These log messages refer to the BLACKLIST (Blacklist events) category.
2.11.1. failed_to_write_list_of_blocked_hosts_to_media (ID: 04600001)
- Default Severity
- CRITICAL
- Log Message
- Failed to write list of blocked hosts to media
- Explanation
- Failed to write list of blocked hosts to media. The media might be corrupted.
- Firewall Action
- None
- Recommended Action
- Verify that the media is intact.
- Revision
- 1
2.11.2. unable_to_allocate_static_entry (ID: 04600002)
- Default Severity
- WARNING
- Log Message
- Unable to allocate static entry for <host>
- Explanation
- Unable to allocate static entry. Unit is low on memory.
- Firewall Action
- no_block
- Recommended Action
- Review the configuration in order to free more RAM.
- Revision
- 1
- Parameters
- host
2.11.3. unable_to_allocate_host_entry (ID: 04600003)
- Default Severity
- WARNING
- Log Message
- Unable to allocate dynamic entry for <host>
- Explanation
- Unable to allocate dynamic entry. Unit is low on memory.
- Firewall Action
- no_block
- Recommended Action
- Review the configuration in order to free more RAM.
- Revision
- 1
- Parameters
- host
2.11.4. host_unblacklisted (ID: 04600004)
- Default Severity
- NOTICE
- Log Message
- Blacklist entry removed. Protocol: <proto>, Src Net: <srcnet>, Dst Net: <dstnet>, Port: <port>.
- Explanation
- A blacklist entry has been removed.
- Firewall Action
- None
- Recommended Action
- None
- Revision
- 4
- Parameters
- proto
srcnet
dstnet
port
2.11.5. host_blacklisted (ID: 04600006)
- Default Severity
- NOTICE
- Log Message
- Blacklist entry added. Reason: <reason>, Protocol: <proto>, Src Net: <srcnet>, Dst Net: <dstnet>, Port: <port>.
- Explanation
- A blacklist entry was added.
- Firewall Action
- None
- Recommended Action
- None
- Revision
- 4
- Parameters
- reason
proto
srcnet
dstnet
port
2.11.6. botnet_src_detected (ID: 04600010)
- Default Severity
- NOTICE
- Log Message
- Source IP <ipaddr> has a low IP Reputation score (<reputation>) and is associated with botnets.
- Explanation
- The source IP address has a low reputation and is associated with botnets. The dynamic blacklist will temporarily block all
communcation with that address.
- Firewall Action
- blacklist
- Recommended Action
- None
- Revision
- 2
- Parameters
- ipaddr
reputation
srcmac
destmac
- Context Parameters
- Rule Name
Packet Buffer
2.11.7. botnet_dst_detected (ID: 04600011)
- Default Severity
- NOTICE
- Log Message
- Destination IP <ipaddr> has a low IP Reputation score (<reputation>) and is associated with botnets.
- Explanation
- The destination IP address has a low reputation and is associated with botnets. The dynamic blacklist will temporarily block
all communcation with that address.
- Firewall Action
- blacklist
- Recommended Action
- None
- Revision
- 2
- Parameters
- ipaddr
reputation
srcmac
destmac
- Context Parameters
- Rule Name
Packet Buffer
2.11.8. dos_src_detected (ID: 04600020)
- Default Severity
- NOTICE
- Log Message
- Source IP <ipaddr> has a low IP Reputation score (<reputation>) and is associated with Denial of Service attacks.
- Explanation
- The source IP address has a low reputation and is associated with Denial of Service attacks. The dynamic blacklist will temporarily
block all traffic from that address.
- Firewall Action
- blacklist
- Recommended Action
- None
- Revision
- 2
- Parameters
- ipaddr
reputation
srcmac
destmac
- Context Parameters
- Rule Name
Packet Buffer
2.11.9. disallowed_src_geo_detected (ID: 04600021)
- Default Severity
- NOTICE
- Log Message
- Source IP <ipaddr> originates from disallowed region <region>.
- Explanation
- The source IP address originates from a geographical region that is not allowed according to the configuration. The dynamic
blacklist will temporarily block all traffic from that address.
- Firewall Action
- blacklist
- Recommended Action
- None
- Revision
- 1
- Parameters
- ipaddr
region
- Context Parameters
- Rule Name
Packet Buffer
2.11.10. scanner_src_detected (ID: 04600030)
- Default Severity
- NOTICE
- Log Message
- Source IP <ipaddr> has a low IP Reputation score (<reputation>) and is associated with malicious scanner activity.
- Explanation
- The source IP address has a low reputation and is associated with malicious scanner activity. The dynamic blacklist will temporarily
block all traffic from that address.
- Firewall Action
- blacklist
- Recommended Action
- None
- Revision
- 2
- Parameters
- ipaddr
reputation
srcmac
destmac
- Context Parameters
- Rule Name
Packet Buffer
2.11.11. spam_src_detected (ID: 04600031)
- Default Severity
- NOTICE
- Log Message
- Source IP <ipaddr> has a low IP Reputation score (<reputation>) and is associated with malicious spam activity.
- Explanation
- The source IP address has a low reputation and is associated with malicious spam activity. The dynamic blacklist will temporarily
block all traffic from that address.
- Firewall Action
- blacklist
- Recommended Action
- None
- Revision
- 1
- Parameters
- ipaddr
reputation
srcmac
destmac
- Context Parameters
- Rule Name
Packet Buffer
2.11.12. phishing_src_detected (ID: 04600032)
- Default Severity
- NOTICE
- Log Message
- Source IP <ipaddr> has a low IP Reputation score (<reputation>) and is associated with malicious phishing activity.
- Explanation
- The source IP address has a low reputation and is associated with malicious phishing activity. The dynamic blacklist will
temporarily block all traffic from that address.
- Firewall Action
- blacklist
- Recommended Action
- None
- Revision
- 1
- Parameters
- ipaddr
reputation
srcmac
destmac
- Context Parameters
- Rule Name
Packet Buffer
2.11.13. malformed_request (ID: 04600040)
- Default Severity
- WARNING
- Log Message
- Malformed request sent to the blacklist handler in REST API
- Explanation
- The request was malformed, parameter missing, out of range or too long.
- Firewall Action
- None
- Recommended Action
- Review request data against documention.
- Revision
- 1
cOS Core 15.00.01 Log Reference Guide
