 

Virtual Access Point is enabled SonicPoint 802.11b 


Management 

Virtual Access Point is disabled SonicPoint 802.11b 


Management 

Packet dropped by WLAN SSL-VPN Wireless TCP | UDP | ICMP Warning 732 --- 

enforcement check 

SSL-VPN enforcement Wireless Maintenance Information 733 --- 

Source IP address connection status: %s Firewall Event --- Information 734 --- 

Destination IP address connection status: Firewall Event --- Information 735 --- 

%s 

SMTP authentication problem:%s Firewall Logging System Error Warning 737 --- 

PPPoE Client: Previous session was PPPoE Maintenance Information 738 --- 

connected for %s 

Packet dropped. No firewall rule associated VPN System Error Alert 739 --- 

with VPN policy. 

NetBIOS settings were not upgraded. Use Firewall Event Maintenance Information 740 --- 

Network>IP Helper to configure NetBIOS 

support 

LAN Subnet configurations were not Firewall Event Maintenance Information 741 --- 

upgraded. 

Time of day settings for firewall policies were Firewall Event Maintenance Information 742 --- 

not upgraded. 

Hardware Failover settings were not Firewall Event Maintenance Information 743 --- 

upgraded. 

User login denied - RADIUS communication RADIUS User Activity Warning 744 --- 

problem 

User login denied - LDAP authentication RADIUS User Activity Information 745 --- 

failure 

User login denied - LDAP server timeout RADIUS User Activity Warning 746 --- 

User login denied - LDAP server down or RADIUS User Activity Warning 747 --- 

misconfigured 

User login denied - LDAP communication 

problem 

RADIUS User Activity Warning 748 --- 


43



SNMP 

Trap 

Type 

User login denied - invalid credentials on RADIUS User Activity Warning 749 --- 

LDAP server 

User login denied - insufficient access on RADIUS User Activity Warning 750 --- 

LDAP server 

User login denied - LDAP schema mismatch RADIUS User Activity Warning 751 --- 

Allowed LDAP server certificate with wrong RADIUS User Activity Warning 752 --- 

host name 

User login denied - LDAP server name RADIUS User Activity Warning 753 --- 

resolution failed 

User login denied - RADIUS server name RADIUS User Activity Warning 754 --- 


User login denied - LDAP server certificate RADIUS User Activity Warning 755 --- 

not valid 

User login denied - TLS or local certificate RADIUS User Activity Warning 756 --- 

problem 

User login denied - LDAP directory mismatch RADIUS User Activity Warning 757 --- 

LDAP server does not allow CHAP RADIUS User Activity Warning 758 --- 

User login denied - user already logged in Authenticate User Activity Information 759 --- 

Access 

TCP handshake violation detected; TCP Network Access --- Notice 760 --- 


Access attempt from host out of compliance Security Services Maintenance Information 761 --- 

with GSC policy 

GSC policy out-of-date on host Security Services Maintenance Information 762 --- 

Access attempt from host without GSC Security Services Maintenance Information 763 8627 

installed 

Failed to synchronize license information Security Services Maintenance Warning 766 8628 

with Licensing Server. Please see http:// 

help.mysonicwall.com/licsyncfail.html (code: 

%s) 

ADConnector %s response timed-out; Microsoft AD --- Error 769 --- 

applying caching policy 

DDNS Failure: Provider %s DDNS System Error Error 773 --- 



DDNS Update success for domain %s DDNS Maintenance Information 776 --- 

DDNS Warning: Provider %s DDNS System Error Warning 777 --- 

DDNS association %s taken Offline locally DDNS Maintenance Information 778 --- 

DDNS association %s added DDNS Maintenance Information 779 --- 

DDNS association %s enabled DDNS Maintenance Information 780 --- 

DDNS association %s disabled DDNS Maintenance Information 781 --- 

DDNS Association %s put on line DDNS Maintenance Information 782 --- 

All DDNS associations have been deleted DDNS Maintenance Information 783 --- 

DDNS association %s deactivated DDNS Maintenance Information 784 --- 

DDNS association %s deleted DDNS Maintenance Information 785 --- 



SNMP 

Trap 


DDNS association %s updated DDNS --- Information 786 --- 

IPS Detection Alert: %s Intrusion Detection Attack Alert 789 6435 

IPS Prevention Alert: %s Intrusion Detection Attack Alert 790 6436 

DPI-SSL: %s DPI SSL Network Access Information 791 --- 

Application Firewall Alert: %s Application Firewall User Activity Alert 793 13201 

Anti-Spyware Prevention Alert: %s Intrusion Detection Attack Alert 794 6437 

Anti-Spyware Detection Alert: %s Intrusion Detection Attack Alert 795 6438 

Anti-Spyware Service Expired Security Services Maintenance Warning 796 8631 

Outbound connection to RBL-listed SMTP RBL --- Notice 797 --- 

server dropped 

Inbound connection from RBL-listed SMTP RBL --- Notice 798 --- 


SMTP server found on RBL blacklist RBL --- Notice 799 --- 

No valid DNS server specified for RBL RBL --- Error 800 --- 

lookups 

Interface statistics report GMS --- Information 805 --- 

SonicPoint statistics report GMS --- Information 806 --- 

Gateway Anti-Virus Alert: %s Security Services Attack Alert 809 8632 

Gateway Anti-Virus Service expired Security Services Maintenance Warning 810 8633 

PPP Dial-Up: Invalid DNS IP address PPP Dial Up Maintenance Information 811 --- 

returned from Dial-Up ISP; overriding using 

dial-up profile settings 

WAN node exceeded: Connection dropped Firewall Event System Error Error 812 --- 

because too many IP addresses are in use 

on your LAN 

Adding Dynamic Entry for Bound MAC Network --- Information 813 --- 

Address 

MAC address collides with Static ARP Entry Network --- Notice 814 --- 

with Bound MAC address; packet dropped 

Too many gratuitous ARPs detected Network --- Warning 815 --- 

ARP unused/spare Network --- Debug 816 --- 

Incoming call received for Remotely 

Triggered Dial-out session 


Access 


Remotely Triggered Dial-out session started. 

Requesting authentication 

Incorrect authentication received for 

Remotely Triggered Dial-out 

Successful authentication received for 

Remotely Triggered Dial-out 

Authentication timeout during Remotely 

Triggered Dial-out session 

Remotely Triggered Dial-out session ended. 

Valid WAN bound data found. Normal dialup 

sequence will commence 


Access 


Access 


Access 


Access 


Access 






Backup will be shut down in %s minutes High Availability System Error Error 823 --- 


45



Backup shut down because license is High Availability System Error Error 824 --- 

expired 

Backup active High Availability System Error Information 825 --- 

DHCP Scopes altered automatically due to Firewall Event --- Information 832 --- 

change in network settings for interface %s 

DHCP lease file in the flash is corrupted; Firewall Event System Error Warning 833 --- 

read failed 

Failed to write DHCP leases to flash Firewall Event System Error Warning 834 --- 

DHCP leases written to flash Firewall Event Maintenance Information 835 --- 

Invalid VLAN packet dropped Network --- Alert 836 --- 

IP address conflict detected from ethernet Network Maintenance Warning 847 --- 

address %s 

OCSP sending request. VPN PKI User Activity Information 848 --- 

OCSP send request message failed. VPN PKI User Activity Error 849 --- 

OCSP received response. VPN PKI User Activity Information 850 --- 

OCSP received response error. VPN PKI User Activity Error 851 --- 

OCSP Resolved Domain Name. VPN PKI User Activity Information 852 --- 

OCSP Failed to Resolve Domain Name. VPN PKI User Activity Error 853 --- 

OCSP Internal error handling received VPN PKI User Activity Error 854 --- 

response. 

SYN Flood Mode changed by user to: Watch Intrusion Detection Debug Warning 856 --- 

and report possible SYN floods 

SYN Flood Mode changed by user to: Watch Intrusion Detection Debug Warning 857 --- 

and proxy WAN connections when under 

attack 

SYN Flood Mode changed by user to: Intrusion Detection Debug Warning 858 --- 

Always proxy WAN connections 

Possible SYN flood detected on WAN IF %s Intrusion Detection Debug Alert 859 --- 

- switching to connection-proxy mode 

Possible SYN Flood on IF %s Intrusion Detection Debug Alert 860 --- 

SYN flood ceased or flooding machines Intrusion Detection Debug Alert 861 --- 

blacklisted - connection proxy disabled 

SYN Flood blacklisting enabled by user Intrusion Detection Debug Warning 862 --- 

SYN Flood blacklisting disabled by user Intrusion Detection Debug Warning 863 --- 

SYN-Flooding machine %s blacklisted Intrusion Detection Debug Alert 864 --- 

Machine %s removed from SYN flood Intrusion Detection Debug Alert 865 --- 

blacklist 

Possible SYN Flood on IF %s continues Intrusion Detection Debug Warning 866 --- 

Possible SYN Flood on IF %s has ceased Intrusion Detection Debug Alert 867 --- 

SYN Flood Blacklist on IF %s continues Intrusion Detection Debug Warning 868 --- 

TCP SYN received Intrusion Detection Debug Debug 869 --- 

CRL has expired VPN PKI User Activity Alert 874 --- 

Failed to find certificate VPN PKI User Activity Alert 875 --- 

CRL missing - Issuer requires CRL checking. VPN PKI User Activity Alert 876 --- 

CRL validation failure for Root Certificate VPN PKI User Activity Alert 877 --- 

SNMP 

Trap 

Type 



SNMP 

Trap 


Cannot Validate Issuer Path VPN PKI User Activity Alert 878 --- 

WLAN radio frequency threat detected RF Management --- Warning 879 --- 

Unable to resolve dynamic address object 

Dynamic Address 

Objects 


System clock manually updated Firewall Logging --- Notice 881 --- 

HTTP method detected; examining stream Network Access TCP Debug 882 --- 

for host header 

IP Header checksum error; packet dropped Network Access TCP|UDP Notice 883 --- 

TCP checksum error; packet dropped Network Access TCP Notice 884 --- 

UDP checksum error; packet dropped Network Access UDP Notice 885 --- 

ICMP checksum error; packet dropped Network Access UDP Notice 886 --- 

TCP packet received with invalid header Network Debug Debug 887 --- 

length; TCP packet dropped 

TCP packet received on non-existent/closed Network Debug Debug 888 --- 

connection; TCP packet dropped 

TCP packet received without mandatory Network Debug Debug 889 --- 

SYN flag; TCP packet dropped 

TCP packet received without mandatory Network Debug Debug 890 --- 

ACK flag; TCP packet dropped 

TCP packet received on a closing 

Network Debug Debug 891 --- 

connection; TCP packet dropped 

TCP packet received with SYN flag on an Network Debug Information 892 --- 

existing connection; TCP packet dropped 

TCP packet received with invalid SACK Network Debug Debug 893 --- 

option length; TCP packet dropped 

TCP packet received with invalid MSS option Network Debug Debug 894 --- 


TCP packet received with invalid option Network Debug Debug 895 --- 


TCP packet received with invalid source Network Debug Debug 896 --- 

port; TCP packet dropped 

TCP packet received with invalid SYN Flood Network Debug Information 897 --- 

cookie; TCP packet dropped 

RST-Flooding machine %s blacklisted Intrusion Detection Debug Alert 898 --- 

RST Flood Blacklist on IF %s continues Intrusion Detection Debug Warning 899 --- 

Machine %s removed from RST flood Intrusion Detection Debug Alert 900 --- 

blacklist 

FIN-Flooding machine %s blacklisted Intrusion Detection Debug Alert 901 --- 

FIN Flood Blacklist on IF %s continues Intrusion Detection Debug Warning 902 --- 

Machine %s removed from FIN flood Intrusion Detection Debug Alert 903 --- 

blacklist 

Possible RST Flood on IF %s Intrusion Detection Debug Alert 904 --- 

Possible FIN Flood on IF %s Intrusion Detection Debug Alert 905 --- 

Possible RST Flood on IF %s has ceased Intrusion Detection Debug Alert 906 --- 

Possible FIN Flood on IF %s has ceased Intrusion Detection Debug Alert 907 --- 


47


SNMP 

Trap 


Possible RST Flood on IF %s continues Intrusion Detection Debug Warning 908 --- 

Possible FIN Flood on IF %s continues Intrusion Detection Debug Warning 909 --- 

Packet Dropped - IP TTL expired Network Debug Warning 910 --- 

Added host entry to dynamic address object 

Removed host entry from dynamic address 

object 

IKE Responder: Phase 1 Authentication 

Method does not match 

IKE Responder: Phase 1 encryption 

algorithm does not match 

IKE Responder: Phase 1 encryption 

algorithm keylength does not match 

IKE Responder: Phase 1 hash algorithm 

does not match 

IKE Responder: Phase 1 XAUTH required 

but policy has no user name 

IKE Responder: Phase 1 XAUTH required 

but policy has no user password 

IKE Responder: Phase 1 DH Group does not 

match 

IKE Responder: AH authentication algorithm 


IKE Responder: ESP encryption algorithm 


IKE Responder: ESP authentication 

algorithm does not match 

IKE Responder: AH authentication key 

length does not match 

IKE Responder: ESP encryption key length 


IKE Responder: ESP authentication key 

length does not match 

IKE Responder: AH authentication key 

rounds does not match 

IKE Responder: ESP encryption key rounds 


IKE Responder: ESP authentication key 

rounds does not match 

IKE Responder: IP Compression algorithm 


IKE Initiator: Remote party timeout - 

Retransmitting IKE request. 

IKE Responder: Remote party timeout - 

Retransmitting IKE request. 

Dynamic Address 

Objects 


Dynamic Address Maintenance Information 912 --- 

Objects 

VPN IKE User Activity Warning 913 --- 



















IKE Responder: IPsec protocol mismatch VPN IKE User Activity Warning 932 --- 




IKE Initiator: Proposed IKE ID mismatch VPN IKE User Activity Warning 933 --- 

IKE Responder: Peer's local network does VPN IKE User Activity Warning 934 --- 

not match VPN policy's Destination 

Network 

IKE Responder: Peer's destination network VPN IKE User Activity Warning 935 --- 

does not match VPN policy's Local 

Network 

IKE Responder: Route table overrides VPN VPN IKE User Activity Warning 936 --- 

policy 

IKE Initiator: IKE proposal does not match VPN IKE User Activity Warning 937 --- 

(Phase 1) 

IKEv2 Initiator: Send IKE_SA_INIT request VPN IKE User Activity Information 938 --- 

IKEv2 Responder: Received IKE_SA_INIT VPN IKE User Activity Information 939 --- 

request 

IKEv2 Initiator: Send IKE_AUTH request VPN IKE User Activity Information 940 --- 

IKEv2 Responder: Received IKE_AUTH VPN IKE User Activity Information 941 --- 

request 

IKEv2 Authentication successful VPN IKE User Activity Information 942 --- 

IKEv2 Accept IKE SA Proposal VPN IKE User Activity Information 943 --- 

IKEv2 Accept IPsec SA Proposal VPN IKE User Activity Information 944 --- 

IKEv2 Initiator: Send CREATE_CHILD_SA VPN IKE User Activity Information 945 --- 

request 

IKEv2 Responder: Received 


CREATE_CHILD_SA request 

IKEv2 Send delete IKE SA request VPN IKE User Activity Information 947 --- 

IKEv2 Received delete IKE SA request VPN IKE User Activity Information 948 --- 

IKEv2 Send delete IPsec SA request VPN IKE User Activity Information 949 --- 

IKEv2 Received delete IPsec SA request VPN IKE User Activity Information 950 --- 

IKEv2 Responder: Peer's destination VPN IKE User Activity Information 951 --- 

network does not match VPN policy's 

Local Network 

IKEv2 Responder: Peer's local network does VPN IKE User Activity Information 952 --- 

not match VPN policy's Destination 

Network 

IKEv2 Payload processing error VPN IKE User Activity Warning 953 --- 

IKEv2 Initiator: Negotiations failed. Extra VPN IKE User Activity Warning 954 --- 

payloads present. 

IKEv2 Initiator: Negotiations failed. Missing VPN IKE User Activity Warning 955 --- 

required payloads. 

IKEv2 Initiator: Negotiations failed. Invalid VPN IKE User Activity Warning 956 --- 

input state. 

IKEv2 Initiator: Negotiations failed. Invalid VPN IKE User Activity Warning 957 --- 

output state. 

IKEv2 Payload validation failed. VPN IKE User Activity Warning 958 --- 

IKEv2 Unable to find IKE SA VPN IKE User Activity Warning 959 --- 

IKEv2 Decrypt packet failed VPN IKE User Activity Warning 960 --- 

SNMP 

Trap 

Type 


49


SNMP 

Trap 


IKEv2 Out of memory VPN IKE User Activity Warning 961 --- 

IKEv2 Responder: Policy for remote IKE ID VPN IKE User Activity Error 962 --- 

not found 

IKEv2 Process Message queue failed VPN IKE User Activity Warning 963 --- 

IKEv2 Invalid state VPN IKE User Activity Warning 964 --- 

IKE Responder: Client Policy has no VPN VPN IKE System Error Error 965 --- 

Access Networks assigned. Check 

Configuration. 

IKEv2 Invalid SPI size VPN IKE User Activity Warning 966 --- 

IKEv2 VPN Policy not found VPN IKE User Activity Warning 967 --- 

IKEv2 IPsec proposal does not match VPN IKE User Activity Warning 968 --- 

IKEv2 IPsec attribute not found VPN IKE User Activity Warning 969 --- 

IKEv2 IKE attribute not found VPN IKE User Activity Warning 970 --- 

IKEv2 Peer is not responding. Negotiation VPN IKE User Activity Warning 971 --- 

aborted. 

IKEv2 Initiator: Remote party timeout - VPN IKE User Activity Information 972 --- 

Retransmitting IKEv2 request. 

IKEv2 Initiator: Received IKE_SA_INT VPN IKE User Activity Information 973 --- 

response 

IKEv2 Initiator: Received IKE_AUTH VPN IKE User Activity Information 974 --- 

response 

IKEv2 Initiator: Received 


CREATE_CHILD_SA response 

IKEv2 Responder: Send IKE_SA_INIT VPN IKE User Activity Information 976 --- 

response 

IKEv2 Responder: Send IKE_AUTH VPN IKE User Activity Information 977 --- 

response 

IKEv2 negotiation complete VPN IKE User Activity Information 978 --- 

IKEv2 Function sendto() failed to transmit VPN IKE User Activity Error 979 --- 

packet. 

IKEv2 Initiator: Proposed IKE ID mismatch VPN IKE User Activity Warning 980 --- 

IKEv2 IKE proposal does not match VPN IKE User Activity Warning 981 --- 

IKEv2 Received notify status payload VPN IKE User Activity Information 982 --- 

IKEv2 Received notify error payload VPN IKE User Activity Warning 983 --- 

IKEv2 No NAT device detected between VPN IKE User Activity Information 984 --- 

negotiating peers 

IKEv2 NAT device detected between VPN IKE User Activity Information 985 --- 

negotiating peers 

User login denied - not allowed by policy rule Authenticate User Activity Information 986 --- 

Access 

User login denied - not found locally Authenticate User Activity Information 987 --- 

Access 

User login denied - SSO agent timeout Authenticate 

Access 

User Activity Warning 988 --- 





User login denied - SSO agent configuration 

error 

User login denied - SSO agent 

communication problem 

User login denied - SSO agent name 



Access 


Access 


Access 



SSO returned a user name that is too long SSO User Activity Warning 992 --- 

SSO returned a domain name that is too SSO User Activity Warning 993 --- 

long 

Configuration mode administration session 

started 


Access 


Configuration mode administration session 

ended 

Read-only mode GUI administration session 

started 

Non-config mode GUI administration session 

started 

GUI administration session ended 


Access 


Access 


Access 


Access 





SSL Control: Website found in blacklist Network Access Blocked Sites Information 999 --- 

SSL Control: Website found in whitelist Network Access Blocked Sites Information 1000 --- 

SSL Control: HTTPS via SSL2 Network Access Blocked Sites Information 1001 --- 

SSL Control: Certificate with invalid date Network Access Blocked Sites Information 1002 --- 

SSL Control: Self-signed certificate Network Access Blocked Sites Information 1003 --- 

SSL Control: Weak cipher being used Network Access Blocked Sites Information 1004 --- 

SSL Control: Untrusted CA Network Access Blocked Sites Information 1005 --- 

SSL Control: Certificate chain not complete Network Access Blocked Sites Information 1006 --- 

SSL Control: Failed to decode Server Hello Network Access Blocked Sites Information 1007 --- 

User logged out - logout detected by SSO Authenticate User Activity Information 1008 --- 

Access 

Bind to LDAP server failed RADIUS System Error Error 1009 --- 

Using LDAP without TLS - highly insecure RADIUS System Error Alert 1010 --- 

LDAP using non-administrative account - RADIUS System Error Warning 1011 --- 

VPN client user will not be able to change 

passwords 

IKEv2 Responder: Send 


CREATE_CHILD_SA response 

IKEv2 Send delete IKE SA response VPN IKE User Activity Information 1013 --- 

IKEv2 Send delete IPsec SA response VPN IKE User Activity Information 1014 --- 

IKEv2 Received delete IKE SA response VPN IKE User Activity Information 1015 --- 

IKEv2 Received delete IPsec SA response VPN IKE User Activity Information 1016 --- 

3G %s device detected Firewall Hardware System 


Environment 

PPP message: %s PPP --- Information 1018 --- 

Chat started PPP Dial Up User Activity Information 1019 --- 

SNMP 

Trap 

Type 


51


SNMP 

Trap 


Chat completed PPP Dial Up User Activity Information 1020 --- 

Chat wrote '%s' PPP Dial Up User Activity Information 1021 --- 

Chat %s PPP Dial Up User Activity Information 1022 --- 

Chat failed: %s PPP Dial Up User Activity Information 1023 --- 

Unable to send message to dial-up task PPP Dial Up System Error Error 1024 --- 

Diagnostic Code J Firewall Hardware System Error Error 1025 5423 

3G Dial-up: %s. PPP Dial Up User Activity Alert 1026 --- 

3G Dial-up: data usage limit reached for the PPP Dial Up User Activity Alert 1027 7643 

'%s' billing cycle. Disconnecting the 3G 

session. 

%s auto-dial failed: Current Connection PPP Dial Up System Error Alert 1028 --- 

Model is configured as Ethernet Only 

TCP packet received with non-permitted Network Debug Debug 1029 --- 

option; TCP packet dropped 

TCP packet received with invalid Window Network Debug Debug 1030 --- 

Scale option length; TCP packet dropped 

TCP packet received with invalid Window Network Debug Debug 1031 --- 

Scale option value; TCP packet dropped 

Chat started by '%s' PPP Dial Up User Activity Information 1032 --- 

Problem occurred during user group Authenticate User Activity Warning 1033 --- 

membership retrieval 

Access 

Received AF Alert: Your Application Firewall Security Services Maintenance Warning 1034 8635 

(AF) subscription has expired. 

User login denied - password expired Authenticate User Activity Information 1035 --- 

Access 

IKE Responder: IKE Phase 1 exchange does VPN IKE User Activity Error 1036 --- 

not match 

PPP Dial-Up: Starting PPP PPP Dial Up --- Information 1037 --- 

Dial-up: Traffic generated by '%s' PPP Dial Up --- Information 1038 --- 

Dial-up: Session initiated by data packet PPP Dial Up --- Information 1039 --- 

DHCP Server: IP conflict detected Firewall Event --- Alert 1040 --- 

DHCP Server: Received DHCP decline from Firewall Event --- Alert 1041 --- 

client 

Physical environment normal Firewall Hardware --- Information 1042 5424 

Power supply without redundancy Firewall Hardware --- Error 1043 5425 

Discovered HA %s Firewall High Availability --- Information 1044 --- 

Diagnostic Auto-restart scheduled for %s Firewall Event --- Information 1045 --- 

minutes from now 

Diagnostic Auto-restart canceled Firewall Event --- Information 1046 --- 

"As per Diagnostic Auto-restart configuration 

request, restarting system" 

Firewall Event --- Information 1047 --- 

User login denied - password doesn't meet 

constraints 


Access 

--- Information 1048 --- 

Settings Import: %s Firewall Event --- Information 1049 --- 

VPN Policy Added VPN --- Information 1050 --- 



SNMP 

Trap 


VPN Policy Deleted VPN --- Information 1051 --- 

VPN Policy Modified VPN --- Information 1052 --- 

PC Card removed. Firewall Hardware --- Alert 1053 5418 

PC Card inserted. Firewall Hardware --- Alert 1054 5419 

3G: No SIM detected Firewall Hardware --- Alert 1055 --- 

PC Card: No device detected Firewall Hardware --- Alert 1056 --- 

Peer firewall rebooting (%s) High Availability --- Information 1057 --- 

Primary firewall rebooting itself as it High Availability --- Information 1058 --- 

transitioned from Active to Idle while 

Preempt 

Backup firewall rebooting itself as it High Availability --- Information 1059 --- 

transitioned from Active to Idle while 

Preempt 

Crypto SHA1 based DRNG KAT test failed Crypto Test --- Error 1060 --- 

Successfully sent Preference file to remote Firewall Event Maintenance Information 1061 --- 

backup server 

Failed to send Preference file to remote Firewall Event Maintenance Information 1062 --- 

backup server, Error: %s 

Successfully sent TSR file to remote backup Firewall Event Maintenance Information 1063 --- 

server 

Failed to send TSR file to remote backup Firewall Event Maintenance Information 1064 --- 

server, Error: %s 

Successfully sent %s file to remote backup Firewall Event Maintenance Information 1065 --- 

server 

Failed to send file to remote backup server, Firewall Event Maintenance Information 1066 --- 

Error: %s 

System shutdown by administrator. Power Firewall Event --- Alert 1067 5242 

cycle required. 

Multiple DHCP Servers are detected on Firewall Event --- Warning 1068 --- 

network 

External Web Server Host Resolution Failed Authenticate --- Error 1069 --- 

%s 

Access 

Invalid DNS Server will not be accepted by Firewall Event --- Information 1070 --- 

the dynamic client 

DHCP Server sanity check passed %s Firewall Event --- Critical 1071 --- 

DHCP Server sanity check failed %s Firewall Event --- Critical 1072 --- 

SSO agent returned error SSO User Activity Warning 1073 --- 

L2TP Tunnel Negotiation %s L2TP Client --- Information 1074 --- 

SSO agent is down SSO User Activity Alert 1075 --- 

SSO agent is up SSO User Activity Alert 1076 --- 

SonicPointN Status SonicPoint-N --- Information 1077 --- 

SonicPointN Provision SonicPoint-N --- Information 1078 --- 

SSLVPN zone remote user login allowed Authenticate 

Access 



53


SNMP 

Trap 


SSL Control: Certificate with MD5 Digest 

Signature Algorithm 

Network Access Blocked Sites Information 1081 --- 

%s is operational. Anti-Spam --- Warning 1082 13801 

%s is unavailable. Anti-Spam --- Warning 1083 13802 

Anti-Spam service is enabled by 

Anti-Spam --- Information 1084 13803 

administrator. 

Anti-Spam service is disabled by 

Anti-Spam --- Information 1085 13804 

administrator. 

Your Anti-Spam Service subscription has Anti-Spam --- Warning 1086 13805 

expired. 

SMTP connection limit is reached. 

Anti-Spam --- Warning 1087 13806 

Connection is dropped. 

Anti-Spam Startup Failure - %s Anti-Spam --- Warning 1088 13807 

Anti-Spam Teardown Failure - %s Anti-Spam --- Warning 1089 13808 

DHCP Server: Received DHCP message Firewall Event --- Notice 1090 --- 

from untrusted relay agent 

Outbound connection to GRID-listed SMTP Anti-Spam --- Notice 1091 13809 


Inbound connection from GRID-listed SMTP Anti-Spam --- Notice 1092 13810 


SMTP server found on Reject List Anti-Spam --- Notice 1093 13811 

No valid DNS server specified for GRID Anti-Spam --- Error 1094 13812 

lookups 

Unprocessed email received from MTA on Anti-Spam --- Information 1095 13813 

Inbound SMTP port 

Processed Email received from Email Anti-Spam --- Information 1096 13814 

Security Service 

SCEP Client: %s VPN PKI --- Notice 1097 --- 

Possible DNS rebind attack detected Intrusion Detection --- Alert 1098 6465 

DNS rebind attack blocked Intrusion Detection --- Alert 1099 6466 

Network Monitor: Policy %s status is UP Network Monitor --- Alert 1100 14001 

Network Monitor: Policy %s status is DOWN Network Monitor --- Alert 1101 14002 

Network Monitor: Policy %s status is Network Monitor --- Alert 1102 14003 

UNKNOWN 

Network Monitor: Host %s status is 

Network Monitor --- Alert 1103 14004 

UNKNOWN 

Network Monitor Policy %s Added Network Monitor --- Information 1104 --- 

Network Monitor Policy %s Deleted Network Monitor --- Information 1105 --- 

Network Monitor Policy %s Modified Network Monitor --- Information 1106 --- 

Message blocked by Real-Time Email Anti-Spam --- Information 1108 --- 

Scanner 

CSR Generation: %s VPN PKI --- Information 1109 --- 

Assigned IP address %s DHCP Server --- Information 1110 --- 

Released IP address %s DHCP Server --- Information 1111 --- 

Ftp server accepted the connection FTP --- Debug 1112 --- 




Ftp client user name was sent FTP --- Debug 1113 --- 

Ftp client user logged in successfully FTP --- Debug 1114 --- 

Ftp client user logged in failed FTP --- Debug 1115 --- 

Ftp client user logged out FTP --- Debug 1116 --- 

User login denied - SSO probe failed 

User login denied - Mail Address(From/to) or 

SMTP Server is not configured 

RADIUS user cannot use One Time 

Password - no mail address set for 

equivalent local user 

User login denied - Terminal Services agent 

timeout 


name resolution failed 

User login denied - No name received from 

Terminal Services agent 


communication problem 

User logged out - logout reported by 

Terminal Services agent 

High Availability has been enabled and Dial- 

Up device(s) are not supported in High 

Availability processing. 

The High Availability monitoring IP 

configuration of Interface %s is incorrect. 

IKE Responder: ESP mode mismatch Local 

- Tunnel Remote - Transport 

IKE Responder: ESP mode mismatch Local 

- Transport Remote - Tunnel 


Access 


Access 


Access 





Access 


Authenticate User Activity Warning 1121 --- 

Access 


Access 


Access 


Access 

High Availability --- Information 1125 --- 

High Availability --- Error 1126 --- 



WAN DHCPC IP Changed Firewall Event System Error Warning 1129 --- 

WLAN DHCPC IP Changed Firewall Event System Error Warning 1130 --- 

Probe Response Success - %s Anti-Spam --- Debug 1131 --- 

Probe Response Failure - %s Anti-Spam --- Debug 1132 --- 

Peer HA firewall has stateful license but this High Availability System Error Alert 1136 --- 

firewall is not yet registered 

The stateful license of HA peer firewall is not High Availability System Error Alert 1137 --- 

activated 

Received unauthenticathed GRID response Anti-Spam --- Debug 1138 --- 

Invalid key or serial number used for GRID Anti-Spam --- Debug 1139 --- 

response 

Invalid key version used for GRID response Anti-Spam --- Debug 1140 --- 

Host IP address not in GRID List Anti-Spam --- Debug 1141 --- 

No response received from DNS server Anti-Spam --- Debug 1142 --- 

Not blacklisted as per configuration Anti-Spam --- Debug 1143 --- 

SNMP 

Trap 

Type 


55


SNMP 

Trap 


Default to not blacklisted Anti-Spam --- Debug 1144 --- 

Failed to insert entry into GRID result IP 

cached table 

Anti-Spam --- Debug 1145 --- 

Resolved ES Cloud - %s Anti-Spam --- Debug 1146 --- 

Updated ES Cloud Address - %s Anti-Spam --- Debug 1147 --- 

Your Active/Active Clustering subscription High Availability --- Warning 1149 --- 

has expired. 

Terminal Services agent is down SSO User Activity Alert 1150 --- 

Terminal Services agent is up SSO User Activity Alert 1151 --- 

Active/Active Clustering license is not High Availability --- Error 1152 --- 

activated on the following cluster units: %s 

SSLVPN Traffic SSL VPN Connection Traffic Information 1153 --- 

Application Control Detection Alert: %s App-Control --- Alert 1154 15001 

Detection 

Application Control Prevention Alert: %s App-Control --- Alert 1155 15002 

Detection 

GMS or syslog server name lookup failed - Firewall Event --- Error 1156 --- 

try again in 60 secs. 

User account '%s' expired and disabled Authenticate User Activity Information 1157 --- 

Access 

User account '%s' expired and pruned Authenticate User Activity Information 1158 --- 

Access 

Received Alert: Your Firewall Visualization Security Services --- Warning 1159 --- 

Control subscription has expired. 

Attempt to contact Remote backup server for Firewall Event Maintenance Debug 1160 --- 

upload approval failed 

Backup remote server did not approve Firewall Event Maintenance Debug 1161 --- 

upload request 

Modules attached to HA units do not match: High Availability System Error Alert 1162 664 

%s 

Malformed DNS packet detected Network Access Debug Alert 1177 --- 

A high percentage of the system packet SSO User Activity Alert 1178 --- 

buffers are held waiting for SSO 

A user has a very high number of 

SSO User Activity Alert 1179 --- 

connections waiting for SSO 

DOS protection on WAN begins %s Intrusion Detection Debug Alert 1180 --- 

DOS protection on WAN %s Intrusion Detection Debug Warning 1181 --- 

DOS protection on WAN %s Intrusion Detection Debug Alert 1182 --- 

Deleting IPsec SA (Phase 2) VPN IKE User Activity Debug 1183 --- 

Delete invalid scope because port ip in the DHCP Server --- Warning 1184 --- 

range of this DHCP scope. 

IKE Responder: Peer's network does not VPN IKE User Activity Warning 1189 --- 

match VPN policy's Network 

Added new LDAP mirror user group: %s RADIUS User Activity Information 1190 --- 

Deleted LDAP mirror user group: %s RADIUS User Activity Information 1191 --- 


Index of Syslog Tag Field Description 


Added a new member to an LDAP mirror RADIUS User Activity Information 1192 --- 

user group 

Removed a member from an LDAP mirror RADIUS User Activity Information 1193 --- 

user group 

Monitoring probe out interface mismatch %s High Availability --- Error 1194 --- 

SNMP 

Trap 

Type 


This section provides an alphabetical listing of Syslog tags and the associated field description. 

Tag Field Description 

Syslog message prefix The beginning of each syslog message has a 

string of the form where ddd is a decimal 

number indicating facility and priority of the message. 

(See [1] Section 4.1.1) 

arg URL Used to render a URL: arg represents the URL 

path name part. 

bcastRx Interface statistics report Displays the broadcast packets received 

bcastTx Interface statistics report Displays the broadcast packets transmitted 

bytesRx Interface statistics report Displays the bytes received 

bytesTx Interface statistics report Displays the bytes transmitted 

c Message category (legacy only) Indicates the legacy category number (Note: We 

are not currently sending new category information.) 

change Configuration change webpage Displays the basename of the firewall web page 

that performed the last configuration change 

code Blocking code Indicates the CFS block code category 

code ICMP type and code Indicates the ICMP code 

conns Firewall status report Indicates the number of connections in use 

cpuUtil Firewall status report Displays the CPU utilization (not in use) 

dst Destination Destination IP address, and optionally, port, network 

interface, and resolved name. 

dstname Destination URL Displays the URL of web site hit and other legacy 

destination strings 

dstname URL Used to render a URL: dstname represents the 

URL host part 


57


dyn Firewall status report Displays the HA and dialup connection state (rendered 

as “h.d” where “h” is “n” (not enabled), “b” 

(backup), or “p” (primary) and “d” is “1” (enabled) 

or “0” (disabled)) 

fw Firewall WAN IP Indicates the WAN IP Address 

fwlan Firewall status report Indicates the LAN zone IP address 

goodRxBytes SonicPoint statistics report Indicates the well formed bytes recevied 

goodTxBytes SonicPoint statistics report Indicates the well formed bytes transmitted 

i Firewall status report Displays the GMS message interval in seconds 

id=firewall Webtrends prefix Syntactic sugar for WebTrends (and GMS by 

habit) 

if Interface statistics report Displays the interface on which statistics are 

reported 

ipscat IPS message Displays the IPS category 

ipspri IPS message Displays the IPS priority 

lic Firewall status report Indicates the number of licenses for firewalls with 

limited modes 

m Message ID Provides the message ID number 

mac MAC address Provides the MAC address 

msg Static message Displays the event message (from spreadsheet) 

msg Dynamically-defined message Displays a dynamically defined message string 

msg Static message with dynamic string Displays a message using the predefined message 

string containing a “%s” and a dynamic 

string argument. 

msg 

Static message with dynamic number 

Displays a message using the predefined string 

string containing a “%s” and a dynamic numeric 

argument. 

msg IPS message Displays a message using the predefined message 

string containing a “%s” and a dynamic 

string argument. 

msg Anti-Spyware message Displays the event message (from spreadsheet) 

n Message count Indicates the number of times event occurs 

op HTTP OP code Displays the HTTP operation (GET, POST, etc.) 

of web site hit 

pri Message priority Displays the event priority level (0=emergency..7=debug) 



proto IP protocol Indicates the IP protocol and detail information 

proto Protocol and service Displays the protocol information (rendered as 

“proto/service”) 

proto Protocol and service Displays the protocol information (rendered as 

“proto/service”) 

pt Firewall status report Displays the HTTP/HTTPS management port 

(rendered as “hhh.sss”) 

radio SonicPoint statistics report Displays the SonicPoint radio on which event 

occurred 

ramUtil Firewall status report Displays the RAM utilization (not in use) 

rcvd Bytes received Indicates the number of bytes received within 

connection 

result HTTP Result code Displays the HTTP result code (200, 403, etc.) of 

web site hit 

rule Rule ID Displays the Access Rule number causing packet 

drop 

sent Bytes sent Displays the number of bytes sent within connection 

sid IPS message Provides the IPS signature ID 

sid Anti-Spyware message Provides the AntiSpyware signature ID 

sn Firewall serial number Indicates the device serial number 

spycat Anti-Spyware message Displays the antiSpyware category 

spypri Anti-Spyware message Displays the AntiSpyware priority 

src Source Indicates the source IP address, and optionally, 

port, network interface, and resolved name. 

station SonicPoint statistics report Displays the client (station) on which event 

occurred 

time Time Reports the time of event 

type ICMP type and code Indicates the ICMP type 

ucastRx Interface statistics report Displays the unicast packets received 

ucastTx Interface statistics report Displays the unicast packets transmitted 

unsynched Firewall status report Reports the time since last local change in seconds 

usesstandbysa Firewall status report Displays whether standby SA is in use (“1” or “0”) 

for GMS management 


59


usr (or user) User Displays the user name (“user” is the tag used by 

WebTrends) 

vpnpolicy VPN policy name Displays the VPN policy name of event 

60 SonicOS Log Event Reference Guide 232-001835-00_Rev_A

Using the SonicOS Log Event Reference Guide - SonicWALL

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?