sonicos log event reference guide-5.8
TRANSCRIPT
COMPREHENSIVE INTERNET SECURITY
SonicOS Log Event Reference Guide
SonicWALL Internet Security Appliances
Using the SonicOS Log Event Reference Guide
This reference guide lists and describes SonicOS log event messages. Reference a log event
message by using the alphabetical index of log event messages.
This document contains the following sections: • “Log > View” section on page 2
• “Log > Categories” section on page 5
• “Log > Syslog” section on page 9
• “Log > Automation” section on page 10
• “Log > Name Resolution” section on page 14
• “Log > Reports” section on page 16
• “Log > ViewPoint” section on page 17
• “Index of Log Event Messages” section on page 19
• “Index of Syslog Tag Field Description” section on page 57
1SonicOS Log Event Reference Guide
Log > View
Log > ViewThe SonicWALL security appliance maintains an Event log for tracking potential security threats. This log can be viewed in the Log > View page, or it can be automatically sent to an e-mail address for convenience and archiving. The log is displayed in a table and can be sorted by column.
The SonicWALL security appliance can alert you of important events, such as an attack to the SonicWALL security appliance. Alerts are immediately e-mailed, either to an e-mail address or to an e-mail pager. Each log entry contains the date and time of the event and a brief message describing the event.
Log View Table
The log is displayed in a table and is sortable by column. The log table columns include:
• Time - the date and time of the event.
• Priority - the level of priority associated with your log event. Syslog uses eight categories to characterize messages – in descending order of severity, the categories include:
– Emergency
– Alert
– Critical
– Error
– Warning
– Notice
– Informational
– Debug
Specify a priority level on a SonicWALL security appliance on the Log > Categories page to log messages for that priority level, plus all messages tagged with a higher severity. For example, select ‘error’ as the priority level to log all messages tagged as ‘error,’ as well as any messages tagged with ‘critical,’ ‘alert,’ and ‘emergency.’ Select ‘debug’ to log all messages.
Note Refer to Log Event Messages section for more information on your specific log event.
• Category - the type of traffic, such as Network Access or Authenticated Access.
• Message - provides description of the event.
• Source - displays source network and IP address.
• Destination - displays the destination network and IP address.
• Notes - provides additional information about the event.
• Rule - notes Network Access Rule affected by event.
2 SonicOS Log Event Reference Guide
Log > View
Navigating and Sorting Log View Table Entries
The Log View table provides easy pagination for viewing large numbers of log events. You can navigate these log events by using the navigation control bar located at the top right of the Log View table. Navigation control bar includes four buttons. The far left button displays the first page of the table. The far right button displays the last page. The inside left and right arrow buttons moved the previous or next page respectively.
You can sort the entries in the table by clicking on the column header. The entries are sorted by ascending or descending order. The arrow to the right of the column entry indicates the sorting status. A down arrow means ascending order. An up arrow indicates a descending order.
Refresh
To update log messages, clicking the Refresh button near the top right corner of the page.
Clear Log
To delete the contents of the log, click the Clear Log button near the top right corner of the page.
Export Log
To export the contents of the log to a defined destination, click the Export Log button below the filter table.You can export log content to two formats:
• Plain text format--Used in log and alert e-mail.
• Comma-separated value (CSV) format--Used for importing into Excel or other presentation development applications.
E-mail Log
If you have configured the SonicWALL security appliance to e-mail log files, clicking E-mail Log near the top right corner of the page sends the current log files to the e-mail address specified in the Log > Automation > E-mail section.
Note The SonicWALL security appliance can alert you of important events, such as an attack to the SonicWALL security appliance. Alerts are immediately sent via e-mail, either to an e-mail address or to an e-mail pager. For sending alerts, you must enter your e-mail address and server information in the Log > Automation page.
3SonicOS Log Event Reference Guide
Log > View
Filtering Log Records Viewed
You can filter the results to display only event logs matching certain criteria. You can filter by Priority, Category, Source (IP or Interface), and Destination (IP or Interface).
Step 1 Enter your filter criteria in the Log View Settings table.
Step 2 The fields you enter values into are combined into a search string with a logical AND. For example, if you select an interface for Source and for Destination, the search string will look for connections matching:
Source interface AND Destination interface
Step 3 Check the Group Filters box next to any two or more criteria to combine them with a logical OR.
For example, if you enter values for Source IP, Destination IP, and Protocol, and check Group Filters next to Source IP and Destination IP, the search string will look for connections matching:
(Source IP OR Destination IP) AND Protocol
Step 4 Click Apply Filter to apply the filter immediately to the Log View Settings table. Click Reset to clear the filter and display the unfiltered results again.
The following example filters for log events resulting from traffic from the WAN to the LAN:
Log Event Messages
For a complete reference guide of log event messages, refer to the “Log Event Message Index” section on page 20.
4 SonicOS Log Event Reference Guide
Log > Categories
Log > CategoriesThis guide provides configuration tasks to enable you to categorize and customize the logging functions on your SonicWALL security appliance for troubleshooting and diagnostics.
Note You can extend your SonicWALL security appliance log reporting capabilities by using SonicWALL ViewPoint. ViewPoint is a Web-based graphical reporting tool for detailed and comprehensive reports. For more information on the SonicWALL ViewPoint reporting tool, refer to www.sonicwall.com.
Log Severity/Priority
This section provides information on configuring the level of priority log messages are captured and corresponding alert messages are sent through e-mail for notification.
Logging Level
The Logging Level control filters events by priority. Events of equal of greater priority are passed, and events of lower priority are dropped. The Logging Level menu includes the following priority scale items from highest to lowest priority:
• Emergency (highest priority)
• Alert
• Critical
• Error
• Warning
• Notice
• Informational
• Debug (lowest priority)
Alert Level
The Alert Level control determines how E-mail Alerts are sent. An event of equal or greater priority causes an E-mail alert to be issued. Lower priority events do not cause an alert to be sent. Events are pre-filtered by the Logging Level control, so if the Logging Level control is set to a higher priority than that of the Alert Level control, only alerts at the Logging Level or higher are sent. Alert levels include:
• None (disables e-mail alerts)
• Emergency (highest priority)
• Alert
• Critical
• Error
• Warning (lowest priority)
5SonicOS Log Event Reference Guide
Log > Categories
Log Redundancy Filter
The Log Redundancy Filter allows you to define the time in seconds that the same attack is logged on the Log > View page as a single entry in the SonicWALL log. Various attacks are often rapidly repeated, which can quickly fill up a log if each attack is logged. The Log Redundancy Filter has a default setting of 60 seconds.
Alert Redundancy Filter
The Alert Redundancy Filter allows you to define the time in seconds that the same attack is logged on the Log > View page as a single entry in the SonicWALL log before an alert is issued. The Alert Redundancy Filter has a default setting of 900 seconds.
Log Categories
SonicWALL security appliances provide automatic attack protection against well known exploits. The majority of these legacy attacks were identified by telltale IP or TCP/UDP characteristics, and recognition was limited to a set of fixed layer 3 and layer 4 values. As the breadth and sophistication of attacks evolved, it has become essential to dig deeper into the traffic, and to develop the sort of adaptability that could keep pace with the new threats.
All SonicWALL security appliances, even those running SonicWALL IPS, continue to recognize these legacy port and protocol types of attacks. The current behavior on all SonicWALL security appliances devices is to automatically and holistically prevent these legacy attacks, meaning that it is not possible to disable prevention of these attacks either individually or globally.
SonicWALL security appliances now include an expanded list of attack categories that can be logged.
The View Style menu provides the following three log category views:
• All Categories - Displays both Legacy Categories and Expanded Categories.
• Legacy Categories - Displays log categories carried over from earlier SonicWALL log event categories.
• Expanded Categories - Displays the expanded listing of categories that includes the older Legacy Categories log events rearranged into the new structure.
The following table describes both the Legacy and Extended log categories.
Log Type Category Description
802.11 Management Legacy Logs WLAN IEEE 802.11 connections.
Advanced Routing Expanded Logs messages related to RIPv2 and OSPF routing events.
Attacks Legacy Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP spoofing
Authenticated Access
Expanded Logs administrator, user, and guest account activity
Blocked Java, etc. Legacy Logs Java, ActiveX, and Cookies blocked by the SonicWALL security appliance.
Blocked Web Sites Legacy Logs Web sites or newsgroups blocked by the Content Filter List or by customized filtering.
BOOTP Expanded Logs BOOTP activity
Crypto Test Expanded Logs crypto algorithm and hardware testing
6 SonicOS Log Event Reference Guide
Log > Categories
DDNS Expanded Logs Dynamic DNS activity
Denied LAN IP Legacy Logs all LAN IP addresses denied by the SonicWALL security appliance.
DHCP Client Expanded Logs DHCP client protocol activity
DHCP Relay Expanded Logs DHCP central and remote gateway activity
Dropped ICMP Legacy Logs blocked incoming ICMP packets.
Dropped TCP Legacy Logs blocked incoming TCP connections.
Dropped UDP Legacy Logs blocked incoming UDP packets.
Firewall Event Extended Logs internal firewall activity
Firewall Hardware Extended Logs firewall hardware error events
Firewall Logging Extended Logs general events and errors
Firewall Rule Extended Logs firewall rule modifications
GMS Extended Logs GMS status event
High Availability Extended Logs High Availability activity
IPcomp Extended Logs IP compression activity
Intrusion Prevention Extended Logs intrusion prevention related activity
L2TP Client Extended Logs L2TP client activity
L2TP Server Extended Logs L2TP server activity
Multicast Extended Logs multicast IGMP activity
Network Extended Logs network ARP, fragmentation, and MTU activity
Network Access Extended Logs network and firewall protocol access activity
Network Debug Legacy Logs NetBIOS broadcasts, ARP resolution problems, and NAT resolution problems. Also, detailed messages for VPN connections are displayed to assist the network administrator with troubleshooting problems with active VPN tunnels. Network Debug information is intended for experienced network administrators.
Network Traffic Expanded Logs network traffic reporting events
PPP Extended Logs generic PPP activity
PPP Dial-Up Extended Logs PPP dial-up activity
PPPoE Extended Logs PPPoE activity
PPTP Extended Logs PPTP activity
RBL Extended Logs real-time black list activity
RIP Extended Logs RIP activity
Remote Authentication
Extended Logs RADIUS and LDAP server activity
Security Services Extended Logs security services activity
SonicPoint Extended Logs SonicPoint activity
System Errors Legacy Logs problems with DNS or e-mail.
System Maintenance
Legacy Logs general system activity, such as system activations.
User Activity Legacy Logs successful and unsuccessful log in attempts.
VOIP Extended Logs VoIP H.323/RAS, H.323/H.225, and H.323/H.245 activity
Log Type Category Description
7SonicOS Log Event Reference Guide
Log > Categories
Managing Log Categories
The Log Categories table displays log category information organized into the following columns:
• Category - Displays log category name.
• Description - Provides description of the log category activity type.
• Log - Provides checkbox for enabling/disabling the display of the log events in on the Log > View page.
• Alerts - Provides checkbox for enabling/disabling the sending of alerts for the category.
• Syslog - Provides checkbox for enabling/disabling the capture of the log events into the SonicWALL security appliance Syslog.
• Event Count - Displays the number of events for that category. Clicking the Refresh button updates these numbers.
You can sort the log categories in the Log Categories table by clicking on the column header. For example, clicking on the Category header sorts the log categories in descending order from the default ascending order. An up or down arrow to the left of the column name indicates whether the column is assorted in ascending or descending order.
You can enable or disable Log, Alerts, and Syslog on a category by category basis by clicking on the check box for the category in the table. You can enable or disable Log, Alerts, and Syslog for all categories by clicking the checkbox on the column header.
VPN Extended Logs VPN activity
VPN Client Extended Logs VPN client activity
VPN IKE Extended Logs VPN IKE activity
VPN IPsec Extended Logs VPN IPSec activity
VPN PKI Extended Logs VPN PKI activity
VPN Tunnel Status Legacy Logs status information on VPN tunnels.
WAN Failover Extended Logs WAN failover activity
Wireless Extended Logs wireless activity
Wlan IDS Extended Logs WLAN IDS activity
Log Type Category Description
8 SonicOS Log Event Reference Guide
Log > Syslog
Log > SyslogIn addition to the standard event log, the SonicWALL security appliance can send a detailed log to an external Syslog server. The SonicWALL Syslog captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred. The SonicWALL Syslog support requires an external server running a Syslog daemon on UDP Port 514. Syslog Analyzers such as SonicWALL ViewPoint or WebTrends Firewall Suite can be used to sort, analyze, and graph the Syslog data. Messages from the SonicWALL security appliance are then sent to the server(s). Up to three Syslog server IP addresses can be added.Syslog Settings
Syslog Facility
• Syslog Facility - Allows you to select the facilities and severities of the messages based on the syslog protocol.
Note See RCF 3164 - The BSD Syslog Protocol for more information.
• Override Syslog Settings with ViewPoint Settings - Check this box to override Syslog settings, if you’re using SonicWALL ViewPoint for your reporting solution.
Note For more information on SonicWALL ViewPoint, go to http://www.sonicwall.com.
– Syslog Event Redundancy Filter (seconds) - This setting prevents repetitive messages from being written to Syslog. If duplicate events occur during the period specified in the Syslog Event Redundancy Rate field, they are not written to Syslog as unique events. Instead, the additional events are counted, and then at the end of the period, a message is written to the Syslog that includes the number of times the event occurred. The Syslog Event Redundancy Filter default value is 60 seconds and the maximum value is 86,400 seconds (24 hours). Setting this value to 0 seconds sends all Syslog messages without filtering.
– Syslog Format - You can choose the format of the Syslog to be Default or WebTrends. If you select WebTrends, however, you must have WebTrends software installed on your system.
Note If the SonicWALL security appliance is managed by SonicWALL GMS, the Syslog Server fields cannot be configured by the administrator of the SonicWALL security appliance.
• Enable Event Rate Limiting - This control allows you to enable rate limiting of events to prevent the internal or external logging mechanism from being overwhelmed by log events.
• Enable Data Rate Limiting - This control allows you to enable rate limiting of data to prevent the internal or external logging mechanism from being overwhelmed by log events.
9SonicOS Log Event Reference Guide
Log > Automation
Syslog Servers
Adding a Syslog Server
To add syslog servers to the SonicWALL security appliance
Step 1 Click Add. The Add Syslog Server window is displayed.
Step 2 Type the Syslog server name or IP address in the Name or IP Address field. Messages from the SonicWALL security appliance are then sent to the servers.
Step 3 If your syslog is not using the default port of 514, type the port number in the Port Number field.
Step 4 Click OK.
Step 5 Click Accept to save all Syslog Server settings.
Log > AutomationThe Log > Automation page includes settings for configuring the SonicWALL to send log files using e-mail and configuring mail server settings.
E-mail Log Automation
• Send Log to E-mail address - Enter your e-mail address ([email protected]) in this field to receive the event log via e-mail. Once sent, the log is cleared from the SonicWALL memory. If this field is left blank, the log is not e-mailed.
• Send Alerts to E-mail address - Enter your e-mail address ([email protected]) in the Send alerts to field to be immediately e-mailed when attacks or system errors occur. Type a standard e-mail address or an e-mail paging service. If this field is left blank, e-mail alert messages are not sent.
• Send Log - Determines the frequency of sending log files. The options are When Full, Weekly, or Daily. If the Weekly or Daily option is selected, then select the day of the week the log is sent in the every menu and the time of day in 24-hour format in the At field.
• Email Format - Specifies whether log emails will be sent in Plain Text or HTML format.
Mail Server Settings
The mail server settings allow you to specify the name or IP address of your mail server, the from e-mail address, and authentication method.
• Mail Server (name or IP address) - Enter the IP address or FQDN of the e-mail server used to send your log e-mails in this field.
• From E-mail Address - Enter the E-mail address you want to display in the From field of the message.
• Authentication Method - You can use the default None item or select POP Before SMTP.
Note If the Mail Server (name or IP address) is left blank, log and alert messages are not e-mailed.
10 SonicOS Log Event Reference Guide
Log > Automation
Deep Packet Forensics
SonicWALL UTM appliances have configurable deep-packet classification capabilities that intersect with forensic and content-management products. While the SonicWALL can reliably detect and prevent any ‘interesting-content’ events, it can only provide a record of the occurrence, but not the actual data of the event.
Of equal importance are diagnostic applications where the interesting-content is traffic that is being unpredictably handled or inexplicably dropped.
Although the SonicWALL can achieve interesting-content using our Enhanced packet capture diagnostic tool, data-recorders are application-specific appliances designed to record all the packets on a network. They are highly optimized for this task, and can record network traffic without dropping a single packet.
While data-recorders are good at recording data, they lack the sort of deep-packet inspection intelligence afforded by IPS/GAV/ASPY/AF. Consider the minimal requirements of effective data analysis:
• Reliable storage of data
• Effective indexing of data
• Classification of interesting-content
Together, a UTM device (a SonicWALL appliance) and data-recorder (a Solera Networks appliance) satisfy the requirements to offer outstanding forensic and data-leakage capabilities.
Distributed Event Detection and Replay
The Solera appliance can search its data-repository, while also allowing the administrator to define “interesting-content” events on the SonicWALL. The level of logging detail and frequency of the logging can be configured by the administrator. Nearly all events include Source IP, Source Port, Destination IP, Destination Port, and Time. SonicOS Enhanced has an extensive set of log events, including:
• Debug/Informational Events—Connection setup/tear down
• User-events—Administrative access, single sign-on activity, user logins, content filtering details
• Firewall Rule/Policy Events—Access to and from particular IP:Port combinations, also identifiable by time
• Interesting-content at the Network or Application Layer—Port-scans, SYN floods, DPI or AF signature/policy hits
The following is an example of the process of distributed event detection and replay:
1. The administrator defines the event trigger. For example, an Application Firewall policy is defined to detect and log the transmission of an official document:
11SonicOS Log Event Reference Guide
Log > Automation
2. A user (at IP address 192.168.19.1) on the network retrieves the file.
3. The event is logged by the SonicWALL.
4. The administrator selects the Recorder icon from the left column of the log entry. Icon/link only appears in the logs when a NPCS is defined on the SonicWALL (e.g. IP: [192.168.169.100], Port: [443]). The defined NPCS appliance will be the link’s target. The link will include the query string parameters defining the desired connection.
5. The NPCS will (optionally) authenticate the user session.
6. The requested data will be presented to the client as a .cap file, and can be saved or viewed on the local machine.
Methods of Access
The client and NPCS must be able to reach one another. Usually, this means the client and the NPCS will be in the same physical location, both connected to the SonicWALL appliance. In any case, the client will be able to directly reach the NPCS, or will be able to reach the NPCS through the SonicWALL. Administrators in a remote location will require some method of VPN connectivity to the internal network. Access from a centralized GMS console will have similar requirements.
Log Persistence
SonicOS currently allocates 32K to a rolling log buffer. When the log becomes full, it can be emailed to a defined recipient and flushed, or it can simply be flushed. Emailing provides a simple version of logging persistence, while GMS provides a more reliable and scalable method.
By offering the administrator the option to deliver logs as either plain-text or HTML, the administrator has an easy method to review and replay events logged.
12 SonicOS Log Event Reference Guide
Log > Automation
GMS
To provide the ability to identify and view events across an entire enterprise, a GMS update will be required. Device-specific interesting-content events at the GMS console appear in Reports > Log Viewer Search page, but are also found throughout the various reports, such as Top Intrusions Over Time.
Solera Capture Stack
Solera Networks makes a series of appliances of varying capacities and speeds designed to capture, archive, and regenerate network traffic. The Solera Networks Network Packet Capture System (NPCS) provides utilities that allow the captured data to be accessed in time sequenced playback, that is, analysis of captured data can be performed on a live network via NPCS while the device is actively capturing and archiving data.
13SonicOS Log Event Reference Guide
Log > Name Resolution
To configure your SonicWALL appliance with Solera select the Enable Solera Capture Stack Integration option.
Configure the following options:
• Server - Select the host for the Solera server. You can dynamically create the host by selecting Create New Host...
• Protocol - Select either HTTP or HTTPS.
• Port - Specify the port number for connecting to the Solera server.
• Interface(s) - Specify which interfaces you want to transmit data for to the Solera server.
• User (optional) - Enter the username, if required.
• Password (optional) - Enter the password, if required.
• Confirm Password - Confirm the password.
– Mask Password - Leave this enabled to send the password as encrypted text.
Log > Name ResolutionThe Log > Name Resolution page includes settings for configuring the name servers used to resolve IP addresses and server names in the log reports.
The security appliance uses a DNS server or NetBIOS to resolve all IP addresses in log reports into server names. It stores the names/address pairs in a cache, to assist with future lookups. You can clear the cache by clicking Reset Name Cache in the top of the Log > Name Resolution page.
14 SonicOS Log Event Reference Guide
Log > Name Resolution
Selecting Name Resolution Settings
The security appliance can use DNS, NetBIOS, or both to resolve IP addresses and server names.
In the Name Resolution Method list, select:
• None: The security appliance will not attempt to resolve IP addresses and Names in the log reports.
• DNS: The security appliance will use the DNS server you specify to resolve addresses and names.
• NetBIOS: The security appliance will use NetBIOS to resolve addresses and names. If you select NetBIOS, no further configuration is necessary.
• DNS then NetBIOS: The security appliance will first use the DNS server you specify to resolve addresses and names. If it cannot resolve the name, it will try again with NetBIOS.
Specifying the DNS Server
To choose specific DNS servers or use the same servers as the WAN zone, perform the following steps:
Step 1 Select Specify DNS Servers Manually or Inherit DNS Settings Dynamically from WAN Zone. The second choice is selected by default.
Step 2 If you selected to specify a DNS server, enter the IP address for at least one DNS server on your network. You can enter up to three servers.
Step 3 Click Accept in the top right corner of the Log > Name Resolution page to make your changes take effect.
15SonicOS Log Event Reference Guide
Log > Reports
Log > ReportsThe SonicWALL security appliance can perform a rolling analysis of the event log to show the top 25 most frequently accessed Web sites, the top 25 users of bandwidth by IP address, and the top 25 services consuming the most bandwidth. You can generate these reports from the Log > Reports page.
Note SonicWALL ViewPoint provides a comprehensive Web-based reporting solution for SonicWALL security appliances. For more information on SonicWALL ViewPoint, go to http://www.sonicwall.com
Data Collection
The Reports window includes the following functions and commands:
• Start Data Collection
Click Start Data Collection to begin log analysis. When log analysis is enabled, the button label changes to Stop Data Collection.
• Reset Data
Click Reset Data to clear the report statistics and begin a new sample period. The sample period is also reset when data collection is stopped or started, and when the SonicWALL security appliance is restarted.
View Data
Select the desired report from the Report to view menu. The options are Web Site Hits, Bandwidth Usage by IP Address, and Bandwidth Usage by Service. These reports are explained below. Click Refresh Data to update the report. The length of time analyzed by the report is displayed in the Current Sample Period.
Web Site Hits
Selecting Web Site Hits from the Report to view menu displays a table showing the URLs for the 25 most frequently accessed Web sites and the number of hits to a site during the current sample period.
The Web Site Hits report ensures that the majority of Web access is to appropriate Web sites. If leisure, sports, or other inappropriate sites appear in the Web Site Hits Report, you can choose to block the sites. For information on blocking inappropriate Web sites, see .
Click on the name of a Web site to open that site in a new window.
Bandwidth Usage by IP Address
Selecting Bandwidth Usage by IP Address from the Report to view menu displays a table showing the IP address of the 25 top users of Internet bandwidth and the number of megabytes transmitted during the current sample period.
16 SonicOS Log Event Reference Guide
Log > ViewPoint
Bandwidth Usage by Service
Selecting Bandwidth Usage by Service from the Report to view menu displays a table showing the name of the 25 top Internet services, such as HTTP, FTP, RealAudio, etc., and the number of megabytes received from the service during the current sample period.
The Bandwidth Usage by Service report shows whether the services being used are appropriate for your organization. If services such as video or push broadcasts are consuming a large portion of the available bandwidth, you can choose to block these services.
Log > ViewPointSonicWALL ViewPoint is a Web-based graphical reporting tool that provides unprecedented security awareness and control over your network environment through detailed and comprehensive reports of your security and network activities. ViewPoint’s broad reporting capabilities allow administrators to easily monitor network access and Internet usage, enhance security, assess risks, understand more about employee Internet use and productivity, and anticipate future bandwidth needs.
ViewPoint creates dynamic, real-time and historical network summaries, providing a flexible, comprehensive view of network events and activities. Reports are based on syslog data streams received from each SonicWALL appliance through LAN, Wireless LAN, WAN or VPN connections. With ViewPoint, your organization can generate individual or aggregate reports about virtually any aspect of appliance activity, including individual user or group usage patterns, evens on specific appliances or groups of appliances, types and times of attacks, resource consumption and constraints, and more.
For more information on SonicWALL ViewPoint, go to http://www.sonicwall.com.
For complete SonicWALL ViewPoint documentation, go to the SonicWALL documentation Web site at http://www.sonicwall.com/us/support/3340.html.
17SonicOS Log Event Reference Guide
Log > ViewPoint
Activating ViewPoint
The Log > ViewPoint page allows you to activate the ViewPoint license directly from the SonicWALL Management Interface using two methods.
If you received a license activation key, enter the activation key in the Enter upgrade key field, and click Accept.
Warning You must have a mysonicwall.com account and your SonicWALL security appliance must be registered to activate SonicWALL ViewPoint for your SonicWALl security appliance.
Step 1 Click the Upgrade link in Click here to Upgrade on the Log > ViewPoint page. The mysonicwall.com Login page is displayed.
Step 2 Enter your mysonicwall.com account username and password in the User Name and Password fields, then click Submit. The System > Licenses page is displayed. If your SonicWALL security appliance is already connected to your mysonicwall.com account, the System > Licenses page appears after you click the SonicWALL Content Filtering Subscription link.
Step 3 Click Activate or Renew in the Manage Service column in the Manage Services Online table. Type in the Activation Key in the New License Key field and click Submit.
Step 4 If you activated SonicWALL ViewPoint at mysonicwall.com, the SonicWALL ViewPoint activation is automatically enabled on your SonicWALL within 24-hours or you can click the Synchronize button on the Security Services > Summary page to update your SonicWALL.
Enabling ViewPoint Settings
Once you have installed the SonicWALL ViewPoint software, you can point the SonicWALL security appliance to the server running ViewPoint, perform the following steps:
Step 1 Check the Enable ViewPoint Settings checkbox in the Syslog Servers section of the Log > ViewPoint page.
Step 2 Click the Add button. The Add Syslog Server window is displayed.
Step 3 Enter the IP address or FQDN of the SonicWALL ViewPoint server in the Name or IP Address field.
Step 4 Enter the port number for the SonicWALL ViewPoint server traffic in the Port field or use the default port number.
Step 5 Click Accept.
Note The Override Syslog Settings with ViewPoint Settings control on the Log > Syslog page is automatically checked when you enable ViewPoint from the Log > ViewPoint page. The IP address or FQDN you entered in the Add Syslog Server window is also displayed on the Log > Syslog page as well as in the Syslog Servers table on the Log > ViewPoint page.
Clicking the Edit icon displays the Add Syslog Server window for editing the ViewPoint server information. Clicking the Delete icon, deletes the ViewPoint syslog server entry.
18 SonicOS Log Event Reference Guide
Index of Log Event Messages
Index of Log Event MessagesThis section contains a list of log event messages for all SonicWALL Firmware and SonicOS Software Releases, ordered alphabetically. Use your web browser’s Find function to search for a command.
Log Event Message Symbols Key
TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling
In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message.
Each log event message described in the following table provides the following log event details: • SonicOS Category—Displays the SonicOS Software category event type.
• Legacy Category—Displays the SonicWALL Firmware Software category event type.
• Priority Level—Displays the level of urgency of the log event message.
• Log Message ID Number—Displays the ID number of the log event message.
• SNMP Trap Type—Displays the SNMP Trap ID number of the log event message.
Log Event Message Symbol Description Context
%s Ethernet Port Down Represents a character string. [WAN | LAN | DMZ] Ethernet Port Down
The cache is full; %u open connections; some will be dropped
Represents a numerical string. The cache is full; [40,000] open connections; some will be dropped
19SonicOS Log Event Reference Guide
Index of Log Event Messages
Log Event Message Index
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
Network Security Appliance activated Firewall Event Maintenance Alert 4 ---
Log cleared Firewall Logging Maintenance Information 5 ---
Log successfully sent via email Firewall Logging Maintenance Information 6 ---
Log full; deactivating Network Security Appliance
Firewall Logging System Error Error 7 601
New URL List loaded Security Services Maintenance Information 8 ---
No new URL List available Security Services Maintenance Information 9 ---
Problem loading the URL List; check Filter settings
Security Services System Error Error 10 602
Problem loading the URL List; check your DNS server
Security Services System Error Error 11 603
Problem sending log email; check log settings
Firewall Logging System Error Warning 12 604
Restarting Network Security Appliance; dumping log to email
Firewall Event Maintenance Information 13 ---
Web site access denied Network Access Blocked Sites Error 14 701
Newsgroup access denied Network Access Blocked Sites Notice 15 702
Web site access allowed Network Access Blocked Sites Notice 16 703
Newsgroup access allowed Network Access Blocked Sites Notice 17 704
ActiveX access denied Network Access Blocked Code Notice 18 ---
Java access denied Network Access Blocked Code Notice 19 ---
ActiveX or Java archive access denied Network Access Blocked Code Notice 20 ---
Cookie removed Network Access Blocked Code Notice 21 ---
Ping of death dropped Intrusion Detection Attack Alert 22 501
IP spoof dropped Intrusion Detection Attack Alert 23 502
User logged out - user disconnect detected (heartbeat timer expired)
Authenticate Access
User Activity Information 24 ---
Possible SYN flood attack detected Intrusion Detection Attack Warning 25 503
Land attack dropped Intrusion Detection Attack Alert 27 505
Fragmented packet dropped Network TCP | UDP | ICMP Notice 28 ---
Administrator login allowed Authenticate Access
User Activity Information 29 ---
Administrator login denied due to bad credentials
Authenticate Access
Attack Alert 30 560
User login from an internal zone allowed Authenticate Access
User Activity Information 31 ---
User login denied due to bad credentials Authenticate Access
User Activity Information 32 ---
User login denied due to bad credentials Authenticate Access
User Activity Information 33 ---
Login screen timed out Authenticate Access
User Activity Information 34 ---
20 SonicOS Log Event Reference Guide
Index of Log Event Messages
Administrator login denied from %s; logins disabled from this interface
Authenticate Access
Attack Alert 35 506
TCP connection dropped Network Access TCP Notice 36 ---
UDP packet dropped Network Access UDP Notice 37 ---
ICMP packet dropped due to policy Network Access ICMP Notice 38 ---
PPTP packet dropped Network Access TCP | UDP | ICMP Notice 39 ---
IPsec packet dropped Network Access TCP | UDP | ICMP Notice 40 ---
Unknown protocol dropped Network Access Debug Notice 41 ---
IPsec packet dropped; waiting for pending IPsec connection
Network Access Debug Debug 42 ---
IPsec connection interrupt Network Access Debug Debug 43 ---
NAT could not remap incoming packet Unused System Error Error 44 606
ARP timeout Network Debug Debug 45 ---
Broadcast packet dropped Network Access Debug Debug 46 ---
No ICMP redirect sent Unused Debug Debug 47 ---
Out-of-order command packet dropped Network Access Debug Debug 48 ---
Failure to add data channel Unused Debug Debug 49 ---
RealAudio decode failure Unused Debug Debug 50 ---
Duplicate packet dropped Network Access Debug Debug 51 ---
No HOST tag found in HTTP request Network Access Debug Debug 52 ---
The cache is full; %u open connections; some will be dropped
Firewall Event System Error Error 53 607
License exceeded: Connection dropped because too many IP addresses are in use on your LAN
Firewall Event System Error Error 58 608
Access to proxy server denied Network Access Blocked Sites Notice 60 705
Diagnostic Code E VPN IPsec System Error Error 61 609
Dynamic IPsec client connected VPN IPsec User Activity Information 62 ---
Received fragmented packet or fragmentation needed
Network Debug Debug 63 ---
Diagnostic Code D Firewall Hardware System Error Error 64 610
Illegal IPsec SPI VPN IPsec User Activity Information 65 ---
Unknown IPsec SPI VPN IPsec Attack Error 66 507
IPsec Authentication Failed VPN IPsec Attack Error 67 508
IPsec Decryption Failed VPN IPsec Attack Error 68 509
Incompatible IPsec Security Association VPN IPsec User Activity Information 69 ---
IPsec packet from or to an illegal host VPN IPsec Attack Error 70 510
NetBus attack dropped Intrusion Detection Attack Alert 72 511
Back Orifice attack dropped Intrusion Detection Attack Alert 73 512
Net Spy attack dropped Intrusion Detection Attack Alert 74 513
Sub Seven attack dropped Intrusion Detection Attack Alert 75 514
Ripper attack dropped Intrusion Detection Attack Alert 76 515
Striker attack dropped Intrusion Detection Attack Alert 77 516
Senna Spy attack dropped Intrusion Detection Attack Alert 78 517
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
21SonicOS Log Event Reference Guide
Index of Log Event Messages
Priority attack dropped Intrusion Detection Attack Alert 79 518
Ini Killer attack dropped Intrusion Detection Attack Alert 80 519
Smurf Amplification attack dropped Intrusion Detection Attack Alert 81 520
Possible port scan detected Intrusion Detection Attack Alert 82 521
Probable port scan detected Intrusion Detection Attack Alert 83 522
Failed to resolve name Network Maintenance Information 84 ---
IKE Responder: Accepting IPsec proposal (Phase 2)
VPN IKE User Activity Information 87 ---
IKE Responder: IPsec proposal does not match (Phase 2)
VPN IKE User Activity Warning 88 523
IKE negotiation complete. Adding IPsec SA. (Phase 2)
VPN IKE User Activity Information 89 ---
Starting IKE negotiation VPN IKE User Activity Information 90 ---
Deleting IPsec SA for destination VPN IKE User Activity Information 91 ---
Deleting IPsec SA VPN IKE User Activity Information 92 ---
Diagnostic Code A Firewall Hardware System Error Error 93 611
Diagnostic Code B Firewall Hardware System Error Error 94 612
Diagnostic Code C Firewall Hardware System Error Error 95 613
Status GMS Maintenance Emergency 96 ---
#Web site hit Network Traffic Connection Traffic Information 97 ---
Connection Opened Network Traffic Connection Information 98 ---
Retransmitting DHCP DISCOVER. DHCP Client Maintenance Information 99 ---
Retransmitting DHCP REQUEST (Requesting).
DHCP Client Maintenance Information 100 ---
Retransmitting DHCP REQUEST (Renewing).
DHCP Client Maintenance Information 101 ---
Retransmitting DHCP REQUEST (Rebinding).
DHCP Client Maintenance Information 102 ---
Retransmitting DHCP REQUEST (Rebooting).
DHCP Client Maintenance Information 103 ---
Retransmitting DHCP REQUEST (Verifying). DHCP Client Maintenance Information 104 ---
Sending DHCP DISCOVER. DHCP Client Maintenance Information 105 ---
DHCP Server not available. Did not get any DHCP OFFER.
DHCP Client Maintenance Information 106 ---
Got DHCP OFFER. Selecting. DHCP Client Maintenance Information 107 ---
Sending DHCP REQUEST. DHCP Client Maintenance Information 108 ---
DHCP Client did not get DHCP ACK. DHCP Client Maintenance Information 109 ---
DHCP Client got NACK. DHCP Client Maintenance Information 110 ---
DHCP Client got ACK from server. DHCP Client Maintenance Information 111 ---
DHCP Client is declining address offered by the server.
DHCP Client Maintenance Information 112 ---
DHCP Client sending REQUEST and going to REBIND state.
DHCP Client Maintenance Information 113 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
22 SonicOS Log Event Reference Guide
Index of Log Event Messages
DHCP Client sending REQUEST and going to RENEW state.
DHCP Client Maintenance Information 114 ---
Sending DHCP REQUEST (Renewing). DHCP Client Maintenance Information 115 ---
Sending DHCP REQUEST (Rebinding). DHCP Client Maintenance Information 116 ---
Sending DHCP REQUEST (Rebooting). DHCP Client Maintenance Information 117 ---
Sending DHCP REQUEST (Verifying). DHCP Client Maintenance Information 118 ---
DHCP Client failed to verify and lease has expired. Go to INIT state.
DHCP Client Maintenance Information 119 ---
DHCP Client failed to verify and lease is still valid. Go to BOUND state.
DHCP Client Maintenance Information 120 ---
DHCP Client got a new IP address lease. DHCP Client Maintenance Information 121 ---
Sending DHCP RELEASE. DHCP Client Maintenance Information 122 ---
Access attempt from host without Anti-Virus agent installed
Security Services Maintenance Information 123 ---
Anti-Virus agent out-of-date on host Security Services Maintenance Information 124 ---
Received AV Alert: %s Security Services Maintenance Warning 125 524
Starting PPPoE discovery PPPoE Maintenance Information 127 ---
PPPoE LCP Link Up PPPoE Maintenance Information 128 ---
PPPoE LCP Link Down PPPoE Maintenance Information 129 ---
PPPoE terminated PPPoE Maintenance Information 130 ---
PPPoE Network Connected PPPoE Maintenance Information 131 ---
PPPoE Network Disconnected PPPoE Maintenance Information 132 ---
PPPoE discovery process complete PPPoE Maintenance Information 133 ---
PPPoE starting CHAP Authentication PPPoE Maintenance Information 134 ---
PPPoE starting PAP Authentication PPPoE Maintenance Information 135 ---
PPPoE CHAP Authentication Failed PPPoE Maintenance Information 136 ---
PPPoE PAP Authentication Failed PPPoE Maintenance Information 137 ---
Wan IP Changed Firewall Event System Error Warning 138 636
XAUTH Succeeded with VPN client VPN Client User Activity Information 139 ---
XAUTH Failed with VPN client, Authentication failure
VPN Client User Activity Error 140 ---
XAUTH Failed with VPN client, Cannot Contact RADIUS Server
VPN Client User Activity Information 141 ---
Log Debug Firewall Event Debug Error 142 ---
Add an attack message Firewall Event Attack Error 143 525
Primary firewall has transitioned to Active High Availability Maintenance Alert 144 ---
Backup firewall has transitioned to Active High Availability Maintenance Alert 145 ---
Primary firewall has transitioned to Idle High Availability System Error Alert 146 614
Backup firewall has transitioned to Idle High Availability Maintenance Alert 147 ---
Primary missed heartbeats from Backup High Availability System Error Error 148 615
Backup missed heartbeats from Primary High Availability System Error Error 149 616
Primary received error signal from Backup High Availability System Error Error 150 617
Backup received error signal from Primary High Availability System Error Error 151 618
Backup firewall being preempted by Primary High Availability System Error Error 152 619
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
23SonicOS Log Event Reference Guide
Index of Log Event Messages
Primary firewall preempting Backup High Availability System Error Error 153 620
Active Backup detects Active Primary: Backup going Idle
High Availability Maintenance Information 154 ---
Imported HA hardware ID did not match this firewall
High Availability Maintenance Information 155 ---
Discovered HA Backup Firewall High Availability Maintenance Information 156 ---
HA Peer Firewall Synchronized High Availability Maintenance Information 157 ---
Error synchronizing HA peer firewall (%s) High Availability System Error Error 158 662
Received AV Alert: Your Network Anti-Virus subscription has expired. %s
Security Services Maintenance Warning 159 526
Primary received heartbeat from wrong source
High Availability Maintenance Information 160 ---
Backup received heartbeat from wrong source
High Availability Maintenance Information 161 ---
HA packet processing error High Availability Maintenance Information 162 ---
Heartbeat received from incompatible source High Availability Maintenance Information 163 ---
Diagnostic Code F Firewall Hardware System Error Error 164 621
Forbidden E-Mail attachment disabled Intrusion Detection Attack Alert 165 527
PPPoE PAP Authentication success. PPPoE Maintenance Information 166 ---
PPPoE PAP Authentication Failed. Please verify PPPoE username and password
PPPoE Maintenance Information 167 ---
Disconnecting PPPoE due to traffic timeout PPPoE Maintenance Information 168 ---
No response from ISP Disconnecting PPPoE.
PPPoE Maintenance Information 169 ---
Backup going Active in preempt mode after reboot
High Availability System Error Error 170 622
VPN Log Debug VPN IKE Debug Information 172 ---
TCP connection from LAN denied Network Access LAN TCP Notice 173 ---
UDP packet from LAN dropped Network Access LAN UDP | LAN TCP
Notice 174 ---
ICMP packet from LAN dropped Network Access LAN ICMP | LAN TCP
Notice 175 ---
Probable TCP FIN scan detected Intrusion Detection Attack Alert 177 528
Probable TCP XMAS scan detected Intrusion Detection Attack Alert 178 529
Probable TCP NULL scan detected Intrusion Detection Attack Alert 179 530
IPsec Replay Detected VPN IPsec Attack Alert 180 531
TCP FIN packet dropped Network Debug Debug 181 ---
Received a path MTU icmp message from router/gateway
Network User Activity Information 182 ---
Problem loading the URL List; Appliance not registered.
Security Services System Error Error 183 623
Problem loading the URL List; Subscription expired.
Security Services System Error Error 184 624
Problem loading the URL List; Try loading it again.
Security Services System Error Error 185 625
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
24 SonicOS Log Event Reference Guide
Index of Log Event Messages
Problem loading the URL List; Retrying later. Security Services System Error Error 186 626
Problem loading the URL List; Flash write failure.
Security Services System Error Error 187 627
Received a path MTU icmp message from router/gateway
Network User Activity Information 188 ---
The loaded content URL List has expired. Security Services System Error Error 190 628
Error setting the IP address of the backup, please manually set to backup LAN IP
High Availability System Error Error 191 629
Error updating HA peer configuration High Availability System Error Error 192 630
Fraudulent Microsoft certificate found; access denied
Intrusion Detection Attack Error 193 532
VPN TCP SYN VPN VPN Statistics Information 194 ---
VPN TCP FIN VPN VPN Statistics Information 195 ---
VPN TCP PSH VPN VPN Statistics Information 196 ---
Content filter subscription expired. Security Services System Error Error 197 631
New firmware available. Firewall Event Maintenance Information 198 ---
CLI administrator login allowed Authenticate Access
User Activity Information 199 ---
CLI administrator login denied due to bad credentials
Authenticate Access
User Activity Warning 200 ---
L2TP Tunnel Negotiation Started L2TP Client Maintenance Information 201 ---
L2TP Session Negotiation Started L2TP Client Maintenance Information 202 ---
L2TP Max Retransmission Exceeded L2TP Client Maintenance Information 203 ---
L2TP Tunnel Established L2TP Client Maintenance Information 204 ---
L2TP Tunnel Disconnect from Remote L2TP Client Maintenance Information 205 ---
L2TP Session Established L2TP Client Maintenance Information 206 ---
L2TP Session Disconnect from Remote L2TP Client Maintenance Information 207 ---
L2TP PPP Negotiation Started L2TP Client Maintenance Information 208 ---
L2TP LCP Down L2TP Client Maintenance Information 209 ---
L2TP PPP Session Up L2TP Client Maintenance Information 210 ---
L2TP PPP Down L2TP Client Maintenance Information 211 ---
L2TP PPP Authentication Failed L2TP Client Maintenance Information 212 ---
L2TP LCP Up L2TP Client Maintenance Information 213 ---
L2TP Disconnect Initiated by the User L2TP Client Maintenance Information 214 ---
Disconnecting L2TP Tunnel due to traffic timeout
L2TP Client Maintenance Information 215 ---
L2TP Connect Initiated by the User L2TP Client Maintenance Information 216 ---
L2TP PPP link down L2TP Client Maintenance Information 217 ---
Primary WAN link down, Primary going Idle High Availability Maintenance Information 218 ---
Backup WAN link down, Primary going Active
High Availability System Error Error 219 633
Primary WAN link down, Backup going Active
High Availability System Error Error 220 634
Primary WAN link up, preempting Backup High Availability Maintenance Information 221 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
25SonicOS Log Event Reference Guide
Index of Log Event Messages
DHCP RELEASE relayed to Central Gateway
DHCP Relay Maintenance Information 222 ---
DHCP lease relayed to local device DHCP Relay Maintenance Information 223 ---
DHCP RELEASE received from remote device
DHCP Relay Debug Information 224 ---
DHCP lease relayed to remote device DHCP Relay Debug Information 225 ---
DHCP lease to LAN device conflicts with remote device, deleting remote IP entry
DHCP Relay Maintenance Information 226 ---
WARNING: DHCP lease relayed from Central Gateway conflicts with IP in Static Devices list
DHCP Relay Maintenance Information 227 ---
DHCP lease dropped. Lease from Central Gateway conflicts with Relay IP
DHCP Relay Maintenance Warning 228 ---
IP spoof detected on packet to Central Gateway, packet dropped
DHCP Relay Attack Error 229 533
Request for Relay IP Table from Central Gateway
DHCP Relay Maintenance Information 230 ---
Requesting Relay IP Table from Remote Gateway
DHCP Relay Maintenance Information 231 ---
Sent Relay IP Table to Central Gateway DHCP Relay Maintenance Information 232 ---
Obtained Relay IP Table from Remote Gateway
DHCP Relay Maintenance Information 233 ---
Failed to synchronize Relay IP Table DHCP Relay System Error Warning 234 632
VPN zone administrator login allowed Authenticate Access
User Activity Information 235 ---
WAN zone administrator login allowed Authenticate Access
User Activity Information 236 ---
VPN zone remote user login allowed Authenticate Access
User Activity Information 237 ---
WAN zone remote user login allowed Authenticate Access
User Activity Information 238 ---
NAT Discovery : Peer IPsec Security Gateway behind a NAT/NAPT Device
VPN IKE User Activity Information 239 ---
NAT Discovery : Local IPsec Security Gateway behind a NAT/NAPT Device
VPN IKE User Activity Information 240 ---
NAT Discovery : No NAT/NAPT device detected between IPsec Security gateways
VPN IKE User Activity Information 241 ---
NAT Discovery : Peer IPsec Security Gateway doesn't support VPN NAT Traversal
VPN IKE User Activity Information 242 ---
User login denied - RADIUS authentication failure
RADIUS User Activity Information 243 ---
User login denied - RADIUS server timeout RADIUS User Activity Warning 244 ---
User login denied - RADIUS configuration error
RADIUS User Activity Warning 245 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
26 SonicOS Log Event Reference Guide
Index of Log Event Messages
User login denied - User has no privileges for login from that location
Authenticate Access
User Activity Information 246 ---
IPsec packet from an illegal host VPN IPsec Maintenance Information 247 ---
Forbidden E-Mail attachment deleted Intrusion Detection Attack Error 248 534
IKE Responder: Mode %d - not tunnel mode VPN IKE User Activity Warning 249 535
IKE Responder: No matching Phase 1 ID found for proposed remote network
VPN IKE User Activity Warning 250 536
IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route
VPN IKE User Activity Warning 251 537
IKE Responder: No match for proposed remote network address
VPN IKE User Activity Warning 252 538
IKE Responder: Default LAN gateway is set but peer is not proposing to use this SA as a default route
VPN IKE User Activity Warning 253 539
IKE Responder: Tunnel terminates outside firewall but proposed local network is not NAT public address
VPN IKE User Activity Warning 254 540
IKE Responder: Tunnel terminates inside firewall but proposed local network is not inside firewall
VPN IKE User Activity Warning 255 541
IKE Responder: Tunnel terminates on DMZ but proposed local network is on LAN
VPN IKE User Activity Warning 256 542
IKE Responder: Tunnel terminates on LAN but proposed local network is on DMZ
VPN IKE User Activity Warning 257 543
IKE Responder: AH Perfect Forward Secrecy mismatch
VPN IKE User Activity Warning 258 544
IKE Responder: ESP Perfect Forward Secrecy mismatch
VPN IKE User Activity Warning 259 545
IKE Responder: Algorithms and/or keys do not match
VPN IKE User Activity Warning 260 546
Administrator logged out Authenticate Access
User Activity Information 261 ---
Administrator logged out - inactivity timer expired
Authenticate Access
User Activity Information 262 ---
User logged out Authenticate Access
User Activity Information 263 ---
User logged out - max session time exceeded
Authenticate Access
User Activity Information 264 ---
User logged out - inactivity timer expired Authenticate Access
User Activity Information 265 ---
NAT device may not support IPsec AH passthrough
VPN IPsec Maintenance Information 266 ---
TCP Xmas Tree dropped Intrusion Detection Attack Alert 267 547
CFL auto-download disabled, time problem detected
Security Services Maintenance Information 268 ---
Requesting CRL from VPN PKI User Activity Information 269 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
27SonicOS Log Event Reference Guide
Index of Log Event Messages
CRL loaded from VPN PKI User Activity Information 270 ---
Failed to get CRL from VPN PKI User Activity Alert 271 ---
Not enough memory to hold the CRL VPN PKI User Activity Warning 272 ---
Connection timed out VPN PKI User Activity Alert 273 ---
Cannot connect to the CRL server VPN PKI User Activity Alert 274 ---
Unknown reason VPN PKI User Activity Error 275 ---
Failed to Process CRL from VPN PKI User Activity Alert 276 ---
Bad CRL format VPN PKI User Activity Alert 277 ---
Issuer match failed VPN PKI User Activity Alert 278 ---
Certificate on Revoked list(CRL) VPN PKI User Activity Alert 279 ---
No Certificate for VPN PKI User Activity Alert 280 ---
PPP Dial-Up: Dialing: %s PPP Dial Up User Activity Information 281 ---
PPP Dial-Up: No dialtone detected - check phone-line connection
PPP Dial Up User Activity Information 282 ---
PPP Dial-Up: No link carrier detected - check phone number
PPP Dial Up User Activity Information 283 ---
PPP Dial-Up: Dialed number is busy PPP Dial Up User Activity Information 284 ---
PPP Dial-Up: Dialed number did not answer PPP Dial Up User Activity Information 285 ---
PPP Dial-Up: Connected at %s bps - starting PPP
PPP Dial Up User Activity Information 286 ---
PPP Dial-Up: Unknown dialing failure PPP Dial Up User Activity Information 287 ---
PPP Dial-Up: Link carrier lost PPP Dial Up User Activity Information 288 ---
PPP: Authentication successful PPP --- Information 289 ---
PPP: PAP Authentication failed - check username / password
PPP --- Information 290 ---
PPP: CHAP authentication failed - check username / password
PPP --- Information 291 ---
PPP: MS-CHAP authentication failed - check username / password
PPP --- Information 292 ---
PPP: Starting MS-CHAP authentication PPP --- Information 293 ---
PPP: Starting CHAP authentication PPP --- Information 294 ---
PPP: Starting PAP authentication PPP --- Information 295 ---
PPP Dial-Up: PPP negotiation failed - disconnecting
PPP Dial Up User Activity Information 296 ---
PPP Dial-Up: Idle time limit exceeded - disconnecting
PPP Dial Up User Activity Information 297 ---
PPP Dial-Up: Failed to get IP address PPP Dial Up User Activity Information 298 ---
PPP Dial-Up: Received new IP address PPP Dial Up User Activity Information 299 ---
PPP Dial-Up: PPP link established PPP Dial Up User Activity Information 300 ---
PPP Dial-Up: PPP link down PPP Dial Up User Activity Information 301 ---
PPP Dial-Up: Shutting down link PPP Dial Up User Activity Information 302 ---
PPP Dial-Up: Initialization : %s PPP Dial Up User Activity Information 303 ---
PPP Dial-Up: User requested disconnect PPP Dial Up User Activity Information 304 ---
PPP Dial-Up: User requested connect PPP Dial Up User Activity Information 305 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
28 SonicOS Log Event Reference Guide
Index of Log Event Messages
PPP Dial-Up: Connect request canceled PPP Dial Up User Activity Information 306 ---
The network connection in use is %s WAN Failover System Error Warning 307 639
L2TP Server : L2TP Tunnel Established. L2TP Server Maintenance Information 308 ---
L2TP Server : L2TP Session Established. L2TP Server Maintenance Information 309 ---
L2TP Server : L2TP PPP Session Established.
L2TP Server Maintenance Information 310 ---
L2TP Server: RADIUS/LDAP reports Authentication Failure
L2TP Server Maintenance Information 311 ---
L2TP Server: Local Authentication Failure L2TP Server Maintenance Information 312 ---
L2TP Server: RADIUS/LDAP server not assigned IP address
L2TP Server Maintenance Information 313 ---
L2TP Server: No IP address available in the Local IP Pool
L2TP Server Maintenance Information 314 ---
L2TP Server: L2TP Tunnel Disconnect from the Remote.
L2TP Server Maintenance Information 315 ---
L2TP Server: L2TP Session Disconnect from the Remote.
L2TP Server Maintenance Information 316 ---
L2TP Server: L2TP Remote terminated the PPP session
L2TP Server Maintenance Information 317 ---
L2TP Server: Local Authentication Success.
L2TP Server Maintenance Information 318 ---
L2TP Server: RADIUS/LDAP Authentication Success
L2TP Server Maintenance Information 319 ---
L2TP Server: Keep alive Failure. Closing Tunnel
L2TP Server Maintenance Information 320 ---
PPP Dial-Up: Manual intervention needed. Check Primary Profile or Profile details
PPP Dial Up User Activity Information 321 ---
PPP Dial-Up: Trying to failover but Primary Profile is manual
PPP Dial Up User Activity Information 322 ---
PPP Dial-Up: Startup without Ethernet cable, will try to dial on outbound traffic
PPP Dial Up User Activity Information 323 ---
PPP Dial-Up: Dial initiated by %s PPP Dial Up Maintenance Information 324 ---
The current WAN interface is not ready to route packets.
Firewall Event System Error Error 325 635
Probing failure on %s WAN Failover System Error Alert 326 637
PPP Dial-Up: Maximum connection time exceeded - disconnecting
PPP Dial Up User Activity Information 327 ---
Administrator name changed Authenticate Access
Maintenance Information 328 ---
User login failure rate exceeded - logins from user IP address denied
Authenticate Access
Attack Error 329 561
PPP Dial-Up: The profile in use disabled VPN networking.
PPP Dial Up Maintenance Information 330 ---
PPP Dial-Up: VPN networking restored. PPP Dial Up Maintenance Information 331 ---
%s Ethernet Port Up Firewall Event System Error Warning 332 640
%s Ethernet Port Down Firewall Event System Error Error 333 641
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
29SonicOS Log Event Reference Guide
Index of Log Event Messages
L2TP Server: Call Disconnect from Remote. L2TP Server Maintenance Information 334 ---
L2TP Server: Tunnel Disconnect from Remote.
L2TP Server Maintenance Information 335 ---
L2TP Server : Deleting the Tunnel L2TP Server Maintenance Information 336 ---
L2TP Server : Deleting the L2TP active Session
L2TP Server Maintenance Information 337 ---
L2TP Server : Retransmission Timeout, Deleting the Tunnel
L2TP Server Maintenance Information 338 ---
NAT translated packet exceeds size limit, packet dropped
Network Debug Debug 339 ---
HTTP management port has changed Firewall Event Maintenance Information 340 ---
HTTPS management port has changed Firewall Event Maintenance Information 341 ---
IKE Responder: Mode %d - not transport mode. Xauth is required but not supported by peer.
VPN IKE Debug Warning 342 ---
L2TP Server : Access from L2TP VPN Client Privilege not enabled for Radius Users.
L2TP Server Maintenance Information 343 ---
L2TP Server : User Name authentication Failure locally.
L2TP Server Maintenance Information 344 ---
IKE Responder: Tunnel terminates outside firewall but proposed remote network is not NAT public address
VPN IKE User Activity Warning 345 548
IKE Initiator: Start Quick Mode (Phase 2). VPN IKE User Activity Information 346 ---
Port configured to receive IPsec protocol ONLY; drop packet received in the clear
Network Access TCP | UDP | ICMP Warning 347 ---
Imported VPN SA is invalid - disabled Firewall Event Maintenance Warning 348 ---
IPsec SA lifetime expired. VPN IPsec User Activity Information 349 ---
IKE SA lifetime expired. VPN IKE User Activity Information 350 ---
IKE Initiator: Start Main Mode negotiation (Phase 1)
VPN IKE User Activity Information 351 ---
IKE Responder: Received Quick Mode Request (Phase 2)
VPN IKE User Activity Information 352 ---
IKE Initiator: Main Mode complete (Phase 1) VPN IKE User Activity Information 353 ---
IKE Initiator: Aggressive Mode complete (Phase 1).
VPN IKE User Activity Information 354 ---
IKE Responder: Received Main Mode request (Phase 1)
VPN IKE User Activity Information 355 ---
IKE Responder: Received Aggressive Mode request (Phase 1)
VPN IKE User Activity Information 356 ---
IKE Responder: Main Mode complete (Phase 1)
VPN IKE User Activity Information 357 ---
IKE Initiator: Start Aggressive Mode negotiation (Phase 1)
VPN IKE User Activity Information 358 ---
Entering FIPS ERROR state Crypto Test Maintenance Error 359 ---
Crypto DES test failed Crypto Test Maintenance Error 360 ---
Crypto DH test failed Crypto Test Maintenance Error 361 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
30 SonicOS Log Event Reference Guide
Index of Log Event Messages
Crypto Hmac-MD5 fest failed Crypto Test Maintenance Error 362 ---
Crypto Hmac-Sha1 test failed Crypto Test Maintenance Error 363 ---
Crypto RSA test failed Crypto Test Maintenance Error 364 ---
Crypto Sha1 test failed Crypto Test Maintenance Error 365 ---
Crypto hardware DES test failed Crypto Test Maintenance Error 366 ---
Crypto hardware 3DES test failed Crypto Test Maintenance Error 367 ---
Crypto hardware DES with SHA test failed Crypto Test Maintenance Error 368 ---
Crypto Hardware 3DES with SHA test failed Crypto Test Maintenance Error 369 ---
Crypto MD5 test failed Crypto Test Maintenance Error 370 ---
VPN Client Policy Provisioning VPN Client User Activity Information 371 ---
IKE Initiator: Accepting IPsec proposal (Phase 2)
VPN IKE User Activity Information 372 ---
IKE Responder: Aggressive Mode complete (Phase 1)
VPN IKE User Activity Information 373 ---
Error initializing Hardware acceleration for VPN
Firewall Hardware Maintenance Error 374 ---
PPTP Control Connection Negotiation Started
PPTP Maintenance Information 375 ---
PPTP Session Negotiation Started PPTP Maintenance Information 376 ---
PPTP Max Retransmission Exceeded PPTP Maintenance Information 377 ---
PPTP Control Connection Established PPTP Maintenance Information 378 ---
PPTP Tunnel Disconnect from Remote PPTP Maintenance Information 379 ---
PPTP Session Established PPTP Maintenance Information 380 ---
PPTP Session Disconnect from Remote PPTP Maintenance Information 381 ---
PPTP PPP Negotiation Started PPTP Maintenance Information 382 ---
PPTP LCP Down PPTP Maintenance Information 383 ---
PPTP PPP Session Up PPTP Maintenance Information 384 ---
PPTP PPP Down PPTP Maintenance Information 385 ---
PPTP PPP Authentication Failed PPTP Maintenance Information 386 ---
PPTP LCP Up PPTP Maintenance Information 387 ---
PPTP Disconnect Initiated by the User PPTP Maintenance Information 388 ---
Disconnecting PPTP Tunnel due to traffic timeout
PPTP Maintenance Information 389 ---
PPTP Connect Initiated by the User PPTP Maintenance Information 390 ---
PPTP PPP link down PPTP Maintenance Information 391 ---
PPTP starting CHAP Authentication PPTP Maintenance Information 392 ---
PPTP starting PAP Authentication PPTP Maintenance Information 393 ---
PPTP CHAP Authentication Failed. Please verify PPTP username and password
PPTP Maintenance Information 394 ---
PPTP PAP Authentication Failed PPTP Maintenance Information 395 ---
PPTP PAP Authentication success. PPTP Maintenance Information 396 ---
PPTP PAP Authentication Failed. Please verify PPTP username and password
PPTP Maintenance Information 397 ---
PPTP PPP Link Up PPTP Maintenance Information 398 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
31SonicOS Log Event Reference Guide
Index of Log Event Messages
PPTP PPP Link down PPTP Maintenance Information 399 ---
PPTP PPP Link Finished PPTP Maintenance Information 400 ---
Received notify. NO_PROPOSAL_CHOSEN VPN IKE User Activity Warning 401 ---
IKE Responder: IKE proposal does not match (Phase 1)
VPN IKE User Activity Warning 402 ---
IKE negotiation aborted due to timeout VPN IKE User Activity Information 403 ---
Failed payload verification after decryption; possible preshared key mismatch
VPN IKE User Activity Warning 404 ---
Failed payload validation VPN IKE User Activity Warning 405 ---
Received packet retransmission. Drop duplicate packet
VPN IKE User Activity Warning 406 ---
SA is disabled. Check VPN SA settings VPN IKE User Activity Information 407 ---
Anti-Virus Licenses Exceeded Security Services Maintenance Information 408 ---
Received notify: ISAKMP_AUTH_FAILED VPN IKE User Activity Warning 409 ---
Computed hash does not match hash received from peer; preshared key mismatch
VPN IKE User Activity Warning 410 ---
Received notify: PAYLOAD_MALFORMED VPN IKE User Activity Warning 411 ---
Received IPsec SA delete request VPN IKE User Activity Information 412 ---
Received IKE SA delete request VPN IKE User Activity Information 413 ---
Received notify: INVALID_COOKIES VPN IKE User Activity Information 414 ---
Received notify: RESPONDER_LIFETIME VPN IKE User Activity Information 415 ---
Received notify: INVALID_SPI VPN IKE User Activity Information 416 ---
PKI Error: VPN PKI Maintenance Error 417 ---
IKE Responder: Proposed local network is 0.0.0.0 but SA has no LAN Default Gateway
VPN IKE User Activity Warning 418 549
RIP disabled on interface %s RIP Maintenance Information 419 8401
RIPv1 enabled on interface %s RIP Maintenance Information 420 8402
RIPv2 enabled on interface %s RIP Maintenance Information 421 8403
RIPv2 compatibility (broadcast) mode enabled on interface %s
RIP Maintenance Information 422 8404
RIP disabled on DMZ interface RIP Maintenance Information 423 8405
RIPv1 enabled on DMZ interface RIP Maintenance Information 424 8406
RIPv2 enabled on DMZ interface RIP Maintenance Information 425 8407
RIPv2 compatibility (broadcast) mode enabled on DMZ interface
RIP Maintenance Information 426 8408
IPsecTunnel status changed VPN VPN Tunnel Status
Information 427 801
Source routed IP packet dropped Intrusion Detection Debug Warning 428 ---
No response from server to Echo Requests, disconnecting PPTP Tunnel
PPTP Maintenance Information 429 ---
No response from PPTP server to control connection requests
PPTP Maintenance Information 430 ---
No response from PPTP server to call requests
PPTP Maintenance Information 431 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
32 SonicOS Log Event Reference Guide
Index of Log Event Messages
PPTP server rejected control connection PPTP Maintenance Information 432 ---
PPTP server rejected the call request PPTP Maintenance Information 433 ---
PPP Dial-Up: Trying to failover but Alternate Profile is manual
WAN Failover User Activity Information 434 ---
WLB Failback initiated by %s WAN Failover System Error Alert 435 652
Probing succeeded on %s WAN Failover System Error Alert 436 638
E-Mail fragment dropped Intrusion Detection Attack Error 437 550
Locked-out user logins allowed - lockout period expired
Authenticate Access
User Activity Information 438 ---
Locked-out user logins allowed by administrator
Authenticate Access
User Activity Information 439 ---
Access rule added Firewall Rule User Activity Information 440 ---
Access rule modified Firewall Rule User Activity Information 441 ---
Access rule deleted Firewall Rule User Activity Information 442 ---
Access rules restored to defaults Firewall Rule User Activity Information 443 ---
PPTP Server is not responding, check if the server is UP and running.
PPTP Maintenance Information 444 ---
IKE Initiator: Accepting peer lifetime. (Phase 1)
VPN IKE User Activity Information 445 ---
FTP: PASV response spoof attack dropped Intrusion Detection Attack Error 446 551
PKI Failure VPN PKI Maintenance Error 447 ---
PKI Failure: Output buffer too small VPN PKI Maintenance Error 448 ---
PKI Failure: Cannot alloc memory VPN PKI Maintenance Error 449 ---
PKI Failure: Reached the limit for local certs, cant load any more
VPN PKI Maintenance Error 450 ---
PKI Failure: Import failed VPN PKI Maintenance Error 451 ---
PKI Failure: Incorrect admin password VPN PKI Maintenance Error 452 ---
PKI Failure: CA certificates store exceeded. Cannot verify this Local Certificate
VPN PKI Maintenance Error 453 ---
PKI Failure: Improper file format. Please select PKCS#12 (*.p12) file
VPN PKI Maintenance Error 454 ---
PKI Failure: Certificate's ID does not match this Network Security Appliance
VPN PKI Maintenance Error 455 ---
PKI Failure: public-private key mismatch VPN PKI Maintenance Error 456 ---
PKI Failure: Duplicate local certificate name VPN PKI Maintenance Error 457 ---
PKI Failure: Duplicate local certificate VPN PKI Maintenance Error 458 ---
PKI Failure: No CA certificates yet loaded VPN PKI Maintenance Error 459 ---
PKI Failure: Internal error VPN PKI Maintenance Error 460 ---
PKI Failure: Temporary memory shortage, try again
VPN PKI Maintenance Error 461 ---
PKI Failure: The certificate chain is circular VPN PKI Maintenance Error 462 ---
PKI Failure: The certificate chain is incomplete
VPN PKI Maintenance Error 463 ---
PKI Failure: The certificate chain has no root VPN PKI Maintenance Error 464 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
33SonicOS Log Event Reference Guide
Index of Log Event Messages
PKI Failure: The certificate or a certificate in the chain has expired
VPN PKI Maintenance Error 465 ---
PKI Failure: The certificate or a certificate in the chain has a validity period in the future
VPN PKI Maintenance Error 466 ---
PKI Failure: The certificate or a certificate in the chain is corrupt
VPN PKI Maintenance Error 467 ---
PKI Failure: The certificate or a certificate in the chain has a bad signature
VPN PKI Maintenance Error 468 ---
PKI Failure: Loaded but could not verify certificate
VPN PKI Maintenance Error 469 ---
PKI Failure: Loaded the certificate but could not verify it's chain
VPN PKI Maintenance Error 470 ---
VPN Cleanup: Dynamic network settings change
VPN User Activity Information 471 ---
WARNING: Central Gateway does not have a Relay IP Address. DHCP message dropped.
DHCP Relay Maintenance Information 472 ---
DHCP REQUEST received from remote device
DHCP Relay Debug Information 473 ---
DHCP DISCOVER received from remote device
DHCP Relay Debug Information 474 ---
DHCP DECLINE received from remote device
DHCP Relay Debug Information 475 ---
DHCP OFFER received from server DHCP Relay Debug Information 476 ---
DHCP NACK received from server DHCP Relay Debug Information 477 ---
ERROR: DHCP over VPN policy is not defined. Cannot start IKE.
DHCP Relay Maintenance Information 478 ---
DHCP DISCOVER received from local device
DHCP Relay Debug Information 479 ---
DHCP REQUEST received from local device DHCP Relay Debug Information 480 ---
PPP Dial-Up: No peer IP address from Dial-Up ISP, local and remote IPs will be the same
PPP Dial Up Maintenance Information 481 ---
Received AV Alert: Your Network Anti-Virus subscription will expire in 7 days. %s
Security Services Maintenance Warning 482 552
Received notify: INVALID_ID_INFO VPN IPsec User Activity Warning 483 ---
DHCP lease dropped. Lease from Central Gateway conflicts with Remote Management IP
DHCP Relay Maintenance Warning 484 ---
Category: None --- Debug 485 ---
User login denied - User has no privileges for guest service
Authenticate Access
User Activity Information 486 ---
WLAN firmware image has been updated Wireless Maintenance Information 487 ---
Packet dropped by guest check Network Access TCP | UDP | ICMP Warning 488 ---
Received CFS Alert: Your Content Filtering subscription will expire in 7 days.
Security Services Maintenance Warning 489 562
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
34 SonicOS Log Event Reference Guide
Index of Log Event Messages
Received CFS Alert: Your Content Filtering subscription has expired.
Security Services Maintenance Warning 490 563
Received E-Mail Filter Alert: Your E-Mail Filtering subscription will expire in 7 days.
Security Services Maintenance Warning 491 564
Received E-Mail Filter Alert: Your E-Mail Filtering subscription has expired.
Security Services Maintenance Warning 492 565
ISDN Driver Firmware successfully updated Firewall Event Maintenance Information 493 ---
Global VPN Client License Exceeded: Connection denied.
VPN Client System Error Information 494 658
Packet dropped by WLAN vpn traversal check
Wireless TCP | UDP | ICMP Warning 495 ---
Registration Update Needed: Restore your existing security service subscriptions by clicking here.
Security Services Maintenance Warning 496 ---
Entering FIPS Error State. Crypto Test System Error Error 497 659
WAN Interface not setup Firewall Event Maintenance Information 498 ---
PPPoE enabled but not ready PPPoE Maintenance Information 499 ---
L2TP enabled but not ready Unused Maintenance Information 500 ---
PPTP enabled but not ready PPTP Maintenance Information 501 ---
WAN not ready Firewall Event Maintenance Information 502 ---
VPN disabled for active dial up Unused Maintenance Information 503 ---
DHCP client enabled but not ready DHCP Client Maintenance Information 504 ---
Blocked Quick Mode for Client using Default KeyId
VPN Client System Error Error 505 660
VPN disabled by administrator Authenticate Access
Maintenance Information 506 ---
VPN enabled by administrator Authenticate Access
Maintenance Information 507 ---
WLAN disabled by administrator Authenticate Access
Maintenance Information 508 ---
WLAN enabled by administrator Authenticate Access
Maintenance Information 509 ---
WiFiSec Enforcement disabled by administrator
Authenticate Access
Maintenance Information 510 ---
WiFiSec Enforcement enabled by administrator
Authenticate Access
Maintenance Information 511 ---
Wireless MAC Filter List enabled by administrator
Authenticate Access
Maintenance Information 512 ---
Wireless MAC Filter List disabled by administrator
Authenticate Access
Maintenance Information 513 ---
PPPoE user name changed by Administrator Authenticate Access
User Activity Information 514 ---
PPPoE password changed by Administrator Authenticate Access
User Activity Information 515 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
35SonicOS Log Event Reference Guide
Index of Log Event Messages
IKE Responder: Default LAN gateway is not set but peer is proposing to use this SA as a default route
VPN IKE Attack Error 516 553
WLAN Reboot Firewall Hardware System Error Error 517 642
802.11 Management Wireless 802.11b Management
Information 518 ---
WLAN recovery Wireless Maintenance Information 519 ---
CLI administrator logged out Authenticate Access
User Activity Information 520 ---
Network Security Appliance initializing Firewall Event Maintenance Information 521 ---
Malformed or unhandled IP packet dropped Network Access Debug Alert 522 554
ICMP packet dropped no match Network Access ICMP Notice 523 ---
Web access request dropped Network Access TCP Notice 524 ---
Web management request allowed Network Access User Activity Notice 526 ---
FTP: PORT bounce attack dropped. Intrusion Detection Attack Alert 527 555
FTP: PASV response bounce attack dropped.
Intrusion Detection Attack Alert 528 556
Global VPN Client connection is not allowed. Appliance is not registered.
VPN Client System Error Information 529 643
Network Modem Mode Enabled: turning off NAT
PPP Dial Up Maintenance Information 530 ---
Network Modem Mode Disabled: re-enabling NAT
PPP Dial Up Maintenance Information 531 ---
Internet Access restricted to authorized users. Dropped packet received in the clear.
Wireless TCP | UDP | ICMP Warning 532 ---
IPsec (ESP) packet dropped VPN IPsec TCP | UDP | ICMP Notice 533 ---
IPsec (AH) packet dropped VPN IPsec TCP | UDP | ICMP Notice 534 ---
IPsec (ESP) packet dropped; waiting for pending IPsec connection
VPN IPsec Debug Debug 535 ---
IPsec (AH) packet dropped; waiting for pending IPsec connection
VPN IPsec Debug Debug 536 ---
Connection Closed Network Traffic Connection Traffic Information 537 ---
FTP: Data connection from non default port dropped
Network Access Attack Alert 538 557
Real time clock battery failure Time values may be incorrect
Firewall Hardware System Error Warning 539 644
If not already enabled, enabling NTP is recommended
Firewall Hardware System Error Warning 540 645
Maximum number of Bandwidth Managed rules exceeded upon upgrade to this version. Some Bandwith settings ignored.
Firewall Event Maintenance Notice 541 ---
PPP Dial-Up: Previous session was connected for %s
PPP Dial Up User Activity Information 542 ---
IKE Initiator: Using secondary gateway to negotiate
VPN IKE User Activity Information 543 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
36 SonicOS Log Event Reference Guide
Index of Log Event Messages
IKE Initiator drop: VPN tunnel end point does not match configured VPN Policy Bound to scope
VPN IKE User Activity Information 544 ---
IKE Responder drop: VPN tunnel end point does not match configured VPN Policy Bound to scope
VPN IKE User Activity Information 545 ---
Found Rogue Access Point WLAN IDS WLAN IDS Alert 546 901
WLAN sequence number out of order WLAN IDS WLAN IDS Warning 547 902
Association Flood from WLAN station WLAN IDS WLAN IDS Alert 548 903
User login failed - Guest service limit reached
Authenticate Access
User Activity Information 549 ---
Guest Session Timeout Authenticate Access
User Activity Information 550 ---
Guest Account Timeout Authenticate Access
User Activity Information 551 ---
RIP disabled on WAN interface RIP Maintenance Information 552 8409
RIPv1 enabled on WAN interface RIP Maintenance Information 553 8410
RIPv2 enabled on WAN interface RIP Maintenance Information 554 8411
RIPv2 compatibility (broadcast) mode enabled on WAN interface
RIP Maintenance Information 555 8412
Found Rogue Access Point WLAN IDS WLAN IDS Alert 556 10804
Guest login denied. Guest '%s' is already logged in. Please try again later.
Authenticate Access
User Activity Information 557 ---
Guest account '%s' created Authenticate Access
User Activity Information 558 ---
Guest account '%s' deleted Authenticate Access
User Activity Information 559 ---
Guest account '%s' disabled Authenticate Access
User Activity Information 560 ---
Guest account '%s' re-enabled Authenticate Access
User Activity Information 561 ---
Guest account '%s' pruned Authenticate Access
User Activity Information 562 ---
Guest account '%s' re-generated Authenticate Access
User Activity Information 563 ---
Guest Idle Timeout Authenticate Access
User Activity Information 564 ---
Interface %s Link Is Up Firewall Event System Error Warning 565 646
Interface %s Link Is Down Firewall Event System Error Error 566 647
Interface IP Assignment changed: Shutting down %s
Firewall Event Maintenance Information 567 ---
Interface IP Assignment : Binding and initializing %s
Firewall Event Maintenance Information 568 ---
Network for interface %s overlaps with another interface.
Firewall Event Maintenance Information 569 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
37SonicOS Log Event Reference Guide
Index of Log Event Messages
Please connect interface %s to another network to function properly
Firewall Event Maintenance Information 570 ---
RIP Broadcasts for LAN Network %s are being broadcast over dialup-connection
RIP Maintenance Information 571 8413
A prior version of preferences was loaded because the most recent preferences file was inaccessible
Firewall Event System Error Warning 572 648
The preferences file is too large to be saved in available flash memory
Firewall Event System Error Warning 573 649
All preference values have been set to factory default values
Firewall Event System Error Warning 574 650
Voltages Out of Tolerance Firewall Hardware System Environment
Error 575 101
Fan Failure Firewall Hardware System Environment
Alert 576 102
Thermal Yellow Firewall Hardware System Environment
Alert 577 103
Thermal Red Firewall Hardware System Environment
Alert 578 104
Thermal Red Timer Exceeded Firewall Hardware System Environment
Alert 579 105
TCP Syn/Fin packet dropped Network Access Attack Alert 580 558
WLB Spill-over started, configured threshold exceeded
WAN Failover Maintenance Warning 581 ---
WLB Spill-over stopped WAN Failover Maintenance Warning 582 ---
User login disabled from %s Authenticate Access
Attack Error 583 559
WLB Failover in progress WAN Failover System Error Alert 584 651
WLB Resource is now available WAN Failover System Error Alert 585 653
WLB Resource failed WAN Failover System Error Alert 586 654
Header verification failed VPN IKE User Activity Warning 587 ---
Received DHCP offer packet has errors DHCP Client Maintenance Information 588 ---
Received response packet for DHCP request has errors
DHCP Client Maintenance Information 589 ---
IP type %s packet dropped Network Access LAN UDP | LAN TCP
Notice 590 ---
Maximum sequential failed dial attempts (10) to a single dial-up number: %s
PPP Dial Up Attack Error 591 566
Regulatory requirements prohibit %s from being re-dialed for 30 minutes
PPP Dial Up Attack Error 592 567
Received PPPoE Active Discovery Offer PPPoE Maintenance Information 593 ---
Received PPPoE Active Discovery Session_confirmation
PPPoE Maintenance Information 594 ---
Sending PPPoE Active Discovery Request PPPoE Maintenance Information 595 ---
PPTP decode failure PPTP Debug Debug 596 ---
ICMP packet allowed Network Access Debug Information 597 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
38 SonicOS Log Event Reference Guide
Index of Log Event Messages
ICMP packet from LAN allowed Network Access Debug Information 598 ---
Diagnostic Code G Firewall Hardware System Error Error 599 655
Diagnostic Code H Firewall Hardware System Error Error 600 656
Diagnostic Code I Firewall Hardware System Error Error 601 657
DNS packet allowed Network Access Debug Information 602 ---
Adding L2TP IP pool Address object Failed. L2TP Server System Error Error 603 661
Global VPN Client version cannot enforce personal firewall. Minimum Version required is 2.1
VPN Client User Activity Information 604 ---
Received unencrypted packet in crypto active state
VPN IKE User Activity Warning 605 ---
Spank attack multicast packet dropped Intrusion Detection Attack Alert 606 568
Received ISAKMP packet destined to port %s
VPN IKE Debug | UDP Information 607 ---
IPS Detection Alert: %s Intrusion Detection Attack Alert 608 569
IPS Prevention Alert: %s Intrusion Detection Attack Alert 609 570
Crypto Hardware AES test failed Crypto Test Maintenance Error 610 ---
A SonicOS Standard to Enhanced Upgrade was performed
Firewall Event Maintenance Information 611 ---
Not all configurations may have been completely upgraded
Firewall Event Maintenance Information 612 ---
Please manually check all system configurations for correctness of Upgrade
Firewall Event Maintenance Information 613 ---
Received IPS Alert: Your Intrusion Prevention (IDP) subscription has expired.
Security Services Maintenance Warning 614 571
WLAN client null probing WLAN IDS WLAN IDS Warning 615 904
Payload processing failed VPN IKE Debug Error 616 ---
WLAN not in AP mode, DHCP server will not provide lease to clients on WLAN
Wireless Maintenance Information 617 ---
BOOTP server response relayed to remote device
BOOTP Debug Debug 618 ---
BOOTP Client IP address on LAN conflicts with remote device IP, deleting IP address from remote table
BOOTP Maintenance Information 619 ---
BOOTP reply relayed to local device BOOTP Maintenance Information 620 ---
BOOTP Request received from remote device
BOOTP Debug Debug 621 ---
VoIP Call Connected VoIP VoIP Information 622 ---
VoIP Call Disconnected VoIP VoIP Information 623 ---
H.323/RAS Admission Reject VoIP VoIP Debug 624 ---
H.323/RAS Admission Confirm VoIP VoIP Debug 625 ---
H.323/RAS Admission Request VoIP VoIP Debug 626 ---
H.323/RAS Bandwidth Reject VoIP VoIP Debug 627 ---
H.323/RAS Disengage Confirm VoIP VoIP Debug 628 ---
H.323/RAS Gatekeeper Reject VoIP VoIP Debug 629 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
39SonicOS Log Event Reference Guide
Index of Log Event Messages
H.323/RAS Location Confirm VoIP VoIP Debug 630 ---
H.323/RAS Location Reject VoIP VoIP Debug 631 ---
H.323/RAS Registration Reject VoIP VoIP Debug 632 ---
H.323/H.225 Setup VoIP VoIP Debug 633 ---
H.323/H.225 Connect VoIP VoIP Debug 634 ---
H.323/H.245 Address VoIP VoIP Debug 635 ---
H.323/H.245 End Session VoIP VoIP Debug 636 ---
VoIP %s Endpoint added VoIP VoIP Debug 637 ---
VoIP %s Endpoint removed VoIP VoIP Debug 638 ---
VoIP %s Endpoint not added - configured 'public' endpoint limit reached
VoIP VoIP Warning 639 ---
H.323/RAS Unknown Message Response VoIP VoIP Debug 640 ---
H.323/RAS Disengage Reject VoIP VoIP Debug 641 ---
H.323/RAS Unregistration Reject VoIP VoIP Debug 642 ---
SIP Request VoIP VoIP Debug 643 ---
SIP Response VoIP VoIP Debug 644 ---
SIP Register expiration exceeds configured Signaling inactivity time out
VoIP VoIP Warning 645 ---
Packet dropped; connection limit for this source IP address has been reached
Firewall Event System Error Alert 646 5238
Packet dropped; connection limit for this destination IP address has been reached
Firewall Event System Error Alert 647 5239
Packet destination not in VPN Access list VPN IPsec Attack Error 648 572
Application Filters Block Alert: %s Intrusion Detection Attack Alert 649 ---
Application Filter Detection Alert: %s Intrusion Detection Attack Alert 650 ---
IPComp connection interrupt IPComp Debug Debug 651 ---
IPComp packet dropped IPComp TCP | UDP | ICMP Notice 652 ---
IPComp packet dropped; waiting for pending IPComp connection
IPComp Debug Debug 653 ---
Maximum events per second threshold exceeded
Firewall Logging System Error Critical 654 ---
Maximum syslog data per second threshold exceeded
Firewall Logging System Error Critical 655 ---
SMTP POP-Before-SMTP authentication failed
Firewall Logging System Error Warning 656 ---
Syslog Server cannot be reached Network Maintenance Information 657 ---
IKE Responder: Proposed IKE ID mismatch VPN IKE System Error Warning 658 ---
IKE Responder: IP Address already exists in the DHCP relay table. Client traffic not allowed.
VPN Client System Error Error 659 ---
IKE Responder: %s policy does not allow static IP for Virtual Adapter.
VPN Client System Error Error 660 ---
Received notify: INVALID_PAYLOAD VPN IKE User Activity Error 661 ---
Drop WLAN traffic from non-SonicPoint devices
Intrusion Detection Attack Error 662 6434
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
40 SonicOS Log Event Reference Guide
Index of Log Event Messages
WPA MIC Failure Wireless 802.11b Management
Warning 663 ---
WPA Radius Server Timeout Wireless 802.11b Management
Information 664 ---
PPP Dial-Up: Dialing not allowed by schedule. %s
PPP Dial Up --- Information 665 ---
PPP Dial-Up: Connection disconnected as scheduled.
PPP Dial Up --- Information 666 ---
SonicPoint Status SonicPoint SonicPoint Information 667 ---
HA Peer Firewall Rebooted High Availability Maintenance Information 668 ---
Error Rebooting HA Peer Firewall High Availability System Error Error 669 663
License of HA pair doesn't match: %s High Availability System Error Error 670 664
Primary received reboot signal from Backup High Availability System Error Error 671 665
Backup received reboot signal from Primary High Availability System Error Error 672 666
Synchronizing preferences to HA Peer Firewall
High Availability Maintenance Information 673 ---
Success to reach Interface %s probe High Availability System Error Information 674 ---
Failure to reach Interface %s probe High Availability System Error Error 675 6234
IGMP V2 client joined multicast Group : %s Multicast --- Information 676 ---
IGMP V3 client joined multicast Group : %s Multicast --- Information 677 ---
IGMP V3 Membership report received from interface %s
Multicast --- Debug 678 ---
IGMP V2 Membership report received from interface %s
Multicast --- Debug 679 ---
Router IGMP General query received on interface %s
Multicast --- Debug 680 ---
Router IGMP Membership query received on interface %s
Multicast --- Debug 681 ---
IGMP Leave group message Received on interface %s
Multicast --- Information 682 ---
IGMP packet dropped, wrong checksum received on interface %s
Multicast --- Notice 683 ---
Multicast packet dropped, wrong MAC address received on interface : %s
Multicast --- Alert 684 ---
Multicast packet dropped, Invalid src IP received on interface : %s
Multicast --- Alert 685 ---
IGMP packet dropped, decoding error Multicast --- Notice 686 ---
IGMP Packet Not handled. Packet type : %s Multicast --- Notice 687 ---
IGMP V3 packet dropped, unsupported Record type : %s
Multicast --- Notice 688 ---
IGMP V3 reord type : %s not Handled Multicast --- Debug 689 ---
Multicast UDP packet dropped, no state entry
Multicast --- Notice 690 ---
Multicast TCP packet dropped Multicast --- Notice 691 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
41SonicOS Log Event Reference Guide
Index of Log Event Messages
IGMP state table entry time out,deleting interface : %s for multicast address : %s
Multicast --- Debug 692 ---
IGMP state table entry time out,deleting VPN SPI :%s for Multicast address : %s
Multicast --- Debug 693 ---
Multicast UDP packet dropped, RTP stateful failed
Multicast --- Warning 694 ---
Multicast UDP packet dropped, RTCP stateful failed
Multicast --- Warning 695 ---
Multicast application %s not supported Multicast --- Information 696 ---
Adding to multicast policyList , interface : %s Multicast --- Debug 697 ---
Deleting from Multicast policy list, interface : %s
Multicast --- Debug 698 ---
Adding to Multicast policyList , VPN SPI : %s Multicast --- Debug 699 ---
Deleting from Multicast policy list, VPN SPI : %s
Multicast --- Debug 700 ---
IGMP querier Router detected on interface %s
Multicast --- Debug 701 ---
IGMP querier Router detected on VPN tunnel , SPI %S
Multicast --- Debug 702 ---
Exceeded Max multicast address limit Multicast --- Warning 703 ---
Invalid Product Code Upgrade request received: %s
Firewall Event --- Error 704 ---
Overriding Product Code Upgrade to: %s Firewall Event --- Error 705 ---
Network Monitor: Host %s is offline Network Monitor --- Alert 706 14005
Network Monitor: Host %s is online Network Monitor --- Alert 707 14006
TCP packet received with invalid SEQ number; TCP packet dropped
Network Debug Debug 708 ---
TCP packet received with invalid ACK number; TCP packet dropped
Network Debug Debug 709 ---
TCP stateful inspection: Invalid flag; TCP packet dropped
Network Debug Information 710 ---
TCP stateful inspection: Bad header; TCP packet dropped
Network Debug Debug 711 ---
TCP connection reject received; TCP connection dropped
Network Debug Debug 712 ---
TCP connection abort received; TCP connection dropped
Network Debug Debug 713 ---
EIGRP packet dropped Network Access Debug Notice 714 ---
ARP request packet sent Network --- Information 715 ---
ARP response packet received Network --- Information 716 ---
ARP request packet received Network --- Information 717 ---
ARP response packet sent Network --- Information 718 ---
VPN policy count received exceeds the limit; %s
VPN System Error Error 719 ---
Sending LCP Echo Request PPPoE Maintenance Information 720 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
42 SonicOS Log Event Reference Guide
Index of Log Event Messages
Received LCP Echo Request PPPoE Maintenance Information 721 ---
Sending LCP Echo Reply PPPoE Maintenance Information 722 ---
Received LCP Echo Reply PPPoE Maintenance Information 723 ---
Guest Services drop traffic to deny network Network Access --- Information 724 ---
Guest Services pass traffic to access allow network
Network Access --- Information 725 ---
WLAN max concurrent users reached already
Network Access --- Information 726 ---
SonicPoint Provision SonicPoint SonicPoint Information 727 ---
WLAN disabled by schedule Authenticate Access
Maintenance Information 728 ---
WLAN enabled by schedule Authenticate Access
Maintenance Information 729 ---
Virtual Access Point is enabled SonicPoint 802.11b Management
Information 730 ---
Virtual Access Point is disabled SonicPoint 802.11b Management
Information 731 ---
Packet dropped by WLAN SSL-VPN enforcement check
Wireless TCP | UDP | ICMP Warning 732 ---
SSL-VPN enforcement Wireless Maintenance Information 733 ---
Source IP address connection status: %s Firewall Event --- Information 734 ---
Destination IP address connection status: %s
Firewall Event --- Information 735 ---
SMTP authentication problem:%s Firewall Logging System Error Warning 737 ---
PPPoE Client: Previous session was connected for %s
PPPoE Maintenance Information 738 ---
Packet dropped. No firewall rule associated with VPN policy.
VPN System Error Alert 739 ---
NetBIOS settings were not upgraded. Use Network>IP Helper to configure NetBIOS support
Firewall Event Maintenance Information 740 ---
LAN Subnet configurations were not upgraded.
Firewall Event Maintenance Information 741 ---
Time of day settings for firewall policies were not upgraded.
Firewall Event Maintenance Information 742 ---
Hardware Failover settings were not upgraded.
Firewall Event Maintenance Information 743 ---
User login denied - RADIUS communication problem
RADIUS User Activity Warning 744 ---
User login denied - LDAP authentication failure
RADIUS User Activity Information 745 ---
User login denied - LDAP server timeout RADIUS User Activity Warning 746 ---
User login denied - LDAP server down or misconfigured
RADIUS User Activity Warning 747 ---
User login denied - LDAP communication problem
RADIUS User Activity Warning 748 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
43SonicOS Log Event Reference Guide
Index of Log Event Messages
User login denied - invalid credentials on LDAP server
RADIUS User Activity Warning 749 ---
User login denied - insufficient access on LDAP server
RADIUS User Activity Warning 750 ---
User login denied - LDAP schema mismatch RADIUS User Activity Warning 751 ---
Allowed LDAP server certificate with wrong host name
RADIUS User Activity Warning 752 ---
User login denied - LDAP server name resolution failed
RADIUS User Activity Warning 753 ---
User login denied - RADIUS server name resolution failed
RADIUS User Activity Warning 754 ---
User login denied - LDAP server certificate not valid
RADIUS User Activity Warning 755 ---
User login denied - TLS or local certificate problem
RADIUS User Activity Warning 756 ---
User login denied - LDAP directory mismatch RADIUS User Activity Warning 757 ---
LDAP server does not allow CHAP RADIUS User Activity Warning 758 ---
User login denied - user already logged in Authenticate Access
User Activity Information 759 ---
TCP handshake violation detected; TCP connection dropped
Network Access --- Notice 760 ---
Access attempt from host out of compliance with GSC policy
Security Services Maintenance Information 761 ---
GSC policy out-of-date on host Security Services Maintenance Information 762 ---
Access attempt from host without GSC installed
Security Services Maintenance Information 763 8627
Failed to synchronize license information with Licensing Server. Please see http://help.mysonicwall.com/licsyncfail.html (code: %s)
Security Services Maintenance Warning 766 8628
ADConnector %s response timed-out; applying caching policy
Microsoft AD --- Error 769 ---
DDNS Failure: Provider %s DDNS System Error Error 773 ---
DDNS Failure: Provider %s DDNS System Error Error 774 ---
DDNS Failure: Provider %s DDNS System Error Error 775 ---
DDNS Update success for domain %s DDNS Maintenance Information 776 ---
DDNS Warning: Provider %s DDNS System Error Warning 777 ---
DDNS association %s taken Offline locally DDNS Maintenance Information 778 ---
DDNS association %s added DDNS Maintenance Information 779 ---
DDNS association %s enabled DDNS Maintenance Information 780 ---
DDNS association %s disabled DDNS Maintenance Information 781 ---
DDNS Association %s put on line DDNS Maintenance Information 782 ---
All DDNS associations have been deleted DDNS Maintenance Information 783 ---
DDNS association %s deactivated DDNS Maintenance Information 784 ---
DDNS association %s deleted DDNS Maintenance Information 785 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
44 SonicOS Log Event Reference Guide
Index of Log Event Messages
DDNS association %s updated DDNS --- Information 786 ---
IPS Detection Alert: %s Intrusion Detection Attack Alert 789 6435
IPS Prevention Alert: %s Intrusion Detection Attack Alert 790 6436
DPI-SSL: %s DPI SSL Network Access Information 791 ---
Application Firewall Alert: %s Application Firewall User Activity Alert 793 13201
Anti-Spyware Prevention Alert: %s Intrusion Detection Attack Alert 794 6437
Anti-Spyware Detection Alert: %s Intrusion Detection Attack Alert 795 6438
Anti-Spyware Service Expired Security Services Maintenance Warning 796 8631
Outbound connection to RBL-listed SMTP server dropped
RBL --- Notice 797 ---
Inbound connection from RBL-listed SMTP server dropped
RBL --- Notice 798 ---
SMTP server found on RBL blacklist RBL --- Notice 799 ---
No valid DNS server specified for RBL lookups
RBL --- Error 800 ---
Interface statistics report GMS --- Information 805 ---
SonicPoint statistics report GMS --- Information 806 ---
Gateway Anti-Virus Alert: %s Security Services Attack Alert 809 8632
Gateway Anti-Virus Service expired Security Services Maintenance Warning 810 8633
PPP Dial-Up: Invalid DNS IP address returned from Dial-Up ISP; overriding using dial-up profile settings
PPP Dial Up Maintenance Information 811 ---
WAN node exceeded: Connection dropped because too many IP addresses are in use on your LAN
Firewall Event System Error Error 812 ---
Adding Dynamic Entry for Bound MAC Address
Network --- Information 813 ---
MAC address collides with Static ARP Entry with Bound MAC address; packet dropped
Network --- Notice 814 ---
Too many gratuitous ARPs detected Network --- Warning 815 ---
ARP unused/spare Network --- Debug 816 ---
Incoming call received for Remotely Triggered Dial-out session
Authenticate Access
User Activity Information 817 ---
Remotely Triggered Dial-out session started. Requesting authentication
Authenticate Access
User Activity Information 818 ---
Incorrect authentication received for Remotely Triggered Dial-out
Authenticate Access
User Activity Information 819 ---
Successful authentication received for Remotely Triggered Dial-out
Authenticate Access
User Activity Information 820 ---
Authentication timeout during Remotely Triggered Dial-out session
Authenticate Access
User Activity Information 821 ---
Remotely Triggered Dial-out session ended. Valid WAN bound data found. Normal dial-up sequence will commence
Authenticate Access
User Activity Information 822 ---
Backup will be shut down in %s minutes High Availability System Error Error 823 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
45SonicOS Log Event Reference Guide
Index of Log Event Messages
Backup shut down because license is expired
High Availability System Error Error 824 ---
Backup active High Availability System Error Information 825 ---
DHCP Scopes altered automatically due to change in network settings for interface %s
Firewall Event --- Information 832 ---
DHCP lease file in the flash is corrupted; read failed
Firewall Event System Error Warning 833 ---
Failed to write DHCP leases to flash Firewall Event System Error Warning 834 ---
DHCP leases written to flash Firewall Event Maintenance Information 835 ---
Invalid VLAN packet dropped Network --- Alert 836 ---
IP address conflict detected from ethernet address %s
Network Maintenance Warning 847 ---
OCSP sending request. VPN PKI User Activity Information 848 ---
OCSP send request message failed. VPN PKI User Activity Error 849 ---
OCSP received response. VPN PKI User Activity Information 850 ---
OCSP received response error. VPN PKI User Activity Error 851 ---
OCSP Resolved Domain Name. VPN PKI User Activity Information 852 ---
OCSP Failed to Resolve Domain Name. VPN PKI User Activity Error 853 ---
OCSP Internal error handling received response.
VPN PKI User Activity Error 854 ---
SYN Flood Mode changed by user to: Watch and report possible SYN floods
Intrusion Detection Debug Warning 856 ---
SYN Flood Mode changed by user to: Watch and proxy WAN connections when under attack
Intrusion Detection Debug Warning 857 ---
SYN Flood Mode changed by user to: Always proxy WAN connections
Intrusion Detection Debug Warning 858 ---
Possible SYN flood detected on WAN IF %s - switching to connection-proxy mode
Intrusion Detection Debug Alert 859 ---
Possible SYN Flood on IF %s Intrusion Detection Debug Alert 860 ---
SYN flood ceased or flooding machines blacklisted - connection proxy disabled
Intrusion Detection Debug Alert 861 ---
SYN Flood blacklisting enabled by user Intrusion Detection Debug Warning 862 ---
SYN Flood blacklisting disabled by user Intrusion Detection Debug Warning 863 ---
SYN-Flooding machine %s blacklisted Intrusion Detection Debug Alert 864 ---
Machine %s removed from SYN flood blacklist
Intrusion Detection Debug Alert 865 ---
Possible SYN Flood on IF %s continues Intrusion Detection Debug Warning 866 ---
Possible SYN Flood on IF %s has ceased Intrusion Detection Debug Alert 867 ---
SYN Flood Blacklist on IF %s continues Intrusion Detection Debug Warning 868 ---
TCP SYN received Intrusion Detection Debug Debug 869 ---
CRL has expired VPN PKI User Activity Alert 874 ---
Failed to find certificate VPN PKI User Activity Alert 875 ---
CRL missing - Issuer requires CRL checking. VPN PKI User Activity Alert 876 ---
CRL validation failure for Root Certificate VPN PKI User Activity Alert 877 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
46 SonicOS Log Event Reference Guide
Index of Log Event Messages
Cannot Validate Issuer Path VPN PKI User Activity Alert 878 ---
WLAN radio frequency threat detected RF Management --- Warning 879 ---
Unable to resolve dynamic address object Dynamic Address Objects
Maintenance Information 880 ---
System clock manually updated Firewall Logging --- Notice 881 ---
HTTP method detected; examining stream for host header
Network Access TCP Debug 882 ---
IP Header checksum error; packet dropped Network Access TCP|UDP Notice 883 ---
TCP checksum error; packet dropped Network Access TCP Notice 884 ---
UDP checksum error; packet dropped Network Access UDP Notice 885 ---
ICMP checksum error; packet dropped Network Access UDP Notice 886 ---
TCP packet received with invalid header length; TCP packet dropped
Network Debug Debug 887 ---
TCP packet received on non-existent/closed connection; TCP packet dropped
Network Debug Debug 888 ---
TCP packet received without mandatory SYN flag; TCP packet dropped
Network Debug Debug 889 ---
TCP packet received without mandatory ACK flag; TCP packet dropped
Network Debug Debug 890 ---
TCP packet received on a closing connection; TCP packet dropped
Network Debug Debug 891 ---
TCP packet received with SYN flag on an existing connection; TCP packet dropped
Network Debug Information 892 ---
TCP packet received with invalid SACK option length; TCP packet dropped
Network Debug Debug 893 ---
TCP packet received with invalid MSS option length; TCP packet dropped
Network Debug Debug 894 ---
TCP packet received with invalid option length; TCP packet dropped
Network Debug Debug 895 ---
TCP packet received with invalid source port; TCP packet dropped
Network Debug Debug 896 ---
TCP packet received with invalid SYN Flood cookie; TCP packet dropped
Network Debug Information 897 ---
RST-Flooding machine %s blacklisted Intrusion Detection Debug Alert 898 ---
RST Flood Blacklist on IF %s continues Intrusion Detection Debug Warning 899 ---
Machine %s removed from RST flood blacklist
Intrusion Detection Debug Alert 900 ---
FIN-Flooding machine %s blacklisted Intrusion Detection Debug Alert 901 ---
FIN Flood Blacklist on IF %s continues Intrusion Detection Debug Warning 902 ---
Machine %s removed from FIN flood blacklist
Intrusion Detection Debug Alert 903 ---
Possible RST Flood on IF %s Intrusion Detection Debug Alert 904 ---
Possible FIN Flood on IF %s Intrusion Detection Debug Alert 905 ---
Possible RST Flood on IF %s has ceased Intrusion Detection Debug Alert 906 ---
Possible FIN Flood on IF %s has ceased Intrusion Detection Debug Alert 907 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
47SonicOS Log Event Reference Guide
Index of Log Event Messages
Possible RST Flood on IF %s continues Intrusion Detection Debug Warning 908 ---
Possible FIN Flood on IF %s continues Intrusion Detection Debug Warning 909 ---
Packet Dropped - IP TTL expired Network Debug Warning 910 ---
Added host entry to dynamic address object Dynamic Address Objects
Maintenance Information 911 ---
Removed host entry from dynamic address object
Dynamic Address Objects
Maintenance Information 912 ---
IKE Responder: Phase 1 Authentication Method does not match
VPN IKE User Activity Warning 913 ---
IKE Responder: Phase 1 encryption algorithm does not match
VPN IKE User Activity Warning 914 ---
IKE Responder: Phase 1 encryption algorithm keylength does not match
VPN IKE User Activity Warning 915 ---
IKE Responder: Phase 1 hash algorithm does not match
VPN IKE User Activity Warning 916 ---
IKE Responder: Phase 1 XAUTH required but policy has no user name
VPN IKE User Activity Warning 917 ---
IKE Responder: Phase 1 XAUTH required but policy has no user password
VPN IKE User Activity Warning 918 ---
IKE Responder: Phase 1 DH Group does not match
VPN IKE User Activity Warning 919 ---
IKE Responder: AH authentication algorithm does not match
VPN IKE User Activity Warning 920 ---
IKE Responder: ESP encryption algorithm does not match
VPN IKE User Activity Warning 921 ---
IKE Responder: ESP authentication algorithm does not match
VPN IKE User Activity Warning 922 ---
IKE Responder: AH authentication key length does not match
VPN IKE User Activity Warning 923 ---
IKE Responder: ESP encryption key length does not match
VPN IKE User Activity Warning 924 ---
IKE Responder: ESP authentication key length does not match
VPN IKE User Activity Warning 925 ---
IKE Responder: AH authentication key rounds does not match
VPN IKE User Activity Warning 926 ---
IKE Responder: ESP encryption key rounds does not match
VPN IKE User Activity Warning 927 ---
IKE Responder: ESP authentication key rounds does not match
VPN IKE User Activity Warning 928 ---
IKE Responder: IP Compression algorithm does not match
VPN IKE User Activity Warning 929 ---
IKE Initiator: Remote party timeout - Retransmitting IKE request.
VPN IKE User Activity Information 930 ---
IKE Responder: Remote party timeout - Retransmitting IKE request.
VPN IKE User Activity Information 931 ---
IKE Responder: IPsec protocol mismatch VPN IKE User Activity Warning 932 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
48 SonicOS Log Event Reference Guide
Index of Log Event Messages
IKE Initiator: Proposed IKE ID mismatch VPN IKE User Activity Warning 933 ---
IKE Responder: Peer's local network does not match VPN policy's <b>Destination Network</b>
VPN IKE User Activity Warning 934 ---
IKE Responder: Peer's destination network does not match VPN policy's <b>Local Network</b>
VPN IKE User Activity Warning 935 ---
IKE Responder: Route table overrides VPN policy
VPN IKE User Activity Warning 936 ---
IKE Initiator: IKE proposal does not match (Phase 1)
VPN IKE User Activity Warning 937 ---
IKEv2 Initiator: Send IKE_SA_INIT request VPN IKE User Activity Information 938 ---
IKEv2 Responder: Received IKE_SA_INIT request
VPN IKE User Activity Information 939 ---
IKEv2 Initiator: Send IKE_AUTH request VPN IKE User Activity Information 940 ---
IKEv2 Responder: Received IKE_AUTH request
VPN IKE User Activity Information 941 ---
IKEv2 Authentication successful VPN IKE User Activity Information 942 ---
IKEv2 Accept IKE SA Proposal VPN IKE User Activity Information 943 ---
IKEv2 Accept IPsec SA Proposal VPN IKE User Activity Information 944 ---
IKEv2 Initiator: Send CREATE_CHILD_SA request
VPN IKE User Activity Information 945 ---
IKEv2 Responder: Received CREATE_CHILD_SA request
VPN IKE User Activity Information 946 ---
IKEv2 Send delete IKE SA request VPN IKE User Activity Information 947 ---
IKEv2 Received delete IKE SA request VPN IKE User Activity Information 948 ---
IKEv2 Send delete IPsec SA request VPN IKE User Activity Information 949 ---
IKEv2 Received delete IPsec SA request VPN IKE User Activity Information 950 ---
IKEv2 Responder: Peer's destination network does not match VPN policy's <b>Local Network</b>
VPN IKE User Activity Information 951 ---
IKEv2 Responder: Peer's local network does not match VPN policy's <b>Destination Network</b>
VPN IKE User Activity Information 952 ---
IKEv2 Payload processing error VPN IKE User Activity Warning 953 ---
IKEv2 Initiator: Negotiations failed. Extra payloads present.
VPN IKE User Activity Warning 954 ---
IKEv2 Initiator: Negotiations failed. Missing required payloads.
VPN IKE User Activity Warning 955 ---
IKEv2 Initiator: Negotiations failed. Invalid input state.
VPN IKE User Activity Warning 956 ---
IKEv2 Initiator: Negotiations failed. Invalid output state.
VPN IKE User Activity Warning 957 ---
IKEv2 Payload validation failed. VPN IKE User Activity Warning 958 ---
IKEv2 Unable to find IKE SA VPN IKE User Activity Warning 959 ---
IKEv2 Decrypt packet failed VPN IKE User Activity Warning 960 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
49SonicOS Log Event Reference Guide
Index of Log Event Messages
IKEv2 Out of memory VPN IKE User Activity Warning 961 ---
IKEv2 Responder: Policy for remote IKE ID not found
VPN IKE User Activity Error 962 ---
IKEv2 Process Message queue failed VPN IKE User Activity Warning 963 ---
IKEv2 Invalid state VPN IKE User Activity Warning 964 ---
IKE Responder: Client Policy has no VPN Access Networks assigned. Check Configuration.
VPN IKE System Error Error 965 ---
IKEv2 Invalid SPI size VPN IKE User Activity Warning 966 ---
IKEv2 VPN Policy not found VPN IKE User Activity Warning 967 ---
IKEv2 IPsec proposal does not match VPN IKE User Activity Warning 968 ---
IKEv2 IPsec attribute not found VPN IKE User Activity Warning 969 ---
IKEv2 IKE attribute not found VPN IKE User Activity Warning 970 ---
IKEv2 Peer is not responding. Negotiation aborted.
VPN IKE User Activity Warning 971 ---
IKEv2 Initiator: Remote party timeout - Retransmitting IKEv2 request.
VPN IKE User Activity Information 972 ---
IKEv2 Initiator: Received IKE_SA_INT response
VPN IKE User Activity Information 973 ---
IKEv2 Initiator: Received IKE_AUTH response
VPN IKE User Activity Information 974 ---
IKEv2 Initiator: Received CREATE_CHILD_SA response
VPN IKE User Activity Information 975 ---
IKEv2 Responder: Send IKE_SA_INIT response
VPN IKE User Activity Information 976 ---
IKEv2 Responder: Send IKE_AUTH response
VPN IKE User Activity Information 977 ---
IKEv2 negotiation complete VPN IKE User Activity Information 978 ---
IKEv2 Function sendto() failed to transmit packet.
VPN IKE User Activity Error 979 ---
IKEv2 Initiator: Proposed IKE ID mismatch VPN IKE User Activity Warning 980 ---
IKEv2 IKE proposal does not match VPN IKE User Activity Warning 981 ---
IKEv2 Received notify status payload VPN IKE User Activity Information 982 ---
IKEv2 Received notify error payload VPN IKE User Activity Warning 983 ---
IKEv2 No NAT device detected between negotiating peers
VPN IKE User Activity Information 984 ---
IKEv2 NAT device detected between negotiating peers
VPN IKE User Activity Information 985 ---
User login denied - not allowed by policy rule Authenticate Access
User Activity Information 986 ---
User login denied - not found locally Authenticate Access
User Activity Information 987 ---
User login denied - SSO agent timeout Authenticate Access
User Activity Warning 988 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
50 SonicOS Log Event Reference Guide
Index of Log Event Messages
User login denied - SSO agent configuration error
Authenticate Access
User Activity Warning 989 ---
User login denied - SSO agent communication problem
Authenticate Access
User Activity Warning 990 ---
User login denied - SSO agent name resolution failed
Authenticate Access
User Activity Warning 991 ---
SSO returned a user name that is too long SSO User Activity Warning 992 ---
SSO returned a domain name that is too long
SSO User Activity Warning 993 ---
Configuration mode administration session started
Authenticate Access
User Activity Information 994 ---
Configuration mode administration session ended
Authenticate Access
User Activity Information 995 ---
Read-only mode GUI administration session started
Authenticate Access
User Activity Information 996 ---
Non-config mode GUI administration session started
Authenticate Access
User Activity Information 997 ---
GUI administration session ended Authenticate Access
User Activity Information 998 ---
SSL Control: Website found in blacklist Network Access Blocked Sites Information 999 ---
SSL Control: Website found in whitelist Network Access Blocked Sites Information 1000 ---
SSL Control: HTTPS via SSL2 Network Access Blocked Sites Information 1001 ---
SSL Control: Certificate with invalid date Network Access Blocked Sites Information 1002 ---
SSL Control: Self-signed certificate Network Access Blocked Sites Information 1003 ---
SSL Control: Weak cipher being used Network Access Blocked Sites Information 1004 ---
SSL Control: Untrusted CA Network Access Blocked Sites Information 1005 ---
SSL Control: Certificate chain not complete Network Access Blocked Sites Information 1006 ---
SSL Control: Failed to decode Server Hello Network Access Blocked Sites Information 1007 ---
User logged out - logout detected by SSO Authenticate Access
User Activity Information 1008 ---
Bind to LDAP server failed RADIUS System Error Error 1009 ---
Using LDAP without TLS - highly insecure RADIUS System Error Alert 1010 ---
LDAP using non-administrative account - VPN client user will not be able to change passwords
RADIUS System Error Warning 1011 ---
IKEv2 Responder: Send CREATE_CHILD_SA response
VPN IKE User Activity Information 1012 ---
IKEv2 Send delete IKE SA response VPN IKE User Activity Information 1013 ---
IKEv2 Send delete IPsec SA response VPN IKE User Activity Information 1014 ---
IKEv2 Received delete IKE SA response VPN IKE User Activity Information 1015 ---
IKEv2 Received delete IPsec SA response VPN IKE User Activity Information 1016 ---
3G %s device detected Firewall Hardware System Environment
Information 1017 ---
PPP message: %s PPP --- Information 1018 ---
Chat started PPP Dial Up User Activity Information 1019 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
51SonicOS Log Event Reference Guide
Index of Log Event Messages
Chat completed PPP Dial Up User Activity Information 1020 ---
Chat wrote '%s' PPP Dial Up User Activity Information 1021 ---
Chat %s PPP Dial Up User Activity Information 1022 ---
Chat failed: %s PPP Dial Up User Activity Information 1023 ---
Unable to send message to dial-up task PPP Dial Up System Error Error 1024 ---
Diagnostic Code J Firewall Hardware System Error Error 1025 5423
3G Dial-up: %s. PPP Dial Up User Activity Alert 1026 ---
3G Dial-up: data usage limit reached for the '%s' billing cycle. Disconnecting the 3G session.
PPP Dial Up User Activity Alert 1027 7643
%s auto-dial failed: Current Connection Model is configured as Ethernet Only
PPP Dial Up System Error Alert 1028 ---
TCP packet received with non-permitted option; TCP packet dropped
Network Debug Debug 1029 ---
TCP packet received with invalid Window Scale option length; TCP packet dropped
Network Debug Debug 1030 ---
TCP packet received with invalid Window Scale option value; TCP packet dropped
Network Debug Debug 1031 ---
Chat started by '%s' PPP Dial Up User Activity Information 1032 ---
Problem occurred during user group membership retrieval
Authenticate Access
User Activity Warning 1033 ---
Received AF Alert: Your Application Firewall (AF) subscription has expired.
Security Services Maintenance Warning 1034 8635
User login denied - password expired Authenticate Access
User Activity Information 1035 ---
IKE Responder: IKE Phase 1 exchange does not match
VPN IKE User Activity Error 1036 ---
PPP Dial-Up: Starting PPP PPP Dial Up --- Information 1037 ---
Dial-up: Traffic generated by '%s' PPP Dial Up --- Information 1038 ---
Dial-up: Session initiated by data packet PPP Dial Up --- Information 1039 ---
DHCP Server: IP conflict detected Firewall Event --- Alert 1040 ---
DHCP Server: Received DHCP decline from client
Firewall Event --- Alert 1041 ---
Physical environment normal Firewall Hardware --- Information 1042 5424
Power supply without redundancy Firewall Hardware --- Error 1043 5425
Discovered HA %s Firewall High Availability --- Information 1044 ---
Diagnostic Auto-restart scheduled for %s minutes from now
Firewall Event --- Information 1045 ---
Diagnostic Auto-restart canceled Firewall Event --- Information 1046 ---
"As per Diagnostic Auto-restart configuration request, restarting system"
Firewall Event --- Information 1047 ---
User login denied - password doesn't meet constraints
Authenticate Access
--- Information 1048 ---
Settings Import: %s Firewall Event --- Information 1049 ---
VPN Policy Added VPN --- Information 1050 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
52 SonicOS Log Event Reference Guide
Index of Log Event Messages
VPN Policy Deleted VPN --- Information 1051 ---
VPN Policy Modified VPN --- Information 1052 ---
PC Card removed. Firewall Hardware --- Alert 1053 5418
PC Card inserted. Firewall Hardware --- Alert 1054 5419
3G: No SIM detected Firewall Hardware --- Alert 1055 ---
PC Card: No device detected Firewall Hardware --- Alert 1056 ---
Peer firewall rebooting (%s) High Availability --- Information 1057 ---
Primary firewall rebooting itself as it transitioned from Active to Idle while Preempt
High Availability --- Information 1058 ---
Backup firewall rebooting itself as it transitioned from Active to Idle while Preempt
High Availability --- Information 1059 ---
Crypto SHA1 based DRNG KAT test failed Crypto Test --- Error 1060 ---
Successfully sent Preference file to remote backup server
Firewall Event Maintenance Information 1061 ---
Failed to send Preference file to remote backup server, Error: %s
Firewall Event Maintenance Information 1062 ---
Successfully sent TSR file to remote backup server
Firewall Event Maintenance Information 1063 ---
Failed to send TSR file to remote backup server, Error: %s
Firewall Event Maintenance Information 1064 ---
Successfully sent %s file to remote backup server
Firewall Event Maintenance Information 1065 ---
Failed to send file to remote backup server, Error: %s
Firewall Event Maintenance Information 1066 ---
System shutdown by administrator. Power cycle required.
Firewall Event --- Alert 1067 5242
Multiple DHCP Servers are detected on network
Firewall Event --- Warning 1068 ---
External Web Server Host Resolution Failed %s
Authenticate Access
--- Error 1069 ---
Invalid DNS Server will not be accepted by the dynamic client
Firewall Event --- Information 1070 ---
DHCP Server sanity check passed %s Firewall Event --- Critical 1071 ---
DHCP Server sanity check failed %s Firewall Event --- Critical 1072 ---
SSO agent returned error SSO User Activity Warning 1073 ---
L2TP Tunnel Negotiation %s L2TP Client --- Information 1074 ---
SSO agent is down SSO User Activity Alert 1075 ---
SSO agent is up SSO User Activity Alert 1076 ---
SonicPointN Status SonicPoint-N --- Information 1077 ---
SonicPointN Provision SonicPoint-N --- Information 1078 ---
SSLVPN zone remote user login allowed Authenticate Access
User Activity Information 1080 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
53SonicOS Log Event Reference Guide
Index of Log Event Messages
SSL Control: Certificate with MD5 Digest Signature Algorithm
Network Access Blocked Sites Information 1081 ---
%s is operational. Anti-Spam --- Warning 1082 13801
%s is unavailable. Anti-Spam --- Warning 1083 13802
Anti-Spam service is enabled by administrator.
Anti-Spam --- Information 1084 13803
Anti-Spam service is disabled by administrator.
Anti-Spam --- Information 1085 13804
Your Anti-Spam Service subscription has expired.
Anti-Spam --- Warning 1086 13805
SMTP connection limit is reached. Connection is dropped.
Anti-Spam --- Warning 1087 13806
Anti-Spam Startup Failure - %s Anti-Spam --- Warning 1088 13807
Anti-Spam Teardown Failure - %s Anti-Spam --- Warning 1089 13808
DHCP Server: Received DHCP message from untrusted relay agent
Firewall Event --- Notice 1090 ---
Outbound connection to GRID-listed SMTP server dropped
Anti-Spam --- Notice 1091 13809
Inbound connection from GRID-listed SMTP server dropped
Anti-Spam --- Notice 1092 13810
SMTP server found on Reject List Anti-Spam --- Notice 1093 13811
No valid DNS server specified for GRID lookups
Anti-Spam --- Error 1094 13812
Unprocessed email received from MTA on Inbound SMTP port
Anti-Spam --- Information 1095 13813
Processed Email received from Email Security Service
Anti-Spam --- Information 1096 13814
SCEP Client: %s VPN PKI --- Notice 1097 ---
Possible DNS rebind attack detected Intrusion Detection --- Alert 1098 6465
DNS rebind attack blocked Intrusion Detection --- Alert 1099 6466
Network Monitor: Policy %s status is UP Network Monitor --- Alert 1100 14001
Network Monitor: Policy %s status is DOWN Network Monitor --- Alert 1101 14002
Network Monitor: Policy %s status is UNKNOWN
Network Monitor --- Alert 1102 14003
Network Monitor: Host %s status is UNKNOWN
Network Monitor --- Alert 1103 14004
Network Monitor Policy %s Added Network Monitor --- Information 1104 ---
Network Monitor Policy %s Deleted Network Monitor --- Information 1105 ---
Network Monitor Policy %s Modified Network Monitor --- Information 1106 ---
Message blocked by Real-Time Email Scanner
Anti-Spam --- Information 1108 ---
CSR Generation: %s VPN PKI --- Information 1109 ---
Assigned IP address %s DHCP Server --- Information 1110 ---
Released IP address %s DHCP Server --- Information 1111 ---
Ftp server accepted the connection FTP --- Debug 1112 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
54 SonicOS Log Event Reference Guide
Index of Log Event Messages
Ftp client user name was sent FTP --- Debug 1113 ---
Ftp client user logged in successfully FTP --- Debug 1114 ---
Ftp client user logged in failed FTP --- Debug 1115 ---
Ftp client user logged out FTP --- Debug 1116 ---
User login denied - SSO probe failed Authenticate Access
User Activity Warning 1117 ---
User login denied - Mail Address(From/to) or SMTP Server is not configured
Authenticate Access
User Activity Information 1118 ---
RADIUS user cannot use One Time Password - no mail address set for equivalent local user
Authenticate Access
User Activity Information 1119 ---
User login denied - Terminal Services agent timeout
Authenticate Access
User Activity Warning 1120 ---
User login denied - Terminal Services agent name resolution failed
Authenticate Access
User Activity Warning 1121 ---
User login denied - No name received from Terminal Services agent
Authenticate Access
User Activity Warning 1122 ---
User login denied - Terminal Services agent communication problem
Authenticate Access
User Activity Warning 1123 ---
User logged out - logout reported by Terminal Services agent
Authenticate Access
User Activity Information 1124 ---
High Availability has been enabled and Dial-Up device(s) are not supported in High Availability processing.
High Availability --- Information 1125 ---
The High Availability monitoring IP configuration of Interface %s is incorrect.
High Availability --- Error 1126 ---
IKE Responder: ESP mode mismatch Local - Tunnel Remote - Transport
VPN IKE User Activity Warning 1127 ---
IKE Responder: ESP mode mismatch Local - Transport Remote - Tunnel
VPN IKE User Activity Warning 1128 ---
WAN DHCPC IP Changed Firewall Event System Error Warning 1129 ---
WLAN DHCPC IP Changed Firewall Event System Error Warning 1130 ---
Probe Response Success - %s Anti-Spam --- Debug 1131 ---
Probe Response Failure - %s Anti-Spam --- Debug 1132 ---
Peer HA firewall has stateful license but this firewall is not yet registered
High Availability System Error Alert 1136 ---
The stateful license of HA peer firewall is not activated
High Availability System Error Alert 1137 ---
Received unauthenticathed GRID response Anti-Spam --- Debug 1138 ---
Invalid key or serial number used for GRID response
Anti-Spam --- Debug 1139 ---
Invalid key version used for GRID response Anti-Spam --- Debug 1140 ---
Host IP address not in GRID List Anti-Spam --- Debug 1141 ---
No response received from DNS server Anti-Spam --- Debug 1142 ---
Not blacklisted as per configuration Anti-Spam --- Debug 1143 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
55SonicOS Log Event Reference Guide
Index of Log Event Messages
Default to not blacklisted Anti-Spam --- Debug 1144 ---
Failed to insert entry into GRID result IP cached table
Anti-Spam --- Debug 1145 ---
Resolved ES Cloud - %s Anti-Spam --- Debug 1146 ---
Updated ES Cloud Address - %s Anti-Spam --- Debug 1147 ---
Your Active/Active Clustering subscription has expired.
High Availability --- Warning 1149 ---
Terminal Services agent is down SSO User Activity Alert 1150 ---
Terminal Services agent is up SSO User Activity Alert 1151 ---
Active/Active Clustering license is not activated on the following cluster units: %s
High Availability --- Error 1152 ---
SSLVPN Traffic SSL VPN Connection Traffic Information 1153 ---
Application Control Detection Alert: %s App-Control Detection
--- Alert 1154 15001
Application Control Prevention Alert: %s App-Control Detection
--- Alert 1155 15002
GMS or syslog server name lookup failed - try again in 60 secs.
Firewall Event --- Error 1156 ---
User account '%s' expired and disabled Authenticate Access
User Activity Information 1157 ---
User account '%s' expired and pruned Authenticate Access
User Activity Information 1158 ---
Received Alert: Your Firewall Visualization Control subscription has expired.
Security Services --- Warning 1159 ---
Attempt to contact Remote backup server for upload approval failed
Firewall Event Maintenance Debug 1160 ---
Backup remote server did not approve upload request
Firewall Event Maintenance Debug 1161 ---
Modules attached to HA units do not match: %s
High Availability System Error Alert 1162 664
Malformed DNS packet detected Network Access Debug Alert 1177 ---
A high percentage of the system packet buffers are held waiting for SSO
SSO User Activity Alert 1178 ---
A user has a very high number of connections waiting for SSO
SSO User Activity Alert 1179 ---
DOS protection on WAN begins %s Intrusion Detection Debug Alert 1180 ---
DOS protection on WAN %s Intrusion Detection Debug Warning 1181 ---
DOS protection on WAN %s Intrusion Detection Debug Alert 1182 ---
Deleting IPsec SA (Phase 2) VPN IKE User Activity Debug 1183 ---
Delete invalid scope because port ip in the range of this DHCP scope.
DHCP Server --- Warning 1184 ---
IKE Responder: Peer's network does not match VPN policy's Network
VPN IKE User Activity Warning 1189 ---
Added new LDAP mirror user group: %s RADIUS User Activity Information 1190 ---
Deleted LDAP mirror user group: %s RADIUS User Activity Information 1191 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
56 SonicOS Log Event Reference Guide
Index of Syslog Tag Field Description
Index of Syslog Tag Field DescriptionThis section provides an alphabetical listing of Syslog tags and the associated field description.
Added a new member to an LDAP mirror user group
RADIUS User Activity Information 1192 ---
Removed a member from an LDAP mirror user group
RADIUS User Activity Information 1193 ---
Monitoring probe out interface mismatch %s High Availability --- Error 1194 ---
Log Event Message New Category Legacy Category Priority ID
SNMP Trap Type
Tag Field Description
<ddd> Syslog message prefix The beginning of each syslog message has a string of the form <ddd> where ddd is a decimal number indicating facility and priority of the mes-sage. (See [1] Section 4.1.1)
arg URL Used to render a URL: arg represents the URL path name part.
bcastRx Interface statistics report Displays the broadcast packets received
bcastTx Interface statistics report Displays the broadcast packets transmitted
bytesRx Interface statistics report Displays the bytes received
bytesTx Interface statistics report Displays the bytes transmitted
c Message category (legacy only) Indicates the legacy category number (Note: We are not currently sending new category informa-tion.)
change Configuration change webpage Displays the basename of the firewall web page that performed the last configuration change
code Blocking code Indicates the CFS block code category
code ICMP type and code Indicates the ICMP code
conns Firewall status report Indicates the number of connections in use
cpuUtil Firewall status report Displays the CPU utilization (not in use)
dst Destination Destination IP address, and optionally, port, net-work interface, and resolved name.
dstname Destination URL Displays the URL of web site hit and other legacy destination strings
dstname URL Used to render a URL: dstname represents the URL host part
57SonicOS Log Event Reference Guide
Index of Syslog Tag Field Description
dyn Firewall status report Displays the HA and dialup connection state (ren-dered as “h.d” where “h” is “n” (not enabled), “b” (backup), or “p” (primary) and “d” is “1” (enabled) or “0” (disabled))
fw Firewall WAN IP Indicates the WAN IP Address
fwlan Firewall status report Indicates the LAN zone IP address
goodRxBytes SonicPoint statistics report Indicates the well formed bytes recevied
goodTxBytes SonicPoint statistics report Indicates the well formed bytes transmitted
i Firewall status report Displays the GMS message interval in seconds
id=firewall Webtrends prefix Syntactic sugar for WebTrends (and GMS by habit)
if Interface statistics report Displays the interface on which statistics are reported
ipscat IPS message Displays the IPS category
ipspri IPS message Displays the IPS priority
lic Firewall status report Indicates the number of licenses for firewalls with limited modes
m Message ID Provides the message ID number
mac MAC address Provides the MAC address
msg Static message Displays the event message (from spreadsheet)
msg Dynamically-defined message Displays a dynamically defined message string
msg Static message with dynamic string Displays a message using the predefined mes-sage string containing a “%s” and a dynamic string argument.
msg Static message with dynamic num-ber
Displays a message using the predefined string string containing a “%s” and a dynamic numeric argument.
msg IPS message Displays a message using the predefined mes-sage string containing a “%s” and a dynamic string argument.
msg Anti-Spyware message Displays the event message (from spreadsheet)
n Message count Indicates the number of times event occurs
op HTTP OP code Displays the HTTP operation (GET, POST, etc.) of web site hit
pri Message priority Displays the event priority level (0=emer-gency..7=debug)
58 SonicOS Log Event Reference Guide
Index of Syslog Tag Field Description
proto IP protocol Indicates the IP protocol and detail information
proto Protocol and service Displays the protocol information (rendered as “proto/service”)
proto Protocol and service Displays the protocol information (rendered as “proto/service”)
pt Firewall status report Displays the HTTP/HTTPS management port (rendered as “hhh.sss”)
radio SonicPoint statistics report Displays the SonicPoint radio on which event occurred
ramUtil Firewall status report Displays the RAM utilization (not in use)
rcvd Bytes received Indicates the number of bytes received within connection
result HTTP Result code Displays the HTTP result code (200, 403, etc.) of web site hit
rule Rule ID Displays the Access Rule number causing packet drop
sent Bytes sent Displays the number of bytes sent within connec-tion
sid IPS message Provides the IPS signature ID
sid Anti-Spyware message Provides the AntiSpyware signature ID
sn Firewall serial number Indicates the device serial number
spycat Anti-Spyware message Displays the antiSpyware category
spypri Anti-Spyware message Displays the AntiSpyware priority
src Source Indicates the source IP address, and optionally, port, network interface, and resolved name.
station SonicPoint statistics report Displays the client (station) on which event occurred
time Time Reports the time of event
type ICMP type and code Indicates the ICMP type
ucastRx Interface statistics report Displays the unicast packets received
ucastTx Interface statistics report Displays the unicast packets transmitted
unsynched Firewall status report Reports the time since last local change in sec-onds
usesstandbysa Firewall status report Displays whether standby SA is in use (“1” or “0”) for GMS management
59SonicOS Log Event Reference Guide
Index of Syslog Tag Field Description
usr (or user) User Displays the user name (“user” is the tag used by WebTrends)
vpnpolicy VPN policy name Displays the VPN policy name of event
60 SonicOS Log Event Reference Guide
SonicWALL, Inc.
2001Logic Drive T +1 408.745.9600 www.sonicwall.com San
San Jose CA 95124 F +1 408.745.9300
P/N: 232-001835-00Rev A, 06/11
©2009 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 07/07 SW 145
PROTECTION AT THE SPEED OF BUSINESS™