Post on 24-Jun-2018
COMPREHENSIVE INTERNET SECURITY™
S o n i c WALL Internet Security Ap p l i a n c e s
SonicOS Log Event Reference Guide
Using the SonicOS Log Event Reference Guide
This reference guide lists and describes SonicOS log event messages. Reference a log event mes-sage by using the alphabetical index of log event messages. This document contains the following sections:• “SonicOS Log Event Messages Overview” on page 1• “Configuring SonicOS ‘Log’ > ‘View’” on page 4• “Referencing the SonicOS ‘Log’ > ‘View ’ Field Display” on page 7• “Index of Log Event Messages” on page 9• “Index of Syslog Tag Field Description” on page 63
SonicOS Log Event Messages OverviewDuring the operation of a SonicWALL security appliance, SonicOS software sends log event mes-sages to the ‘Log’ > ‘View’ page in the SonicWALL management interface.In Figure 1, the ‘Log’ > ‘View’ page is displayed.Figure 1 SonicOS Enhanced ‘Log’ > ‘View’ page
Event logging automatically begins when the SonicWALL security appliance is powered on and con-figured. SonicOS supports a traffic log containing entries with multiple fields. Log event messages provide operational informational and debugging information to help you diag-nose problems with communication lines, internal hardware, or your firmware configuration.
Note: For the SonicOS CLI console display, use the show log command to display log events. Refer to the SonicOS CLI Reference Guide located on the SonicWALL Web site: <http://www.sonicwall.com/support/documentation.html>
SONICOS LOG EVENT REFERENCE GUIDE 1
Note: Not all log event messages indicate operational issues with your SonicWALL security appliance.
SonicOS Log EntriesEach log entry contains the date and time of the event and a brief message describing the event. The SonicWALL manages log events in the following manner:• TCP, UDP, or ICMP packets dropped
When IP packets are dropped by the SonicWALL security appliance, dropped TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address. Log event messages usually include the name of the service in quotation marks.
• Web, FTP, Gopher, or Newsgroup blockedWhen a computer attempts to connect to the blocked site or newsgroup, a log event is displayed. Blocked is defined as a Web site, connection, or event that is denied access from the SonicWALL security appliance. The computer’s IP address, Ethernet address, the name of the blocked Web site, and the Content Filter List Code is displayed. Code definitions for the 12 Content Filter List categories are shown below.
• ActiveX, Java, Cookie or Code Archive blockedWhen ActiveX, Java or Web cookies are blocked, messages with the source and destination IP addresses of the connection attempt is displayed.
• Ping of Death, IP Spoof, and SYN Flood AttacksThe IP address of the machine under attack and the source of the attack is displayed. In most attacks, the source address shown is fake and does not reflect the real source of the attack.
SonicOS ‘Log View Settings’The ‘Log View Settings’ section of the ‘Log’ > ‘View’ page provides you the filtering controls to filter log event messages based on your configured log filter logic. It also contains the following log manage-ment buttons:• Refresh—Renews the ‘Log View’ table with current log event messages.• Clear Log—Empties the entries in the ‘Log View’ table.• E-mail Log—E-mails log event messages to your configured SMTP server or list of e-mail
addresses.• Export Log—Exports the log into a plain .txt or .csv file format.
1. Violence 7. Cult
2. Intimate Apparel/Swim-suit
8. Drugs/Illegal Drugs
3. Nudism 9. Criminal Skills/Illegal Skills
4. Adult/Mature Content/Pornography
10. Sex Education
5. Weapons 11. Gambling
6. Hate/Racism 12. Alcohol & Tobacco
2 SONICOS LOG EVENT REFERENCE GUIDE
SonicOS ‘Log View’ Display FormatThe ‘Log’ > ‘View’ page displays log event messages in following format for alert notification:• Time—Displays the hour and minute the event occurred.• Priority—Displays the level urgency for the event.• Category—Displays the event type.• Message—Displays a description of the event.• Source—Displays the source IP address of incoming IP packet.• Destination—Displays the destination IP address of incoming IP packet.• Note—Displays displays additional information specific to a particular event occurrence.• Rule—Displays the source and destination zones for the access rule. This field provides a link to
the access rule defined in the ‘Firewall’ > ‘Access Rules’ page.The display fields for a log event message provides you with data to verify your configurations, trou-ble-shoot your security appliance, and track IP traffic.
SONICOS LOG EVENT REFERENCE GUIDE 3
Configuring SonicOS ‘Log’ > ‘View’ The ‘Log’ > ‘View” page in the Web-based SonicWALL management interface allows you to export log reports, e-mail log reports, and monitor real-time Syslog data. As soon as you power on your Son-icWALL security appliance, SonicOS software sends Syslog data to your log. In the SonicWALL man-agement interface, you can navigate through the subcategories of the ‘Log’ setting for reporting and customizing log reports.In Figure 2, the ‘Log’ > ‘View’ page is displayed.Figure 2 SonicOS Enhanced ‘Log’ > ‘View’ page
4 SONICOS LOG EVENT REFERENCE GUIDE
Setting the Log Filter LogicBy default, the SonicOS filter logic is set to “Priority && Category && Source && Destination.” The double ampersand symbols (&&) indicate the boolean expression “and.” The default SonicOS filter logic displays all log events.In Figure 3, the ‘Log’ > ‘View’ > ‘Log View Settings’ page is displayed.Figure 3 SonicOS ‘Log View Settings’
Applying Custom Log Event Message FiltersThis section provides examples on using the ‘Log View Settings’ to filter log event messages dis-played in the ‘Log View’ page.
Configuration Example: Filtering Log Event Messages by Priority ValueTo set the log filter logic to display only log event messages with a priority level of Emergency:1. Select Emergency from the filter-Priority Value pull-down menu.
2. Click on the Apply Filters button.
Configuration Example: Filtering Log Event Messages by Category ValueTo set the log filter logic to display only log event messages with a category event type of Attacks:1. Select Attacks from the filter-Category Value pull-down menu.
2. Click on the Apply Filters button.
Apply filters
Reset filters
Export logsDefault filter logic
Group filtersDefault filter logic value
Log Event Message Filters
SONICOS LOG EVENT REFERENCE GUIDE 5
Configuration Example: Filtering Log Event Messages by Source ValueTo set the log filter logic to display only log event messages associated to a source IP address:1. Enter the source IP address or select an interface from the filter-Source Value pull-down menu.
2. Click on the Apply Filters button.
Configuration Example: Filtering Log Event Messages by Destination ValueTo set the log filter logic to display only log event messages associated to a destination IP address:1. Enter the destination IP address or select an interface from the filter-Source Value pull-down
menu. 2. Click on the Apply Filters button.
Using Group FiltersUse Group filters to change the default SonicOS filter logic (Priority && Category && Source && Des-tination) from double ampersand symbols (&&) to double pipe symbols (||) to indicate the boolean expression “or.” When using group filters, select two or more Group Filters checkboxes.
Note: If you select only one Group Filter checkbox, the filter logic will remain the same. Selecting only the Priority-Group Filter checkbox provides you with the following filter logic:
(Priority) && Category && Source && Destination
Configuration Example: Using the ‘Priority’ Group Filter and ‘Category Group’ FilterTo set the log filter logic to display log event messages with a priority level of Emergency or a category event type of Attack:1. Select the ‘Priority’ group filter checkbox.
2. Select the ‘Category’ group filter checkbox.3. Select Emergency from the filter-Priority Value pull-down menu. 4. Select Attacks from the filter-Category Value pull-down menu. Figure 4 illustrates the SonicOS filter logic updated as follows:
(Priority || Category) && Source && Destination
Figure 4 SonicOS Log Group Filters
A filter logic using the boolean expression “||” is less restrictive than the default filter logic using the boolean expression “&&”. With the boolean expression “||”, log event messages are displayed if they match either filter values. With the boolean expression “&&”, log event messages are displayed if they match both filter values.
6 SONICOS LOG EVENT REFERENCE GUIDE
Exporting the Logs to a FileThis section provides instructions to export your log to a file. To export the log to a file:1. Click on the Export Log button. You will be prompted to select a export file format type as
illustrated in Figure 5.Figure 5 SonicOS Export Log
2. Select a file format: Plain text format used in log and alert e-mail—Saves the log file as plain text, which can be used for alert e-mails.Comma-Separated Value (CSV) format—Saves the log file for importing into Microsoft Excel or other presentation development application.
3. Click on the Export button.4. Save the exported log file to a location on your personal computer’s hard drive.
Note: You can export a log to a file with applied filter settings.
Referencing the SonicOS ‘Log’ > ‘View ’ Field Display
SonicOS 2.5 Enhanced and Standard releases and greater provide the SonicOS ‘Log’ > ‘View’ field display as illustrated in Figure 6.Figure 6 SonicOS ‘Log’ > ‘View’ Field Display
Time and Date Stamp
Priority
Category
Message Descrition
Source IP Address
Destination IP
Log Event Notes
Network Rule
SONICOS LOG EVENT REFERENCE GUIDE 7
Referencing the SonicWALL Firmware ‘Log’ > ‘View Log’ Field DisplaySonicWALL Firmware 6.6.0.0 release and greater provide the SonicWALL Firmware ‘Log’ > ‘View Log’ field display as illustrated in Figure 7. Figure 7 SonicWALL Firmware Log’ > ‘View Log’ Field Display
Time and Date Stamp
Event Message
Source IP Address
Destination IP Address
Additional Information
Rule Number (If Applicable)
8 SONICOS LOG EVENT REFERENCE GUIDE
Index of Log Event MessagesThis section contains a list of log event messages for all SonicWALL Firmware and SonicOS Software Releases, ordered alphabetically. Use your web browser’s Find function to search for a command.
Log Event Message Symbols Key
TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message.
Each log event message described in the following table provides the following log event details:• SonicOS Category—Displays the SonicOS Software category event type.• Legacy Category—Displays the SonicWALL Firmware Software category event type.• Priority Level—Displays the level of urgency of the log event message.• Log Message ID Number—Displays the ID number of the log event message.• SNMP Trap Type—Displays the SNMP Trap ID number of the log event message.
Log Event Message Symbol Description Context
%s Ethernet Port Down Represents a character string. [WAN | LAN | DMZ] Ethernet Port Down
The cache is full; %u openconnections; some will be dropped
Represents a numerical string. The cache is full; [40,000] openconnections; some will be dropped
Log Event Message
SonicOS Category
Legacy Category
Priority Level
Log Message ID Number
SNMPTrapType
Log EventType
#Web site hit Network Traffic
Connection Traffic
Information 97 --- StandardHTTPTraffic
Report
%s VPN IKE User Activity Information 171 --- StandardMessage
String
%s ARS --- Information 840 --- StandardMessage
String
%s ARS --- Notice 841 --- StandardMessage
String
%s ARS --- Debug 842 --- StandardMessage
String
SONICOS LOG EVENT REFERENCE GUIDE 9
%s Ethernet Port Down
Firewall Event System Error Error 333 641 StandardString
Service
%s Ethernet Port Up
Firewall Event System Error Warning 332 640 StandardString
Service
%s-payload processing error
VPN IKE Debug Error 616 --- StandardMessage
String
SonicWALL Registration Update Needed: Restore your existing security service subscriptions by clicking here.
Security Services
Maintenance Warning 496 --- Simple
802.11b Management
Wireless 802.11b Management
Information 518 --- SimpleDestination
A prior version of preferences was loaded because the most recent preferences file was inaccessible
Firewall Event System Error Warning 572 648 Simple
A SonicOS Standard to Enhanced Upgrade was performed
Firewall Event Maintenance Information 611 --- Simple
Access attempt from host out of compliance with GSC policy
Security Services
Maintenance Information 761 --- Standard
Access attempt from host without Anti-Virus agent installed
Security Services
Maintenance Information 123 --- Standard
Access attempt from host without GSC installed
Security Services
Maintenance Information 763 524 Standard
Access rule added Firewall Rule User Activity Information 440 --- SimpleRule
Access rule deleted
Firewall Rule User Activity Information 442 --- SimpleRule String
10 SONICOS LOG EVENT REFERENCE GUIDE
Access rule modified
Firewall Rule User Activity Information 441 --- SimpleRule
Access to proxy server denied
Network Access
Blocked Sites Notice 60 705 StandardNote
Blocked
ActiveX access denied
Network Access
Blocked Code Notice 18 --- StandardNote
Blocked
ActiveX or Java archive access denied
Network Access
Blocked Code Notice 20 --- StandardNote
Blocked
AD agent %s is not responding
MS AD --- Error 769 --- StandardMessage
String
Add an attack message
Firewall Event Attack Error 143 525 SimpleString
Adding Dynamic Entry for Bound MAC Address
Network --- Information 813 --- StandardNote ENET
Adding L2TP IP pool Address object Failed
L2TP Server System Error Error 603 661 Simple
Adding to multicast policyList, interface: %s
Multicast --- Debug 697 --- StandardMessage
String
Adding to Multicast policyList, VPN SPI: %s
Multicast --- Debug 699 --- StandardMessage
String
Administrator logged out
Authentication User Activity Information 261 --- Standard
Administrator logged out - inactivity timer expired
Authentication User Activity Information 262 --- Standard
Administrator login allowed
Authentication User Activity Information 29 --- Standard
Administrator login denied due to bad credentials
Authentication Attack Alert 30 560 Standard
SONICOS LOG EVENT REFERENCE GUIDE 11
Administrator login denied from %s; logins disabled from this interface
Authentication Attack Alert 35 506 StandardMessage
String
Adminstrator name changed
Authentication Maintenance Information 328 --- Standard
All DDNS associations have been deleted
DDNS Maintenance Information 783 --- Simple
All preference values have been set to factory default values
Firewall Event System Error Warning 574 650 Simple
Allowed LDAP server certificate with wrong host name
RADIUS User Activity Warning 752 --- StandardNote String
Anti-Spyware Detection Alert: %s
Intrusion Detection
Attack Alert 795 576 StandardAnti-Spy
MessageString
Anti-Spyware Prevention Alert: %s
Intrusion Detection
Attack Alert 794 575 StandardAnti-Spy
MessageString
Anti-Spyware Service Expired
Security Services
Maintenance Warning 796 577 Simple
Anti-Virus agent out-of-date on host
Security Services
Maintenance Information 124 --- Standard
Anti-Virus Licenses Exceeded
Security Services
Maintenance Information 408 --- Standard
Arp request packet received
Network --- Information 717 --- StandardNote ENET
Arp request packet sent
Network --- Information 715 --- StandardNote ENET
Arp response packet received
Network --- Information 716 --- StandardNote ENET
Arp response packet sent
Network --- Information 718 --- StandardNote ENET
ARP timeout Network Debug Debug 45 --- Standard
Association Flood from wlan station
WLAN IDS WLAN IDS Alert 548 903 SimpleDestination
12 SONICOS LOG EVENT REFERENCE GUIDE
Authentication timeout during Remotely Triggered Dial-out session
Authentication User Activity Information 821 --- Simple
Back Orifice attack dropped
Intrusion Detection
Attack Alert 73 512 Standard
Backup active High Avaiability
System Error Information 825 --- Simple
Backup firewall being preempted by Primary
High Availability
System Error Error 152 619 Simple
Backup firewall has transitioned to Active
High Availability
Maintenance Information 145 --- Simple
Backup firewall has transitioned to Idle
High Availability
Maintenance Information 147 --- Simple
Backup going Active in preempt mode after reboot
High Availability
System Error Error 170 622 Simple
Backup missed heartbeats from Primary
High Availability
System Error Error 149 616 Simple
Backup received error signal from Primary
High Availability
System Error Error 151 618 Simple
Backup received reboot signal from Primary
High Availability
System Error Error 672 666 Simple
Backup shut down because license is expired
High Availability
System Error Error 824 --- Simple
Backup will be shut down in %s minutes
High Availability
System Error Error 823 --- StandardString
Service
Bad CRL format VPN PKI User Activity Alert 277 --- SimpleDestination
Blocked Quick Mode for Client using Default KeyId
VPN Client System Error Error 505 660 Standard
SONICOS LOG EVENT REFERENCE GUIDE 13
BOOTP Client IP address on LAN conflicts with remote device IP, deleting IP address from remote table
BOOTP Maintenance Information 619 --- StandardDestination
BOOTP reply relayed to local device
BOOTP Maintenance Information 620 --- StandardDestination
BOOTP Request received from remote device
BOOTP Debug Debug 621 --- StandardDestination
BOOTP server response relayed to remote device
BOOTP Debug Debug 618 --- StandardDestination
Broadcast packet dropped
Network Access
Debug Debug 46 --- StandardNote
Protocol
Cannot connect to the CRL server
VPN PKI User Activity Alert 274 --- SimpleDestination
Cannot Validate Issuer Path
VPN PKI User Activity Alert 878 --- SimpleDestination
Certificate on Revoked list (CRL)
VPN PKI User Activity Alert 279 --- SimpleDestination
CFL auto-download disabled, time problem detected
Security Services
Maintenance Information 268 --- Simple
CLI administrator logged out
Authentication User Activity Information 520 --- Simple
CLI administrator login allowed
Authentication User Activity Information 199 --- Simple
CLI administrator login denied due to bad credentials
Authentication User Activity Warning 200 --- Simple
Computed hash does not match hash received from peer
VPN IKE User Activity Warning 410 --- StandardDestination
14 SONICOS LOG EVENT REFERENCE GUIDE
Connection Closed
Note: In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message.
Network Traffic
Connection Traffic
Information 537 --- StandardTraffic
Report
Connection Opened
Note: In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL securityappliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message.
Network Traffic
Connection Information 98 --- StandardNote
Protocol
Connection timed out
VPN PKI User Activity Alert 273 --- SimpleDestination
Cookie removed Network Access
Blocked Code Notice 21 --- StandardString
Service
CRL has expired VPN PKI User Activity Alert 874 --- SimpleDestination
CRL loaded from VPN PKI User Activity Information 270 --- SimpleDestination
CRL missing - Issuer requires CRL checking
VPN PKI User Activity Alert 876 --- SimpleDestination
CRL validation failure for Root Certificate
VPN PKI User Activity Alert 877 --- SimpleDestination
Crypto DES test failed
Crypto Test Maintenance Error 360 --- Simple
Crypto DH test failed
Crypto Test Maintenance Error 361 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 15
Crypto Hardware 3Des test failed
Crypto Test Maintenance Error 367 --- Simple
Crypto Hardware 3DES with SHA test failed
Crypto Test Maintenance Error 369 --- Simple
Crypto Hardware AES test failed
Crypto Test Maintenance Error 610 --- Standard
Crypto hardware DES test failed
Crypto Test Maintenance Error 366 --- Simple
Crypto Haredware DES with SHA test failed
Crypto Test Maintenance Error 368 --- Simple
Crypto Hmac-MD5 fest failed
Crypto Test Maintenance Error 362 --- Simple
Crypto Hmac-Sha1 test failed
Crypto Test Maintenance Error 363 --- Simple
Crypto MD5 test failed
Crypto Test Maintenance Error 370 --- Simple
Crypto RSA test failed
Crypto Test Maintenance Error 364 --- Simple
Crypto Sha1 test failed
Crypto Test Maintenance Error 365 --- Simple
DDNS association %s disabled
DDNS Maintenance Information 781 --- SimpleMessage
String
DDNS association %s enabled
DDNS Maintenance Information 780 --- SimpleMessage
String
DDNS association %s added
DDNS Maintenance Information 779 --- SimpleMessage
String
DDNS association %s deactivated
DDNS Maintenance Information 784 --- SimpleMessage
String
DDNS association %s deleted
DDNS Maintenance Information 785 --- SimpleMessage
String
DDNS Association %s put on line
DDNS Maintenance Information 782 --- SimpleMessage
String
16 SONICOS LOG EVENT REFERENCE GUIDE
DDNS association %s taken Offline locally
DDNS Maintenance Information 778 --- SimpleMessage
String
DDNS Failure: Provider %s
DDNS System Error Error 774 --- SimpleMessage
String
DDNS Failure: Provider %s
DDNS System Error Error 775 --- SimpleMessage
String
DDNS Failure: Provider %s
DDNS System Error Error 773 --- SimpleMessage
String
DDNS Update success for domain %s
DDNS Maintenance Information 776 --- StandardMessage
String
DDNS Warning: Provider %s
DDNS System Error Warning 777 --- SimpleMessage
String
Deleting from Multicast policy list, interface : %s
Multicast --- Debug 698 --- StandardMessage
String
Deleting from Multicast policy list, VPN SPI : %s
Multicast --- Debug 700 --- StandardMessage
String
Deleting IPSec SA VPN IKE User Activity Information 92 --- StandardNote SPI
DHCP client enabled but not ready
DHCP Client Maintenance Information 504 --- Simple
DHCP Client did not get DHCP ACK
DHCP Client Maintenance Information 109 --- Standard
DHCP Client failed to verify and lease has expired. Go to INIT state.
DHCP Client Maintenance Information 119 --- Standard
DHCP Client got a new IP address lease.
DHCP Client Maintenance Information 121 --- StandardDestination
DHCP Client got ACK from server
DHCP Client Maintenance Information 111 --- StandardDestination
DHCP Client got NACK
DHCP Client Maintenance Information 110 --- Standard
SONICOS LOG EVENT REFERENCE GUIDE 17
DHCP Client is declining address offered by the server.
DHCP Client Maintenance Information 112 --- StandardDestination
DHCP Client sending REQUEST and going to REBIND state
DHCP Client Maintenance Information 113 --- StandardDestination
DHCP Client sending REQUEST and going to RENEW state
DHCP Client Maintenance Information 114 --- StandardDestination
DHCP DISCOVER received from remote device
DHCP Relay Debug Information 474 --- StandardDestination
DHCP lease dropped. Lease from Central Gateway conflicts with Relay IP
DHCP Relay Maintenance Warning 228 --- StandardDestination
DHCP lease dropped. Lease from Central Gateway conflicts with Remote Management IP
DHCP Relay Maintenance Warning 484 --- StandardDestination
DHCP lease relayed to local device
DHCP Relay Maintenance Information 223 --- StandardDestination
DHCP lease relayed to remote device
DHCP Relay Debug Information 225 --- StandardDestination
DHCP lease to LAN device conflicts with remote device, deleting remote IP entry
DHCP Relay Maintenance Information 226 --- StandardDestination
DHCP NAK received from server
DHCP Relay Debug Information 477 --- StandardDestination
DHCP OFFER received from server
DHCP Relay Debug Information 476 --- StandardDestination
18 SONICOS LOG EVENT REFERENCE GUIDE
DHCP Ranges altered automatically due to change in network settings for interface %s
Firewall Event --- Information 832 --- StandardString
Service
DHCP RELEASE received from remote device
DHCP Relay Debug Information 224 --- StandardDestination
DHCP RELEASE relayed to Central Gateway
DHCP Relay Maintenance Information 222 --- StandardDestination
DHCP REQUEST received from remote device
DHCP Relay Debug Information 473 --- StandardDestination
DHCP Server not available. Did not get any DHCP OFFER.
DHCP Client Maintenance Information 106 --- Standard
Diagnostic Code A Firewall Hardware
System Error Error 93 611 SimpleNote String
Diagnostic Code B Firewall Hardware
System Error Error 94 612 SimpleNote String
Diagnostic Code C Firewall Hardware
System Error Error 95 613 SimpleNote String
Diagnostic Code D Firewall Hardware
System Error Error 64 610 StandardNote Code
Diagnostic Code D Firewall Hardware
System Error Error 517 642 SimpleNote String
Diagnostic Code E VPN IPSec System Error Error 61 609 StandardNote Code
Diagnostic Code F Firewall Hardware
System Error Error 164 621 SimpleNote String
Diagnostic Code G Firewall Hardware
System Error Error 599 655 SimpleNote String
Diagnostic Code H Firewall Hardware
System Error Error 600 656 SimpleNote String
Diagnostic Code I Firewall Hardware
System Error Error 601 657 SimpleNote String
Disconnecting L2TP Tunnel due to traffic timeout
L2TP Client Maintenance Information 215 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 19
Disconnecting PPPoE due to traffic timeout
PPPoE Maintenance Information 168 --- Simple
Disconnecting PPTP Tunnel due to traffic timeout
PPTP Maintenance Information 389 --- Simple
Discovered HA Backup Firewall
High Availability
Maintenance Information 156 --- Simple
DNS packet allowed
Network Access
Debug Information 602 --- StandardPolicy
Drop Wlan traffic from non SonicPoint devcies
Intrusion Detection
Attack Error 662 572 Standard
Dynamic IPSec client connected
VPN IPSec User Activity Information 62 --- StandardDestination
EIGRP packet dropped
Network Access
Debug Notice 714 --- StandardNote String
E-Mail fragment dropped
Intrusion Detection
Attack Error 437 550 Standard
Error initializing Hardware acceleration for VPN
Firewall Hardware
Maintenance Error 374 --- Simple
Error Rebooting HA Peer Firewall
High Availability
System Error Error 669 663 Simple
Error setting the IP address of the backup, please manually set to backup LAN IP
High Availability
System Error Error 191 629 Simple
Error Synchronizing HA Peer Firewall
High Availability
System Error Error 158 662 Simple
Exceeded Max multicast address limit
Multicast --- Warning 703 --- Standard
Failed payload validation
VPN IKE User Activity Warning 405 --- Standard
Failed payload verification after decryption. Possible preshared key mismatch.
VPN IKE User Activity Warning 404 --- Standard
20 SONICOS LOG EVENT REFERENCE GUIDE
Failed to find certificate
VPN PKI User Activity Alert 875 --- SimpleDestination
Failed to get CRL from
VPN PKI User Activity Alert 271 --- SimpleDestination
Failed to Process CRL from
VPN PKI User Activity Alert 276 --- SimpleDestination
Failed to resolve name
Network Maintenance Information 84 --- SimpleDestination
Failed to synchronize Relay IP Table
DHCP Relay System Error Warning 234 632 Standard
Failure to add data channel
Unused Debug Debug 49 --- Standard
Failure to reach Interface %s probe
High Availability
System Error Error 675 647 StandardString Ser-
vice
Fan Failure Firewall Hardware
System Environment
Alert 576 102 Simple
Forbidden E-Mail attachment deleted
Intrusion Detection
Attack Error 248 534 StandardDestination
Forbidden E-Mail attachment disabled
Intrusion Detection
Attack Alert 165 527 StandardDestination
Found Rogue Access Point
WLAN IDS WLAN IDS Alert 546 901 SimpleDestination
Found Rogue Access Point
WLAN IDS WLAN IDS Alert 556 901 SimpleDestination
Fragmented packet dropped
Network TCP | UDP | ICMP
Notice 28 --- StandardNote
Protocol
Fraudulent Microsoft certificate found; access denied
Intrusion Detection
Attack Error 193 532 Standard
FTP: Data connection from non default port dropped
Network Access
Attack Alert 538 557 Standard
FTP: PASV response bounce attack dropped.
Intrusion Detection
Attack Alert 528 556 StandardNote String
SONICOS LOG EVENT REFERENCE GUIDE 21
FTP: PASV response spoof attack dropped.
Intrusion Detection
Attack Error 446 551 Standard
FTP: PORT bounce attack dropped.
Intrusion Detection
Attack Alert 527 555 StandardNote String
Gateway Anti-Virus Alert: %s
Security Services
Attack Alert 809 --- StandardMessage
String
Gateway Anti-Virus Service expired
Security Services
Maintenance Warning 810 --- Simple
Global VPN Client connection is not allowed. Appliance is not registered.
VPN Client System Error Information 529 643 Standard
Global VPN Client License Exceeded: Connection denied.
VPN Client System Error Information 494 658 Standard
Global VPN Client version cannot enforce personal firewall. Minimum Version required is 2.1.
VPN Client User Activity Information 604 --- StandardDestination
Got DHCP OFFER. Selecting.
DHCP Client Maintenance Information 107 --- StandardDestination
GSC policy out-of-date on host
Security Services
Maintenance Information 762 --- Standard
Guest account '%s' created
Authentication User Activity Information 558 --- StandardMessage
String
Guest account '%s' deleted
Authentication User Activity Information 559 --- StandardMessage
String
Guest account '%s' disabled
Authentication User Activity Information 560 --- StandardMessage
String
Guest account '%s' pruned
Authentication User Activity Information 562 --- StandardMessage
String
Guest account '%s' re-enabled
Authentication User Activity Information 561 --- StandardMessage
String
22 SONICOS LOG EVENT REFERENCE GUIDE
Guest account '%s' re-generated
Authentication User Activity Information 563 --- StandardMessage
String
Guest login denied. Guest '%s' is already logged in. Please try again later.
Authentication User Activity Information 557 --- StandardMessage
String
H.323/H.225 Connect
VoIP VoIP Debug 634 --- StandardNote String
H.323/H.225 Setup VoIP VoIP Debug 633 --- StandardNote String
H.323/H.245 Address
VoIP VoIP Debug 635 --- StandardNote String
H.323/H.245 End Session
VoIP VoIP Debug 636 --- StandardNote String
H.323/RAS Admission Confirm
VoIP VoIP Debug 625 --- StandardNote String
H.323/RAS Admission Reject
VoIP VoIP Debug 624 --- StandardNote String
H.323/RAS Admission Request
VoIP VoIP Debug 626 --- StandardNote String
H.323/RAS Bandwidth Reject
VoIP VoIP Debug 627 --- StandardNote String
H.323/RAS Disengage Confirm
VoIP VoIP Debug 628 --- StandardNote String
H.323/RAS Disengage Reject
VoIP VoIP Debug 641 --- StandardNote String
H.323/RAS Gatekeeper Reject
VoIP VoIP Debug 629 --- StandardNote String
H.323/RAS Location Confirm
VoIP VoIP Debug 630 --- StandardNote String
H.323/RAS Location Reject
VoIP VoIP Debug 631 --- StandardNote String
H.323/RAS Registration Reject
VoIP VoIP Debug 632 --- StandardNote String
H.323/RAS Unknown Message Response
VoIP VoIP Debug 640 --- StandardNote String
SONICOS LOG EVENT REFERENCE GUIDE 23
H.323/RAS Unregistration Reject
VoIP VoIP Debug 642 --- StandardNote String
HA packet processing error
High Availability
Maintenance Information 162 --- Simple
Hardware Failover settings were not upgraded
Firewall Event Maintenance Information 743 --- Simple
Header verification failed
VPN IKE User Activity Warning 587 --- Standard
HTTP management port has changed
Firewall Event Maintenance Information 340 --- SimpleNote String
HTTPS management port has changed
Firewall Event Maintenance Information 341 --- SimpleNote String
ICMP checksum error
Network Access
UDP Notice 886 --- Standard
ICMP packet allowed
Network Access
Debug Information 597 --- StandardPolicy
ICMP packet dropped
Network Access
ICMP Notice 38 --- StandardPolicy
ICMP packet dropped
Network Access
ICMP Notice 523 --- StandardICMP
Service
ICMP packet from LAN allowed
Network Access
Debug Information 598 --- StandardICMP
Service
ICMP packet from LAN dropped
Network Access
LAN ICMP | LAN TCP
Notice 175 --- StandardICMP
Service
If not already enabled, enabling NTP is recommended
Firewall Hardware
System Error Warning 540 645 Simple
IGMP packet dropped, wrong checksum received on interface %s
Multicast --- Notice 683 --- StandardMessage
String
IGMP Leave group message Received on interface %s
Multicast --- Information 682 --- StandardMessage
String
24 SONICOS LOG EVENT REFERENCE GUIDE
IGMP packet dropped, decoding error
Multicast --- Notice 686 --- Standard
IGMP Packet Not handled. Packet type : %s
Multicast --- Notice 687 --- StandardMessage
String
IGMP querier Router detected on interface %s
Multicast --- Debug 701 --- StandardMessage
String
IGMP querier Router detected on VPN tunnel , SPI %S
Multicast --- Debug 702 --- StandardMessage
String
IGMP state table entry time out,deleting interface : %s for multicast address : %s
Multicast --- Debug 692 --- StandardMessage
String
IGMP state table entry time out,deleting VPN SPI :%s for Multicast address : %s
Multicast --- Debug 693 --- StandardMessage
String
IGMP V2 client joined multicast Group : %s
Multicast --- Information 676 --- StandardMessage
String
IGMP V2 Membership report received from interface %s
Multicast --- Debug 679 --- StandardMessage
String
IGMP V3 client joined multicast Group : %s
Multicast --- Information 677 --- StandardMessage
String
IGMP V3 Membership report received from interface %s
Multicast --- Debug 678 --- StandardMessage
String
IGMP V3 packet dropped, unsupported Record type : %s
Multicast --- Notice 688 --- StandardMessage
String
SONICOS LOG EVENT REFERENCE GUIDE 25
IGMP V3 reord type : %s not Handled
Multicast --- Debug 689 --- StandardMessage
String
IKE ID mismatch %s
VPN IKE Debug Debug 658 --- StandardString
Service
IKE Initiator drop: Packet dest address does not match selected local interface address
VPN IKE User Activity Information 544 --- Standard
IKE Initiator: Accepting IPSec proposal (Phase 2)
VPN IKE User Activity Information 372 --- StandardNote String
IKE Initiator: Accepting peer lifetime (Phase 1)
VPN IKE User Activity Information 445 --- StandardDestination
IKE Initiator: Aggressive Mode complete (Phase 1)
VPN IKE User Activity Information 354 --- StandardDestination
IKE Initiator: Main Mode complete (Phase 1)
VPN IKE User Activity Information 353 --- StandardDestination
IKE Initiator: Received notify. NO_PROPOSAL_CHOSEN
VPN IKE User Activity Warning 401 --- StandardDestination
IKE Initiator: Start Aggressive Mode negotiation (Phase 1)
VPN IKE User Activity Information 358 --- Standard
IKE Initiator: Start Main Mode negotiation (Phase 1)
VPN IKE User Activity Information 351 --- Standard
IKE Initiator: Start Quick Mode (Phase 2)
VPN IKE User Activity Information 346 --- Standard
IKE Initiator: Using secondary gateway to negotiate
VPN IKE User Activity Information 543 --- StandardDestination
26 SONICOS LOG EVENT REFERENCE GUIDE
IKE negotiation aborted due to timeout
VPN IKE User Activity Information 403 --- Standard
IKE negotiation complete. Adding IPSec SA. (Phase 2)
VPN IKE User Activity Information 89 --- Standard
IKE Responder drop: Packet dest address does not match selected local interface address
VPN IKE User Activity Information 545 --- Standard
IKE Responder: %s policy does not allow static IP for Virtual Adapter.
VPN Client System Error Error 660 --- StandardMessage
String
IKE Responder: Accepting IPSec proposal (Phase 2)
VPN IKE User Activity Information 87 --- StandardNote String
IKE Responder: Aggressive Mode complete (Phase 1)
VPN IKE User Activity Information 373 --- StandardDestination
IKE Responder: AH Perfect Forward Secrecy mismatch
VPN IKE User Activity Warning 258 544 Standard
IKE Responder: Algorithms and/or keys do not match
VPN IKE User Activity Warning 260 546 Standard
IKE Responder: Default LAN gateway is not set but peer is propos-ing to use this SA as a default route
VPN IKE Attack Error 516 553 StandardNote String
IKE Responder: Default LAN gateway is set but peer is not proposing to use this SA as a default route
VPN IKE User Activity Warning 253 539 StandardNote String
SONICOS LOG EVENT REFERENCE GUIDE 27
IKE Responder: ESP Perfect Forward Secrecy mismatch
VPN IKE User Activity Warning 259 545 Standard
IKE Responder: IKE proposal does not match(Phase 1)
VPN IKE User Activity Warning 402 --- StandardDestination
IKE Responder: IP Address already exists in the DHCP relay table. Client traffic not allowed.
VPN Client System Error Error 659 --- StandardNote String
IKE Responder: IPSec proposal does not match (Phase 2)
VPN IKE User Activity Warning 88 523 StandardNote String
IKE Responder: Main Mode complete (Phase 1)
VPN IKE User Activity Information 357 --- StandardDestination
IKE Responder: Mode %d - not transport mode. Xauth is required but not supported by peer.
VPN IKE Debug Warning 342 --- StandardMessageNumber
IKE Responder: Mode %d - not tunnel mode
VPN IKE User Activity Warning 249 535 StandardMessageNumber
IKE Responder: No match for proposed remote network address
VPN IKE User Activity Warning 252 538 StandardNote String
IKE Responder: No matching Phase 1 ID found for proposed remote network
VPN IKE User Activity Warning 250 536 StandardNote String
IKE Responder: Proposed local network is 0.0.0.0 but SA has no LAN Default Gateway
VPN IKE User Activity Warning 418 549 StandardNote String
28 SONICOS LOG EVENT REFERENCE GUIDE
IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route
VPN IKE User Activity Warning 251 537 Standard
IKE Responder: Received Aggressive Mode request (Phase 1)
VPN IKE User Activity Information 356 --- Standard
IKE Responder: Received Main Mode request (Phase 1)
VPN IKE User Activity Information 355 --- Standard
IKE Responder: Received Quick Mode Request (Phase 2)
VPN IKE User Activity Information 352 --- Standard
IKE Responder: Tunnel terminates inside firewall but proposed local network is not inside firewall
VPN IKE User Activity Warning 255 541 StandardNote String
IKE Responder: Tunnel terminates on DMZ but proposed local network is on LAN
VPN IKE User Activity Warning 256 542 StandardNote String
IKE Responder: Tunnel terminates on LAN but proposed local network is on DMZ
VPN IKE User Activity Warning 257 543 StandardNote String
IKE Responder: Tunnel terminates outside firewall but proposed local network is not NAT public address
VPN IKE User Activity Warning 254 540 StandardNote String
IKE Responder: Tunnel terminates outside firewall but proposed remote network is not NAT public address
VPN IKE User Activity Warning 345 548 StandardNote String
SONICOS LOG EVENT REFERENCE GUIDE 29
IKE SA lifetime expired.
VPN IKE User Activity Information 350 --- Standard
Illegal IPSec SPI VPN IPSec User Activity Information 65 --- StandardDestination
Imported VPN SA is invalid - disabled
Firewall Event Maintenance Warning 348 --- StandardNote String
Inbound connection from RBL-listed SMTP server dropped
RBL --- Notice 798 --- Standard
Incoming call received for Remotely Triggered Dial-out session
Authentication User Activity Information 817 --- Simple
Incompatible IPSec Security Association
VPN IPSec User Activity Information 69 --- StandardDestination
Incorrect authentication received for Remotely Triggered Dial-out
Authentication User Activity Information 819 --- Simple
Ini Killer attack dropped
Intrusion Detection
Attack Alert 80 519 Standard
Interface %s Link Is Down
Firewall Event System Error Error 566 647 StandardString
Service
Interface %s Link Is Up
Firewall Event System Error Warning 565 646 StandardString
Service
Interface IP Assignment : Binding and initializing %s
Firewall Event Maintenance Information 568 --- StandardString
Service
Interface IP Assignment changed: Shutting down %s
Firewall Event Maintenance Information 567 --- StandardString
Service
Interface statistics report
GMS --- Information 805 --- SimpleInterfaceStatistics
30 SONICOS LOG EVENT REFERENCE GUIDE
Invalid TCP flags on an incomplete connection
Network Access
--- Notice 760 --- StandardNote String
Invalid VLAN packet dropped
Network --- Alert 836 --- StandardNote String
IP Header checksum error
Network Access
TCP | UDP Notice 883 --- Standard
IP spoof detected on packet to Central Gateway, packet dropped
DHCP Relay Attack Error 229 533 StandardNote ENET
IP spoof dropped Intrusion Detection
Attack Alert 23 502 StandardNote ENET
IP type %s packet dropped
Network Access
LAN UDP | LAN TCP
Notice 590 --- StandardMessage
String
IPS Detection Alert: %s
Intrusion Detection
Attack Alert 608 569 StandardIDP
MessageString
IPS Detection Alert: %s
Intrusion Detection
Attack Alert 789 573 StandardMessage
String
IPS Prevention Alert: %s
Intrusion Detection
Attack Alert 609 570 StandardIDP
MessageString
IPS Prevention Alert: %s
Intrusion Detection
Attack Alert 790 574 StandardMessage
String
IPSec (AH) packet dropped
VPN IPSec TCP | UDP | ICMP
Notice 534 --- StandardNote String
IPSec (AH) packet dropped; waiting for pending IPSec connection
VPN IPSec Debug Debug 536 --- Standard
IPSec (ESP) packet dropped
VPN IPSec TCP | UDP | ICMP
Notice 533 --- StandardNote String
IPSec (ESP) packet dropped; waiting for pending IPSec connection
VPN IPSec Debug Debug 535 --- Standard
SONICOS LOG EVENT REFERENCE GUIDE 31
IPSec Authentication Failed
VPN IPSec Attack Error 67 508 StandardDestination
IPSec connection interrupt
Network Access
Debug Debug 43 --- Standard
IPSec Decryption Failed
VPN IPSec Attack Error 68 509 StandardDestination
IPSec packet dropped
Network Access
TCP | UDP | ICMP
Notice 40 --- Standard
IPSec packet dropped; waiting for pending IPSec connection
Network Access
Debug Debug 42 --- Standard
IPSec packet from an illegal host
VPN IPSec Maintenance Information 247 --- StandardDestination
IPSec packet from or to an illegal host
VPN IPSec Attack Error 70 510 StandardDestination
IPSEC Replay Detected
VPN IPSec Attack Alert 180 531 StandardNote String
IPSecTunnel status changed
VPN VPN Tunnel Status
Information 427 801 Simple
ISDN Driver Firmware successfully updated
Firewall Event Maintenance Information 493 --- Simple
Issuer match failed VPN PKI User Activity Alert 278 --- SimpleDestination
Java access denied
Network Access
Blocked Code Notice 19 --- StandardNote
Blocked
L2TP enabled but not ready
Unused Maintenance Information 500 --- Simple
L2TP Max Retransmission Exceeded
L2TP Client Maintenance Information 203 --- Simple
L2TP PPP Authentication Failed
L2TP Client Maintenance Information 212 --- Simple
L2TP PPP Down L2TP Client Maintenance Information 211 --- Simple
L2TP PPP link down
L2TP Client Maintenance Information 217 --- Simple
32 SONICOS LOG EVENT REFERENCE GUIDE
L2TP PPP Negotiation Started
L2TP Client Maintenance Information 208 --- Simple
L2TP PPP Session Up
L2TP Client Maintenance Information 210 --- Simple
L2TP Server : Deleting the L2TP active Session
L2TP Server Maintenance Information 337 --- StandardDestination
L2TP Server : Deleting the Tunnel
L2TP Server Maintenance Information 336 --- StandardDestination
L2TP Server : L2TP Session Estab-lished.
L2TP Server Maintenance Information 309 --- StandardDestination
L2TP Server : L2TP Tunnel Estab-lished.
L2TP Server Maintenance Information 308 --- StandardDestination
L2TP Server : Retransmission Timeout, Deleting the Tunnel
L2TP Server Maintenance Information 338 --- StandardDestination
L2TP Server : User Name authentication Failure locally.
L2TP Server Maintenance Information 344 --- StandardDestination
L2TP Server: Local Authentication Failure
L2TP Server Maintenance Information 312 --- StandardDestination
L2TP Server: Local Authentication Success.
L2TP Server Maintenance Information 318 --- StandardDestination
L2TP Server: Radius Authentication Success
L2TP Server Maintenance Information 319 --- StandardDestination
L2TP Server: Radius reports Authentication Failure
L2TP Server Maintenance Information 311 --- StandardDestination
L2TP Server: Radius server not assigned IP address
L2TP Server Maintenance Information 313 --- StandardDestination
SONICOS LOG EVENT REFERENCE GUIDE 33
L2TP Server: Call Disconnect from Remote.
L2TP Server Maintenance Information 334 --- StandardDestination
L2TP Server: Tunnel Disconnect from Remote.
L2TP Server Maintenance Information 335 --- StandardDestination
L2TP Session Disconnect from Remote
L2TP Client Maintenance Information 207 --- Simple
L2TP Session Established
L2TP Client Maintenance Information 206 --- Simple
L2TP Session Negotiation Started
L2TP Client Maintenance Information 202 --- Simple
L2TP Tunnel Disconnect from Remote
L2TP Client Maintenance Information 205 --- Simple
L2TP Tunnel Established
L2TP Client Maintenance Information 204 --- Simple
L2TP Tunnel Negotiation Started
L2TP Client Maintenance Information 201 --- Simple
LAN Subnet configurations were not upgraded.
Firewall Event Maintenance Information 741 --- Simple
Land attack dropped
Intrusion Detection
Attack Alert 27 505 Standard
License exceeded: Connection dropped because too many IP addresses are in use on your LAN
Firewall Event System Error Error 58 608 Standard
License of HA pair doesn't match
High Availability
System Error Error 670 664 Simple
Local user login allowed
Authentication User Activity Information 31 --- StandardString
Service
Local user login denied due to bad credentials
Authentication User Activity Information 32 --- StandardString
Service
Locked-out user logins allowed - lockout period expired
Authentication User Activity Information 438 --- StandardNote String
34 SONICOS LOG EVENT REFERENCE GUIDE
Locked-out user logins allowed by administrator
Authentication User Activity Information 439 --- StandardNote String
Log Cleared Firewall Logging
Maintenance Information 5 --- Simple
Log Debug Firewall Event Debug Error 142 --- SimpleString
Log successfully sent via email
Firewall Logging
Maintenance Information 6 --- Simple
Login screen timed out
Authentication User Activity Information 34 --- StandardString
Service
MAC address collides with Static ARP Entry with Bound MAC address; packet dropped
Network --- Notice 814 --- StandardNote ENET
Machine %s removed from SYN flood blacklist
Intrusion Detection
--- Alert 865 --- StandardString
Service
Malformed or unhandled IP packet dropped
Network Access
Attack Alert 522 554 StandardDestination
Maximum events per second threshold exceeded
Firewall Logging
System Error Critical 654 --- Simple
Maximum sequential failed dial attempts (10) to a single dial-up number: %s
PPP Dial-up Attack Error 591 566 StandardMessage
String
Maximum syslog data per second threshold exceeded
Firewall Logging
System Error Critical 655 --- Simple
Multicast application %s not supported
Multicast --- Information 696 --- StandardMessage
String
Multicast packet dropped, Invalid src IP received on interface : %s
Multicast --- Alert 685 --- StandardMessage
String
SONICOS LOG EVENT REFERENCE GUIDE 35
Multicast packet dropped, wrong MAC address receieved on interface : %s
Multicast --- Alert 684 --- StandardMessage
String
Multicast TCP packet dropped
Multicast --- Notice 691 --- Standard
Multicast UDP packet dropped, no state entry
Multicast --- Notice 690 --- Standard
Multicast UDP packet dropped, RTCP stateful failed
Multicast --- Warning 695 --- Standard
Multicast UDP packet dropped, RTP stateful failed
Multicast --- Warning 694 --- Standard
NAT device may not support IPSec AH passthrough
VPN IPSec Maintenance Information 266 --- Simple
NAT Discovery : No NAT/NAPT device detected between IPSec Security gateways
VPN IKE User Activity Information 241 --- Standard
NAT Discovery : Local IPSec Security Gateway behind a NAT/NAPT Device
VPN IKE User Activity Information 240 --- Standard
NAT Discovery : Peer IPSec Security Gateway behind a NAT/NAPT Device
VPN IKE User Activity Information 239 --- Standard
NAT Discovery : Peer IPSec Security Gateway doesn't support VPN NAT Traversal
VPN IKE User Activity Information 242 --- Standard
NAT translated packet exceeds size limit, packet dropped
Network Debug Debug 339 --- Standard
36 SONICOS LOG EVENT REFERENCE GUIDE
Net Spy attack dropped
Intrusion Detection
Attack Alert 74 513 Standard
NetBIOS settings were not upgraded. Use Network>IP Helper to configure NetBIOS support
Firewall Event Maintenance Information 740 --- Simple
NetBus attack dropped
Intrusion Detection
Attack Alert 72 511 Standard
Network for interface %s overlaps with another interface.
Firewall Event Maintenance Information 569 --- StandardString
Service
Network Modem Mode Disabled: re-enabling NAT
PPP Dial-up Maintenance Information 531 --- Simple
Network Modem Mode Enabled: turning off NAT
PPP Dial-up Maintenance Information 530 --- Simple
New URL List loaded
Security Services
Maintenance Information 8 --- Simple
Newsgroup access allowed
Network Access
Blocked Sites Notice 17 704 StandardNote
Blocked
Newsgroup access denied
Network Access
Blocked Sites Notice 15 702 StandardNote
Blocked
No Certificate for VPN PKI User Activity Alert 280 --- SimpleDestination
No new URL List available
Security Services
Maintenance Information 9 --- Simple
No response from ISP Disconnecting PPPoE.
PPPoE Maintenance Information 169 --- Simple
No response from PPTP server to call requests
PPTP Maintenance Information 431 --- Simple
No response from PPTP server to control connection requests
PPTP Maintenance Information 430 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 37
No response from server to Echo Requests, disconnecting PPTP Tunnel
PPTP Maintenance Information 429 --- Simple
No valid DNS server specified for RBL lookups
RBL --- Error 800 --- Simple
Not all configurations may have been completely upgraded
Firewall Event Maintenance Information 612 --- Simple
Not enough memory to hold the CRL
VPN PKI User Activity Warning 272 --- SimpleDestination
Obtained Relay IP Table from Remote Gateway
DHCP Relay Maintenance Information 233 --- Standard
OCSP Failed to Resolve Domain Name.
VPN PKI User Activity Error 853 --- StandardNote String
OCSP Internal error handling received response.
VPN PKI User Activity Error 854 --- StandardNote String
OCSP received response error.
VPN PKI User Activity Error 851 --- StandardNote String
OCSP received response.
VPN PKI User Activity Information 850 --- StandardNote String
OCSP Resolved Domain Name.
VPN PKI User Activity Information 852 --- StandardNote String
OCSP send request message failed.
VPN PKI User Activity Error 849 --- StandardNote String
OCSP sending request.
VPN PKI User Activity Information 848 --- StandardNote String
Outbound connection to RBL-listed SMTP server dropped
RBL --- Notice 797 --- Standard
Out-of-order command packet dropped
Network Access
Debug Debug 48 --- Standard
38 SONICOS LOG EVENT REFERENCE GUIDE
Packet dropped by wlan guest check
Wireless TCP | UDP | ICMP
Warning 488 --- StandardDestination
Packet dropped by wlan vpn traversal check
Wireless TCP | UDP | ICMP
Warning 495 --- StandardDestination
Packet dropped. No firewall rule associated with VPN policy.
VPN System Error Alert 739 --- StandardNote String
Ping of death dropped
Intrusion Detection
Attack Alert 22 501 Standard
PKI Failure: CA certificates store exceeded. Cannot verify this Local Certificate
VPN PKI Maintenance Error 453 --- Simple
PKI Failure: Cannot alloc memory
VPN PKI Maintenance Error 449 --- Simple
PKI Failure: Certificate's ID does not match this SonicWall
VPN PKI Maintenance Error 455 --- Simple
PKI Failure: Duplicate local certificate
VPN PKI Maintenance Error 458 --- Simple
PKI Failure: Duplicate local certificate name
VPN PKI Maintenance Error 457 --- Simple
PKI Failure: Import failed
VPN PKI Maintenance Error 451 --- Simple
PKI Failure: Improper file format. Please select PKCS#12 (*.p12) file
VPN PKI Maintenance Error 454 --- Simple
PKI Failure: Incorrect admin password
VPN PKI Maintenance Error 452 --- Simple
PKI Failure: Internal error
VPN PKI Maintenance Error 460 --- Simple
PKI Failure: Loaded but could not verify certificate
VPN PKI Maintenance Error 469 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 39
PKI Failure: Loaded the certificate but could not verify it's chain
VPN PKI Maintenance Error 470 --- Simple
PKI Failure: No CA certificates yet loaded
VPN PKI Maintenance Error 459 --- Simple
PKI Failure: Output buffer too small
VPN PKI Maintenance Error 448 --- Simple
PKI Failure: public-private key mismatch
VPN PKI Maintenance Error 456 --- Simple
PKI Failure: Reached the limit for local certs, cant load any more
VPN PKI Maintenance Error 450 --- Simple
PKI Failure: Temporary memory shortage, try again
VPN PKI Maintenance Error 461 --- Simple
PKI Failure: The certificate chain has no root
VPN PKI Maintenance Error 464 --- Simple
PKI Failure: The certificate chain is circular
VPN PKI Maintenance Error 462 --- Simple
PKI Failure: The certificate chain is incomplete
VPN PKI Maintenance Error 463 --- Simple
PKI Failure: The certificate or a certificate in the chain has a bad signature
VPN PKI Maintenance Error 468 --- Simple
PKI Failure: The certificate or a certificate in the chain has a validity period in the future
VPN PKI Maintenance Error 466 --- Simple
PKI Failure: The certificate or a certificate in the chain has expired
VPN PKI Maintenance Error 465 --- Simple
40 SONICOS LOG EVENT REFERENCE GUIDE
PKI Failure: The certificate or a certificate in the chain is corrupt
VPN PKI Maintenance Error 467 --- Simple
Please connect interface %s to another network to function properly
Firewall Event Maintenance Information 570 --- StandardString
Service
Please manually check all system configurations for correctness of Upgrade
Firewall Event Maintenance Information 613 --- Simple
Port configured to receive IPSEC ONLY. Drop packet received in the clear.
Network Access
TCP | UDP | ICMP
Warning 347 --- StandardDestination
Possible port scan dropped
Intrusion Detection
Attack Alert 82 521 StandardNote String
Possible SYN flood attack detected
Intrusion Detection
Attack Warning 25 503 Standard
Possible SYN flood detected on WAN IF %s - switching to connection-proxy mode
Intrusion Detection
--- Alert 859 --- StandardString
Service
Possible SYN Flood on IF %s
Intrusion Detection
--- Alert 860 --- StandardString
Service
Possible SYN Flood on IF %s continues
Intrusion Detection
--- Warning 866 --- StandardString
Service
Possible SYN Flood on IF %s has ceased
Intrusion Detection
--- Alert 867 --- StandardString
Service
PPP Dial-Up: Connect request canceled
PPP Dial-up User Activity Information 306 --- Simple
PPP Dial-Up: Connected at %s bps - starting PPP
PPP Dial-up User Activity Information 286 --- StandardString
Service
SONICOS LOG EVENT REFERENCE GUIDE 41
PPP Dial-Up: Connection disconnected as scheduled.
PPP Dial-up --- Information 666 --- Standard
PPP Dial-Up: Dial initiated by %s
PPP Dial-up Maintenance Information 324 --- StandardMessage
String
PPP Dial-Up: Dialed number did not answer
PPP Dial-up User Activity Information 285 --- Simple
PPP Dial-Up: Dialed number is busy
PPP Dial-up User Activity Information 284 --- Simple
PPP Dial-Up: Dialing not allowed by schedule. %s
PPP Dial-up --- Information 665 --- StandardMessage
String
PPP Dial-Up: Dialing: %s
PPP Dial-up User Activity Information 281 --- StandardString
Service
PPP Dial-Up: Idle time limit exceeded - disconnecting
PPP Dial-up User Activity Information 297 --- Simple
PPP Dial-Up: Initialization : %s
PPP Dial-up User Activity Information 303 --- StandardString
Service
PPP Dial-Up: Link carrier lost
PPP Dial-up User Activity Information 288 --- Simple
PPP Dial-Up: Manual intervention needed. Check Primary Profile or Profile details
PPP Dial-up User Activity Information 321 --- Simple
PPP Dial-Up: Maximum connection time exceeded - disconnecting
PPP Dial-up User Activity Information 327 --- Simple
PPP Dial-Up: No dialtone detected - check phone-line connection
PPP Dial-up User Activity Information 282 --- Simple
42 SONICOS LOG EVENT REFERENCE GUIDE
PPP Dial-Up: No link carrier detected - check phone number
PPP Dial-up User Activity Information 283 --- Simple
PPP Dial-Up: No peer IP address from Dial-Up ISP, local and remote IPs will be the same
PPP Dial-up Maintenance Information 481 --- Simple
PPP Dial-Up: PPP link down
PPP Dial-up User Activity Information 301 --- Simple
PPP Dial-Up: PPP link established
PPP Dial-up User Activity Information 300 --- Simple
PPP Dial-Up: Previous session was connected for %s
PPP Dial-up User Activity Information 542 --- StandardString
Service
PPP Dial-Up: Received new IP address
PPP Dial-up User Activity Information 299 --- Standard
PPP Dial-Up: Shutting down link
PPP Dial-up User Activity Information 302 --- Simple
PPP Dial-Up: The profile in use disabled VPN networking.
PPP Dial-up Maintenance Information 330 --- Simple
PPP Dial-Up: Trying to failover but Alternate Profile is manual
WAN Failover User Activity Information 434 --- Simple
PPP Dial-Up: Trying to failover but Primary Profile is manual
PPP Dial-up User Activity Information 322 --- Simple
PPP Dial-Up: Unknown dialing failure
PPP Dial-up User Activity Information 287 --- Simple
PPP Dial-Up: User requested connect
PPP Dial-up User Activity Information 305 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 43
PPP Dial-Up: User requested disconnect
PPP Dial-up User Activity Information 304 --- Simple
PPP Dial-Up: VPN networking restored.
PPP Dial-up Maintenance Information 331 --- Simple
PPP: Authentication successful
PPP User Activity Information 289 --- Simple
PPP: CHAP authentication failed - check username / password
PPP User Activity Information 291 --- Simple
PPP: MS-CHAP authentication failed - check username / password
PPP User Activity Information 292 --- Simple
PPP: PAP Authentication failed - check username / password
PPP User Activity Information 290 --- Simple
PPP: Starting CHAP authentication
PPP User Activity Information 294 --- Simple
PPP: Starting MS-CHAP authentication
PPP User Activity Information 293 --- Simple
PPP: Starting PAP authentication
PPP User Activity Information 295 --- Simple
PPPoE terminated PPPoE Maintenance Information 130 --- Simple
PPPoE discovery process complete
PPPoE Maintenance Information 133 --- Simple
PPPoE enabled but not ready
PPPoE Maintenance Information 499 --- Simple
PPPoE LCP Link Down
PPPoE Maintenance Information 129 --- Simple
PPPoE LCP Link Up
PPPoE Maintenance Information 128 --- Simple
PPPoE Network Connected
PPPoE Maintenance Information 131 --- Simple
44 SONICOS LOG EVENT REFERENCE GUIDE
PPPoE Network Disconnected
PPPoE Maintenance Information 132 --- Simple
PPPoE starting CHAP Authentication
PPPoE Maintenance Information 134 --- Simple
PPTP enabled but not ready
PPTP Maintenance Information 501 --- Simple
PPTP Connect Initiated by the User
PPTP Maintenance Information 390 --- StandardDestination
PPTP Control Connection Established
PPTP Maintenance Information 378 --- Simple
PPTP Control Connection Negotiation Started
PPTP Maintenance Information 375 --- Simple
PPTP decode failure
PPTP Debug Debug 596 --- Standard
PPTP Disconnect Initiated by the User
PPTP Maintenance Information 388 --- StandardDestination
PPTP PAP Authentication success.
PPTP Maintenance Information 396 --- Simple
PPTP PPP Down PPTP Maintenance Information 385 --- Simple
PPTP PPP Link down
PPTP Maintenance Information 399 --- Simple
PPTP PPP Link Finished
PPTP Maintenance Information 400 --- Simple
PPTP PPP Link Up PPTP Maintenance Information 398 --- Simple
PPTP PPP Negotiation Started
PPTP Maintenance Information 382 --- Simple
PPTP PPP Session Up
PPTP Maintenance Information 384 --- Simple
PPTP Server is not responding, check if the server is UP and running.
PPTP Maintenance Information 444 --- Simple
PPTP server rejected control connection
PPTP Maintenance Information 432 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 45
PPTP server rejected the call request
PPTP Maintenance Information 433 --- Simple
PPTP Session Disconnect from Remote
PPTP Maintenance Information 381 --- Simple
PPTP Session Established
PPTP Maintenance Information 380 --- Simple
PPTP Session Negotiation Started
PPTP Maintenance Information 376 --- Simple
PPTP starting CHAP Authentication
PPTP Maintenance Information 392 --- Simple
PPTP starting PAP Authentication
PPTP Maintenance Information 393 --- Simple
PPTP Tunnel Disconnect from Remote
PPTP Maintenance Information 379 --- Simple
Primary firewall has transitioned to Active
High Availabil-ity
Maintenance Information 144 --- Simple
Primary firewall has transitioned to Idle
High Availabil-ity
System Error Error 146 614 Simple
Primary firewall preempting Backup
High Availability
System Error Error 153 620 Simple
Primary missed heartbeats from Backup
High Availability
System Error Error 148 615 Simple
Primary received error signal from Backup
High Availability
System Error Error 150 617 Simple
Primary received reboot signal from Backup
High Availability
System Error Error 671 665 Simple
Priority attack dropped
Intrusion Detection
Attack Alert 79 518 Standard
Probable port scan dropped
Intrusion Detection
Attack Alert 83 522 StandardNote String
Probable TCP FIN scan dropped
Intrusion Detection
Attack Alert 177 528 Standard
46 SONICOS LOG EVENT REFERENCE GUIDE
Probable TCP NULL scan dropped
Intrusion Detection
Attack Alert 179 530 Standard
Probable TCP XMAS scan dropped
Intrusion Detection
Attack Alert 178 529 Standard
Probing failure on %s
WAN Failover System Error Alert 326 637 StandardMessage
String
Probing succeeded on %s
WAN Failover System Error Alert 436 638 StandardMessage
String
Problem loading the URL List; Appliance not registered.
Security Services
System Error Error 183 623 Simple
Problem loading the URL List;check Filter settings
Security Services
System Error Error 10 602 StandardNote Code
Problem loading the URL List; check your DNS server
Security Services
System Error Error 11 603 Simple
Problem loading the URL List; Flash write failure.
Security Services
System Error Error 187 627 Simple
Problem loading the URL List; Retrying later.
Security Services
System Error Error 186 626 Standard
Problem loading the URL List; Subscription expired.
Security Services
System Error Error 184 624 Standard
Problem loading the URL List; Try loading it again.
Security Services
System Error Error 185 625 Simple
Problem sending log email; check log settings.
Firewall Logging
System Error Warning 12 604 Simple
Real time clock battery failure. Time values may be incorrect.
Firewall Hardware
System Error Warning 539 644 Simple
SONICOS LOG EVENT REFERENCE GUIDE 47
Received a path MTU icmp message from router/gateway
Network User Activity Information 182 --- StandardNote SPI
Received a path MTU icmp message from router/gateway
Network User Activity Information 188 --- StandardNote MTU
Received AV Alert: %s
Security Services
Maintenance Warning 125 524 StandardString
Service
Received AV Alert: Your SonicWALL Network Anti-Virus subscription has expired. %s
SecurityServices
Maintenance Warning 159 526 StandardString
Service
Received AV Alert: Your SonicWALL Network Anti-Virus subscription will expire in 7 days. %s
Security Services
Maintenance Warning 482 552 StandardString
Service
Received CFS Alert: Your SonicWALL Content Filtering subscription has expired.
Security Services
Maintenance Warning 490 563 Simple
Received CFS Alert: Your SonicWALL Content Filtering subscription will expire in 7 days.
Security Services
Maintenance Warning 489 562 Simple
Received DHCP offer packet has errors
DHCP Client Maintenance Information 588 --- StandardDestination
Received E-Mail Filter Alert: Your SonicWALL E-Mail Filtering subscription has expired.
Security Services
Maintenance Warning 492 565 Simple
48 SONICOS LOG EVENT REFERENCE GUIDE
Received E-Mail Filter Alert: Your SonicWALL E-Mail Filtering subscription will expire in 7 days.
Security Services
Maintenance Warning 491 564 Simple
Received fragmented packet or fragmentation needed
Network Debug Debug 63 --- Standard
Received IKE SA delete request
VPN IKE User Activity Information 413 --- Standard
Received IPS Alert: Your SonicWALL Intrusion Prevention (IDP) subscription has expired.
Security Services
Maintenance Warning 614 571 Simple
Received IPSEC SA delete request
VPN IKE User Activity Information 412 --- StandardDestination
Received ISAKMP packet destined to port %s
VPN IKE Debug | UDP Information 607 --- StandardMessage
String
Received LCP Echo Reply
PPPoE Maintenance Information 723 --- Simple
Received LCP Echo Request
PPPoE Maintenance Information 721 --- Simple
Received notify: INVALID_COOKIES
VPN IKE User Activity Information 414 --- StandardDestination
Received notify: INVALID_ID_INFO
VPN IPSec User Activity Warning 483 --- Standard
Received notify: INVALID_PAYLOAD
VPN IKE User Activity Error 661 --- Standard
Received notify: INVALID_SPI
VPN IKE User Activity Information 416 --- StandardDestination
Received notify: ISAKMP_AUTH_FAILED
VPN IKE User Activity Warning 409 --- StandardDestination
Received notify: PAYLOAD_MALFORMED
VPN IKE User Activity Warning 411 --- StandardDestination
SONICOS LOG EVENT REFERENCE GUIDE 49
Received notify: RESPONDER_LIFETIME
VPN IKE User Activity Information 415 --- StandardDestination
Received packet retransmission. Drop duplicate packet
VPN IKE User Activity Warning 406 --- Standard
Received PPPoE Active Discovery Offer
PPPoE Maintenance Information 593 --- Simple
Received PPPoE Active Discovery Session_confirmation
PPPoE Maintenance Information 594 --- Simple
Received response packet for DHCP request has errors
DHCP Client Maintenance Information 589 --- StandardDestination
Received unencrypted packet while crypto active
VPN IKE User Activity Warning 605 --- Standard
Regulatory requirements prohibit %s from being re-dialed for 30 minutes
PPP Dial-up Attack Error 592 567 StandardMessage
String
Remotely Triggered Dial-out session ended. Valid WAN bound data found. Normal dial-up sequence will commence
Authentication User Activity Information 822 --- Simple
Remotely Triggered Dial-out session started. Requesting authentication
Authentication User Activity Information 818 --- Simple
Request for Relay IP Table from Central Gateway
DHCP Relay Maintenance Information 230 --- Standard
Requesting CRL from
VPN PKI User Activity Information 269 --- SimpleDestination
50 SONICOS LOG EVENT REFERENCE GUIDE
Requesting Relay IP Table from Remote Gateway
DHCP Relay Maintenance Information 231 --- Standard
Retransmitting DHCP DISCOVER
DHCP Client Maintenance Information 99 --- StandardDestination
Retransmitting DHCP REQUEST (Rebinding)
DHCP Client Maintenance Information 102 --- StandardDestination
Retransmitting DHCP REQUEST (Rebooting)
DHCP Client Maintenance Information 103 --- StandardDestination
Retransmitting DHCP REQUEST (Renewing)
DHCP Client Maintenance Information 101 --- StandardDestination
Retransmitting DHCP REQUEST (Requesting)
DHCP Client Maintenance Information 100 --- StandardDestination
Retransmitting DHCP REQUEST (Verifying)
DHCP Client Maintenance Information 104 --- StandardDestination
RIP disabled on interface %s
RIP Maintenance Information 419 --- StandardString
Service
Ripper attack dropped
Intrusion Detection
Attack Alert 76 515 Standard
RIPv1 enabled on interface %s
RIP Maintenance Information 420 --- StandardString
Service
RIPv2compatibility (broadcast) mode enabled on interface %s
RIP Maintenance Information 422 --- StandardString
Service
RIPv2 enabled on interface %s
RIP Maintenance Information 421 --- StandardString
Service
Router IGMP General query received oninterface %s
Multicast --- Debug 680 --- StandardMessage
String
Router IGMP Membership query received on interface %s
Multicast --- Debug 681 --- StandardMessage
String
SONICOS LOG EVENT REFERENCE GUIDE 51
Sending DHCP DISCOVER.
DHCP Client Maintenance Information 105 --- StandardDestination
Sending DHCP RELEASE.
DHCP Client Maintenance Information 122 --- StandardDestination
Sending DHCP REQUEST (Rebinding).
DHCP Client Maintenance Information 116 --- StandardDestination
Sending DHCP REQUEST (Rebooting).
DHCP Client Maintenance Information 117 --- StandardDestination
Sending DHCP REQUEST (Renewing).
DHCP Client Maintenance Information 115 --- StandardDestination
Sending DHCP REQUEST (Verifying).
DHCP Client Maintenance Information 118 --- StandardDestination
Sending DHCP REQUEST.
DHCP Client Maintenance Information 108 --- StandardDestination
Sending LCP Echo Reply
PPPoE Maintenance Information 722 --- Simple
Sending LCP Echo Request
PPPoE Maintenance Information 720 --- Simple
Sending PPPoE Active Discovery Request
PPPoE Maintenance Information 595 --- Simple
Senna Spy attack dropped
Intrusion Detection
Attack Alert 78 517 Standard
Sent Relay IP Table to Central Gateway
DHCP Relay Maintenance Information 232 --- Standard
SIP Register expi-ration exceeds configured Signalinginactivity time out
VoIP VoIP Warning 645 --- StandardNote String
SIP Request VoIP VoIP Debug 643 --- StandardNote String
SIP Response VoIP VoIP Debug 644 --- StandardNote String
SMTP POP-Before-SMTP authentication failed
Firewall Logging
System Error Warning 656 --- Simple
52 SONICOS LOG EVENT REFERENCE GUIDE
SMTP server found on RBL blacklist
RBL --- Notice 799 --- StandardNote String
Smurf Amplification attack dropped
Intrusion Detection
Attack Alert 81 520 Standard
SonicPoint Provision
SonicPoint SonicPoint Information 727 --- SimpleDestination
SonicPoint statistics report
GMS --- Information 806 --- SimpleSonicPoint
Statistics
SonicPoint Status SonicPoint SonicPoint Information 667 --- SimpleDestination
SonicWALL activated
Firewall Event Maintenance Alert 4 --- Simple
SonicWALLinitializing
Firewall Event Maintenance Information 521 --- Simple
Source routed IP packet dropped
Intrusion Detection
Debug Warning 428 --- Standard
Spank attack multicast packet dropped
Intrusion Detection
Attack Alert 606 568 Standard
Starting IKE negotiation
VPN IKE User Activity Information 90 --- StandardNote String
Starting PPPoE discovery
PPPoE Maintenance Information 127 --- Simple
Status GMS Maintenance Emergency 96 --- SimpleGMS
Status
Striker attack dropped
Intrusion Detection
Attack Alert 77 516 Standard
Sub Seven attack dropped
Intrusion Detection
Attack Alert 75 514 Standard
Success to reach Interface %s probe
High Availability
System Error Information 674 --- StandardString
Service
Successful authentication received for Remotely Triggered Dial-out
Authentication User Activity Information 820 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 53
SYN Flood Blacklist on IF %s continues
Intrusion Detection
--- Warning 868 --- StandardString
Service
SYN Floodblacklistingdisabled by user
Intrusion Detection
--- Warning 863 --- Standard
SYN Flood blacklisting enabled by user
Intrusion Detection
--- Warning 862 --- Standard
SYN flood ceased or flooding machines blacklisted - connection proxy disabled
Intrusion Detection
--- Alert 861 --- Standard
SYN Flood Mode changed by user to: Always proxy WAN connections
Intrusion Detection
--- Warning 858 --- Standard
SYN Flood Mode changed by user to: Watch and proxy WAN connections when under attack
Intrusion Detection
--- Warning 857 --- Standard
SYN Flood Mode changed by user to: Watch and report possible SYN floods
Intrusion Detection
--- Warning 856 --- Standard
Synchronizing preferences to HA Peer Firewall
High Availability
Maintenance Information 673 --- Simple
SYN-Flooding machine %s blacklisted
Intrusion Detection
--- Alert 864 --- StandardString
Service
TCP checksum error
Network Access
UDP Notice 884 --- Standard
TCP connection dropped
Network Access
UDP Notice 36 --- StandardPolicy
TCP connection from LAN denied
Network Access
LAN TCP Notice 173 --- StandardService
TCP FIN packet dropped
Network Debug Debug 181 --- Standard
54 SONICOS LOG EVENT REFERENCE GUIDE
TCP stateful inspection enforcement: Bad header dropped
Network Debug Debug 711 --- Standard
TCP stateful inspection enforcement: Connection aborted
Network Debug Debug 713 --- Standard
TCP stateful inspectionenforcement: Connection refused
Network Debug Debug 712 --- Standard
TCP stateful inspection enforcement: Invalid ack dropped
Network Debug Debug 709 --- Standard
TCP stateful inspection enforcement: Invalid flag dropped
Network Debug Information 710 --- Standard
TCP stateful inspection enforcement: Invalid sequence dropped
Network Debug Debug 708 --- Standard
TCP SYN received Intrusion Detection
--- Debug 869 --- Standard
TCP Syn/Fin packet dropped
Network Access
Attack Alert 580 558 Standard
TCP Xmas Tree dropped
Intrusion Detection
Attack Alert 267 547 Standard
The cache is full; %u open connections; some will be dropped
Firewall Event System Error Error 53 607 StandardMessageNumber
The loaded content URL List has expired
Security Services
System Error Error 190 628 Simple
SONICOS LOG EVENT REFERENCE GUIDE 55
The network connection in use is %s
WAN Failover System Error Warning 307 639 StandardMessage
String
The preferences file is too large to be saved inavailable flash memory
Firewall Event System Error Warning 573 649 Simple
Thermal Red Firewall Hardware
System Environment
Alert 578 104 Simple
Thermal Red Timer Exceeded
Firewall Hardware
System Environment
Alert 579 105 Simple
Thermal Yellow Firewall Hardware
System Environment
Alert 577 103 Simple
Time of day settings for fire-wall policies were not upgraded.
Firewall Event Maintenance Information 742 --- Simple
UDP checksum error
Network Access
UDP Notice 885 --- Standard
UDP packet dropped
Network Access
UDP Notice 37 --- StandardPolicy
UDP packet from LAN dropped
Network Access
LAN UDP | LAN TCP
Notice 174 --- StandardService
Unable to download IPS/GAV/Aspy Signature database. Firewall must first be restarted to free memory used by downloaded firmware.
Unused --- Warning 873 --- Simple
Unknown protocol dropped
Network Access
Debug Notice 41 --- StandardNote String
Unknown reason VPN PKI User Activity Error 275 --- SimpleDestination
User logged out Authentication User Activity Information 263 --- StandardString
Service
User logged out - inactivity timer expired
Authentication User Activity Information 265 --- StandardNote String
56 SONICOS LOG EVENT REFERENCE GUIDE
User logged out - max session time exceeded
Authentication User Activity Information 264 --- StandardNote String
User logged out - user disconnect detected (heartbeat timer expired)
Authentication User Activity Information 24 --- StandardNote String
User login denied - insufficient access on LDAP server
RADIUS User Activity Warning 750 --- StandardString Ser-
vice
User login denied - invalid credentials on LDAP server
RADIUS User Activity Warning 749 --- StandardString Ser-
vice
User login denied - LDAP authentication fail-ure
RADIUS User Activity Information 745 --- StandardString Ser-
vice
User login denied - LDAP communication problem
RADIUS User Activity Warning 748 --- StandardString
Service
User login denied - LDAP directory mismatch
RADIUS User Activity Warning 757 --- StandardString
Service
User login denied - LDAP schema mismatch
RADIUS User Activity Warning 751 --- StandardString
Service
User login denied - LDAP server certificate not valid
RADIUS User Activity Warning 755 --- StandardString
Service
User login denied - LDAP server down or misconfigured
RADIUS User Activity Warning 747 --- StandardString
Service
User login denied - LDAP server name resolution failed
RADIUS User Activity Warning 753 --- StandardString
Service
User login denied - LDAP server timeout
RADIUS User Activity Warning 746 --- StandardString
Service
User login denied - RADIUS authentication failure
RADIUS User Activity Information 243 --- StandardString
Service
SONICOS LOG EVENT REFERENCE GUIDE 57
User login denied - RADIUS communication problem
RADIUS User Activity Warning 744 --- StandardString
Service
User login denied - RADIUS configuration error
RADIUS User Activity Information 245 --- StandardString
Service
User login denied - RADIUS server name resolution failed
RADIUS User Activity Warning 754 --- StandardString
Service
User login denied - RADIUS server timeout
RADIUS User Activity Information 244 --- StandardString
Service
User login denied - TLS or localcertificate problem
RADIUS User Activity Warning 756 --- StandardString
Service
User login denied - User has no privileges for login from that location
RADIUS User Activity Information 246 --- StandardString
Service
User login denied - User has no privileges for WLAN guest service
Authentication User Activity Information 486 --- StandardDestination
User login denied due to bad credentials
Authentication User Activity Information 33 --- StandardString
Service
User login disabled from %s
Authentication Attack Error 583 559 StandardMessage
String
User login failed - Guest service limit reached
Authentication User Activity Information 549 --- StandardNote String
User login failure rate exceeded - logins from user IP address denied
Authentication Attack Error 329 561 StandardDestination
Virtual Access Point is disabled
SonicPoint 802.11b Management
Information 731 --- SimpleDestination
Virtual Access Point is enabled
SonicPoint 802.11b Management
Information 730 --- SimpleDestination
58 SONICOS LOG EVENT REFERENCE GUIDE
VoIP %s Endpoint added
VoIP VoIP Debug 637 --- StandardString
Service
VoIP %s Endpoint not added - configured 'public' endpoint limit reached
VoIP VoIP Warning 639 --- StandardString
Service
VoIP %s Endpoint removed
VoIP VoIP Debug 638 --- StandardString
Service
VoIP Call Connected
VoIP VoIP Information 622 --- StandardNote String
VoIP Call Disconnected
VoIP VoIP Information 623 --- StandardNote String
Voltages Out of Tolerance
Firewall Hard-ware
System Envi-ronment
Error 575 101 Simple
VPN Cleanup: Dynamic network settings change
VPN User Activity Information 471 --- Standard
VPN Client Policy Provisioning
VPN Client User Activity Information 371 --- StandardDestination
VPN disabled by administrator
Authentication Maintenance Information 506 --- Simple
VPN disabled for active dial up
Unused Maintenance Information 503 --- Simple
VPN enabled by administrator
Authentication Maintenance Information 507 --- Simple
VPN Log Debug VPN IKE Debug Information 172 --- SimpleString
VPN policy count received exceeds the limit; %s
VPN System Error Error 719 --- StandardString
Service
VPN zone administrator login allowed
Authentication User Activity Information 235 --- Standard
VPN zone remote user login allowed
Authentication User Activity Information 237 --- StandardString
Service
WAN Interface not setup
Firewall Event Maintenance Information 498 --- Simple
WAN IP Changed Firewall Event System Error Warning 138 636 Standard
SONICOS LOG EVENT REFERENCE GUIDE 59
WAN not ready Firewall Event Maintenance Information 502 --- Simple
WAN zone administrator login allowed
Authentication User Activity Information 236 --- Standard
WAN zone remote user login allowed
Authentication User Activity Information 238 --- StandardString Ser-
vice
WARNING: DHCP lease relayed from Central Gateway conflicts with IP in Static Devices list
DHCP Relay Maintenance Information 227 --- StandardDestination
Web access request dropped
Network Access
UDP Notice 524 --- StandardPolicy
Web management request allowed
Network Access
User Activity Notice 526 --- StandardService
Web site access allowed
Network Access
Blocked Sites Notice 16 703 StandardNote
Blocked
Web site access denied
Network Access
Blocked Sites Notice 14 701 StandardNote
Blocked
Wireless MAC Filter List disabled by administrator
Authentication Maintenance Information 513 --- Simple
Wireless MAC Filter List enabled by administrator
Authentication Maintenance Information 512 --- Simple
WLAN client null probing
WLAN IDS WLAN IDS Warning 615 904 StandardDestination
WLAN disabled by administrator
Authentication Maintenance Information 508 --- Simple
WLAN disabled by schedule
Authentication Maintenance Information 728 --- Simple
Wlan drop traffic to deny network
Network Access
--- Information 724 --- StandardNote String
WLAN enabled by administrator
Authentication Maintenance Information 509 --- Simple
WLAN enabled by schedule
Authentication Maintenance Information 729 --- Simple
60 SONICOS LOG EVENT REFERENCE GUIDE
WLAN firmware image has been updated
Wireless Maintenance Information 487 --- SimpleString
WLAN Guest Account Timeout
Authentication User Activity Information 551 --- StandardNote String
WLAN Guest Idle Timeout
Authentication User Activity Information 564 --- StandardNote String
WLAN Guest Session Timeout
Authentication User Activity Information 550 --- StandardNote String
WLAN max concurrent users reached already
Network Access
--- Information 726 --- StandardNote String
WLAN not in AP mode, DHCP server will not provide lease to clients on WLAN
Wireless Maintenance Information 617 --- Simple
WLAN pass traffic to access allow network
Network Access
--- Information 725 --- StandardNote String
WLAN recovery Wireless Maintenance Information 519 --- SimpleString
WLAN sequence number out of order
WLAN IDS WLAN IDS Warning 547 902 SimpleDestination
WLB Failback initiated by %s
WAN Failover System Error Alert 435 652 StandardMessage
String
WLB Failover in progress
WAN Failover System Error Alert 584 651 Standard
WLB Resource failed
WAN Failover System Error Alert 586 654 Standard
WLB Resource is now available
WAN Failover System Error Alert 585 653 Standard
WLB Spill-over started, configured threshold exceeded
WAN Failover Maintenance Warning 581 --- Simple
WLB Spill-over stopped
WAN Failover Maintenance Warning 582 --- Simple
SONICOS LOG EVENT REFERENCE GUIDE 61
WPA MIC Failure Wireless 802.11b Management
Warning 663 --- SimpleDestination
WPA Radius Server Timeout
Wireless 802.11b Management
Information 664 --- SimpleDestination
XAUTH Failed with VPN client, Authentication failure
VPN Client User Activity Information 140 --- StandardDestination
XAUTH Failed with VPN client, Cannot Contact RADIUS Server
VPN Client User Activity Information 141 --- StandardDestination
XAUTH Succeeded with VPN client
VPN Client User Activity Information 139 --- StandardDestination
62 SONICOS LOG EVENT REFERENCE GUIDE
Index of Syslog Tag Field DescriptionThis section provides an alphabetical listing of Syslog tags and the associated field description.
Tag Field Description
<ddd> Syslog message prefix The beginning of each syslog message has a string of the form <ddd> where ddd is a decimal number indicating facility and priority of the mes-sage. (See [1] Section 4.1.1)
arg URL Used to render a URL: arg represents the URL path name part.
bcastRx Interface statistics report Displays the broadcast packets received
bcastTx Interface statistics report Displays the broadcast packets transmitted
bytesRx Interface statistics report Displays the bytes received
bytesTx Interface statistics report Displays the bytes transmitted
c Message category (legacy only) Indicates the legacy category number (Note: We are not currently sending new category informa-tion.)
change Configuration change webpage Displays the basename of the firewall web page that performed the last configuration change
code Blocking code Indicates the CFS block code category
code ICMP type and code Indicates the ICMP code
conns Firewall status report Indicates the number of connections in use
cpuUtil Firewall status report Displays the CPU utilization (not in use)
dst Destination Destination IP address, and optionally, port, net-work interface, and resolved name.
dstname Destination URL Displays the URL of web site hit and other legacy destination strings
dstname URL Used to render a URL: dstname represents the URL host part
dyn Firewall status report Displays the HA and dialup connection state (ren-dered as “h.d” where “h” is “n” (not enabled), “b” (backup), or “p” (primary) and “d” is “1” (enabled) or “0” (disabled))
fw Firewall WAN IP Indicates the WAN IP Address
fwlan Firewall status report Indicates the LAN zone IP address
goodRxBytes SonicPoint statistics report Indicates the well formed bytes recevied
goodTxBytes SonicPoint statistics report Indicates the well formed bytes transmitted
SONICOS LOG EVENT REFERENCE GUIDE 63
i Firewall status report Displays the GMS message interval in seconds
id=firewall Webtrends prefix Syntactic sugar for WebTrends (and GMS by habit)
if Interface statistics report Displays the interface on which statistics are reported
ipscat IPS message Displays the IPS category
ipspri IPS message Displays the IPS priority
lic Firewall status report Indicates the number of licenses for firewalls with limited modes
m Message ID Provides the message ID number
mac MAC address Provides the MAC address
msg Static message Displays the event message (from spreadsheet)
msg Dynamically-defined message Displays a dynamically defined message string
msg Static message with dynamic string Displays a message using the predefined mes-sage string containing a “%s” and a dynamic string argument.
msg Static message with dynamic num-ber
Displays a message using the predefined string string containing a “%s” and a dynamic numeric argument.
msg IPS message Displays a message using the predefined mes-sage string containing a “%s” and a dynamic string argument.
msg Anti-Spyware message Displays the event message (from spreadsheet)
n Message count Indicates the number of times event occurs
op HTTP OP code Displays the HTTP operation (GET, POST, etc.) of web site hit
pri Message priority Displays the event priority level (0=emer-gency..7=debug)
proto IP protocol Indicates the IP protocol and detail information
proto Protocol and service Displays the protocol information (rendered as “proto/service”)
proto Protocol and service Displays the protocol information (rendered as “proto/service”)
pt Firewall status report Displays the HTTP/HTTPS management port (rendered as “hhh.sss”)
radio SonicPoint statistics report Displays the SonicPoint radio on which event occurred
ramUtil Firewall status report Displays the RAM utilization (not in use)
64 SONICOS LOG EVENT REFERENCE GUIDE
rcvd Bytes received Indicates the number of bytes received within connection
result HTTP Result code Displays the HTTP result code (200, 403, etc.) of web site hit
rule Rule ID Displays the Access Rule number causing packet drop
sent Bytes sent Displays the number of bytes sent within connec-tion
sid IPS message Provides the IPS signature ID
sid Anti-Spyware message Provides the AntiSpyware signature ID
sn Firewall serial number Indicates the device serial number
spycat Anti-Spyware message Displays the antiSpyware category
spypri Anti-Spyware message Displays the AntiSpyware priority
src Source Indicates the source IP address, and optionally, port, network interface, and resolved name.
station SonicPoint statistics report Displays the client (station) on which event occurred
time Time Reports the time of event
type ICMP type and code Indicates the ICMP type
ucastRx Interface statistics report Displays the unicast packets received
ucastTx Interface statistics report Displays the unicast packets transmitted
unsynched Firewall status report Reports the time since last local change in sec-onds
usesstandbysa Firewall status report Displays whether standby SA is in use (“1” or “0”) for GMS management
usr (or user) User Displays the user name (“user” is the tag used by WebTrends)
vpnpolicy VPN policy name Displays the VPN policy name of event
SONICOS LOG EVENT REFERENCE GUIDE 65
66 SONICOS LOG EVENT REFERENCE GUIDE
© 2002 SonicWALL, I n c . SonicWALL is a registered trademark of SonicWALL, I n c . Other product and company names mentioned herein may bet rademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.
T: 408.745.9600F: 408.745.9300
www.sonicwall.comSonicWALL,Inc.1143 Borregas AvenueSunnyvale,CA 94089-1306
P/ N 232-000827-00Rev B 6/05