cOS Core 14.00.06 Log Reference Guide


Table of Contents

1. Introduction
1.1. Notation and Conventions
1.2. Log Message Structure
1.3. Context Parameters
1.4. Severity levels
2. Log Message Reference
2.1. ALG
2.1.1. alg_session_open (ID: 00200001)
2.1.2. alg_session_closed (ID: 00200002)
2.1.3. max_line_length_exceeded (ID: 00200003)
2.1.4. alg_session_allocation_failure (ID: 00200009)
2.1.5. invalid_client_http_header_received (ID: 00200100)
2.1.6. invalid_url_format (ID: 00200101)
2.1.7. allow_unknown_protocol (ID: 00200102)
2.1.8. allow_unknown_protocol (ID: 00200103)
2.1.9. wcf_srv_connection_error (ID: 00200104)
2.1.10. unknown_client_data_received (ID: 00200105)
2.1.11. suspicious_data_received (ID: 00200106)
2.1.12. invalid_chunked_encoding (ID: 00200107)
2.1.13. invalid_server_http_header_received (ID: 00200108)
2.1.14. compressed_data_received (ID: 00200109)
2.1.15. max_http_sessions_reached (ID: 00200110)
2.1.16. failed_create_new_session (ID: 00200111)
2.1.17. failure_connect_http_server (ID: 00200112)
2.1.18. content_type_mismatch (ID: 00200113)
2.1.19. wcf_override_full (ID: 00200114)
2.1.20. no_valid_license (ID: 00200115)
2.1.21. max_download_size_reached (ID: 00200116)
2.1.22. blocked_filetype (ID: 00200117)
2.1.23. out_of_memory (ID: 00200118)
2.1.24. wcf_servers_unreachable (ID: 00200119)
2.1.25. wcf_srv_connection_error (ID: 00200120)
2.1.26. wcf_server_unreachable (ID: 00200121)
2.1.27. wcf_connecting (ID: 00200122)
2.1.28. wcf_server_connected (ID: 00200123)
2.1.29. wcf_primary_fallback (ID: 00200124)
2.1.30. request_url (ID: 00200125)
2.1.31. request_url (ID: 00200126)
2.1.32. wcf_server_auth_failed (ID: 00200127)
2.1.33. wcf_server_bad_reply (ID: 00200128)
2.1.34. request_url (ID: 00200129)
2.1.35. out_of_memory (ID: 00200130)
2.1.36. wcf_bad_sync (ID: 00200131)
2.1.37. restricted_site_notice (ID: 00200132)
2.1.38. url_reclassification_request (ID: 00200133)
2.1.39. wcf_server_disconnected (ID: 00200134)
2.1.40. request_url (ID: 00200135)
2.1.41. request_url (ID: 00200136)
2.1.42. request_url (ID: 00200137)
2.1.43. restricted_site_notice (ID: 00200138)
2.1.44. url_reclassification_request (ID: 00200139)
2.1.45. wcf_mem_optimized (ID: 00200140)
2.1.46. out_of_memory (ID: 00200141)
2.1.47. wcf_performance_notice (ID: 00200142)
2.1.48. wcf_server_timeout (ID: 00200143)
2.1.49. invalid_http_syntax (ID: 00200144)
2.1.50. intercept_page_failed (ID: 00200145)
2.1.51. disallowed_user_agent (ID: 00200146)
2.1.52. http_pipeline_full (ID: 00200147)
2.1.53. protocol_upgrade_denied (ID: 00200148)
2.1.54. protocol_upgrade (ID: 00200149)
2.1.55. max_smtp_sessions_reached (ID: 00200150)
2.1.56. maximum_email_per_minute_reached (ID: 00200151)
2.1.57. failed_create_new_session (ID: 00200152)
2.1.58. failed_connect_smtp_server (ID: 00200153)
2.1.59. invalid_server_response (ID: 00200155)
2.1.60. sender_email_id_mismatched (ID: 00200156)
2.1.61. sender_email_id_mismatched (ID: 00200157)
2.1.62. sender_email_id_is_in_blacklist (ID: 00200158)
2.1.63. recipient_email_id_in_blacklist (ID: 00200159)
2.1.64. some_recipient_email_ids_are_in_blocklist (ID: 00200160)
2.1.65. base64_decode_failed (ID: 00200164)
2.1.66. base64_decode_failed (ID: 00200165)
2.1.67. blocked_filetype (ID: 00200166)
2.1.68. content_type_mismatch (ID: 00200167)
2.1.69. max_email_size_reached (ID: 00200170)
2.1.70. content_type_mismatch_mimecheck_disabled (ID: 00200171)
2.1.71. all_recipient_email_ids_are_in_blocklist (ID: 00200172)
2.1.72. out_of_memory (ID: 00200175)
2.1.73. invalid_end_of_mail (ID: 00200176)
2.1.74. dnsbl_init_error (ID: 00200177)
2.1.75. cmd_too_long (ID: 00200179)
2.1.76. failed_send_reply_code (ID: 00200181)
2.1.77. smtp_no_header (ID: 00200184)
2.1.78. unsupported_extension (ID: 00200185)
2.1.79. cmd_pipelined (ID: 00200186)
2.1.80. smtp_state_violation (ID: 00200190)
2.1.81. sender_email_dnsbl_spam_mark_removed_by_whitelist (ID: 00200195)
2.1.82. request_url_redirected (ID: 00200200)
2.1.83. illegal_data_direction (ID: 00200202)
2.1.84. hybrid_data (ID: 00200206)
2.1.85. hybrid_data (ID: 00200209)
2.1.86. illegal_chars (ID: 00200210)
2.1.87. control_chars (ID: 00200211)
2.1.88. illegal_command (ID: 00200212)
2.1.89. illegal_command (ID: 00200213)
2.1.90. port_command_disabled (ID: 00200214)
2.1.91. illegal_command (ID: 00200215)
2.1.92. illegal_ip_address (ID: 00200216)
2.1.93. illegal_port_number (ID: 00200217)
2.1.94. failed_to_create_connection1 (ID: 00200218)
2.1.95. illegal_command (ID: 00200219)
2.1.96. illegal_direction1 (ID: 00200220)
2.1.97. illegal_direction2 (ID: 00200221)
2.1.98. illegal_option (ID: 00200222)
2.1.99. illegal_option (ID: 00200223)
2.1.100. unknown_option (ID: 00200224)
2.1.101. illegal_command (ID: 00200225)
2.1.102. unknown_command (ID: 00200226)
2.1.103. illegal_reply (ID: 00200228)
2.1.104. illegal_reply (ID: 00200230)
2.1.105. illegal_reply (ID: 00200231)
2.1.106. illegal_reply (ID: 00200232)
2.1.107. bad_port (ID: 00200233)
2.1.108. bad_ip (ID: 00200234)
2.1.109. failed_to_create_connection2 (ID: 00200235)
2.1.110. failed_to_create_server_data_connection (ID: 00200236)
2.1.111. failed_to_send_port (ID: 00200237)
2.1.112. failed_to_register_rawconn (ID: 00200238)
2.1.113. failed_to_merge_conns (ID: 00200239)
2.1.114. max_ftp_sessions_reached (ID: 00200241)
2.1.115. failed_create_new_session (ID: 00200242)
2.1.116. failure_connect_ftp_server (ID: 00200243)
2.1.117. content_type_mismatch (ID: 00200250)
2.1.118. failed_to_send_command (ID: 00200251)
2.1.119. resumed_compressed_file_transfer (ID: 00200252)
2.1.120. blocked_filetype (ID: 00200253)
2.1.121. resumed_compressed_file_transfer (ID: 00200254)
2.1.122. failed_to_send_response_code (ID: 00200255)
2.1.123. request_url_redirected (ID: 00200260)
2.1.124. redirect_page_failed (ID: 00200261)
2.1.125. illegal_command (ID: 00200267)
2.1.126. https_not_allowed (ID: 00200270)
2.1.127. http_not_allowed (ID: 00200271)
2.1.128. clienthello_server_name (ID: 00200272)
2.1.129. invalid_clienthello (ID: 00200273)
2.1.130. invalid_clienthello (ID: 00200274)
2.1.131. invalid_clienthello_server_name (ID: 00200275)
2.1.132. invalid_clienthello_server_name (ID: 00200276)
2.1.133. certificate_server_name (ID: 00200277)
2.1.134. invalid_certificate (ID: 00200278)
2.1.135. invalid_certificate (ID: 00200279)
2.1.136. blacklisted_url_blocked (ID: 00200280)
2.1.137. unknown_state (ID: 00200300)
2.1.138. invalid_message (ID: 00200301)
2.1.139. decode_failed (ID: 00200302)
2.1.140. encode_failed (ID: 00200303)
2.1.141. encode_failed (ID: 00200304)
2.1.142. encode_failed (ID: 00200305)
2.1.143. decode_failed (ID: 00200306)
2.1.144. encode_failed (ID: 00200307)
2.1.145. max_tcp_data_connections_exceeded (ID: 00200308)
2.1.146. max_connections_per_call_exceeded (ID: 00200309)
2.1.147. ignoring_channel (ID: 00200310)
2.1.148. com_mode_response_message_not_translated (ID: 00200311)
2.1.149. max_h323_session_reached (ID: 00200312)
2.1.150. failed_create_new_session (ID: 00200313)
2.1.151. max_h323_gk_sessions_reached (ID: 00200314)
2.1.152. failed_create_new_session (ID: 00200315)
2.1.153. failure_connect_h323_server (ID: 00200316)
2.1.154. com_mode_command_message_not_translated (ID: 00200317)
2.1.155. packet_failed_initial_test (ID: 00200350)
2.1.156. packet_failed_traversal_test (ID: 00200351)
2.1.157. command_not_allowed (ID: 00200353)
2.1.158. option_value_invalid (ID: 00200354)
2.1.159. option_value_invalid (ID: 00200355)
2.1.160. option_tsize_invalid (ID: 00200356)
2.1.161. unknown_option_blocked (ID: 00200357)
2.1.162. option_tsize_invalid (ID: 00200358)
2.1.163. unknown_option_blocked (ID: 00200359)
2.1.164. option_not_sent (ID: 00200360)
2.1.165. option_value_invalid (ID: 00200361)
2.1.166. option_value_invalid (ID: 00200362)
2.1.167. blksize_out_of_range (ID: 00200363)
2.1.168. max_tftp_sessions_reached (ID: 00200364)
2.1.169. failed_create_new_session (ID: 00200365)
2.1.170. invalid_packet_received (ID: 00200366)
2.1.171. failed_create_connection (ID: 00200367)
2.1.172. invalid_packet_received_reopen (ID: 00200368)
2.1.173. packet_out_of_sequence (ID: 00200369)
2.1.174. transfer_size_exceeded (ID: 00200370)
2.1.175. options_removed (ID: 00200371)
2.1.176. failed_strip_option (ID: 00200372)
2.1.177. failed_create_connection (ID: 00200373)
2.1.178. invalid_error_message_received (ID: 00200374)
2.1.179. max_pop3_sessions_reached (ID: 00200380)
2.1.180. failed_create_new_session (ID: 00200381)
2.1.181. failed_connect_pop3_server (ID: 00200382)
2.1.182. out_of_memory (ID: 00200383)
2.1.183. blocked_filetype (ID: 00200384)
2.1.184. response_blocked_unknown (ID: 00200385)
2.1.185. base64_decode_failed (ID: 00200386)
2.1.186. possible_invalid_mail_end (ID: 00200387)
2.1.187. command_blocked_invalid_len (ID: 00200388)
2.1.188. response_blocked_invalid_len (ID: 00200389)
2.1.189. content_type_mismatch (ID: 00200390)
2.1.190. content_type_mismatch_mimecheck_disabled (ID: 00200391)
2.1.191. command_blocked_invalid_argument (ID: 00200392)
2.1.192. command_blocked (ID: 00200393)
2.1.193. unknown_command_blocked (ID: 00200394)
2.1.194. unexpected_mail_end (ID: 00200396)
2.1.195. invalid_line_endings (ID: 00200397)
2.1.196. top_mail_end_blocked (ID: 00200398)
2.1.197. max_syslog_sessions_reached (ID: 00200400)
2.1.198. out_of_memory (ID: 00200401)
2.1.199. unauthenticated_syslog_detected (ID: 00200402)
2.1.200. reverse_syslog_data (ID: 00200403)
2.1.201. large_syslog_received (ID: 00200404)
2.1.202. prohibited_text_detected (ID: 00200405)
2.1.203. internal_buffer_error (ID: 00200406)
2.1.204. max_tls_sessions_reached (ID: 00200450)
2.1.205. failed_create_new_session (ID: 00200451)
2.1.206. failure_connect_http_server (ID: 00200452)
2.1.207. tls_alert_received (ID: 00200453)
2.1.208. tls_renegotiation_attempted (ID: 00200454)
2.1.209. tls_alert_sent (ID: 00200455)
2.1.210. ssl_renegotiation_attempted (ID: 00200457)
2.1.211. tls_disallowed_key_exchange (ID: 00200458)
2.1.212. tls_invalid_message (ID: 00200459)
2.1.213. tls_bad_message_order (ID: 00200460)
2.1.214. tls_no_shared_cipher_suites (ID: 00200461)
2.1.215. tls_out_of_memory (ID: 00200462)
2.1.216. tls_failed_to_verify_finished (ID: 00200463)
2.1.217. unknown_tls_error (ID: 00200464)
2.1.218. sdp_message_parsing_failed (ID: 00200501)
2.1.219. sdp_message_validation_failed (ID: 00200502)
2.1.220. sip_message_parsing_failed (ID: 00200503)
2.1.221. sip_message_validation_failed (ID: 00200504)
2.1.222. max_sessions_per_uri_reached (ID: 00200505)
2.1.223. registration_hijack_detected (ID: 00200506)
2.1.224. sip_signal_timeout (ID: 00200507)
2.1.225. sip_request_response_timeout (ID: 00200508)
2.1.226. registration_time_modified (ID: 00200509)
2.1.227. unsuccessful_registration (ID: 00200510)
2.1.228. unsuccessful_unregistration (ID: 00200511)
2.1.229. unsuccessful_search_in_registration_table (ID: 00200512)
2.1.230. sipalg_session_created (ID: 00200513)
2.1.231. failed_to_create_session (ID: 00200514)
2.1.232. failed_to_find_session (ID: 00200515)
2.1.233. sipalg_session_deleted (ID: 00200516)
2.1.234. sipalg_session_state_updated (ID: 00200517)
2.1.235. sipalg_transaction_created (ID: 00200520)
2.1.236. failed_to_create_new_transaction (ID: 00200521)
2.1.237. failed_to_find_transaction (ID: 00200522)
2.1.238. sipalg_transaction_deleted (ID: 00200523)
2.1.239. sipalg_transaction_state_updated (ID: 00200524)
2.1.240. no_route_found (ID: 00200526)
2.1.241. failed_to_get_free_port (ID: 00200527)
2.1.242. failed_to_find_role (ID: 00200528)
2.1.243. failed_to_update_port (ID: 00200529)
2.1.244. failed_to_update_contact (ID: 00200530)
2.1.245. failed_to_modify_sdp_message (ID: 00200531)
2.1.246. failed_to_modify_via (ID: 00200532)
2.1.247. failed_to_modify_from (ID: 00200533)
2.1.248. failed_to_modify_request_uri (ID: 00200534)
2.1.249. failed_to_modify_request (ID: 00200535)
2.1.250. method_not_supported (ID: 00200536)
2.1.251. general_error (ID: 00200537)
2.1.252. third_party_call_control (ID: 00200538)
2.1.253. out_of_memory (ID: 00200539)
2.1.254. null_sip_message_received (ID: 00200540)
2.1.255. user_registered (ID: 00200541)
2.1.256. user_unregistered (ID: 00200542)
2.1.257. dns_resolution_failed (ID: 00200545)
2.1.258. failed_to_modify_contact (ID: 00200547)
2.1.259. invalid_udp_packet (ID: 00200548)
2.1.260. failed_to_parse_media (ID: 00200549)
2.1.261. max_session_per_service_reached (ID: 00200550)
2.1.262. max_tsxn_per_session_reached (ID: 00200551)
2.1.263. invalid_transaction_state (ID: 00200552)
2.1.264. invalid_session_state (ID: 00200553)
2.1.265. sipalg_callleg_created (ID: 00200554)
2.1.266. failed_to_create_new_callleg (ID: 00200555)
2.1.267. failed_to_find_callleg (ID: 00200556)
2.1.268. failed_to_update_callleg (ID: 00200557)
2.1.269. sipalg_callleg_deleted (ID: 00200558)
2.1.270. failed_to_modify_response (ID: 00200559)
2.1.271. sipalg_callleg_state_updated (ID: 00200560)
2.1.272. failed_to_modify_sat_request (ID: 00200561)
2.1.273. max_pptp_sessions_reached (ID: 00200601)
2.1.274. failed_create_new_session (ID: 00200602)
2.1.275. failed_connect_pptp_server (ID: 00200603)
2.1.276. pptp_tunnel_established_client (ID: 00200604)
2.1.277. pptp_tunnel_removed_client (ID: 00200605)
2.1.278. pptp_tunnel_removed_server (ID: 00200606)
2.1.279. pptp_session_established (ID: 00200607)
2.1.280. pptp_session_removed (ID: 00200608)
2.1.281. pptp_malformed_packet (ID: 00200609)
2.1.282. pptp_tunnel_established_server (ID: 00200610)
2.1.283. max_imap_sessions_reached (ID: 00200650)
2.1.284. failed_create_new_session (ID: 00200651)
2.1.285. failed_connect_imap_server (ID: 00200652)
2.1.286. out_of_memory (ID: 00200656)
2.1.287. blocked_filetype (ID: 00200657)
2.1.288. base64_decode_failed (ID: 00200658)
2.1.289. command_blocked (ID: 00200659)
2.1.290. unknown_command_blocked (ID: 00200660)
2.1.291. command_invalid (ID: 00200661)
2.1.292. response_blocked_unknown (ID: 00200662)
2.1.293. content_type_mismatch (ID: 00200663)
2.1.294. plain_auth_blocked (ID: 00200664)
2.1.295. unknown_imap_syntax (ID: 00200665)
2.1.296. unknown_mail_syntax (ID: 00200666)
2.1.297. unknown_mail_body_syntax (ID: 00200667)
2.1.298. imap_session_statistics (ID: 00200670)
2.1.299. max_dnscontrol_session_reached (ID: 00200680)
2.1.300. failed_create_new_session (ID: 00200681)
2.1.301. failure_connect_dns_server (ID: 00200682)
2.1.302. dns_packet_rejected (ID: 00200683)
2.1.303. dns_transaction_opened (ID: 00200684)
2.1.304. dns_transaction_closed (ID: 00200685)
2.1.305. dns_resolving_address (ID: 00200690)
2.1.306. dns_resolved_address (ID: 00200692)
2.1.307. dns_resolved_address (ID: 00200693)
2.1.308. dns_policy_violation (ID: 00200694)
2.2. ANTISPAM
2.2.1. spam_found (ID: 05900001)
2.2.2. spam_found (ID: 05900002)
2.2.3. spam_found (ID: 05900003)
2.2.4. memory_allocation_failure (ID: 05900010)
2.2.5. domain_verification_timeout (ID: 05900020)
2.2.6. domain_verification_error (ID: 05900021)
2.2.7. link_protection_allocation_failure (ID: 05900030)
2.2.8. link_protection_timeout (ID: 05900031)
2.2.9. link_protection_wcf_error (ID: 05900032)
2.2.10. link_protection_no_license (ID: 05900033)
2.2.11. dnsbl_allocation_failure (ID: 05900040)
2.2.12. dnsbl_timeout (ID: 05900041)
2.2.13. dnsbl_error (ID: 05900042)
2.2.14. dcc_allocation_failure (ID: 05900050)
2.2.15. dcc_timeout (ID: 05900051)
2.2.16. dcc_query_error (ID: 05900052)
2.2.17. dcc_no_license (ID: 05900053)
2.2.18. recipient_email_changed_to_drop_address (ID: 05900196)
2.2.19. dnsbl_allocate_error (ID: 05900800)
2.2.20. dnsbl_ipcache_add (ID: 05900810)
2.2.21. dnsbl_ipcache_remove (ID: 05900811)
2.2.22. dnsbl_session_add (ID: 05900812)
2.2.23. dnsbl_session_error (ID: 05900813)
2.2.24. dnsbl_ipcache_add (ID: 05900814)
2.2.25. dnsbl_disabled (ID: 05900815)
2.2.26. dnsbl_active (ID: 05900816)
2.2.27. dnsbl_query_add (ID: 05900817)
2.2.28. dnsbl_blacklist_disable (ID: 05900818)
2.2.29. dnsbl_txtrecord_truncated (ID: 05900819)
2.2.30. dnsbl_record_truncated (ID: 05900820)
2.3. ANTIVIRUS
2.3.1. virus_found (ID: 05800001)
2.3.2. virus_found (ID: 05800002)
2.3.3. excluded_file (ID: 05800003)
2.3.4. decompression_failed (ID: 05800004)
2.3.5. decompression_failed (ID: 05800005)
2.3.6. compression_ratio_violation (ID: 05800007)
2.3.7. compression_ratio_violation (ID: 05800008)
2.3.8. out_of_memory (ID: 05800009)
2.3.9. out_of_memory (ID: 05800010)
2.3.10. virus_scan_failure (ID: 05800011)
2.3.11. virus_scan_failure (ID: 05800012)
2.3.12. no_valid_license (ID: 05800015)
2.3.13. av_signatures_missing (ID: 05800016)
2.3.14. general_engine_error (ID: 05800017)
2.3.15. out_of_memory (ID: 05800018)
2.3.16. virus_url_detected (ID: 05800020)
2.3.17. virus_url_detected (ID: 05800021)
2.3.18. decompression_failed_encrypted_file (ID: 05800024)
2.3.19. decompression_failed_encrypted_file (ID: 05800025)
2.3.20. out_of_memory (ID: 05800027)
2.3.21. max_archive_depth_exceeded (ID: 05800028)
2.3.22. max_archive_depth_exceeded (ID: 05800029)
2.3.23. unknown_encoding (ID: 05800182)
2.3.24. unknown_encoding (ID: 05800183)
2.3.25. unknown_encoding (ID: 05800184)
2.3.26. unknown_encoding (ID: 05800185)
2.3.27. unknown_encoding (ID: 05800654)
2.3.28. unknown_encoding (ID: 05800655)
2.4. APPCONTROL
2.4.1. application_identified (ID: 07200001)
2.4.2. application_identified (ID: 07200002)
2.4.3. application_end (ID: 07200003)
2.4.4. no_valid_license (ID: 07200004)
2.4.5. application_control_disabled (ID: 07200005)
2.4.6. application_control_disabled (ID: 07200006)
2.4.7. application_content (ID: 07200015)
2.4.8. application_content_allowed (ID: 07200016)
2.4.9. application_content_denied (ID: 07200017)
2.4.10. out_of_memory (ID: 07200018)
2.4.11. application_content_limit_reached (ID: 07200019)
2.5. ARP
2.5.1. unsolicited_reply_drop (ID: 00300001)
2.5.2. no_sender_ip (ID: 00300002)
2.5.3. no_sender_ip (ID: 00300003)
2.5.4. arp_response_broadcast (ID: 00300004)
2.5.5. arp_response_multicast (ID: 00300005)
2.5.6. mismatching_hwaddrs (ID: 00300006)
2.5.7. mismatching_hwaddrs_drop (ID: 00300007)
2.5.8. hwaddr_change (ID: 00300008)
2.5.9. arp_resolution_failed (ID: 00300009)
2.5.10. unsolicited_reply_accept (ID: 00300010)
2.5.11. arp_resolution_success (ID: 00300020)
2.5.12. arp_cache_size_limit_reached (ID: 00300030)
2.5.13. invalid_arp_sender_ip_address (ID: 00300049)
2.5.14. arp_access_allowed_expect (ID: 00300050)
2.5.15. impossible_hw_address (ID: 00300051)
2.5.16. arp_response_broadcast_drop (ID: 00300052)
2.5.17. arp_response_multicast_drop (ID: 00300053)
2.5.18. arp_collides_with_static (ID: 00300054)
2.5.19. hwaddr_change_drop (ID: 00300055)
2.6. AUTHAGENTS
2.6.1. authagent_connected (ID: 06500001)
2.6.2. authagent_disconnected (ID: 06500002)
2.6.3. authagent_internal_error (ID: 06500003)
2.6.4. authagent_rekeying_error (ID: 06500004)
2.6.5. authagent_protocol_mistmatch (ID: 06500005)
2.6.6. authagent_negotiation_error (ID: 06500006)
2.6.7. authagent_decryption_error (ID: 06500007)
2.6.8. authagent_challenge_error (ID: 06500008)
2.6.9. authagent_seqnumber_error (ID: 06500009)
2.6.10. authagent_adduser_error (ID: 06500010)
2.6.11. authagent_initial_error (ID: 06500011)
2.6.12. authagent_removeuser_error (ID: 06500012)
2.6.13. authagent_password_error (ID: 06500013)
2.6.14. authagent_user_login (ID: 06500014)
2.6.15. authagent_failed_session_update (ID: 06500015)
2.6.16. authagent_adduser_error (ID: 06500040)
2.6.17. authagent_removeuser_error (ID: 06500042)
2.7. AVSE
2.7.1. av_db_digital_signature (ID: 05100001)
2.8. AVUPDATE
2.8.1. av_db_update_failure (ID: 05000001)
2.8.2. av_database_downloaded (ID: 05000002)
2.8.3. av_db_already_up_to_date (ID: 05000003)
2.8.4. av_db_update_denied (ID: 05000004)
2.8.5. av_detects_invalid_system_time (ID: 05000005)
2.8.6. downloading_new_database (ID: 05000007)
2.8.7. unsynced_databases (ID: 05000008)
2.8.8. downloading_new_database (ID: 05000009)
2.9. BLACKLIST
2.9.1. failed_to_write_list_of_blocked_hosts_to_media (ID: 04600001)
2.9.2. unable_to_allocate_static_entry (ID: 04600002)
2.9.3. unable_to_allocate_host_entry (ID: 04600003)
2.9.4. host_unblacklisted (ID: 04600004)
2.9.5. host_blacklisted (ID: 04600006)
2.9.6. botnet_src_detected (ID: 04600010)
2.9.7. botnet_dst_detected (ID: 04600011)
2.9.8. dos_src_detected (ID: 04600020)
2.9.9. disallowed_src_geo_detected (ID: 04600021)
2.9.10. scanner_src_detected (ID: 04600030)
2.9.11. malformed_request (ID: 04600040)
2.10. BUFFERS
2.10.1. buffers_flooded (ID: 00500001)
2.10.2. buffers_profile (ID: 00500002)
2.11. CONN
2.11.1. conn_open (ID: 00600001)
2.11.2. conn_close (ID: 00600002)
2.11.3. connection_table_full (ID: 00600003)
2.11.4. conn_open_natsat (ID: 00600004)
2.11.5. conn_close_natsat (ID: 00600005)
2.11.6. out_of_connections (ID: 00600010)
2.11.7. out_of_connections (ID: 00600011)
2.11.8. no_new_conn_for_this_packet (ID: 00600012)
2.11.9. no_new_conn_for_this_packet (ID: 00600013)
2.11.10. no_return_route (ID: 00600014)
2.11.11. reverse_connect_attempt (ID: 00600015)
2.11.12. unknown_icmpv6_type (ID: 00600016)
2.11.13. port_0_illegal (ID: 00600020)
2.11.14. udp_src_port_0_illegal (ID: 00600021)
2.11.15. udp_src_port_0_forwarded (ID: 00600022)
2.11.16. conn_usage (ID: 00600023)
2.11.17. conn_close (ID: 00600032)
2.11.18. conn_close (ID: 00600033)
2.11.19. conn_close_natsat (ID: 00600035)
2.11.20. active_data (ID: 00600100)
2.11.21. passive_data (ID: 00600101)
2.11.22. active_data (ID: 00600102)
2.11.23. passive_data (ID: 00600103)
2.11.24. ip_reputation (ID: 00600120)
2.11.25. ip_reputation_query_failed (ID: 00600121)
2.11.26. ip_reputation_query_timeout (ID: 00600122)
2.11.27. conn_close_no_slb_server (ID: 00600123)
2.12. DEVICE
2.12.1. device_identified (ID: 08900001)
2.12.2. device_ident_failure (ID: 08900002)
2.12.3. device_service_failure (ID: 08900003)
2.12.4. device_identstart_failure (ID: 08900004)
2.12.5. device_recv_failure (ID: 08900005)
2.13. DHCP
2.13.1. offered_ip_occupied (ID: 00700001)
2.13.2. lease_changed (ID: 00700002)
2.13.3. lease_acquired (ID: 00700003)
2.13.4. renewed_lease (ID: 00700004)
2.13.5. lease_expired (ID: 00700005)
2.13.6. invalid_lease_time (ID: 00700007)
2.13.7. invalid_server_id (ID: 00700008)
2.13.8. invalid_netmask (ID: 00700009)
2.13.9. invalid_broadcast (ID: 00700010)
2.13.10. invalid_offered_ip (ID: 00700011)
2.13.11. invalid_gateway (ID: 00700012)
2.13.12. offered_broadcast_equals_gateway (ID: 00700013)
2.13.13. ip_collision (ID: 00700014)
2.13.14. route_collision (ID: 00700015)
2.14. DHCPRELAY
2.14.1. unable_to_save_dhcp_relay_list (ID: 00800001)
2.14.2. dhcp_relay_list_saved (ID: 00800002)
2.14.3. dhcp_pkt_too_small (ID: 00800003)
2.14.4. incorrect_bootp_dhcp_cookie (ID: 00800004)
2.14.5. maximum_ppm_for_relayer_reached (ID: 00800005)
2.14.6. relayer_resuming (ID: 00800006)
2.14.7. hop_limit_exceeded (ID: 00800007)
2.14.8. client_release (ID: 00800008)
2.14.9. got_reply_without_transaction_state (ID: 00800009)
2.14.10. maximum_dhcp_client_relay_routes_reached (ID: 00800010)
2.14.11. unable_to_add_relay_route_since_out_of_memory (ID: 00800011)
2.14.12. ignored_relay_request (ID: 00800012)
2.14.13. no_message_type (ID: 00800013)
2.14.14. bad_inform_pkt_with_mismatching_source_ip_and_client_ip (ID: 00800014)
2.14.15. received_relayed_inform_packet_without_client_ip (ID: 00800015)
2.14.16. maximum_current_dhcp_relays_for_iface (ID: 00800016)
2.14.17. dhcp_server_is_unroutable (ID: 00800017)
2.14.18. unable_to_get_free_transaction_state (ID: 00800018)
2.14.19. invalid_gateway (ID: 00800019)
2.14.20. relayed_request (ID: 00800020)
2.14.21. relayed_request (ID: 00800021)
2.14.22. got_reply_on_a_non_security_equivalent_interface (ID: 00800022)
2.14.23. assigned_ip_not_allowed (ID: 00800023)
2.14.24. illegal_client_ip_assignment (ID: 00800024)
2.14.25. ambiguous_host_route (ID: 00800025)
2.14.26. relayed_dhcp_reply (ID: 00800026)
2.14.27. relayed_bootp_reply (ID: 00800027)
2.14.28. relayed_dhcp_reply (ID: 00800028)
2.14.29. relayed_bootp_reply (ID: 00800029)
2.15. DHCPSERVER
2.15.1. unable_to_send_response (ID: 00900001)
2.15.2. option_section_is_too_big_unable_to_reply (ID: 00900002)
2.15.3. unable_to_save_lease_db (ID: 00900003)
2.15.4. lease_db_successfully_saved (ID: 00900004)
2.15.5. dhcp_packet_too_small (ID: 00900005)
2.15.6. request_for_ip_from_non_bound_client_without_state (ID: 00900006)
2.15.7. request_for_ip_from_bound_client_without_state (ID: 00900007)
2.15.8. request_for_ip_from_non_bound_client_without_state (ID: 00900008)
2.15.9. all_ip_pools_depleted (ID: 00900010)
2.15.10. request_with_bad_udp_checksum (ID: 00900011)
2.15.11. lease_timeout (ID: 00900012)
2.15.12. lease_timeout (ID: 00900013)
2.15.13. pool_depleted (ID: 00900014)
2.15.14. sending_offer (ID: 00900015)
2.15.15. pool_depleted (ID: 00900016)
2.15.16. request_for_non_offered_ip (ID: 00900017)
2.15.17. request_for_non_bound_ip (ID: 00900018)
2.15.18. client_bound (ID: 00900019)
2.15.19. client_renewed (ID: 00900020)
2.15.20. got_inform_request (ID: 00900021)
2.15.21. decline_for_ip_on_wrong_iface (ID: 00900022)
2.15.22. decline_for_non_offered_ip (ID: 00900023)
2.15.23. declined_by_client (ID: 00900024)
2.15.24. request_for_ip_from_bound_client_without_state (ID: 00900025)
2.15.25. release_for_ip_on_wrong_iface (ID: 00900026)
2.15.26. released_by_client (ID: 00900027)
2.16. DHCPV6CLIENT
2.16.1. offered_ip_occupied (ID: 07300001)
2.16.2. lease_acquired (ID: 07300003)
2.16.3. renewed_lease (ID: 07300004)
2.16.4. lease_expired (ID: 07300005)
2.16.5. adv_bad_status (ID: 07300006)
2.16.6. reply_bad_status (ID: 07300007)
2.16.7. bad_server_address (ID: 07300008)
2.16.8. bad_address_offered (ID: 07300009)
2.16.9. bad_timers (ID: 07300010)
2.16.10. low_life_time (ID: 07300011)
2.16.11. ip_collision (ID: 07300012)
2.17. DHCPV6SERVER
2.17.1. client_id_missing (ID: 07400001)
2.17.2. server_id_missing (ID: 07400002)
2.17.3. client_id_unexpected (ID: 07400003)
2.17.4. server_id_unexpected (ID: 07400004)
2.17.5. unable_to_send_response (ID: 07400005)
2.17.6. sending_reply (ID: 07400006)
2.17.7. sending_reply (ID: 07400007)
2.17.8. client_renewed (ID: 07400008)
2.17.9. client_rebound (ID: 07400009)
2.17.10. lease_timeout (ID: 07400010)
2.17.11. pool_depleted (ID: 07400011)
2.17.12. bad_udp_checksum (ID: 07400012)
2.17.13. dhcpv6_packet_too_small (ID: 07400013)
2.17.14. dhcpv6_faulty_length (ID: 07400014)
2.17.15. invalid_options_length (ID: 07400015)
2.17.16. lease_db_successfully_saved (ID: 07400016)
2.17.17. unable_to_save_lease_db (ID: 07400017)
2.17.18. unexpected_advertise_message (ID: 07400018)
2.17.19. unexpected_reply_message (ID: 07400019)
2.17.20. unexpected_reconfigure_message (ID: 07400020)
2.17.21. unexpected_relay_reply_message (ID: 07400021)
2.17.22. unexpected_unknown_message (ID: 07400022)
2.18. DNSCACHE
2.18.1. ipv6_max_addresses (ID: 08000001)
2.18.2. ipv4_max_addresses (ID: 08000002)
2.18.3. update_matched_wfqdn (ID: 08000003)
2.18.4. dns_cache_freeip4entry (ID: 08000004)
2.19. DOWNLOAD
2.19.1. download_verification_error (ID: 08300001)
2.19.2. download_failed (ID: 08300002)
2.19.3. download_start_failure (ID: 08300003)
2.19.4. download_resumed (ID: 08300004)
2.19.5. download_skipped (ID: 08300005)
2.20. DYNROUTING
2.20.1. failed_to_export_route_to_ospf_process_failed_to_alloc (ID: 01100001)
2.20.2. route_exported_to_ospf_as (ID: 01100002)
2.20.3. route_unexported_from_ospf_as (ID: 01100003)
2.20.4. failed_to_add_route_unable_to_alloc (ID: 01100004)
2.20.5. route_added (ID: 01100005)
2.20.6. route_removed (ID: 01100006)
2.21. FRAG
2.21.1. individual_frag_timeout (ID: 02000001)
2.21.2. fragact_contains_frags (ID: 02000002)
2.21.3. fail_suspect_out_of_resources (ID: 02000003)
2.21.4. fail_out_of_resources (ID: 02000004)
2.21.5. fail_suspect_timeout (ID: 02000005)
2.21.6. fail_timeout (ID: 02000006)
2.21.7. disallowed_suspect (ID: 02000007)
2.21.8. drop_frags_of_disallowed_packet (ID: 02000008)
2.21.9. drop_frags_of_illegal_packet (ID: 02000009)
2.21.10. drop_extraneous_frags_of_completed_packet (ID: 02000010)
2.21.11. learn_state (ID: 02000011)
2.21.12. drop_duplicate_frag_suspect_packet (ID: 02000012)
2.21.13. drop_duplicate_frag (ID: 02000013)
2.21.14. frag_offset_plus_length_not_in_range (ID: 02000014)
2.21.15. no_available_fragacts (ID: 02000015)
2.21.16. bad_ipdatalen (ID: 02000016)
2.21.17. bad_ipdatalen (ID: 02000017)
2.21.18. overlapping_frag (ID: 02000018)
2.21.19. bad_offs (ID: 02000019)
2.21.20. duplicate_frag_with_different_length (ID: 02000020)
2.21.21. duplicate_frag_with_different_data (ID: 02000021)
2.21.22. partial_overlap (ID: 02000022)
2.21.23. drop_frag_disallowed_suspect_packet (ID: 02000023)
2.21.24. drop_frag_disallowed_packet (ID: 02000024)
2.21.25. already_completed (ID: 02000025)
2.21.26. drop_frag_failed_suspect_packet (ID: 02000026)
2.21.27. drop_frag_failed_packet (ID: 02000027)
2.21.28. drop_frag_illegal_packet (ID: 02000028)
2.21.29. fragments_available_freeing (ID: 02000100)
2.21.30. bad_ipdatalen (ID: 02000116)
2.21.31. single_frag (ID: 02000117)
2.21.32. bad_offs (ID: 02000119)
2.22. GEOIP
2.22.1. database_load_failed (ID: 08100001)
2.22.2. database_load_failed (ID: 08100002)
2.23. GRE
2.23.1. failed_to_setup_gre_tunnel (ID: 02200001)
2.23.2. gre_bad_flags (ID: 02200002)
2.23.3. gre_bad_version (ID: 02200003)
2.23.4. gre_checksum_error (ID: 02200004)
2.23.5. gre_length_error (ID: 02200005)
2.23.6. gre_send_routing_loop_detected (ID: 02200006)
2.23.7. unmatched_session_key (ID: 02200007)
2.23.8. gre_routing_flag_set (ID: 02200008)
2.24. HA
2.24.1. peer_gone (ID: 01200001)
2.24.2. peer_gone (ID: 01200002)
2.24.3. conflict_both_peers_active (ID: 01200003)
2.24.4. peer_has_higher_local_load (ID: 01200004)
2.24.5. peer_has_lower_local_load (ID: 01200005)
2.24.6. peer_has_more_connections (ID: 01200006)
2.24.7. peer_has_fewer_connections (ID: 01200007)
2.24.8. conflict_both_peers_inactive (ID: 01200008)
2.24.9. peer_has_more_connections (ID: 01200009)
2.24.10. peer_has_fewer_connections (ID: 01200010)
2.24.11. peer_alive (ID: 01200011)
2.24.12. heartbeat_from_unknown (ID: 01200043)
2.24.13. should_have_arrived_on_sync_iface (ID: 01200044)
2.24.14. activate_failed (ID: 01200050)
2.24.15. merge_failed (ID: 01200051)
2.24.16. ha_commit_error (ID: 01200052)
2.24.17. ha_write_failed (ID: 01200053)
2.24.18. ha_commit_unknown_error (ID: 01200054)
2.24.19. linkmon_triggered_failover (ID: 01200055)
2.24.20. resync_conns_to_peer (ID: 01200100)
2.24.21. hasync_connection_established (ID: 01200200)
2.24.22. hasync_connection_disconnected_lifetime_expired (ID: 01200201)
2.24.23. hasync_connection_failed_timeout (ID: 01200202)
2.24.24. resync_conns_to_peer_complete (ID: 01200300)
2.24.25. disallowed_on_sync_iface (ID: 01200400)
2.24.26. sync_packet_on_nonsync_iface (ID: 01200410)
2.24.27. ttl_too_low (ID: 01200411)
2.24.28. heartbeat_from_myself (ID: 01200412)
2.24.29. config_sync_failure (ID: 01200500)
2.24.30. both_active (ID: 01200616)
2.24.31. both_inactive (ID: 01200617)
2.24.32. going_online (ID: 01200618)
2.25. HWM
2.25.1. temperature_alarm (ID: 04000011)
2.25.2. temperature_normal (ID: 04000012)
2.25.3. voltage_alarm (ID: 04000021)
2.25.4. voltage_normal (ID: 04000022)
2.25.5. fanrpm_alarm (ID: 04000031)
2.25.6. fanrpm_normal (ID: 04000032)
2.25.7. gpio_alarm (ID: 04000041)
2.25.8. gpio_normal (ID: 04000042)
2.25.9. current_alarm (ID: 04000051)
2.25.10. current_normal (ID: 04000052)
2.25.11. power_alarm (ID: 04000061)
2.25.12. power_normal (ID: 04000062)
2.25.13. free_memory_warning_level (ID: 04000101)
2.25.14. free_memory_warning_level (ID: 04000102)
2.25.15. free_memory_normal_level (ID: 04000103)
2.26. IDP
2.26.1. scan_detected (ID: 01300001)
2.26.2. idp_notice (ID: 01300002)
2.26.3. intrusion_detected (ID: 01300003)
2.26.4. virus_detected (ID: 01300004)
2.26.5. scan_detected (ID: 01300005)
2.26.6. idp_notice (ID: 01300006)
2.26.7. intrusion_detected (ID: 01300007)
2.26.8. virus_detected (ID: 01300008)
2.26.9. invalid_url_format (ID: 01300009)
2.26.10. invalid_url_format (ID: 01300010)
2.26.11. idp_evasion (ID: 01300011)
2.26.12. idp_evasion (ID: 01300012)
2.26.13. idp_outofmem (ID: 01300013)
2.26.14. idp_outofmem (ID: 01300014)
2.26.15. idp_failscan (ID: 01300015)
2.26.16. idp_failscan (ID: 01300016)
2.26.17. no_valid_license_or_no_signature_file (ID: 01300017)
2.27. IDPPIPES
2.27.1. conn_idp_piped (ID: 06100001)
2.27.2. host_idp_piped (ID: 06100002)
2.27.3. out_of_memory (ID: 06100003)
2.27.4. idp_piped_state_replaced (ID: 06100004)
2.27.5. idp_piped_state_expire (ID: 06100005)
2.27.6. conn_idp_unpiped (ID: 06100006)
2.27.7. conn_idp_piped (ID: 06100007)
2.28. IDPUPDATE
2.28.1. idp_db_update_failure (ID: 01400001)
2.28.2. idp_database_downloaded (ID: 01400002)
2.28.3. idp_db_already_up_to_date (ID: 01400003)
2.28.4. idp_db_update_denied (ID: 01400004)
2.28.5. idp_detects_invalid_system_time (ID: 01400005)
2.28.6. downloading_new_database (ID: 01400007)
2.28.7. unsynced_databases (ID: 01400009)
2.28.8. sigfile_parser_error (ID: 01400018)
2.29. IFACEMON
2.29.1. ifacemon_status_bad_rereport (ID: 03900001)
2.29.2. ifacemon_status_bad (ID: 03900003)
2.29.3. ifacemon_status_bad (ID: 03900004)
2.29.4. ifacemon_attach_failed (ID: 03900005)
2.30. IGMP
2.30.1. querier_election_won (ID: 04200001)
2.30.2. querier_election_lost (ID: 04200002)
2.30.3. invalid_dest_ip_address (ID: 04200003)
2.30.4. invalid_destination_ethernet_address (ID: 04200004)
2.30.5. failed_restarting_igmp_conn (ID: 04200006)
2.30.6. invalid_size_query_packet (ID: 04200007)
2.30.7. invalid_query_group_address (ID: 04200008)
2.30.8. igmp_query_dropped (ID: 04200009)
2.30.9. igmp_query_received (ID: 04200010)
2.30.10. bad_src (ID: 04200011)
2.30.11. igmp_report_received (ID: 04200012)
2.30.12. packet_includes_aux_data (ID: 04200013)
2.30.13. invalid_size_report_packet (ID: 04200014)
2.30.14. bad_grp (ID: 04200015)
2.30.15. invalid_report_grp_record (ID: 04200016)
2.30.16. igmp_report_dropped (ID: 04200017)
2.30.17. igmp_ruleset_rejects_report (ID: 04200018)
2.30.18. bad_inet (ID: 04200019)
2.30.19. max_global_requests_per_second_reached (ID: 04200020)
2.30.20. max_if_requests_per_second_reached (ID: 04200021)
2.30.21. disallowed_igmp_version (ID: 04200022)
2.30.22. received_unknown_igmp_type (ID: 04200023)
2.30.23. older_querier_present (ID: 04200024)
2.30.24. older_querier_gone (ID: 04200025)
2.31. IP6IN4
2.31.1. failed_to_setup_6in4_tunnel (ID: 07800001)
2.31.2. 6in4_resolve_successful (ID: 07800002)
2.31.3. 6in4_resolve_failed (ID: 07800003)
2.31.4. 6in4_invalid_sender_encap (ID: 07800004)
2.31.5. 6in4_length_error (ID: 07800005)
2.31.6. 6in4_send_routing_loop_detected (ID: 07800006)
2.31.7. 6in4_invalid_sender_decap (ID: 07800007)
2.32. IPPOOL
2.32.1. no_offer_received (ID: 01900001)
2.32.2. no_valid_dhcp_offer_received (ID: 01900002)
2.32.3. too_many_dhcp_offers_received (ID: 01900003)
2.32.4. lease_disallowed_by_lease_filter (ID: 01900004)
2.32.5. lease_disallowed_by_server_filter (ID: 01900005)
2.32.6. lease_have_bad_dhcp_server (ID: 01900006)
2.32.7. lease_have_bad_netmask (ID: 01900007)
2.32.8. lease_have_bad_offered_broadcast (ID: 01900008)
2.32.9. lease_have_bad_offered_ip (ID: 01900009)
2.32.10. lease_have_bad_gateway_ip (ID: 01900010)
2.32.11. lease_ip_is_already_occupied (ID: 01900011)
2.32.12. lease_rejected_by_server (ID: 01900012)
2.32.13. ip_offer_already_exist_in_the_pool (ID: 01900013)
2.32.14. pool_reached_max_dhcp_clients (ID: 01900014)
2.32.15. macrange_depleted (ID: 01900015)
2.32.16. ip_fetched_pool (ID: 01900016)
2.32.17. ip_returned_to_pool (ID: 01900017)
2.33. IPREPUTATION
2.33.1. ipreputation_started (ID: 08200001)
2.33.2. ipreputation_db_update (ID: 08200002)
2.33.3. ipreputation_db_partial (ID: 08200003)
2.33.4. ipreputation_resumed_update (ID: 08200004)
2.33.5. ipreputation_server_connect (ID: 08200005)
2.33.6. ipreputation_no_db (ID: 08200006)
2.33.7. ipreputation_db_failopen (ID: 08200007)
2.33.8. ipreputation_update_failed (ID: 08200008)
2.33.9. ipreputation_server_noconnect (ID: 08200009)
2.33.10. ipreputation_novalid_license (ID: 08200010)
2.33.11. ipreputation_trial_license (ID: 08200011)
2.33.12. ipreputation_database_loaded (ID: 08200012)
2.33.13. ipreputation_partupdate_failed (ID: 08200013)
2.33.14. ipreputation_query_timeout (ID: 08200014)
2.33.15. ipreputation_server_disconnect (ID: 08200015)
2.33.16. ipreputation_server_reply_error (ID: 08200016)
2.33.17. ipreputation_server_unreachable (ID: 08200017)
2.33.18. ipreputation_server_fallback (ID: 08200018)
2.33.19. ipreputation_update_error (ID: 08200019)
2.33.20. ipreputation_servers_unreachable (ID: 08200020)
2.33.21. ipreputation_stopped (ID: 08200021)
2.33.22. ipreputation_full_download_failed (ID: 08200022)
2.33.23. ipreputation_partial_download_failed (ID: 08200023)
2.34. IPSEC
2.34.1. fatal_ipsec_event (ID: 01800100)
2.34.2. warning_ipsec_event (ID: 01800101)
2.34.3. audit_event (ID: 01800103)
2.34.4. audit_flood (ID: 01800104)
2.34.5. ike_delete_notification (ID: 01800105)
2.34.6. ike_invalid_payload (ID: 01800106)
2.34.7. ike_invalid_proposal (ID: 01800107)
2.34.8. ike_retry_limit_reached (ID: 01800108)
2.34.9. ike_quickmode_failed (ID: 01800109)
2.34.10. packet_corrupt (ID: 01800110)
2.34.11. icv_failure (ID: 01800111)
2.34.12. sequence_number_failure (ID: 01800112)
2.34.13. sa_lookup_failure (ID: 01800113)
2.34.14. ip_fragment (ID: 01800114)
2.34.15. sequence_number_overflow (ID: 01800115)
2.34.16. bad_padding (ID: 01800116)
2.34.17. hardware_accelerator_congested (ID: 01800117)
2.34.18. hardware_acceleration_failure (ID: 01800118)
2.34.19. ip_validation_failure (ID: 01800119)
2.34.20. commit_failed (ID: 01800200)
2.34.21. commit_succeeded (ID: 01800201)
2.34.22. x509_init_failed (ID: 01800203)
2.34.23. pm_create_failed (ID: 01800204)
2.34.24. failed_to_start_ipsec (ID: 01800205)
2.34.25. failed_to_start_ipsec (ID: 01800206)
2.34.26. failed_create_audit_module (ID: 01800207)
2.34.27. failed_attach_audit_module (ID: 01800208)
2.34.28. failed_to_configure_IPsec (ID: 01800209)
2.34.29. failed_to_configure_IPsec (ID: 01800210)
2.34.30. reconfig_IPsec (ID: 01800211)
2.34.31. failed_to_reconfig_ipsec (ID: 01800212)
2.34.32. IPsec_init_failed (ID: 01800213)
2.34.33. ipsec_started_successfully (ID: 01800214)
2.34.34. Failed_to_set_local_ID (ID: 01800301)
2.34.35. Failed_to_add_certificate (ID: 01800302)
2.34.36. Default_IKE_DH_groups_will_be_used (ID: 01800303)
2.34.37. failed_to_set_algorithm_properties (ID: 01800304)
2.34.38. failed_to_add_root_certificate (ID: 01800306)
2.34.39. dns_resolve_failed (ID: 01800308)
2.34.40. dns_resolve_timeout (ID: 01800309)
2.34.41. dns_no_record (ID: 01800311)
2.34.42. remote_endpoint_ip_added (ID: 01800313)
2.34.43. failed_to_add_rules (ID: 01800314)
2.34.44. no_policymanager (ID: 01800316)
2.34.45. peer_is_dead (ID: 01800317)
2.34.46. failed_to_set_dpd_cb (ID: 01800318)
2.34.47. failed_to_add_certificate (ID: 01800319)
2.34.48. failed_to_remove_key_provider (ID: 01800320)
2.34.49. failed_to_add_key_provider (ID: 01800321)
2.34.50. failed_to_add_certificate (ID: 01800322)
2.34.51. remote_endpoint_ip_removed (ID: 01800327)
2.34.52. Failed_to_set_Remote_ID (ID: 01800332)
2.34.53. failed_to_set_certificate_trust (ID: 01800342)
2.34.54. failed_to_set_crl_distribution_points (ID: 01800343)
2.34.55. dns_cache_removed (ID: 01800344)
2.34.56. ippool_does_not_exist (ID: 01800400)
2.34.57. cfgmode_ip_allocated (ID: 01800401)
2.34.58. cfgmode_ip_freed_by_ippool (ID: 01800402)
2.34.59. cfgmode_ip_freed_by_ike (ID: 01800403)
2.34.60. cfgmode_no_context (ID: 01800404)
2.34.61. cfgmode_no_ip_fetched (ID: 01800405)
2.34.62. cfgmode_no_ip_data_acquired (ID: 01800406)
2.34.63. cfgmode_failed_to_add_ip (ID: 01800407)
2.34.64. recieved_packet_to_disabled_IPsec (ID: 01800500)
2.34.65. recieved_packet_to_disabled_IPsec (ID: 01800501)
2.34.66. Recieved_plaintext_packet_for_disabled_IPsec_interface (ID: 01800502)
2.34.67. no_remote_gateway (ID: 01800503)
2.34.68. no_route (ID: 01800504)
2.34.69. ipsec_interface_disabled (ID: 01800506)
2.34.70. no_route (ID: 01800507)
2.34.71. no_userauth_specified_for_eap (ID: 01800600)
2.34.72. no_radius_server_configured_for_eap (ID: 01800601)
2.34.73. insufficient_resources_for_eap (ID: 01800602)
2.34.74. unknown_type_of_eap (ID: 01800603)
2.34.75. unknown_eap_status (ID: 01800604)
2.34.76. eap_but_not_passthrough (ID: 01800605)
2.34.77. eap_not_supported (ID: 01800606)
2.34.78. can_not_add_eap_auth_type (ID: 01800607)
2.34.79. eap_disabled (ID: 01800608)
2.34.80. no_eap_identity (ID: 01800609)
2.34.81. eap_disabled (ID: 01800610)
2.34.82. no_eapstate (ID: 01800611)
2.34.83. IDi_used_as_eap_id (ID: 01800612)
2.34.84. no_eap_identity (ID: 01800613)
2.34.85. no_userauth_specified_for_xauth (ID: 01800614)
2.34.86. attach_of_eap_radius_server_failed (ID: 01800630)
2.34.87. no_eap_identity_or_radius_username (ID: 01800631)
2.34.88. radius_timeout (ID: 01800633)
2.34.89. radius_reject (ID: 01800634)
2.34.90. radius_access_accept (ID: 01800635)
2.34.91. outofmem_forward_eap_packet (ID: 01800636)
2.34.92. eap_packet_discarded (ID: 01800637)
2.34.93. outofmem_forward_eap_packet (ID: 01800638)
2.34.94. outofmem_forward_eap_packet (ID: 01800639)
2.34.95. failed_to_send_eap_id_response_to_radius (ID: 01800640)
2.34.96. no_imsi (ID: 01800641)
2.34.97. maximum_allowed_tunnels_limit_reached (ID: 01800900)
2.34.98. ipsec_sa_destroy_peer_imsi (ID: 01800902)
2.34.99. ipsec_sa_peer_imsi (ID: 01800903)
2.34.100. ike_sa_rekeyed (ID: 01800905)
2.34.101. ike_sa_deleted (ID: 01800906)
2.34.102. ipsec_sa_created (ID: 01800907)
2.34.103. ipsec_sa_rekeyed (ID: 01800908)
2.34.104. ipsec_sa_deleted (ID: 01800909)
2.34.105. ipsec_sa_keys (ID: 01800910)
2.34.106. out_of_memory (ID: 01801100)
2.34.107. out_of_memory (ID: 01801101)
2.34.108. out_of_memory (ID: 01801102)
2.34.109. connected (ID: 01801104)
2.34.110. disconnected (ID: 01801105)
2.34.111. send_to_closed_scip_connection (ID: 01801106)
2.34.112. send_failed_no_free_socket (ID: 01801107)
2.34.113. trigger_non_ip_packet (ID: 01802001)
2.34.114. rule_not_active (ID: 01802002)
2.34.115. malformed_packet (ID: 01802003)
2.34.116. max_ipsec_sa_negotiations_reached (ID: 01802004)
2.34.117. run_out_of_ike_sa (ID: 01802010)
2.34.118. PSK_length_invalid (ID: 01802012)
2.34.119. ike_sa_rekey_failed (ID: 01802020)
2.34.120. ike_sa_statistics (ID: 01802021)
2.34.121. ike_sa_failed (ID: 01802022)
2.34.122. ike_sa_statistics (ID: 01802023)
2.34.123. ipsec_sa_failed (ID: 01802049)
2.34.124. nat_mapping_changed_ike (ID: 01802050)
2.34.125. nat_mapping_change_not_allowed (ID: 01802051)
2.34.126. ipsec_sa_negotiation_aborted (ID: 01802060)
2.34.127. could_not_narrow_traffic_selectors (ID: 01802061)
2.34.128. failed_to_narrow_traffic_selectors (ID: 01802062)
2.34.129. malformed_remote_id_configured (ID: 01802070)
2.34.130. malformed_psk_configured (ID: 01802071)
2.34.131. nat_mapping_changed_ipsec (ID: 01802080)
2.34.132. no_authentication_method_specified (ID: 01802100)
2.34.133. invalid_authentication_algorithm_configured (ID: 01802101)
2.34.134. no_key_method_configured_for tunnel (ID: 01802102)
2.34.135. invalid_configuration_of_force_open (ID: 01802103)
2.34.136. invalid_configuration_of_force_open (ID: 01802104)
2.34.137. invalid_rule_setting (ID: 01802105)
2.34.138. invalid_rule_setting (ID: 01802107)
2.34.139. max_number_of_policy_rules_reached (ID: 01802110)
2.34.140. input_traffic_selector_corrupt (ID: 01802111)
2.34.141. input_traffic_selector_corrupt (ID: 01802112)
2.34.142. invalid_traffic_selectors (ID: 01802113)
2.34.143. suspicious_outbound_rule (ID: 01802114)
2.34.144. failed_to_add_rule_to_engine (ID: 01802115)
2.34.145. no_algorithms_configured_for_tunnel (ID: 01802200)
2.34.146. no_encryption_algorithm_configured_for_tunnel (ID: 01802201)
2.34.147. esp_null-null_configuration (ID: 01802202)
2.34.148. no_authentication_algorithm_specified (ID: 01802203)
2.34.149. AH_not_supported (ID: 01802204)
2.34.150. invalid_cipher_keysize (ID: 01802205)
2.34.151. invalid_mac_keysize (ID: 01802206)
2.34.152. invalid_tunnel_configuration (ID: 01802207)
2.34.153. invalid_tunnel_configuration (ID: 01802208)
2.34.154. invalid_tunnel_configuration (ID: 01802209)
2.34.155. invalid_tunnel_configuration (ID: 01802210)
2.34.156. out_of_memory_for_tunnel (ID: 01802211)
2.34.157. out_of_memory_for_tunnel (ID: 01802212)
2.34.158. invalid_length_of_PSK_when_used_with_AES-XCBC_MAC (ID: 01802213)
2.34.159. invalid_key_size (ID: 01802214)
2.34.160. invalid_key_size (ID: 01802215)
2.34.161. invalid_key_size (ID: 01802216)
2.34.162. invalid_key_size (ID: 01802217)
2.34.163. invalid_cipher_keysize (ID: 01802218)
2.34.164. invalid_key_size (ID: 01802219)
2.34.165. invalid_cipher_keysize (ID: 01802220)
2.34.166. no_matching_tunnel_found (ID: 01802221)
2.34.167. no_tunnel_id_specified (ID: 01802222)
2.34.168. several_local_id_specified_for_tunnel (ID: 01802223)
2.34.169. several_local_id_specified_for_tunnel (ID: 01802224)
2.34.170. malformed_tunnel_id_configured (ID: 01802225)
2.34.171. several_secrets_specified_for_tunnel (ID: 01802226)
2.34.172. malformed_psk_configured (ID: 01802228)
2.34.173. max_ike_sa_reached (ID: 01802400)
2.34.174. max_ike_rekeys_reached (ID: 01802401)
2.34.175. max_phase1_sa_reached (ID: 01802402)
2.34.176. max_active_quickmode_negotiation_reached (ID: 01802403)
2.34.177. warning_level_active_ipsec_sas_reached (ID: 01802404)
2.34.178. warning_level_ike_sa_reached (ID: 01802405)
2.34.179. max_ipsec_sa_reached (ID: 01802406)
2.34.180. invalid_format_syslog_audit (ID: 01802500)
2.34.181. cannot_create_audit_file_context (ID: 01802501)
2.34.182. could_not_decode_certificate (ID: 01802600)
2.34.183. could_not_convert_certificate (ID: 01802601)
2.34.184. could_not_get_subject_nam_from_ca_cert (ID: 01802602)
2.34.185. could_not_set_cert_to_non_CRL_issuer (ID: 01802603)
2.34.186. could_not_force_cert_to_be_trusted (ID: 01802604)
2.34.187. could_not_trusted_set_for_cert (ID: 01802605)
2.34.188. could_not_insert_cert_to_db (ID: 01802606)
2.34.189. could_not_decode_certificate (ID: 01802607)
2.34.190. could_not_lock_certificate (ID: 01802608)
2.34.191. could_not_insert_cert_to_db (ID: 01802609)
2.34.192. could_not_decode_crl (ID: 01802610)
2.34.193. http_crl_failed (ID: 01802611)
2.34.194. Certificate_contains_bad_IP_address (ID: 01802705)
2.34.195. dn_name_as_subject_alt_name (ID: 01802706)
2.34.196. could_not_decode_certificate (ID: 01802707)
2.34.197. cfgmode_exchange_event (ID: 01802709)
2.34.198. remote_access_address (ID: 01802710)
2.34.199. remote_access_dns (ID: 01802711)
2.34.200. remote_access_wins (ID: 01802712)
2.34.201. remote_access_dhcp (ID: 01802713)
2.34.202. remote_access_subnets (ID: 01802714)
2.34.203. event_on_ike_sa (ID: 01802715)
2.34.204. ipsec_sa_selection_failed (ID: 01802717)
2.34.205. crl_search_failed (ID: 01802719)
2.34.206. outofmem_create_policy_manager (ID: 01802800)
2.34.207. ek_accelerator_disabled (ID: 01802801)
2.34.208. ek_accelerator_disabled (ID: 01802802)
2.34.209. outofmem_create_engine (ID: 01802901)
2.34.210. failed_init_fastpath (ID: 01802902)
2.34.211. init_rulelooklup_failed (ID: 01802903)
2.34.212. init_rule_looklup_failed (ID: 01802904)
2.34.213. init_rule_looklup_failed (ID: 01802905)
2.34.214. maximum_nr_of_ipsec_sa_per_ike_sa_reached (ID: 01803000)
2.34.215. ipsec_sa_per_ike_sa_limit_violated_too_many_times (ID: 01803001)
2.34.216. certificate_validation_check_failed (ID: 01803100)
2.34.217. certificate_validation_check_warning (ID: 01803101)
2.34.218. audit_event (ID: 01803200)
2.34.219. faild_to_link_ike_and_userauth (ID: 01803300)
2.34.220. faild_to_find_userauthobject_for_ipsec_sa (ID: 01803302)
2.34.221. modexp_accel_failed (ID: 01803400)
2.34.222. eap_authentication_failed (ID: 01803500)
2.34.223. monitored_host_reachable (ID: 01803600)
2.34.224. monitored_host_unreachable (ID: 01803601)
2.34.225. failed_to_attach_radius (ID: 01803700)
2.34.226. failed_to_attach_radius (ID: 01803701)
2.35. IPV6_ND
2.35.1. neighbor_discovery_resolution_failed (ID: 06400009)
2.35.2. nd_resolution_success (ID: 06400020)
2.35.3. nd_spoofed_option_address (ID: 06400028)
2.35.4. nd_spoofed_hw_sender (ID: 06400029)
2.35.5. neighbor_discovery_cache_size_limit_reached (ID: 06400030)
2.35.6. nd_option_hw_address_multicast (ID: 06400031)
2.35.7. nd_option_hw_address_mismatch (ID: 06400032)
2.35.8. nd_option_hw_address_mismatch (ID: 06400033)
2.35.9. nd_duplicated_option (ID: 06400034)
2.35.10. nd_duplicated_option (ID: 06400035)
2.35.11. nd_illegal_lladdress_option_size (ID: 06400036)
2.35.12. nd_illegal_lladdress_option_size (ID: 06400037)
2.35.13. nd_illegal_prefix_info_option_size (ID: 06400038)
2.35.14. nd_illegal_redirect_option_size (ID: 06400039)
2.35.15. nd_illegal_mtu_option_size (ID: 06400040)
2.35.16. nd_zero_size_option (ID: 06400041)
2.35.17. nd_option_truncated (ID: 06400042)
2.35.18. nd_packet_truncated (ID: 06400043)
2.35.19. nd_unknown_icmp_code (ID: 06400044)
2.35.20. nd_spoofed_target (ID: 06400045)
2.35.21. nd_spoofed_sender (ID: 06400046)
2.35.22. nd_hoplimit_reached (ID: 06400047)
2.35.23. nd_multicast_target_address (ID: 06400048)
2.35.24. invalid_nd_sender_ip_address (ID: 06400049)
2.35.25. nd_access_allowed_expect (ID: 06400050)
2.35.26. nd_na_send_failure (ID: 06400051)
2.35.27. nd_unknown_sender (ID: 06400052)
2.35.28. nd_missing_tll_opt (ID: 06400053)
2.35.29. nd_spoofed_dpd_reply (ID: 06400054)
2.35.30. nd_mcast_dpd_reply (ID: 06400055)
2.35.31. nd_advert_for_static_entry (ID: 06400056)
2.35.32. nd_blatant_advertisement (ID: 06400057)
2.35.33. nd_updated_entry (ID: 06400058)
2.35.34. nd_update_entry_request (ID: 06400059)
2.35.35. nd_update_entry_request (ID: 06400060)
2.35.36. nd_broadcast_enet (ID: 06400061)
2.35.37. nd_dad_probe_unicast_dest (ID: 06400062)
2.35.38. nd_rs_unicast_target (ID: 06400063)
2.35.39. nd_rs_illegal_option (ID: 06400064)
2.35.40. nd_ns_illegal_option (ID: 06400065)
2.35.41. nd_updated_entry (ID: 06400066)
2.35.42. nd_update_entry_request (ID: 06400067)
2.35.43. nd_update_entry_request (ID: 06400068)
2.35.44. nd_sol_multicast_dest_address (ID: 06400069)
2.35.45. nd_dad_probe_faulty_dest (ID: 06400070)
2.35.46. nd_dupe_addr_detected (ID: 06400071)
2.35.47. nd_dupe_addr_detected (ID: 06400072)
2.35.48. more_ndoptcount (ID: 06400073)
2.35.49. more_ndoptcount (ID: 06400074)
2.35.50. nd_rd_missing_pi_option (ID: 06400075)
2.35.51. router_discovered (ID: 06400076)
2.35.52. ra_prefix (ID: 06400077)
2.35.53. router_cease (ID: 06400078)
2.35.54. router_not_found (ID: 06400079)
2.36. IP_ERROR
2.36.1. too_small_packet (ID: 01500001)
2.36.2. disallowed_ip_ver (ID: 01500002)
2.36.3. invalid_ip_length (ID: 01500003)
2.36.4. invalid_ip_length (ID: 01500004)
2.36.5. invalid_ip_checksum (ID: 01500005)
2.36.6. Invalid_ip6_flow (ID: 01500020)
2.36.7. Invalid_ip6_flow (ID: 01500021)
2.36.8. Invalid_ip6_tc (ID: 01500022)
2.36.9. Invalid_ip6_tc (ID: 01500023)
2.36.10. Invalid_ip6_tc (ID: 01500024)
2.36.11. faulty_payload (ID: 01500025)
2.36.12. too_small_packet (ID: 01500026)
2.37. IP_FLAG
2.37.1. ttl_low (ID: 01600001)
2.37.2. ip_rsv_flag_set (ID: 01600002)
2.37.3. ip_rsv_flag_set (ID: 01600003)
2.37.4. hop_limit_low (ID: 01600004)
2.38. IP_OPT
2.38.1. source_route (ID: 01700001)
2.38.2. timestamp (ID: 01700002)
2.38.3. router_alert (ID: 01700003)
2.38.4. ipopt_present (ID: 01700004)
2.38.5. ipoptlen_too_small (ID: 01700010)
2.38.6. ipoptlen_invalid (ID: 01700011)
2.38.7. multiple_ip_option_routes (ID: 01700012)
2.38.8. bad_length (ID: 01700013)
2.38.9. bad_route_pointer (ID: 01700014)
2.38.10. source_route_disallowed (ID: 01700015)
2.38.11. multiple_ip_option_timestamps (ID: 01700016)
2.38.12. bad_timestamp_len (ID: 01700017)
2.38.13. bad_timestamp_pointer (ID: 01700018)
2.38.14. bad_timestamp_pointer (ID: 01700019)
2.38.15. timestamp_disallowed (ID: 01700020)
2.38.16. router_alert_bad_len (ID: 01700021)
2.38.17. router_alert_disallowed (ID: 01700022)
2.38.18. ipopt_present_disallowed (ID: 01700023)
2.38.19. invalid_ip6payload_for_jumbo (ID: 01700039)
2.38.20. small_payload (ID: 01700040)
2.38.21. small_payload (ID: 01700041)
2.38.22. invalid_ip6payload_for_jumbo (ID: 01700042)
2.38.23. recvd_jumbo (ID: 01700043)
2.38.24. invalid_order (ID: 01700044)
2.38.25. recvd_jumbo (ID: 01700045)
2.38.26. recvd_jumbo (ID: 01700046)
2.38.27. rcvd_router_alert (ID: 01700047)
2.38.28. rcvd_router_alert (ID: 01700048)
2.38.29. rcvd_router_alert (ID: 01700049)
2.38.30. invalid_option (ID: 01700050)
2.38.31. invalid_option (ID: 01700051)
2.38.32. invalid_option (ID: 01700052)
2.38.33. rcvd_ha_Option (ID: 01700053)
2.38.34. rcvd_ha_Option (ID: 01700054)
2.38.35. rcvd_ha_Option (ID: 01700055)
2.38.36. invalid_padN_data (ID: 01700056)
2.38.37. invalid_padN_data (ID: 01700057)
2.38.38. invalid_padN_data (ID: 01700058)
2.38.39. invalid_optLen (ID: 01700059)
2.38.40. mismatch_ip_eth (ID: 01700060)
2.38.41. mismatch_ip_eth (ID: 01700061)
2.38.42. invalid_optlen (ID: 01700062)
2.38.43. invalid_order (ID: 01700064)
2.38.44. invalid_order (ID: 01700065)
2.38.45. excessive_padding (ID: 01700066)
2.38.46. repeated_option (ID: 01700067)
2.38.47. more_optcount (ID: 01700068)
2.38.48. more_optcount (ID: 01700069)
2.38.49. ip6_rhother (ID: 01700070)
2.38.50. ip6_rhother (ID: 01700071)
2.38.51. ip6_rh2 (ID: 01700072)
2.38.52. ip6_rh2 (ID: 01700073)
2.38.53. ip6_rh0 (ID: 01700074)
2.38.54. ip6_rh0 (ID: 01700075)
2.38.55. too_small_packet (ID: 01700076)
2.38.56. invalid_extnhdr_order (ID: 01700077)
2.38.57. invalid_ip6_exthdr (ID: 01700078)
2.38.58. invalid_ip6_exthdr (ID: 01700079)
2.38.59. invalid_nextheader (ID: 01700080)
2.39. IP_PROTO
2.39.1. multicast_ethernet_ip_address_mismatch (ID: 07000011)
2.39.2. invalid_ip4_header_length (ID: 07000012)
2.39.3. ttl_zero (ID: 07000013)
2.39.4. ttl_low (ID: 07000014)
2.39.5. ip_rsv_flag_set (ID: 07000015)
2.39.6. oversize_tcp (ID: 07000018)
2.39.7. invalid_tcp_header (ID: 07000019)
2.39.8. oversize_udp (ID: 07000021)
2.39.9. invalid_udp_header (ID: 07000022)
2.39.10. oversize_icmp (ID: 07000023)
2.39.11. invalid_icmp_header (ID: 07000024)
2.39.12. multicast_ethernet_ip_address_mismatch (ID: 07000033)
2.39.13. oversize_gre (ID: 07000050)
2.39.14. oversize_esp (ID: 07000051)
2.39.15. oversize_ah (ID: 07000052)
2.39.16. oversize_skip (ID: 07000053)
2.39.17. oversize_ospf (ID: 07000054)
2.39.18. oversize_ipip (ID: 07000055)
2.39.19. oversize_ipcomp (ID: 07000056)
2.39.20. oversize_l2tp (ID: 07000057)
2.39.21. oversize_ip (ID: 07000058)
2.39.22. hop_limit_zero (ID: 07000059)
2.39.23. hop_limit_low (ID: 07000060)
2.39.24. fragmented_icmp (ID: 07000070)
2.39.25. invalid_icmp_data_too_small (ID: 07000071)
2.39.26. invalid_icmp_data_ip_ver (ID: 07000072)
2.39.27. invalid_icmp_data_too_small (ID: 07000073)
2.39.28. invalid_icmp_data_invalid_ip_length (ID: 07000074)
2.39.29. invalid_icmp_data_invalid_paramprob (ID: 07000075)
2.39.30. illegal_sender_address (ID: 07000076)
2.39.31. dest_beyond_scope (ID: 07000080)
2.39.32. ttl_zero (ID: 07000111)
2.40. L2TP
2.40.1. l2tpclient_resolve_successful (ID: 02800001)
2.40.2. l2tpclient_resolve_failed (ID: 02800002)
2.40.3. l2tpclient_init (ID: 02800003)
2.40.4. l2tp_connection_disallowed (ID: 02800004)
2.40.5. unknown_l2tp_auth_source (ID: 02800005)
2.40.6. only_routes_set_up_by_server_iface_allowed (ID: 02800006)
2.40.7. l2tp_session_closed (ID: 02800007)
2.40.8. l2tp_tunnel_closed (ID: 02800008)
2.40.9. session_closed (ID: 02800009)
2.40.10. l2tp_session_request (ID: 02800010)
2.40.11. l2tp_session_up (ID: 02800011)
2.40.12. l2tp_no_userauth_rule_found (ID: 02800014)
2.40.13. l2tp_session_request (ID: 02800015)
2.40.14. l2tp_session_up (ID: 02800016)
2.40.15. failure_init_radius_accounting (ID: 02800017)
2.40.16. l2tpclient_tunnel_up (ID: 02800018)
2.40.17. malformed_packet (ID: 02800019)
2.40.18. unknown_ctrl_conn_id (ID: 02800020)
2.40.19. l2tp_session_closed (ID: 02800037)
2.40.20. l2tp_tunnel_closed (ID: 02800038)
2.40.21. l2tp_session_request (ID: 02800045)
2.40.22. l2tp_session_up (ID: 02800046)
2.40.23. l2tp_session_up (ID: 02800047)
2.40.24. waiting_for_ip_to_listen_on (ID: 02800050)
2.40.25. no_session_found (ID: 02800060)
2.41. LACP
2.41.1. lacp_up (ID: 07700001)
2.41.2. lacp_expired (ID: 07700002)
2.41.3. lacp_down (ID: 07700003)
2.41.4. lacp_partner_mismatch (ID: 07700004)
2.41.5. lacp_link_speed_mismatch (ID: 07700005)
2.41.6. lacp_link_down (ID: 07700006)
2.41.7. lacp_disabled_half_duplex (ID: 07700007)
2.42. LICENSE
2.42.1. myclavister_connection_succeeded (ID: 08400001)
2.42.2. myclavister_connection_failed (ID: 08400002)
2.42.3. myclavister_connection_cleared (ID: 08400003)
2.43. LICUPDATE
2.43.1. license_update_failure (ID: 05500001)
2.43.2. license_downloaded (ID: 05500002)
2.43.3. license_already_up_to_date (ID: 05500003)
2.44. NATPOOL
2.44.1. uninitialized_ippool (ID: 05600001)
2.44.2. removed_translation_address (ID: 05600002)
2.44.3. reconf_state_violation (ID: 05600003)
2.44.4. out_of_memory (ID: 05600005)
2.44.5. dhcp_address_expired (ID: 05600006)
2.44.6. out_of_memory (ID: 05600007)
2.44.7. proxyarp_failed (ID: 05600008)
2.44.8. max_states_reached (ID: 05600009)
2.44.9. max_states_reached (ID: 05600010)
2.44.10. registerip_failed (ID: 05600011)
2.44.11. registerip_failed (ID: 05600012)
2.44.12. dynamicip_failed (ID: 05600013)
2.44.13. synchronization_failed (ID: 05600014)
2.44.14. registerip_failed (ID: 05600015)
2.45. NETCON
2.45.1. init_complete (ID: 02300001)
2.45.2. netcon_connect_reject_shutdown_running (ID: 02300002)
2.45.3. disallowed_netcon_ping (ID: 02300003)
2.45.4. netcon_sessionmanager_error (ID: 02300101)
2.45.5. cert_upload_aborted (ID: 02300200)
2.45.6. cert_upload_failed (ID: 02300201)
2.45.7. cert_upload_begin (ID: 02300202)
2.45.8. upload_fail_disk_out_of_space (ID: 02300250)
2.45.9. upload_fail_disk_cannot_remove (ID: 02300251)
2.45.10. disk_out_of_space (ID: 02300252)
2.45.11. disk_write_error (ID: 02300300)
2.45.12. upload_complete (ID: 02300350)
2.45.13. concurrent_processing_limit_reached (ID: 02300400)
2.45.14. netcon_error (ID: 02300401)
2.45.15. netcon_init_fail_listen_socket_fail (ID: 02300500)
2.45.16. netcon_init_fail_security_file_corrupt (ID: 02300501)
2.45.17. disallowed_netcon_connect (ID: 02300502)
2.45.18. netcon_connect (ID: 02300503)
2.45.19. netcon_disconnect (ID: 02300504)
2.45.20. download_fail (ID: 02300509)
2.45.21. concurrent_netcon_processing (ID: 02300510)
2.45.22. disk_cannot_write (ID: 02300511)
2.45.23. upload_begin (ID: 02300512)
2.45.24. upload_begin (ID: 02300513)
2.45.25. disk_cannot_read_download_fail (ID: 02300514)
2.45.26. download_begin (ID: 02300515)
2.45.27. upload_abort (ID: 02300516)
2.45.28. upload_fail (ID: 02300517)
2.45.29. download_complete (ID: 02300518)
2.45.30. dns_timeout (ID: 02300519)
2.45.31. dns_no_record (ID: 02300520)
2.45.32. connection_timeout (ID: 02300521)
2.45.33. netcon_server_unresponsive (ID: 02300522)
2.45.34. netcon_reverse_connect (ID: 02300523)
2.45.35. netcon_connection_refused (ID: 02300524)
2.45.36. netcon_reverse_disconnect (ID: 02300525)
2.46. ONECONNECT
2.46.1. oneconnect_session_created (ID: 09000001)
2.46.2. oneconnect_session_reconnected (ID: 09000002)
2.46.3. oneconnect_session_closed (ID: 09000003)
2.46.4. oneconnect_session_closed (ID: 09000004)
2.46.5. oneconnect_session_disconnected (ID: 09000005)
2.46.6. oneconnect_max_sessions_reached (ID: 09000010)
2.46.7. user_disconnected (ID: 09000011)
2.46.8. oneconnect_connection_disallowed (ID: 09000012)
2.46.9. unknown_oneconnect_auth_source (ID: 09000013)
2.46.10. oneconnect_noip (ID: 09000020)
2.46.11. oneconnect_handshake_failed (ID: 09000021)
2.46.12. oneconnect_no_userauth_rule_found (ID: 09000022)
2.46.13. oneconnect_cstperror (ID: 09000023)
2.46.14. oneconnect_attacherror (ID: 09000024)
2.46.15. oneconnect_dtlserror (ID: 09000025)
2.46.16. oneconnect_dtls_nociphers (ID: 09000026)
2.46.17. oneconnect_dtls_conn_open (ID: 09000027)
2.46.18. oneconnect_dtls_conn_closed (ID: 09000028)
2.46.19. oneconnect_dtls_conn_failed (ID: 09000029)
2.46.20. oneconnect_dtls_read_error (ID: 09000030)
2.46.21. oneconnect_ldap_error (ID: 09000031)
2.47. OSPF
2.47.1. internal_error (ID: 02400001)
2.47.2. internal_error (ID: 02400002)
2.47.3. unable_to_map_ptp_neighbor (ID: 02400003)
2.47.4. bad_packet_len (ID: 02400004)
2.47.5. bad_ospf_version (ID: 02400005)
2.47.6. sender_not_in_iface_range (ID: 02400006)
2.47.7. area_mismatch (ID: 02400007)
2.47.8. hello_netmask_mismatch (ID: 02400008)
2.47.9. hello_interval_mismatch (ID: 02400009)
2.47.10. hello_rtr_dead_mismatch (ID: 02400010)
2.47.11. hello_e_flag_mismatch (ID: 02400011)
2.47.12. hello_n_flag_mismatch (ID: 02400012)
2.47.13. both_np_and_e_flag_set (ID: 02400013)
2.47.14. unknown_lsa_type (ID: 02400014)
2.47.15. auth_mismatch (ID: 02400050)
2.47.16. bad_auth_password (ID: 02400051)
2.47.17. bad_auth_crypto_key_id (ID: 02400052)
2.47.18. bad_auth_crypto_seq_number (ID: 02400053)
2.47.19. bad_auth_crypto_digest (ID: 02400054)
2.47.20. checksum_mismatch (ID: 02400055)
2.47.21. dd_mtu_exceeds_interface_mtu (ID: 02400100)
2.47.22. m_ms_mismatch (ID: 02400101)
2.47.23. i_flag_misuse (ID: 02400102)
2.47.24. opt_change (ID: 02400103)
2.47.25. bad_seq_num (ID: 02400104)
2.47.26. non_dup_dd (ID: 02400105)
2.47.27. as_ext_on_stub (ID: 02400106)
2.47.28. unknown_lsa (ID: 02400107)
2.47.29. bad_lsa_sequencenumber (ID: 02400108)
2.47.30. bad_lsa_maxage (ID: 02400109)
2.47.31. lsa_checksum_mismatch (ID: 02400150)
2.47.32. unknown_lsa_type (ID: 02400151)
2.47.33. bad_lsa_sequencenumber (ID: 02400152)
2.47.34. bad_lsa_maxage (ID: 02400153)
2.47.35. received_as_ext_on_stub (ID: 02400154)
2.47.36. received_selforg_for_unknown_lsa_type (ID: 02400155)
2.47.37. db_copy_more_recent_than_received (ID: 02400156)
2.47.38. got_ack_mismatched_lsa (ID: 02400157)
2.47.39. upd_packet_lsa_size_mismatch (ID: 02400158)
2.47.40. req_packet_lsa_size_mismatch (ID: 02400159)
2.47.41. ack_packet_lsa_size_mismatch (ID: 02400160)
2.47.42. failed_to_create_replacement_lsa (ID: 02400161)
2.47.43. unable_to_send_ack (ID: 02400162)
2.47.44. got_router_lsa_mismatched_fields (ID: 02400163)
2.47.45. unknown_neighbor (ID: 02400200)
2.47.46. too_many_neighbors (ID: 02400201)
2.47.47. neighbor_died (ID: 02400202)
2.47.48. unable_to_find_transport_area (ID: 02400300)
2.47.49. internal_error_unable_to_map_identifier (ID: 02400301)
2.47.50. lsa_size_too_big (ID: 02400302)
2.47.51. memory_usage_exceeded_70_percent_of_max_allowed (ID: 02400303)
2.47.52. memory_usage_exceeded_90_percent_of_max_allowed (ID: 02400304)
2.47.53. as_disabled_due_to_mem_alloc_fail (ID: 02400305)
2.47.54. internal_lsa_chksum_error (ID: 02400306)
2.47.55. unable_to_find_iface_to_stub_net (ID: 02400400)
2.47.56. internal_error_unable_to_find_lnk_connecting_to_lsa (ID: 02400401)
2.47.57. internal_error_unable_to_find_iface_connecting_to_lsa (ID: 02400402)
2.47.58. internal_error_unable_to_find_lnk_connecting_to_lsa (ID: 02400403)
2.47.59. internal_error_unable_to_find_iface_connecting_to_lsa (ID: 02400404)
2.47.60. internal_error_unable_neighbor_iface_attached_back_to_me (ID: 02400405)
2.47.61. bad_iface_type_mapping_rtr_to_rtr_link (ID: 02400406)
2.47.62. internal_error_unable_to_find_lnk_connecting_to_lsa (ID: 02400407)
2.47.63. memory_allocation_failure (ID: 02400500)
2.47.64. unable_to_send (ID: 02400501)
2.47.65. failed_to_add_route (ID: 02400502)
2.48. PPP
2.48.1. ip_pool_empty (ID: 02500001)
2.48.2. ip_address_required_but_not_received (ID: 02500002)
2.48.3. primary_dns_address_required_but_not_received (ID: 02500003)
2.48.4. seconday_dns_address_required_but_not_received (ID: 02500004)
2.48.5. primary_nbns_address_required_but_not_received (ID: 02500005)
2.48.6. seconday_nbns_address_required_but_not_received (ID: 02500006)
2.48.7. failed_to_agree_on_authentication_protocol (ID: 02500050)
2.48.8. peer_refuses_to_use_authentication (ID: 02500051)
2.48.9. lcp_negotiation_stalled (ID: 02500052)
2.48.10. ppp_tunnel_limit_exceeded (ID: 02500100)
2.48.11. authentication_failed (ID: 02500101)
2.48.12. response_value_too_long (ID: 02500150)
2.48.13. username_too_long (ID: 02500151)
2.48.14. username_too_long (ID: 02500201)
2.48.15. username_too_long (ID: 02500301)
2.48.16. username_too_long (ID: 02500350)
2.48.17. password_too_long (ID: 02500351)
2.48.18. one_time_password_too_long (ID: 02500352)
2.48.19. radius_state_id_too_long (ID: 02500353)
2.48.20. unsupported_auth_server (ID: 02500500)
2.48.21. radius_error (ID: 02500501)
2.48.22. authdb_error (ID: 02500502)
2.48.23. ldap_error (ID: 02500503)
2.48.24. MPPE_decrypt_fail (ID: 02500600)
2.49. PPPOE
2.49.1. pppoe_tunnel_up (ID: 02600001)
2.49.2. pppoe_tunnel_closed (ID: 02600002)
2.50. PPTP
2.50.1. pptpclient_resolve_successful (ID: 02700001)
2.50.2. pptpclient_resolve_failed (ID: 02700002)
2.50.3. pptp_connection_disallowed (ID: 02700003)
2.50.4. unknown_pptp_auth_source (ID: 02700004)
2.50.5. user_disconnected (ID: 02700005)
2.50.6. only_routes_set_up_by_server_iface_allowed (ID: 02700006)
2.50.7. mppe_required (ID: 02700007)
2.50.8. pptp_session_closed (ID: 02700008)
2.50.9. pptp_session_request (ID: 02700009)
2.50.10. unsupported_message (ID: 02700010)
2.50.11. failure_init_radius_accounting (ID: 02700011)
2.50.12. pptp_session_up (ID: 02700012)
2.50.13. pptp_session_up (ID: 02700013)
2.50.14. tunnel_idle_timeout (ID: 02700014)
2.50.15. session_idle_timeout (ID: 02700015)
2.50.16. pptpclient_start (ID: 02700017)
2.50.17. pptpclient_connected (ID: 02700018)
2.50.18. pptp_tunnel_up (ID: 02700019)
2.50.19. ctrlconn_refused (ID: 02700020)
2.50.20. pptp_tunnel_up (ID: 02700021)
2.50.21. pptp_tunnel_closed (ID: 02700022)
2.50.22. pptp_connection_disallowed (ID: 02700024)
2.50.23. unknown_pptp_auth_source (ID: 02700025)
2.50.24. pptp_no_userauth_rule_found (ID: 02700026)
2.50.25. malformed_packet (ID: 02700027)
2.50.26. waiting_for_ip_to_listen_on (ID: 02700050)
2.51. RADIUSRELAY
2.51.1. malformed_packet (ID: 07500001)
2.51.2. user_reauthenticated (ID: 07500002)
2.51.3. user_authenticated (ID: 07500003)
2.51.4. user_removed_timeout (ID: 07500004)
2.51.5. user_authentication_rejected (ID: 07500005)
2.51.6. user_logged_out (ID: 07500006)
2.51.7. login_from_same_mac (ID: 07500007)
2.51.8. create_server_session_failed (ID: 07500009)
2.51.9. login_from_new_mac (ID: 07500010)
2.52. REALTIMEMONITOR
2.52.1. value_above_high_threshold (ID: 054xxxxx)
2.52.2. value_below_low_threshold (ID: 054xxxxx)
2.52.3. value_below_high_threshold (ID: 054xxxxx)
2.52.4. value_above_low_threshold (ID: 054xxxxx)
2.53. REASSEMBLY
2.53.1. ack_of_not_transmitted_data (ID: 04800002)
2.53.2. invalid_tcp_checksum (ID: 04800003)
2.53.3. mismatching_data_in_overlapping_tcp_segment (ID: 04800004)
2.53.4. memory_allocation_failure (ID: 04800005)
2.53.5. drop_due_to_buffer_starvation (ID: 04800007)
2.53.6. failed_to_send_ack (ID: 04800008)
2.53.7. processing_memory_limit_reached (ID: 04800009)
2.53.8. maximum_connections_limit_reached (ID: 04800010)
2.53.9. state_memory_allocation_failed (ID: 04800011)
2.54. RFO
2.54.1. has_ping (ID: 04100001)
2.54.2. no_ping (ID: 04100002)
2.54.3. no_ping (ID: 04100003)
2.54.4. unable_to_register_pingmon (ID: 04100004)
2.54.5. unable_to_register_pingmon (ID: 04100005)
2.54.6. has_arp (ID: 04100006)
2.54.7. no_arp (ID: 04100007)
2.54.8. unable_to_register_arp_monitor (ID: 04100008)
2.54.9. unable_to_register_arp_monitor (ID: 04100009)
2.54.10. no_link (ID: 04100010)
2.54.11. has_link (ID: 04100011)
2.54.12. unable_to_register_interface_monitor (ID: 04100012)
2.54.13. unable_to_register_interface_monitor (ID: 04100013)
2.54.14. hostmon_failed (ID: 04100014)
2.54.15. hostmon_successful (ID: 04100015)
2.54.16. hostmon_failed (ID: 04100016)
2.55. RULE
2.55.1. ruleset_fwdfast (ID: 06000003)
2.55.2. ip_verified_access (ID: 06000005)
2.55.3. rule_match (ID: 06000006)
2.55.4. rule_match (ID: 06000007)
2.55.5. block0net (ID: 06000010)
2.55.6. block0net (ID: 06000011)
2.55.7. block127net (ID: 06000012)
2.55.8. block127net (ID: 06000013)
2.55.9. broadcast_nat (ID: 06000014)
2.55.10. allow_broadcast (ID: 06000016)
2.55.11. block0net (ID: 06000020)
2.55.12. block0net (ID: 06000021)
2.55.13. directed_broadcasts (ID: 06000030)
2.55.14. directed_broadcasts (ID: 06000031)
2.55.15. unknown_vlantag (ID: 06000040)
2.55.16. ruleset_reject_packet (ID: 06000050)
2.55.17. ruleset_drop_packet (ID: 06000051)
2.55.18. unhandled_local (ID: 06000060)
2.55.19. ip4_address_added (ID: 06000070)
2.55.20. ip6_address_added (ID: 06000071)
2.55.21. ip4_address_removed (ID: 06000072)
2.55.22. ip6_address_removed (ID: 06000073)
2.55.23. dns_no_record (ID: 06000074)
2.55.24. dns_timeout (ID: 06000075)
2.55.25. dns_error (ID: 06000076)
2.56. SECAAS
2.56.1. secaas_enter_reduced_functionality (ID: 07608000)
2.56.2. secaas_exit_reduced_functionality (ID: 07608001)
2.56.3. secaas_periodic_call_home (ID: 07608004)
2.56.4. secaas_lockdown (ID: 07608006)
2.56.5. secaas_call_home_initiation_failure (ID: 07608007)
2.56.6. secaas_download_license_failure (ID: 07608008)
2.56.7. call_home_completed (ID: 07608009)
2.56.8. call_home_failure (ID: 07608010)
2.56.9. call_home_failure (ID: 07608011)
2.56.10. call_home_lookup_failed (ID: 07608012)
2.56.11. license_request_completed (ID: 07608013)
2.56.12. license_download_initiated (ID: 07608014)
2.56.13. call_home_initiated (ID: 07608015)
2.56.14. secaas_reduced_mode_replacement_log (ID: 07608016)
2.57. SERVICES
2.57.1. httpposter_success (ID: 06600100)
2.57.2. httpposter_failure (ID: 06600101)
2.57.3. httpposter_failure (ID: 06600102)
2.58. SESMGR
2.58.1. sesmgr_session_created (ID: 04900001)
2.58.2. sesmgr_session_denied (ID: 04900002)
2.58.3. sesmgr_session_removed (ID: 04900003)
2.58.4. sesmgr_access_set (ID: 04900004)
2.58.5. sesmgr_session_timeout (ID: 04900005)
2.58.6. sesmgr_upload_denied (ID: 04900006)
2.58.7. sesmgr_console_denied (ID: 04900007)
2.58.8. sesmgr_session_maximum_reached (ID: 04900008)
2.58.9. sesmgr_allocate_error (ID: 04900009)
2.58.10. sesmgr_session_activate (ID: 04900010)
2.58.11. sesmgr_session_disabled (ID: 04900011)
2.58.12. sesmgr_console_denied_init (ID: 04900012)
2.58.13. sesmgr_session_access_missing (ID: 04900015)
2.58.14. sesmgr_session_old_removed (ID: 04900016)
2.58.15. sesmgr_file_error (ID: 04900017)
2.58.16. sesmgr_techsupport (ID: 04900018)
2.59. SLB
2.59.1. server_online (ID: 02900001)
2.59.2. server_offline (ID: 02900002)
2.59.3. maintenance_start (ID: 02900003)
2.59.4. maintenance_end (ID: 02900004)
2.59.5. server_load_unknown (ID: 02900005)
2.59.6. malformed_post (ID: 02900006)
2.59.7. no_such_server (ID: 02900007)
2.60. SMTPLOG
2.60.1. unable_to_establish_connection (ID: 03000001)
2.60.2. connect_timeout (ID: 03000002)
2.60.3. send_failure (ID: 03000004)
2.60.4. receive_timeout (ID: 03000005)
2.60.5. rejected_connect (ID: 03000006)
2.60.6. rejected_ehlo_helo (ID: 03000007)
2.60.7. rejected_sender (ID: 03000008)
2.60.8. rejected_recipient (ID: 03000009)
2.60.9. rejected_all_recipients (ID: 03000010)
2.60.10. rejected_data (ID: 03000011)
2.60.11. rejected_message_text (ID: 03000012)
2.60.12. dns_subscription_failed (ID: 03000020)
2.60.13. ip4_address_removed (ID: 03000021)
2.60.14. dns_no_record (ID: 03000022)
2.60.15. dns_timeout (ID: 03000023)
2.60.16. dns_error (ID: 03000024)
2.60.17. ip4_address_not_added (ID: 03000025)
2.60.18. ip4_address_added (ID: 03000026)
2.61. SNMP
2.61.1. disallowed_sender (ID: 03100001)
2.61.2. invalid_snmp_community (ID: 03100002)
2.61.3. snmp3_received_unautherized_message (ID: 03100100)
2.61.4. snmp3_local_password_too_short (ID: 03100101)
2.61.5. snmp3_authentication_failed (ID: 03100102)
2.61.6. snmp3_unsupported_securitylevel (ID: 03100103)
2.61.7. snmp3_message_intended_for_other_system (ID: 03100104)
2.61.8. snmp3_rebooted_2147483647_times (ID: 03100105)
2.61.9. snmp3_outside_of_time_window (ID: 03100106)
2.61.10. snmp3_bad_version (ID: 03100107)
2.61.11. snmp3_decryption_failed (ID: 03100108)
2.61.12. snmp3_decryption_failed (ID: 03100109)
2.61.13. snmp3_message_not_in_time_window (ID: 03100110)
2.62. SSH
2.62.1. auth_failed (ID: 08700001)
2.62.2. auth_success (ID: 08700002)
2.62.3. channel_opened (ID: 08700003)
2.62.4. channel_closed (ID: 08700004)
2.62.5. ssh_client_connected (ID: 08700005)
2.62.6. ssh_client_failed_to_connect (ID: 08700006)
2.62.7. ssh_client_disconnected (ID: 08700007)
2.62.8. ssh_rejected_message (ID: 08700008)
2.62.9. dns_timeout (ID: 08700009)
2.62.10. dns_no_record (ID: 08700010)
2.62.11. sesmgr_session_system_file_download_requested (ID: 08700011)
2.63. SSHD
2.63.1. out_of_mem (ID: 04700001)
2.63.2. dh_key_exchange_failure (ID: 04700002)
2.63.3. illegal_version_string (ID: 04700004)
2.63.4. error_occurred (ID: 04700005)
2.63.5. invalid_mac (ID: 04700007)
2.63.6. invalid_service_request (ID: 04700015)
2.63.7. invalid_username_change (ID: 04700020)
2.63.8. invalid_username_change (ID: 04700025)
2.63.9. max_auth_tries_reached (ID: 04700030)
2.63.10. ssh_login_timeout_expired (ID: 04700035)
2.63.11. ssh_inactive_timeout_expired (ID: 04700036)
2.63.12. rsa_sign_verification_failed (ID: 04700050)
2.63.13. key_algo_not_supported. (ID: 04700055)
2.63.14. unsupported_pubkey_algo (ID: 04700057)
2.63.15. unknown_ssh_public_key (ID: 04700058)
2.63.16. max_ssh_clients_reached (ID: 04700060)
2.63.17. client_disallowed (ID: 04700061)
2.63.18. ssh_force_conn_close (ID: 04700105)
2.63.19. scp_failed_not_admin (ID: 04704000)
2.64. SSL
2.64.1. ssl_certificate_chain_too_large (ID: 08800001)
2.64.2. ssl_certificate_chain_not_parsed (ID: 08800002)
2.64.3. ssl_error (ID: 08800100)
2.64.4. ssl_error (ID: 08800101)
2.64.5. ssl_dn_error (ID: 08800102)
2.64.6. ssl_ca_error (ID: 08800103)
2.65. SSLVPN
2.65.1. sslvpn_session_created (ID: 06300010)
2.65.2. sslvpn_session_closed (ID: 06300011)
2.65.3. sslvpn_max_sessions_reached (ID: 06300012)
2.65.4. failure_init_radius_accounting (ID: 06300013)
2.65.5. sslvpn_connection_disallowed (ID: 06300203)
2.65.6. unknown_sslvpn_auth_source (ID: 06300204)
2.65.7. user_disconnected (ID: 06300205)
2.65.8. sslvpn_connection_disallowed (ID: 06300224)
2.65.9. unknown_sslvpn_auth_source (ID: 06300225)
2.65.10. sslvpn_no_userauth_rule_found (ID: 06300226)
2.66. SYSTEM
2.66.1. demo_mode (ID: 03200021)
2.66.2. demo_mode (ID: 03200024)
2.66.3. normal_mode (ID: 03200025)
2.66.4. new_firmware_available (ID: 03200030)
2.66.5. reset_clock (ID: 03200100)
2.66.6. invalid_ip_match_access_section (ID: 03200110)
2.66.7. nitrox2_watchdog_triggered (ID: 03200207)
2.66.8. nitrox2_restarted (ID: 03200208)
2.66.9. hardware_watchdog_initialized (ID: 03200260)
2.66.10. port_bind_failed (ID: 03200300)
2.66.11. port_bind_failed (ID: 03200301)
2.66.12. port_hlm_conversion (ID: 03200302)
2.66.13. port_llm_conversion (ID: 03200303)
2.66.14. log_messages_lost_due_to_throttling (ID: 03200400)
2.66.15. log_messages_lost_due_to_log_buffer_exhaust (ID: 03200401)
2.66.16. bidir_fail (ID: 03200600)
2.66.17. file_open_failed (ID: 03200602)
2.66.18. disk_cannot_remove (ID: 03200603)
2.66.19. disk_cannot_rename (ID: 03200604)
2.66.20. cfg_switch_fail (ID: 03200605)
2.66.21. core_switch_fail (ID: 03200606)
2.66.22. bidir_ok (ID: 03200607)
2.66.23. rules_configuration_changed (ID: 03200641)
2.66.24. cms_control_disabled (ID: 03200650)
2.66.25. cms_control_enabled (ID: 03200651)
2.66.26. user_blocked (ID: 03200802)
2.66.27. shutdown (ID: 03201000)
2.66.28. reconfiguration (ID: 03201001)
2.66.29. shutdown (ID: 03201011)
2.66.30. config_activation (ID: 03201020)
2.66.31. reconfiguration (ID: 03201021)
2.66.32. startup_normal (ID: 03202000)
2.66.33. startup_echo (ID: 03202001)
2.66.34. shutdown (ID: 03202500)
2.66.35. reconfiguration (ID: 03202501)
2.66.36. admin_login (ID: 03203000)
2.66.37. admin_logout (ID: 03203001)
2.66.38. admin_login_failed (ID: 03203002)
2.66.39. admin_authorization_failed (ID: 03203003)
2.66.40. sslvpnuser_login (ID: 03203004)
2.66.41. activate_changes_failed (ID: 03204000)
2.66.42. accept_configuration (ID: 03204001)
2.66.43. reject_configuration (ID: 03204002)
2.66.44. date_time_modified (ID: 03205000)
2.66.45. admin_timeout (ID: 03206000)
2.66.46. admin_login_group_mismatch (ID: 03206001)
2.66.47. admin_login_internal_error (ID: 03206002)
2.66.48. admin_authsource_timeout (ID: 03206003)
2.66.49. user_post_token_invalid (ID: 03206004)
2.66.50. valid_rest_api_call (ID: 03207000)
2.66.51. bad_user_credentials (ID: 03207010)
2.66.52. bad_user_credentials (ID: 03207011)
2.66.53. method_not_allowed (ID: 03207012)
2.66.54. unknown_api_call (ID: 03207013)
2.67. TCP_FLAG
2.67.1. tcp_flags_set (ID: 03300001)
2.67.2. tcp_flags_set (ID: 03300002)
2.67.3. tcp_flag_set (ID: 03300003)
2.67.4. tcp_flag_set (ID: 03300004)
2.67.5. tcp_null_flags (ID: 03300005)
2.67.6. tcp_flags_set (ID: 03300008)
2.67.7. tcp_flag_set (ID: 03300009)
2.67.8. unexpected_tcp_flags (ID: 03300010)
2.67.9. mismatched_syn_resent (ID: 03300011)
2.67.10. mismatched_first_ack_seqno (ID: 03300012)
2.67.11. mismatched_first_ack_seqno (ID: 03300013)
2.67.12. rst_out_of_bounds (ID: 03300015)
2.67.13. tcp_seqno_too_low (ID: 03300016)
2.67.14. unacceptable_ack (ID: 03300017)
2.67.15. rst_without_ack (ID: 03300018)
2.67.16. tcp_seqno_too_high (ID: 03300019)
2.67.17. tcp_recv_windows_drained (ID: 03300022)
2.67.18. tcp_snd_windows_drained (ID: 03300023)
2.67.19. tcp_get_freesocket_failed (ID: 03300024)
2.67.20. tcp_seqno_too_low_with_syn (ID: 03300025)
2.67.21. tcp_syn_fragmented (ID: 03300026)
2.67.22. tcp_syn_fragmented (ID: 03300027)
2.67.23. tcp_syn_data (ID: 03300028)
2.67.24. tcp_syn_data (ID: 03300029)
2.67.25. tcp_null_flags (ID: 03300030)
2.68. TCP_OPT
2.68.1. tcp_mss_too_low (ID: 03400001)
2.68.2. tcp_mss_too_low (ID: 03400002)
2.68.3. tcp_mss_too_high (ID: 03400003)
2.68.4. tcp_mss_too_high (ID: 03400004)
2.68.5. tcp_mss_above_log_level (ID: 03400005)
2.68.6. tcp_option (ID: 03400006)
2.68.7. tcp_option_strip (ID: 03400007)
2.68.8. bad_tcpopt_length (ID: 03400010)
2.68.9. bad_tcpopt_length (ID: 03400011)
2.68.10. bad_tcpopt_length (ID: 03400012)
2.68.11. tcp_mss_too_low (ID: 03400013)
2.68.12. tcp_mss_too_high (ID: 03400014)
2.68.13. tcp_option_disallowed (ID: 03400015)
2.68.14. multiple_tcp_ws_options (ID: 03400017)
2.68.15. too_large_tcp_window_scale (ID: 03400018)
2.68.16. mismatching_tcp_window_scale (ID: 03400019)
2.69. TELEMETRY
2.69.1. current_usage (ID: 08500001)
2.69.2. scorecard (ID: 08500002)
2.69.3. scorecard_vpn (ID: 08500003)
2.70. THRESHOLD
2.70.1. conn_threshold_exceeded (ID: 05300100)
2.70.2. reminder_conn_threshold (ID: 05300101)
2.70.3. conn_threshold_exceeded (ID: 05300102)
2.70.4. failed_to_keep_connection_count (ID: 05300200)
2.70.5. failed_to_keep_connection_count (ID: 05300201)
2.70.6. threshold_conns_from_srcip_exceeded (ID: 05300210)
2.70.7. threshold_conns_from_srcip_exceeded (ID: 05300211)
2.70.8. threshold_conns_from_filter_exceeded (ID: 05300212)
2.70.9. threshold_conns_from_filter_exceeded (ID: 05300213)
2.71. TIMESYNC
2.71.1. synced_clock (ID: 03500001)
2.71.2. failure_communicate_with_timeservers (ID: 03500002)
2.71.3. clockdrift_too_high (ID: 03500003)
2.71.4. no_drift (ID: 03500004)
2.71.5. leaving_daylight_saving (ID: 03500010)
2.71.6. entering_daylight_saving (ID: 03500011)
2.71.7. dst_location_not_found (ID: 03500012)
2.72. TRANSPARENCY
2.72.1. impossible_hw_sender_address (ID: 04400410)
2.72.2. enet_hw_sender_broadcast (ID: 04400411)
2.72.3. enet_hw_sender_broadcast (ID: 04400412)
2.72.4. enet_hw_sender_broadcast (ID: 04400413)
2.72.5. enet_hw_sender_multicast (ID: 04400414)
2.72.6. enet_hw_sender_multicast (ID: 04400415)
2.72.7. enet_hw_sender_multicast (ID: 04400416)
2.72.8. relay_stp_frame (ID: 04400417)
2.72.9. dropped_stp_frame (ID: 04400418)
2.72.10. invalid_stp_frame (ID: 04400419)
2.72.11. relay_mpls_frame (ID: 04400420)
2.72.12. dropped_mpls_packet (ID: 04400421)
2.72.13. invalid_mpls_packet (ID: 04400422)
2.73. USERAUTH
2.73.1. accounting_start (ID: 03700001)
2.73.2. invalid_accounting_start_server_response (ID: 03700002)
2.73.3. no_accounting_start_server_response (ID: 03700003)
2.73.4. invalid_accounting_start_server_response (ID: 03700004)
2.73.5. no_accounting_start_server_response (ID: 03700005)
2.73.6. invalid_accounting_start_server_response (ID: 03700006)
2.73.7. failed_to_send_accounting_stop (ID: 03700007)
2.73.8. accounting_stop (ID: 03700008)
2.73.9. invalid_accounting_stop_server_response (ID: 03700009)
2.73.10. no_accounting_stop_server_response (ID: 03700010)
2.73.11. invalid_accounting_stop_server_response (ID: 03700011)
2.73.12. failure_init_radius_accounting (ID: 03700012)
2.73.13. invalid_accounting_start_request (ID: 03700013)
2.73.14. no_accounting_start_server_response (ID: 03700014)
2.73.15. user_timeout (ID: 03700020)
2.73.16. group_list_too_long (ID: 03700030)
2.73.17. accounting_alive (ID: 03700050)
2.73.18. accounting_interim_failure (ID: 03700051)
2.73.19. no_accounting_interim_server_response (ID: 03700052)
2.73.20. invalid_accounting_interim_server_response (ID: 03700053)
2.73.21. invalid_accounting_interim_server_response (ID: 03700054)
2.73.22. relogin_from_new_srcip (ID: 03700100)
2.73.23. already_logged_in (ID: 03700101)
2.73.24. user_login (ID: 03700102)
2.73.25. bad_user_credentials (ID: 03700104)
2.73.26. radius_auth_timeout (ID: 03700105)
2.73.27. manual_logout (ID: 03700106)
2.73.28. userauthrules_disallowed (ID: 03700107)
2.73.29. ldap_auth_error (ID: 03700109)
2.73.30. user_logout (ID: 03700110)
2.73.31. radius_parse_error (ID: 03700111)
2.73.32. ldap_session_new_out_of_memory (ID: 03700401)
2.73.33. cant_create_new_request (ID: 03700402)
2.73.34. ldap_user_authentication_successful (ID: 03700403)
2.73.35. ldap_user_authentication_failed (ID: 03700404)
2.73.36. ldap_context_new_out_of_memory (ID: 03700405)
2.73.37. user_req_new_out_of_memory (ID: 03700406)
2.73.38. failed_admin_bind (ID: 03700407)
2.73.39. invalid_username_or_password (ID: 03700408)
2.73.40. failed_retrieve_password (ID: 03700409)
2.73.41. ldap_timed_out_server_request (ID: 03700423)
2.73.42. ldap_no_working_server_found (ID: 03700424)
2.73.43. ldap_moving_request_active_server (ID: 03700425)
2.73.44. no_shared_ciphers (ID: 03700500)
2.73.45. disallow_clientkeyexchange (ID: 03700501)
2.73.46. bad_packet_order (ID: 03700502)
2.73.47. bad_clienthello_msg (ID: 03700503)
2.73.48. bad_changecipher_msg (ID: 03700504)
2.73.49. bad_clientkeyexchange_msg (ID: 03700505)
2.73.50. bad_clientfinished_msg (ID: 03700506)
2.73.51. bad_alert_msg (ID: 03700507)
2.73.52. unknown_ssl_error (ID: 03700508)
2.73.53. received_sslalert (ID: 03700510)
2.73.54. sent_sslalert (ID: 03700511)
2.73.55. ssl_context_move_failure (ID: 03700512)
2.73.56. user_login (ID: 03707000)
2.73.57. userauthrules_disallowed (ID: 03707001)
2.73.58. user_login (ID: 03707002)
2.73.59. bad_user_credentials (ID: 03707003)
2.73.60. ldap_auth_error (ID: 03707004)
2.73.61. bad_user_credentials (ID: 03707005)
2.74. VFS
2.74.1. odm_execute_failed (ID: 05200001)
2.74.2. odm_execute_action_reboot (ID: 05200002)
2.74.3. odm_execute_action_reconfigure (ID: 05200003)
2.74.4. odm_execute_action_none (ID: 05200004)
2.74.5. pkg_execute_fail (ID: 05200005)
2.74.6. upload_certificate_fail (ID: 05200006)
2.74.7. upload_certificate_fail (ID: 05200007)
2.74.8. odm_license_warn (ID: 05200008)
2.74.9. odm_validated_not_executed (ID: 05200009)
2.74.10. secaas_lic_installed (ID: 05208002)
2.74.11. secaas_lic_installation_failed (ID: 05208003)
2.75. ZEROTOUCH
2.75.1. zerotouch_disabled (ID: 08600900)
2.75.2. netconpsk_generated (ID: 08600901)
2.75.3. deviceid_generated (ID: 08600902)
2.75.4. mgmt_ip_found (ID: 08600903)
2.75.5. mgmt_ip_resolve_failed (ID: 08600904)
2.75.6. mgmt_ip_query_failed (ID: 08600905)
2.76. ZONEDEFENSE
2.76.1. unable_to_allocate_send_entries (ID: 03800001)
2.76.2. unable_to_allocate_exclude_entry (ID: 03800002)
2.76.3. unable_to_allocate_block_entry (ID: 03800003)
2.76.4. switch_out_of_ip_profiles (ID: 03800004)
2.76.5. out_of_mac_profiles (ID: 03800005)
2.76.6. failed_to_create_profile (ID: 03800006)
2.76.7. no_response_trying_to_create_rule (ID: 03800007)
2.76.8. failed_writing_zonededense_state_to_media (ID: 03800008)
2.76.9. failed_to_create_access_rule (ID: 03800009)
2.76.10. no_response_trying_to_erase_profile (ID: 03800010)
2.76.11. failed_to_erase_profile (ID: 03800011)
2.76.12. failed_to_save_configuration (ID: 03800012)
2.76.13. timeout_saving_configuration (ID: 03800013)
2.76.14. zd_block (ID: 03800014)
2.76.15. mac_address_blocking_not_supported (ID: 03800015)
2.76.16. zonedefense_table_exhausted (ID: 03800016)
2.76.17. zonedefense_disabled (ID: 03800017)
2.76.18. zonedefense_enabled (ID: 03800018)
2.76.19. enabling_zonedefense_failed (ID: 03800019)
2.76.20. zd_unblock (ID: 03800911)
2.76.21. zd_unblock (ID: 03800912)

Chapter 1: Introduction

[Note] Note: This document is also available in other formats

A PDF version of this document along with all current and older documentation in PDF format can be found at https://my.clavister.com.

It is also available in a framed HTML version.

This guide is a reference for all log messages generated by cOS Core. It is designed to be a valuable information source for both management and troubleshooting.

1.1. Notation and Conventions

The following notations and conventions will be used in this guide for describing log messages.

Notation

The following notation is used throughout this reference guide when specifying the parameters of a log message:
Angle Brackets <name>
Used for specifying the name of a log message parameter.
Square Brackets [name]
Used for specifying the name of a conditional log message parameter.

Example 1.1. Log Message Parameters

Log Message

New configuration activated by user <username> and committed via <authsystem>

Parameters
authsystem
username

Both the authsystem and the username parameters will be included.

Example 1.2. Conditional Log Message Parameters

Log Message

Administrative user <username> logged in via <authsystem>. Access level: <access_level>

Parameters
authsystem
username
access_level
[userdb]
[server_ip]
[server_port]
[client_ip]
[client_port]

The authsystem, username and the access_level parameters will be included. The other parameters of userdb, server_ip, server_port, client_ip and client_port may or may not be included, depending on the context of the log message.

Abbreviations

The following abbreviations are used throughout this reference guide:

Abbreviation Full name
ALG Application Layer Gateway
ARP Address Resolution Protocol
DHCP Dynamic Host Configuration Protocol
DNS Domain Name System
ESP Encapsulating Security Payload
FTP File Transfer Protocol
HA High Availability
HTTP Hyper Text Transfer Protocol
ICMP Internet Control Message Protocol
IDS Intrusion Detection System
IP Internet Protocol
IPSec Internet Protocol Security
L2TP Layer 2 Tunneling Protocol
NAT Network Address Translation
OSPF Open Shortest Path First
PPP Point to Point Protocol
PPPoE Point to Point Protocol over Ethernet
RADIUS Remote Authentication Dial In User Service
SAT Static Address Translation
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SSL Secure Socket Layer
TCP Transport Control Protocol
TLS Transport Layer Security
UDP User Datagram Protocol
URL Uniform Resource Locator
UTF Unicode Transformation Format
VLAN Virtual Local Area Network
VPN Virtual Private Network

1.2. Log Message Structure

All log messages have a common design with attributes that include category, severity and recommended actions. These attributes enable the easy filtering of log messages, either within cOS Core prior to sending them to a log receiver, or as part of analysis that takes place after the logging and storage of messages on an external log server.

The following information is provided for each specific log message:

Name

The name of the log message, which is a short string, 1-6 words separated by _. Please note that the name cannot be used as a unique identification of the log message, as several log messages might share the same name.

ID

The ID is a number made up of a string of 8 digits which uniquely identifies the log message. The first 3 digits identify the category to which the log message belongs.

[Note] Note

In this guide, the Name and the ID of the log message form the title of the section describing the log message. Also note that category IDs do not always form a perfectly sequential list. There are gaps where IDs have been removed during the evolution of the software. These gaps are discussed further in an article in the Clavister Knowledge Base at the following link:

https://kb.clavister.com/346366040

Category

Log messages are grouped into categories, where each category maps to a specific subsystem in cOS Core. For instance, the IPSEC category includes some hundreds of log messages, all related to IPSec VPN activities. Other examples of categories include ARP, DHCP, IGMP and USERAUTH.

In this guide, categories are listed as sections in Chapter 2, Log Message Reference.

As previously mentioned, the category is identified by the first 3 digits in the message ID. All messages in a particular category have the same first 3 digits in their ID.

Default Severity

The default severity level for this log message. For a list of severity levels, see section Section 1.4, Severity levels.

Log Message

A brief explanation of the event that took place. This explanation often features references to parameters, enclosed in angle brackets. Example:

Administrative user <username> logged in via <authsystem>. Access level: <access_level>

[Note] Note
This string is only included in log messages sent to Clavister Log Receivers.

Explanation

A detailed explanation of the event.

Note that this information is only featured in this reference guide and is never actually included in the log message.

Firewall Action

A short string, 1-3 words separated by _, of what action cOS Core will take. If the log message is purely informative, this is set to "None".

Recommended Action

A detailed recommendation of what the administrator should do if this log message is received. If the log message is purely informative, this is set to "None".

Note that this information is only featured in this reference guide, and is never actually included in the log message.

Revision

The current revision of the log message. This is increased each time a log message is changed between two releases.

Additional Information

Depending on the log message, the following information may also be included:

Parameters

The name of the parameters that are included in this log message. If a parameter is specified within square brackets (for example [username]), then the parameter is optional and may or may not be included in the log message.

Context Parameters

The name of the context parameters that are included in this log message. See Section 1.3, Context Parameters for a description of all available context parameters.

1.3. Context Parameters

In many cases, information regarding a certain object is featured in the log message. This can be information about, for example, a connection. In this case, the log message should, besides all the normal log message attributes, also include information about which protocol is used, source and destination IP addresses and ports (if applicable) and so on.

As the same information will be included in many log messages, these are referenced as a Context Parameter. So whenever a log message includes information about a connection, it will feature the CONN parameter in the Context Parameter list. This means that additional information about the connection will also be included in the log message.

A description of all available context parameters follows with an explanation of all the additional parameters. The names of the additional parameters are specified using the Syslog format.

[Note] Note
The additional parameters are formatted differently in the EFWLog format, giving them a more user friendly presentation.

ALG Module Name

The type of ALG related to an event. An ALG is always of a certain type, for example FTP, H323 or HTTP. This parameter specifies the name of the ALG sub-module, in order to quickly distinguish which type of ALG this is.
algmod
The name of the ALG sub-module.

ALG Session ID

The ALG session ID related to an event. Each ALG session has its own session ID, which uniquely identifies an ALG session. This is useful, for example, when matching the opening of an ALG session with the closure of the same ALG session.
algsesid
The session ID of an ALG session.

Packet Buffer

Information about the packet buffer related to an event. This can contain a large number of additional objects. Certain parameters may or may not be included, depending on the type of packet buffer. For example, the TCP flags are only included if the buffer contains the TCP protocol. The ICMP-specific parameters are only included if the buffer contains the ICMP protocol.
recvif
The name of the receiving interface.
recvzone
The zone assigned to the receiving interface.
[hwsender]

The sender hardware address. Valid if the protocol is ARP.

[hwdest]

The destination hardware address. Valid if the protocol is ARP.

[arp]

The ARP state. Valid if the protocol is ARP. Possible values: request|reply.

[srcip]

The source IP Address. Valid if the protocol is not ARP.

[destip]

The destination IP Address. Valid if the protocol is not ARP.

iphdrlen
The IP header length.
[fragoffs]

Fragmentation offset. Valid if the IP packet is fragmented.

[fragid]

Fragmentation ID. Valid if the IP packet is fragmented.

ipproto
The IP Protocol.
ipdatalen
The IP data length.
[srcport]

The source port. Valid if the protocol is TCP or UDP.

[destport]

The destination port. Valid if the protocol is TCP or UDP.

[tcphdrlen]

The TCP header length. Valid if the protocol is TCP.

[udptotlen]

The total UDP data length. Valid if the protocol is UDP.

[[tcpflag]=1]

The specific TCP flag is set. Valid if the protocol is TCP. Possible values for tcpflag: syn, rst, ack, psh, fin, urg, ece, cwr and ns.

[icmptype]

The ICMP sub-protocol name. Valid if the protocol is ICMP.

[echoid]

The ICMP echo ID. Valid if the protocol is ICMP and sub-protocol is echo.

[echoseq]

The ICMP echo sequence number. Valid if the protocol is ICMP and sub-protocol is echo.

[unreach]

The ICMP destination unreachable code. Valid if the protocol is ICMP and sub-protocol is destination unreachable.

[redirect]

The ICMP redirect code. Valid if the protocol is ICMP and sub-protocol is redirect.

[icmpcode]

The ICMP sub-protocol code. Valid if the protocol is ICMP and sub-protocol is not echo, destination unreachable or redirect.

Connection

Additional information about a connection that generated the event. Certain parameters may or may not be included depending on the type and status of the connection. For example, the number of bytes sent by the originator and terminator is only included if the connection is closed.

conn

The status of the connection. Possible values: open, close, closing and unknown.

connipproto
The IP protocol used in this connection.
connrecvif
The name of the receive interface.
connrecvzone
The zone assigned to the receiving interface.
connsrcip
The source IP address.
connsrcmac
The source MAC address.
connsrcdevice
The source device type.
[connsrcport]

The source port. Valid if the protocol is TCP or UDP.

[connsrcidt]

The source ID. Valid if the protocol is not TCP or UDP.

conndestif
The name of the destination interface.
conndestzone
The zone assigned to the destination interface.
conndestip
The destination IP address.
conndestmac
The destination MAC address.
conndestdevice
The destination device type.
[conndestport]

The destination port. Valid if the protocol is TCP or UDP.

[conndestidt]

The destination ID. Valid if the protocol is not TCP or UDP.

[origsent]

The number of bytes sent by the originator in this connection. Valid if the connection is closing or closed.

[termsent]

The number of bytes sent by the terminator in this connection. Valid if the connection is closing or closed.

IDP

Specifies the name and a description of the signature that triggered this event.
[Note] Note
For IDP log messages an additional log receiver, an SMTP log receiver, can be configured. This information is only sent to log receives of that kind and not included in the Syslog or EFWLog format.

Dropped Fragments

Specifies detailed information about dropped fragments in a packet.
[Note] Note
This information is only sent in the EFWLog format

Rule Name

Specifies the name of the rule set entry that was triggered to generate this event.

rule
The name of the rule.

Rule Information

Additional information about the rule set entry that generated this event. Certain parameters may or may not be included, depending on the type of entry. For example, the name of an authenticated user is only included if this rule contains network objects that have user authentication information in them.

rule
The name of the rule.
[satsrcrule]

The name of the SAT source rule. Valid if the rule action is SAT.

[satdestrule]

The name of the SAT destination rule. Valid if the rule action is SAT.

[srcusername]

The name of the authenticated user in the source network object. Valid if the source network object has user authentication information.

[destusername]

The name of the authenticated user in the destination network object. Valid if the destination network object has user authentication information.

User Authentication

Additional information about a user authentication event.

authrule
The name of the user authentication rule.
authagent
The name of the user authentication agent.
authevent

The user authentication event that occurred. Possible values: login, logout, timedout, disallowed_login, accounting and unknown.

username
The name of the user that triggered this event.
srcip
The source IP address of the user that triggered this event.

OSPF

Additional information about an OSPF event.

logsection

The OSPF section Possible values: packet, hello, ddesc, exchange, lsa, spf, route and unknown.

loglevel
The log level value.

OSPF LSA

Additional information about OSPF LSA.

lsatype

The LSA type Possible values: Router, network, IP summary, ASBR summary and AS external.

lsaid
The LSA identifier.
lsaadvrtr
The originating router for the LSA.

Dynamic Route

Additional information about a dynamic route event.

event

The dynamic routing event that occurred. Possible values: add, remove, modify, export, unexport and unknown.

from
Originating router process.
to
Destination router process.

Route

Additional information about a route event.

route
Route network.
routeiface
Route destination interface.
routezone
The zone assigned to the destination interface.
routegw
Route gateway.
routemetric
Route metric (cost).

Deep Inspection

Additional information about a deep inspection event.

UINT64

Additional information about a UINT64 event.

1.4. Severity levels

An event has a default severity level, based on how serious the event is. The following eight severity levels are possible, as defined by the Syslog protocol:

0 - Emergency
Emergency conditions, which most likely led to the system being unusable.
1 - Alert
Alert conditions, which affected the functionality of the unit. Needs attention immediately.
2 - Critical
Critical conditions, which affected the functionality of the unit. Action should be taken as soon as possible.
3 - Error
Error conditions, which probably affected the functionality of the unit.
4 - Warning
Warning conditions, which could affect the functionality of the unit.
5 - Notice
Normal, but significant, conditions.
6 - Informational
Informational conditions.
7 - Debug
Debug level events.

Priority in Syslog Messages

In Syslog messages the priority is indicated by the parameter prio=nn.

Excluding Logged Messages

cOS Core allows the exclusion from logging of entire catageories of log messages or just specific log messages. It is also possible to change the severity level of log messages so that a specific category or a specific message has the severity reset to a particular level when it is sent by cOS Core. These features are documented further in the cOS Core Administrators Guide.

Chapter 2: Log Message Reference

[Note] Sort Order
All log messages are sorted by their category and then by their ID number.

2.1. ALG

These log messages refer to the ALG (Events from Application Layer Gateways) category.

2.1.1. alg_session_open (ID: 00200001)

Default Severity
INFORMATIONAL
Log Message
ALG session opened
Explanation
A new ALG session has been opened.
Firewall Action
None
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.2. alg_session_closed (ID: 00200002)

Default Severity
INFORMATIONAL
Log Message
ALG session closed
Explanation
An ALG session has been closed.
Firewall Action
None
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.3. max_line_length_exceeded (ID: 00200003)

Default Severity
ERROR
Log Message
Maximum line length <max> exceeded, got <len> characters. Closing connection
Explanation
The maximum length of an entered line was exceeded and the connection will be closed.
Firewall Action
close
Recommended Action
If the maximum line length is configued too low, increase it.
Revision
1
Parameters
len
max
Context Parameters
ALG Module Name
ALG Session ID

2.1.4. alg_session_allocation_failure (ID: 00200009)

Default Severity
CRITICAL
Log Message
Failed to allocate ALG session
Explanation
The system failed to allocate an ALG session. The reason for this is either that the total number of concurrent ALG sessions has been reached or that the system has run out of memory.
Firewall Action
None
Recommended Action
Increase the number of ALG sessions on services configured with ALGs or try to free up some RAM depending on the situation.
Revision
1

2.1.5. invalid_client_http_header_received (ID: 00200100)

Default Severity
WARNING
Log Message
HTTPALG: Invalid HTTP header was received from the client. Closing Connection. ALG name: <algname>.
Explanation
An invalid HTTP header was received from the client.
Firewall Action
close
Recommended Action
Research the source of this and try to find out why the client is sending an invalid header.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.6. invalid_url_format (ID: 00200101)

Default Severity
ERROR
Log Message
HTTPALG: Failed to parse the URL requested by the client: <reason>. ALG name: <algname>.
Explanation
The unit failed parsing the requested URL. The reason for this is probably because the requested URL has an invalid format, or it contains invalid UTF8 formatted characters.
Firewall Action
close
Recommended Action
Make sure that the requested URL is formatted correctly.
Revision
1
Parameters
reason
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.7. allow_unknown_protocol (ID: 00200102)

Default Severity
NOTICE
Log Message
Allowing unknown protocol. ALG name: <algname>.
Explanation
Invalid protocol data received from the client. The connection will be allowed to pass through without inspection according to the configuration.
Firewall Action
allow
Recommended Action
If unknown protocols should be blocked, change the configuration.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.8. allow_unknown_protocol (ID: 00200103)

Default Severity
NOTICE
Log Message
Allowing unknown protocol. ALG name: <algname>.
Explanation
Invalid protocol data received from the server. The connection will be allowed to pass through without inspection according to the configuration.
Firewall Action
allow
Recommended Action
If unknown protocols should be blocked, change the configuration.
Revision
2
Parameters
algname
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.1.9. wcf_srv_connection_error (ID: 00200104)

Default Severity
ERROR
Log Message
HTTPALG: HTTP request not validated by Web Content Filter and denied.
Explanation
The Web Content Filtering servers could not be contacted. The request has been denied since fail-mode parameter is in deny mode.
Firewall Action
deny
Recommended Action
Investigate why the Web Content Filtering servers cannot be reached.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.10. unknown_client_data_received (ID: 00200105)

Default Severity
WARNING
Log Message
HTTPALG: Invalid client request - unexpected data received after the client request header. Closing connection. ALG name: <algname>.
Explanation
Data was received after the client request header, although the header specified that no such data should be sent.
Firewall Action
closing_connection
Recommended Action
Research the source of this and try to find out why the client is sending an invalid request.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.11. suspicious_data_received (ID: 00200106)

Default Severity
WARNING
Log Message
HTTPALG: Too much suspicious data has been received from the server. Closing the connection. ALG name: <algname>.
Explanation
The unit is configured to do content blocking, but the data from the server contains too much suspicious data. The unit can not properly determin if this data is a valid or if it should be blocked.
Firewall Action
closing_connection
Recommended Action
Research the source of this and try to find out why the server is sending such large amounts of suspicious data.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.12. invalid_chunked_encoding (ID: 00200107)

Default Severity
WARNING
Log Message
HTTPALG: The server sent invalid chunked encoding. Closing connection. ALG name: <algname>.
Explanation
The data received from the server was sent in chunked mode, but it was not properly formatted.
Firewall Action
closing_connection
Recommended Action
Research the source of this and try to find out why the server is sending invalid formatted chunked data.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.13. invalid_server_http_header_received (ID: 00200108)

Default Severity
WARNING
Log Message
HTTPALG: An invalid HTTP header was received from the server. Closing connection. ALG name: <algname>.
Explanation
An invalid HTTP header was received from the server.
Firewall Action
closing_connection
Recommended Action
Research the source of this and try to find out why the server is sending an invalid header.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.14. compressed_data_received (ID: 00200109)

Default Severity
ERROR
Log Message
HTTPALG: Compressed data was received from the server, although uncompressed was requested. Closing connection. ALG name: <algname>.
Explanation
The unit requested that no compressed data should be used, but the server ignored this and sent compressed data anyway. As content processing will not work if the data is compressed, the connection will be closed.
Firewall Action
close
Recommended Action
Research the source of this and try to find out why the server is sending compressed data.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.15. max_http_sessions_reached (ID: 00200110)

Default Severity
WARNING
Log Message
HTTPALG: Maximum number of HTTP sessions (<max_sessions>) for service reached. Closing connection
Explanation
The maximum number of concurrent HTTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of HTTP sessions is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.16. failed_create_new_session (ID: 00200111)

Default Severity
CRITICAL
Log Message
HTTPALG: Failed to create new HTTPALG session (out of memory)
Explanation
An attempt to create a new HTTPALG session failed, because the unit is out of memory.
Firewall Action
close
Recommended Action
Decrease the maximum allowed HTTPALG sessions, or try to free some of the RAM used.
Revision
2
Context Parameters
ALG Module Name

2.1.17. failure_connect_http_server (ID: 00200112)

Default Severity
ERROR
Log Message
HTTPALG: Failed to connect to the HTTP Server. Closing connection. ALG name: <algname>.
Explanation
The unit failed to connect to the HTTP Server, resulting in that the ALG session could not be successfully opened.
Firewall Action
close
Recommended Action
Verify that there is a listening HTTP Server on the specified address.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.18. content_type_mismatch (ID: 00200113)

Default Severity
NOTICE
Log Message
HTTPALG: Content type mismatch in file <filename>. Identified filetype <filetype>
Explanation
The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
Firewall Action
block_data
Recommended Action
None
Revision
1
Parameters
filename
filetype
contenttype
Context Parameters
ALG Module Name
ALG Session ID

2.1.19. wcf_override_full (ID: 00200114)

Default Severity
ERROR
Log Message
HTTPALG: WCF override cache full
Explanation
The WCF override hash is full. The oldest least used value will be replaced.
Firewall Action
replace
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.20. no_valid_license (ID: 00200115)

Default Severity
ERROR
Log Message
HTTPALG: Web Content Filtering disabled
Explanation
Web Content Filtering has been disabled due to license restriction.
Firewall Action
content_filtering_disabled
Recommended Action
Extend valid time for Content Filtering.
Revision
3
Context Parameters
ALG Module Name

2.1.21. max_download_size_reached (ID: 00200116)

Default Severity
WARNING
Log Message
HTTPALG: The file <filename> with file size <filesize>kB exceeds the maximum allowed download size <max_download_size>kB. Closing connection
Explanation
The data received from the server exceeds the maximum allowed download file size, the request is rejected and the connection is closed.
Firewall Action
close
Recommended Action
If the configurable maximum download size is too low, increase it.
Revision
2
Parameters
filename
filesize
max_download_size
Context Parameters
ALG Module Name
ALG Session ID

2.1.22. blocked_filetype (ID: 00200117)

Default Severity
NOTICE
Log Message
HTTPALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list.
Explanation
The file is present in the block list. It will be blocked as per configuration.
Firewall Action
block
Recommended Action
If this file should be allowed, update the ALLOW/BLOCK list.
Revision
2
Parameters
filename
filetype
Context Parameters
ALG Module Name
ALG Session ID

2.1.23. out_of_memory (ID: 00200118)

Default Severity
CRITICAL
Log Message
HTTPALG: Failed to allocate memory
Explanation
The unit does not have enough available RAM. WCF could not allocate memory for override functionality.
Firewall Action
None
Recommended Action
Try to free up some RAM by changing configuration parameters.
Revision
1
Context Parameters
ALG Module Name

2.1.24. wcf_servers_unreachable (ID: 00200119)

Default Severity
CRITICAL
Log Message
HTTPALG: Failed to connect to web content servers
Explanation
Web Content Filtering was unable to connect to the Web Content Filtering servers.
Firewall Action
None
Recommended Action
Verify that the unit has been configured with Internet access.
Revision
2
Context Parameters
ALG Module Name

2.1.25. wcf_srv_connection_error (ID: 00200120)

Default Severity
ERROR
Log Message
HTTPALG: HTTP request not validated by Web Content Filter and allowed.
Explanation
The Web Content Filtering servers could not be contacted. The request has been allowed since fail-mode parameter is in allow mode.
Firewall Action
allow
Recommended Action
Investigate why the Web Content Filtering servers cannot be reached.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.26. wcf_server_unreachable (ID: 00200121)

Default Severity
ERROR
Log Message
HTTPALG: Failed to connect to web content server <failedserver>
Explanation
Web Content Filtering was unable to connect to the Web Content Filtering server. The system will try to contact one of the backup servers.
Firewall Action
switching_server
Recommended Action
None
Revision
1
Parameters
failedserver
Context Parameters
ALG Module Name

2.1.27. wcf_connecting (ID: 00200122)

Default Severity
INFORMATIONAL
Log Message
HTTPALG:Connecting to web content server <server>
Explanation
Connecting to Web Content Filtering server.
Firewall Action
connecting
Recommended Action
None
Revision
1
Parameters
server
Context Parameters
ALG Module Name

2.1.28. wcf_server_connected (ID: 00200123)

Default Severity
INFORMATIONAL
Log Message
HTTPALG: Web content server <server> connected
Explanation
The connection with the Web Content server has been established.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
server
Context Parameters
ALG Module Name

2.1.29. wcf_primary_fallback (ID: 00200124)

Default Severity
INFORMATIONAL
Log Message
HTTPALG: Falling back from secondary servers to primary server
Explanation
Web Content Filtering falls back to primary server after 60 minutes or when a better server has been detected.
Firewall Action
None
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.30. request_url (ID: 00200125)

Default Severity
NOTICE
Log Message
HTTPALG: Requesting URL <url>. Categories: <categories>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation
The URL has been requested.
Firewall Action
allow
Recommended Action
None
Revision
2
Parameters
categories
audit
override
url
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.31. request_url (ID: 00200126)

Default Severity
NOTICE
Log Message
HTTPALG: Requesting URL <url>. Categories: <categories>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation
The URL has been requested.
Firewall Action
block
Recommended Action
None
Revision
2
Parameters
categories
audit
override
url
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.32. wcf_server_auth_failed (ID: 00200127)

Default Severity
ERROR
Log Message
HTTPALG: Failed to authenticate with WCF server
Explanation
The WCF service could not authenticate with the WCF server.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
failedserver
Context Parameters
ALG Module Name

2.1.33. wcf_server_bad_reply (ID: 00200128)

Default Severity
ERROR
Log Message
HTTPALG: Failed to parse WCF server response
Explanation
The WCF service could not parse the server response. The WCF transmission queue is reset and a new server connection will be established.
Firewall Action
restarting
Recommended Action
None
Revision
1
Parameters
failedserver
Context Parameters
ALG Module Name

2.1.34. request_url (ID: 00200129)

Default Severity
NOTICE
Log Message
HTTPALG: Requesting URL <url>. Categories: <categories>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation
The URL has been requested.
Firewall Action
allow_audit_mode
Recommended Action
None
Revision
2
Parameters
categories
audit
override
url
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.35. out_of_memory (ID: 00200130)

Default Severity
CRITICAL
Log Message
HTTPALG: Failed to allocate memory
Explanation
The unit does not have enough available RAM.
Firewall Action
None
Recommended Action
Try to free up some RAM by changing configuration parameters.
Revision
1
Context Parameters
ALG Module Name

2.1.36. wcf_bad_sync (ID: 00200131)

Default Severity
ERROR
Log Message
HTTPALG: WCF request out of sync
Explanation
The WCF response received from the server did not match the expected value. The requested URL is treaded as unknown category.
Firewall Action
compensating
Recommended Action
None
Revision
1
Parameters
url_orig
url_req
url_reply
Context Parameters
ALG Module Name

2.1.37. restricted_site_notice (ID: 00200132)

Default Severity
WARNING
Log Message
HTTPALG: User requests the forbidden URL <url>, even though Restricted Site Notice was applied. ALG name: <algname>.
Explanation
The URL has been requested and the categories are forbidden. Restricted Site Notice was applied.
Firewall Action
allow
Recommended Action
Disable the RESTRICTED_SITE_NOTICE mode of parameter CATEGORIES for this ALG.
Revision
3
Parameters
url
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.38. url_reclassification_request (ID: 00200133)

Default Severity
WARNING
Log Message
HTTPALG: Reclassification request for URL <url>. New Category <newcat>. ALG name: <algname>.
Explanation
The user has requested a category reclassification for the URL.
Firewall Action
allow
Recommended Action
Disable the ALLOW_RECLASSIFICATION mode of parameter CATEGORIES for this ALG.
Revision
2
Parameters
newcat
url
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.39. wcf_server_disconnected (ID: 00200134)

Default Severity
INFORMATIONAL
Log Message
HTTPALG: Web content server <server> disconnected
Explanation
The Web Content server has closed the connection.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
server
Context Parameters
ALG Module Name

2.1.40. request_url (ID: 00200135)

Default Severity
NOTICE
Log Message
HTTPALG: Requesting URL <url>. Categories: <categories>. User: <user>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation
The URL has been requested.
Firewall Action
allow
Recommended Action
None
Revision
2
Parameters
categories
audit
override
url
user
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.41. request_url (ID: 00200136)

Default Severity
NOTICE
Log Message
HTTPALG: Requesting URL <url>. Categories: <categories>. User: <user>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation
The URL has been requested.
Firewall Action
allow_audit_mode
Recommended Action
None
Revision
3
Parameters
categories
audit
override
url
user
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.42. request_url (ID: 00200137)

Default Severity
NOTICE
Log Message
HTTPALG: Requesting URL <url>. Categories: <categories>. User: <user>. Audit: <audit>. Override: <override>. ALG name: <algname>.
Explanation
The URL has been requested.
Firewall Action
block
Recommended Action
None
Revision
3
Parameters
categories
audit
override
url
user
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.43. restricted_site_notice (ID: 00200138)

Default Severity
WARNING
Log Message
HTTPALG: User requests the forbidden URL <url>, even though Restricted Site Notice was applied. User: <user>. ALG name: <algname>.
Explanation
The URL has been requested and the categories are forbidden. Restricted Site Notice was applied.
Firewall Action
allow
Recommended Action
Disable the RESTRICTED_SITE_NOTICE mode of parameter CATEGORIES for this ALG.
Revision
4
Parameters
url
user
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.44. url_reclassification_request (ID: 00200139)

Default Severity
WARNING
Log Message
HTTPALG: Reclassification request for URL <url>. New Category <newcat>. User: <user>. ALG name: <algname>.
Explanation
The user has requested a category reclassification for the URL.
Firewall Action
allow
Recommended Action
Disable the ALLOW_RECLASSIFICATION mode of parameter CATEGORIES for this ALG.
Revision
3
Parameters
newcat
url
user
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.45. wcf_mem_optimized (ID: 00200140)

Default Severity
DEBUG
Log Message
HTTPALG: Optimizing WCF memory usage
Explanation
The Web Content Filtering subsystem has optimized its memory usage and freed up some memory. This is a normal condition and does not affect functionality nor performance.
Firewall Action
optimizing
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.46. out_of_memory (ID: 00200141)

Default Severity
CRITICAL
Log Message
HTTPALG: Failed to allocate memory
Explanation
The system failed to allocate memory and the HTTP session will be closed.
Firewall Action
close
Recommended Action
Decrease the maximum allowed HTTPALG sessions, or try to free some of the RAM used.
Revision
1
Context Parameters
ALG Module Name

2.1.47. wcf_performance_notice (ID: 00200142)

Default Severity
INFORMATIONAL
Log Message
HTTPALG: WCF Performance notice
Explanation
Information about the current WCF performance.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
cache_size
cache_repl_per_sec
trans_per_sec
queue_len
in_transit
rtt
queue_delta_per_sec
server
srv_prec
Context Parameters
ALG Module Name

2.1.48. wcf_server_timeout (ID: 00200143)

Default Severity
ERROR
Log Message
HTTPALG: WCF request timeout
Explanation
The WCF server took too long time to reply. A new connection attempt is in progress.
Firewall Action
reconnecting
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.49. invalid_http_syntax (ID: 00200144)

Default Severity
ERROR
Log Message
HTTPALG: Invalid HTTP syntax seen in <type>.
Explanation
The HTTPALG received malformed HTTP syntax and closed the connection.
Firewall Action
close
Recommended Action
Investigate why malformed HTTP syntax was received.
Revision
1
Parameters
type
reason
algname
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.1.50. intercept_page_failed (ID: 00200145)

Default Severity
DEBUG
Log Message
HTTPALG: Failed to send interception page to client
Explanation
The HTTPALG failed to send an interception page to the client.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
pagetype
send
algname
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.1.51. disallowed_user_agent (ID: 00200146)

Default Severity
WARNING
Log Message
HTTPALG: Disallowed user-agent <ua>.
Explanation
The HTTPALG blocked access for a browser with a disallowed user-agent string.
Firewall Action
close
Recommended Action
If this user-agent string should be allowed, add it to the list of allowed user-agent strings in the ALG configuration.
Revision
1
Parameters
ua
algname
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.1.52. http_pipeline_full (ID: 00200147)

Default Severity
ERROR
Log Message
HTTPALG: Maximum number of pipelinined requests per session reached.
Explanation
The maximum number of unanswered pipelined HTTP requests has been reached. This can be a malicious attempt to drain the firewall of resources. The connection is closed.
Firewall Action
close
Recommended Action
Investigate which client and software that sends this many pipelinied requests and see if they can be reconfigured.
Revision
2
Parameters
count
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.53. protocol_upgrade_denied (ID: 00200148)

Default Severity
WARNING
Log Message
HTTPALG: Protocol upgrade denied
Explanation
The HTTPALG blocked a socket upgrade e.g. websocket. The connection is no longer allowed.
Firewall Action
close
Recommended Action
Modify the configuration is socket upgrades should be allowed.
Revision
1
Parameters
type
algname
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.1.54. protocol_upgrade (ID: 00200149)

Default Severity
NOTICE
Log Message
HTTPALG: Protocol Upgrade
Explanation
The HTTPALG allowed a socket upgrade e.g. websocket. No more content inspection will be made on this connection.
Firewall Action
allow
Recommended Action
Modify the configuration if socket upgrades should not be allowed.
Revision
1
Parameters
type
algname
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.1.55. max_smtp_sessions_reached (ID: 00200150)

Default Severity
WARNING
Log Message
SMTPALG: Maximum number of SMTP sessions (<max_sessions>) for service reached. Closing connection
Explanation
The maximum number of concurrent SMTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of SMTP sessions is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.56. maximum_email_per_minute_reached (ID: 00200151)

Default Severity
WARNING
Log Message
SMTPALG: Maximum number of emails per client and minute reached.
Explanation
Client is trying to send emails at a rate higher than the configured value.
Firewall Action
session_rejected
Recommended Action
This can be a possible DoS attack.
Revision
3
Parameters
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.1.57. failed_create_new_session (ID: 00200152)

Default Severity
CRITICAL
Log Message
SMTPALG: Failed to create new SMTPALG session (out of memory)
Explanation
An attempt to create a new SMTPALG session failed. The unit has run out of memory.
Firewall Action
close
Recommended Action
Decrease the maximum allowed SMTPALG sessions, or try to free some of the RAM used.
Revision
2
Context Parameters
ALG Module Name

2.1.58. failed_connect_smtp_server (ID: 00200153)

Default Severity
ERROR
Log Message
SMTPALG: Failed to connect to the SMTP Server. Closing the connection.
Explanation
The SMTP ALG could not connect to the receiving SMTP server, resulting in that the ALG session could not be successfully opened.
Firewall Action
close
Recommended Action
None
Revision
3
Context Parameters
ALG Module Name
ALG Session ID

2.1.59. invalid_server_response (ID: 00200155)

Default Severity
ERROR
Log Message
SMTPALG: Could not parse server response code
Explanation
The SMTP ALG failed to parse the SMTP response code from server.
Firewall Action
close
Recommended Action
If possible, verify response codes sent from server.
Revision
3
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.1.60. sender_email_id_mismatched (ID: 00200156)

Default Severity
WARNING
Log Message
SMTPALG: Mismatching sender address
Explanation
The SMTP "MAIL FROM:" command does not match the "From:" header. The e-mail will be tagged as spam.
Firewall Action
spam tag
Recommended Action
Disable the Verify E-Mail Sender ID setting if you experience that valid e-mails are being wrongly tagged.
Revision
3
Parameters
sender_email_address
recipient_email_addresses
data_sender_address
Context Parameters
ALG Module Name
ALG Session ID

2.1.61. sender_email_id_mismatched (ID: 00200157)

Default Severity
WARNING
Log Message
SMTPALG: Mismatching sender address
Explanation
The SMTP "MAIL FROM:" command does not match the "From:" header. The transaction will be denied.
Firewall Action
reject
Recommended Action
Disable the Verify E-Mail Sender ID setting if you experience that valid e-mails are being wrongly blocked.
Revision
3
Parameters
sender_email_address
recipient_email_addresses
data_sender_address
Context Parameters
ALG Module Name
ALG Session ID

2.1.62. sender_email_id_is_in_blacklist (ID: 00200158)

Default Severity
WARNING
Log Message
SMTPALG: Sender e-mail address is in Black List
Explanation
Since "MAIL FROM:" Email Id is in Black List, SMTP ALG rejected the Client request.
Firewall Action
reject
Recommended Action
None
Revision
1
Parameters
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.1.63. recipient_email_id_in_blacklist (ID: 00200159)

Default Severity
WARNING
Log Message
SMTPALG: Recipient e-mail address is in Black List
Explanation
Since "RCPT TO:" e-mail address is in Black List, SMTP ALG rejected the client request.
Firewall Action
reject
Recommended Action
None
Revision
1
Parameters
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID

2.1.64. some_recipient_email_ids_are_in_blocklist (ID: 00200160)

Default Severity
WARNING
Log Message
SMTPALG: Some recipients email id are in Black List
Explanation
Since some "RCPT TO:" Email ids are in Black List, SMTP ALG has blocked mail to those recipients.
Firewall Action
reject
Recommended Action
Emails can be forwarded only to the Non-Black List users.
Revision
1
Parameters
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID

2.1.65. base64_decode_failed (ID: 00200164)

Default Severity
ERROR
Log Message
SMTPALG: Base 64 decode failed. Attachment blocked
Explanation
The base64 encoded attachment could not be decoded. This can occur if the email sender sends incorrectly formatted data. The attachment has been blocked.
Firewall Action
block_allow
Recommended Action
Research how the sender is encoding the data.
Revision
2
Parameters
filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID

2.1.66. base64_decode_failed (ID: 00200165)

Default Severity
ERROR
Log Message
SMTPALG: Base 64 decode failed. Attachment is allowed
Explanation
The data sent to Base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. Fail-mode is set to allow so date will be forwared.
Firewall Action
allow_block
Recommended Action
Research how the sender is encoding the data.
Revision
2
Parameters
filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID

2.1.67. blocked_filetype (ID: 00200166)

Default Severity
NOTICE
Log Message
SMTPALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list.
Explanation
The file is present in the block list. It will be blocked as per configuration.
Firewall Action
block
Recommended Action
If this file should be allowed, update the ALLOW/BLOCK list.
Revision
2
Parameters
filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID

2.1.68. content_type_mismatch (ID: 00200167)

Default Severity
WARNING
Log Message
SMTPALG: Content type mismatch in file <filename>. Identified filetype <filetype>
Explanation
The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
Firewall Action
block_data
Recommended Action
None
Revision
4
Parameters
filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID

2.1.69. max_email_size_reached (ID: 00200170)

Default Severity
WARNING
Log Message
SMTPALG: Maximum email size limit <max_email_size>kb reached
Explanation
Email body and all attachments size of email has crossed the limitation.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
sender_email_address
recipient_email_addresses
max_email_size
Context Parameters
ALG Module Name
ALG Session ID

2.1.70. content_type_mismatch_mimecheck_disabled (ID: 00200171)

Default Severity
NOTICE
Log Message
SMTPALG: Content type mismatch found for the file <filename>. It is identified as type <filetype> file
Explanation
Received type of data in the packet and its actual type do not match. As there is a mismatch and mime type check is disabled, the data will be allowed.
Firewall Action
allow
Recommended Action
Content type should be matched.
Revision
3
Parameters
filename
filetype
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID

2.1.71. all_recipient_email_ids_are_in_blocklist (ID: 00200172)

Default Severity
WARNING
Log Message
SMTPALG: All recipients e-mail addresses are in Black List
Explanation
Since "RCPT TO:" email ids are in Black List, SMTP ALG rejected the client request.
Firewall Action
reject
Recommended Action
None
Revision
1
Parameters
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID

2.1.72. out_of_memory (ID: 00200175)

Default Severity
ALERT
Log Message
SMTPALG: Failed to allocate memory (out of memory)
Explanation
An attempt to allocate memory failed.
Firewall Action
close
Recommended Action
Try to free up unwanted memory.
Revision
3
Context Parameters
ALG Module Name
ALG Session ID

2.1.73. invalid_end_of_mail (ID: 00200176)

Default Severity
WARNING
Log Message
SMTPALG: Invalid end of mail "\\n.\\n" received.
Explanation
The client is sending invalid end of mail. Transaction will be terminated.
Firewall Action
block
Recommended Action
Research how the client is sending invalid end of mail.
Revision
1
Parameters
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID

2.1.74. dnsbl_init_error (ID: 00200177)

Default Severity
ERROR
Log Message
DNSbl internal error
Explanation
The email could not be checked for spam. Email will be processed without spam checks.
Firewall Action
None
Recommended Action
None
Revision
2
Context Parameters
ALG Module Name
ALG Session ID

2.1.75. cmd_too_long (ID: 00200179)

Default Severity
ERROR
Log Message
SMTPALG: Command line too long
Explanation
The SMTP Command line exceeds the maximum command length of 712 characters. (RFC 2821 Ch. 4.5.3.1 says 512).
Firewall Action
reject
Recommended Action
None
Revision
2
Context Parameters
ALG Module Name
ALG Session ID

2.1.76. failed_send_reply_code (ID: 00200181)

Default Severity
ERROR
Log Message
SMTPALG: Could not send error code to client
Explanation
The SMTP ALG failed to send an error response code to the client.
Firewall Action
None
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.77. smtp_no_header (ID: 00200184)

Default Severity
WARNING
Log Message
SMTPALG: Email without SMTP headers received
Explanation
The SMTP ALG received an email without headers.
Firewall Action
allow
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.78. unsupported_extension (ID: 00200185)

Default Severity
INFORMATIONAL
Log Message
SMTPALG: Removed capability <capa> from EHLO response
Explanation
The SMTP ALG removed the [capa] capability from the EHLO response since the ALG does not support the specified extension.
Firewall Action
capability_removed
Recommended Action
None
Revision
1
Parameters
capa
Context Parameters
ALG Module Name
ALG Session ID

2.1.79. cmd_pipelined (ID: 00200186)

Default Severity
ERROR
Log Message
SMTPALG: Received pipelined request.
Explanation
The SMTP ALG does not support pipelined requests. The appearance of this log message indicates that the client used PIPELINING even though it was removed from capability list.
Firewall Action
reject
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.80. smtp_state_violation (ID: 00200190)

Default Severity
WARNING
Log Message
SMTPALG: State violation: <violation>.
Explanation
The client sent an invalid sequence of commands. The protocol violation is explained by the [violation] parameter.
Firewall Action
reject
Recommended Action
None
Revision
1
Parameters
violation
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.1.81. sender_email_dnsbl_spam_mark_removed_by_whitelist (ID: 00200195)

Default Severity
WARNING
Log Message
SMTPALG: Whitelist override DNSBL result for Email.
Explanation
Email was marked as SPAM by DNSBL. As Email Id was matched in whitelist, this mark is removed.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.1.82. request_url_redirected (ID: 00200200)

Default Severity
NOTICE
Log Message
HTTPALG: Requesting URL <url> redirected to <redirect>. ALG name: <algname>.
Explanation
The request has been redirected.
Firewall Action
allow
Recommended Action
None
Revision
1
Parameters
redirect
url
user
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.83. illegal_data_direction (ID: 00200202)

Default Severity
ERROR
Log Message
FTPALG: TCP data from <peer> not allowed in this direction. Closing connection
Explanation
TCP Data was sent in an invalid direction and the connection will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Rule Information
Connection

2.1.84. hybrid_data (ID: 00200206)

Default Severity
INFORMATIONAL
Log Message
FTPALG: Hybrid connection made
Explanation
A hybrid connection was successfully created.
Firewall Action
None
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name
ALG Session ID
Rule Information
Connection

2.1.85. hybrid_data (ID: 00200209)

Default Severity
INFORMATIONAL
Log Message
FTPALG: Hybrid data channel closed
Explanation
A hybrid data channel was closed.
Firewall Action
None
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name
ALG Session ID
Rule Information
Connection

2.1.86. illegal_chars (ID: 00200210)

Default Severity
WARNING
Log Message
FTPALG: 8 bit characters in control channel from <peer> not allowed. Closing connection
Explanation
8 bit characters were discovered in the control channel. This is not allowed according to the FTPALG configuration and the connection will be closed.
Firewall Action
close
Recommended Action
If 8 bit characters should be allowed, modify the FTPALG configuration.
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.87. control_chars (ID: 00200211)

Default Severity
WARNING
Log Message
FTPALG: Unexpected telnet control chars in control channel from <peer>. Closing connection
Explanation
Unexpected telnet control characters were discovered in the control channel. This is not allowed according to the FTPALG configuration and the connection will be closed.
Firewall Action
close
Recommended Action
If unknown commands should be allowed, modify the FTPALG configuration.
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.88. illegal_command (ID: 00200212)

Default Severity
WARNING
Log Message
FTPALG: Failed to parse command from <peer> as a FTP command. String=<string>. Closing connection
Explanation
An invalid command was received on the control channel. This is not allowed and the connection will be closed.
Firewall Action
close
Recommended Action
If unknown commands should be allowed, modify the FTPALG configuration.
Revision
1
Parameters
peer
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.89. illegal_command (ID: 00200213)

Default Severity
WARNING
Log Message
FTPALG: Failed to parse command from <peer> as a FTP command. String=<string>. Rejecting command
Explanation
An invalid command was received on the control channel. This is allowed, but the command will be rejected as it is not understood.
Firewall Action
rejecting_command
Recommended Action
If unknown commands should not be allowed, modify the FTPALG configuration.
Revision
1
Parameters
peer
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.90. port_command_disabled (ID: 00200214)

Default Severity
WARNING
Log Message
FTPALG: PORT command not allowed from <peer>. Rejecting command
Explanation
The client tried to issue a "PORT" command, which is not valid since the client is not allowed to do active FTP. The command will be rejected.
Firewall Action
rejecting_command
Recommended Action
If the client should be allowed to do active FTP, modify the FTPALG configuration.
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.91. illegal_command (ID: 00200215)

Default Severity
WARNING
Log Message
FTPALG: Failed to parse PORT parameters from <peer>. String=<string>. Closing connection
Explanation
Invalid parameters to the "PORT" command were received. The connection will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.92. illegal_ip_address (ID: 00200216)

Default Severity
CRITICAL
Log Message
FTPALG: Illegal PORT command from <peer>, bad IP address <ip4addr>. String=<string>. Rejecting command
Explanation
An illegal "PORT" command was received from the client. It requests that the server should connect to another IP than its own. This is not allowed and the command will be rejected.
Firewall Action
rejecting_command
Recommended Action
The FTP client could be compromised and should not be trusted.
Revision
1
Parameters
peer
ip4addr
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.93. illegal_port_number (ID: 00200217)

Default Severity
CRITICAL
Log Message
FTPALG: Illegal PORT command from <peer>, port <port> not allowed. String=<string>. Rejecting command
Explanation
An illegal "PORT" command was received from the client. It requests that the server should connect to a port which is out of range. This is not allowed and the command will be rejected.
Firewall Action
rejecting_command
Recommended Action
The FTP client could be compromised and should not be trusted.
Revision
1
Parameters
peer
port
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.94. failed_to_create_connection1 (ID: 00200218)

Default Severity
ERROR
Log Message
FTPALG: Failed to create connection(1). Connection: <connection>. String=<string>
Explanation
An error occured when creating a data connection from the server to client. This could possibly be a result of lack of memory.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
peer
connection
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.95. illegal_command (ID: 00200219)

Default Severity
WARNING
Log Message
FTPALG: SITE EXEC from <peer> not allowed, rejecting command
Explanation
The client tried to issue a "SITE EXEC" command, which is not valid since the client is not allowed to do this. The command will be rejected.
Firewall Action
rejecting_command
Recommended Action
If the client should be allowed to do issue "SITE EXEC" commands, modify the FTPALG configuration.
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.96. illegal_direction1 (ID: 00200220)

Default Severity
WARNING
Log Message
FTPALG: Illegal direction for command(1), peer=<peer>. Closing connection.
Explanation
A command was sent in an invalid direction and the connection will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.97. illegal_direction2 (ID: 00200221)

Default Severity
WARNING
Log Message
FTPALG: Illegal direction for command(2), peer=<peer>. Closing connection.
Explanation
A command was sent in an invalid direction and the connection will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.98. illegal_option (ID: 00200222)

Default Severity
WARNING
Log Message
FTPALG: Invalid OPTS argument from <peer>. String=<string>. Rejecting command.
Explanation
An invalid OPTS argument was received. The argument does not start with an alphabetic letter and the command will be rejected.
Firewall Action
rejecting_command
Recommended Action
None
Revision
1
Parameters
peer
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.99. illegal_option (ID: 00200223)

Default Severity
WARNING
Log Message
FTPALG: Disallowed OPTS argument from <peer>. String:<string>. Rejecting command.
Explanation
A disallowed OPTS argument was received and the command will be rejected.
Firewall Action
rejecting_command
Recommended Action
None
Revision
1
Parameters
peer
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.100. unknown_option (ID: 00200224)

Default Severity
WARNING
Log Message
FTPALG: Unknown OPTS argument from <peer>. String=<string>. Rejecting command.
Explanation
An unknown OPTS argument was received and the command will be rejected.
Firewall Action
rejecting_command
Recommended Action
If unknown commands should be allowed, modify the FTPALG configuration.
Revision
1
Parameters
peer
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.101. illegal_command (ID: 00200225)

Default Severity
WARNING
Log Message
FTPALG: Illegal command from <peer>. String=<string>. Rejecting command.
Explanation
An illegal command was received and the command will be rejected.
Firewall Action
rejecting_command
Recommended Action
None
Revision
1
Parameters
peer
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.102. unknown_command (ID: 00200226)

Default Severity
WARNING
Log Message
FTPALG: Unknown command from <peer>. String=<string>. Rejecting command.
Explanation
An unknown command was received and the command will be rejected.
Firewall Action
rejecting_command
Recommended Action
If unknown commands should be allowed, modify the FTPALG configuration.
Revision
1
Parameters
peer
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.103. illegal_reply (ID: 00200228)

Default Severity
WARNING
Log Message
FTPALG: Illegal numerical reply (<reply>) from <peer>. String=<string>. Closing connection.
Explanation
An illegal numerical reply was received from server and the connection will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
reply
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.104. illegal_reply (ID: 00200230)

Default Severity
WARNING
Log Message
FTPALG: Illegal multiline response (<reply>) from <peer>. String=<string>. Closing connection.
Explanation
An illegal multiline response was received from server and the connection will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
reply
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.105. illegal_reply (ID: 00200231)

Default Severity
WARNING
Log Message
FTPALG: Unsolicted 227 (passive mode) response from <peer>. String=<string>. Closing connection.
Explanation
An illegal response was received from the server and the connection is closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.106. illegal_reply (ID: 00200232)

Default Severity
WARNING
Log Message
FTPALG: Reply 229 (extended passive mode) from <peer> is not allowed. String=<string>. Closing connection.
Explanation
An illegal response was received from the server and the connection is closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.107. bad_port (ID: 00200233)

Default Severity
CRITICAL
Log Message
FTPALG: Bad port <port> from <peer>, should be within the range (<range>). String=<string>. Closing connection.
Explanation
An illegal "PORT" command was received from the server. It requests that the client should connect to a port which is out of range. This is not allowed and the connection will be closed.
Firewall Action
close
Recommended Action
The FTP server could be compromised and should not be trusted.
Revision
1
Parameters
peer
port
range
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.108. bad_ip (ID: 00200234)

Default Severity
CRITICAL
Log Message
FTPALG: Invalid IP <ip4addr>, Server IP is <ip4addr_server>. String=<string>. Closing connection.
Explanation
The FTP Server requests that the client should connect to another IP than its own. This is not allowed and the connection will be closed.
Firewall Action
close
Recommended Action
The FTP server could be compromised and should not be trusted.
Revision
1
Parameters
peer
ip4addr
ip4addr_server
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.109. failed_to_create_connection2 (ID: 00200235)

Default Severity
ERROR
Log Message
FTPALG: Failed to create connection(2) Peer=<peer> Connection=<connection>. String=<string>.
Explanation
An error occured when creating a data connection from the client to server. This could possibly be a result of lack of memory.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
peer
connection
string
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.110. failed_to_create_server_data_connection (ID: 00200236)

Default Severity
ERROR
Log Message
FTPALG: Failed to create server data connection. Peer=<peer> Connection=<connection>
Explanation
An error occured when creating server data connection.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
peer
connection
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.111. failed_to_send_port (ID: 00200237)

Default Severity
WARNING
Log Message
FTPALG: Failed to send port. Peer=<peer>
Explanation
An error occured when trying to send the "PORT" command to the server.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.112. failed_to_register_rawconn (ID: 00200238)

Default Severity
ERROR
Log Message
FTPALG: Internal Error - failed to register eventhandler. Closing connection
Explanation
An internal error occured when registering an eventhandler and the connection will be closed.
Firewall Action
close
Recommended Action
Contact the support.
Revision
1
Context Parameters
ALG Module Name

2.1.113. failed_to_merge_conns (ID: 00200239)

Default Severity
ERROR
Log Message
FTPALG: Internal Error - failed to merge conns. Closing connection
Explanation
An internal error occured when two connections were being merged into one and the connection will be closed.
Firewall Action
close
Recommended Action
Contact the support.
Revision
1
Context Parameters
ALG Module Name

2.1.114. max_ftp_sessions_reached (ID: 00200241)

Default Severity
WARNING
Log Message
FTPALG: Maximum number of FTP sessions (<max_sessions>) for service reached. Closing connection
Explanation
The maximum number of concurrent FTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of FTP sessions is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.115. failed_create_new_session (ID: 00200242)

Default Severity
ERROR
Log Message
FTPALG: Failed to create new FTPALG session (out of memory)
Explanation
An attempt to create a new FTPALG session failed, because the unit is out of memory.
Firewall Action
close
Recommended Action
Decrease the maximum allowed FTPALG sessions, or try to free some of the RAM used.
Revision
1
Context Parameters
ALG Module Name

2.1.116. failure_connect_ftp_server (ID: 00200243)

Default Severity
ERROR
Log Message
FTPALG: Failed to connect to the FTP Server. Closing connection
Explanation
The unit failed to connect to the FTP Server, resulting in that the ALG session could not be successfully opened.
Firewall Action
close
Recommended Action
Verify that there is a listening FTP Server on the specified address.
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.117. content_type_mismatch (ID: 00200250)

Default Severity
NOTICE
Log Message
FTPALG: Content type mismatch in file <filename>. Identified filetype <filetype>
Explanation
The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
Firewall Action
data_blocked_control_and_data_channel_closed
Recommended Action
None
Revision
1
Parameters
filename
filetype
Context Parameters
ALG Module Name
ALG Session ID

2.1.118. failed_to_send_command (ID: 00200251)

Default Severity
NOTICE
Log Message
FTPALG:Failed to send the command.
Explanation
The command sent by the ALG to the server could not be sent.
Firewall Action
None
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.119. resumed_compressed_file_transfer (ID: 00200252)

Default Severity
WARNING
Log Message
FTPALG: The file <filename> (File type: <filetype> ) cannot be sent to antivirus scan engine.
Explanation
The data cannot be sent to AVSE for scanning since file transfer begins from within the middle of the file. The scanning process will fail for compressed files.
Firewall Action
data_blocked_control_and_data_channel_closed
Recommended Action
Change fail mode setting to allow, if resumed file transfers of compressed files should be allowed.
Revision
2
Parameters
filename
filetype
Context Parameters
ALG Module Name
ALG Session ID

2.1.120. blocked_filetype (ID: 00200253)

Default Severity
NOTICE
Log Message
FTPALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list.
Explanation
The file is present in the block list. It will be blocked as per configuration.
Firewall Action
data_blocked_control_and_data_channel_closed
Recommended Action
If this file should be allowed, update the ALLOW/BLOCK list.
Revision
2
Parameters
filename
filetype
Context Parameters
ALG Module Name
ALG Session ID

2.1.121. resumed_compressed_file_transfer (ID: 00200254)

Default Severity
WARNING
Log Message
FTPALG: The file <filename> (File type: <filetype> ) cannot be sent to antivirus scan engine.
Explanation
Decompression module cannot decompress a file that has been resumed. The file is allowed without any further scanning since Fail Mode is Allow.
Firewall Action
allow_data_without_scan
Recommended Action
Update Fail-Mode parameter if the file should be blocked.
Revision
2
Parameters
filename
filetype
Context Parameters
ALG Module Name
ALG Session ID

2.1.122. failed_to_send_response_code (ID: 00200255)

Default Severity
NOTICE
Log Message
FTPALG:Failed to send the response code.
Explanation
The FTP ALG could not send the correct response code to the client.
Firewall Action
None
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.123. request_url_redirected (ID: 00200260)

Default Severity
NOTICE
Log Message
HTTPALG: Requesting URL <url> redirected to <redirect>. ALG name: <algname>.
Explanation
The request has been redirected.
Firewall Action
allow
Recommended Action
None
Revision
1
Parameters
redirect
url
algname
Context Parameters
Connection
Connection
ALG Module Name
ALG Session ID

2.1.124. redirect_page_failed (ID: 00200261)

Default Severity
DEBUG
Log Message
HTTPALG: Failed to send redirect page to client
Explanation
The HTTPALG failed to send a redirect page to the client.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
pagetype
location
send
algname
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.1.125. illegal_command (ID: 00200267)

Default Severity
WARNING
Log Message
FTPALG: REST from <peer> not allowed, rejecting command
Explanation
The client tried to issue a "REST" command, which is not valid since the client is not allowed to do this. The command will be rejected.
Firewall Action
rejecting_command
Recommended Action
If the client should be allowed to do issue "REST" commands, modify the FTPALG configuration.
Revision
1
Parameters
filename
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.126. https_not_allowed (ID: 00200270)

Default Severity
ERROR
Log Message
HTTPS protocol is not allowed.
Explanation
Policy does not allow the HTTPS protocol.
Firewall Action
block
Recommended Action
Reconfigure the service to allow HTTPS if it should be allowed.
Revision
2
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.127. http_not_allowed (ID: 00200271)

Default Severity
ERROR
Log Message
HTTP protocol is not allowed.
Explanation
Policy does not allow the HTTP protocol.
Firewall Action
block
Recommended Action
Reconfigure the service to allow HTTP if it should be allowed.
Revision
2
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.128. clienthello_server_name (ID: 00200272)

Default Severity
INFORMATIONAL
Log Message
HTTPALG: HTTPS (c) Found server DNS name <hostname> in ClientHello datagram
Explanation

Found DNS server DNS name in ClientHello datagram.

Firewall Action
None
Recommended Action
None
Revision
1
Parameters
hostname
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.129. invalid_clienthello (ID: 00200273)

Default Severity
ERROR
Log Message
HTTPALG: HTTPS Failed to parse ClientHello datagram (<cause>).
Explanation
Failed to parse ClientHello datagram.
Firewall Action
None
Recommended Action
None
Revision
2
Parameters
cause
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.130. invalid_clienthello (ID: 00200274)

Default Severity
ERROR
Log Message
HTTPALG: HTTPS Failed to parse ClientHello datagram.
Explanation
Failed to parse ClientHello datagram.
Firewall Action
None
Recommended Action
None
Revision
2
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.131. invalid_clienthello_server_name (ID: 00200275)

Default Severity
ERROR
Log Message
HTTPALG: HTTPS Failed to parse SNI server name from ClientHello SNI extension (<cause>).
Explanation
Failed to parse SNI server name from ClientHello SNI extension.
Firewall Action
None
Recommended Action
None
Revision
3
Parameters
cause
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.132. invalid_clienthello_server_name (ID: 00200276)

Default Severity
ERROR
Log Message
HTTPALG: HTTPS Failed to parse SNI server name from ClientHello SNI extension.
Explanation
Failed to parse SNI server name from ClientHello SNI extension.
Firewall Action
None
Recommended Action
None
Revision
3
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.133. certificate_server_name (ID: 00200277)

Default Severity
INFORMATIONAL
Log Message
HTTPALG: HTTPS (s) Found server DNS name <hostname> in Certificate datagram
Explanation
Found server DNS name in Certificate datagram.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
hostname
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.134. invalid_certificate (ID: 00200278)

Default Severity
ERROR
Log Message
HTTPALG: HTTPS (s) Failed to parse Certificate datagram (<cause>).
Explanation
Failed to parse Certificate datagram.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
cause
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.135. invalid_certificate (ID: 00200279)

Default Severity
ERROR
Log Message
HTTPALG: HTTPS (s) Failed to parse Certificate datagram.
Explanation
Failed to parse Certificate datagram.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.136. blacklisted_url_blocked (ID: 00200280)

Default Severity
NOTICE
Log Message
HTTPALG: HTTPS (c) Blacklisted URL <hostname> blocked
Explanation

Connection to blaclisted URL closed.

Firewall Action
close
Recommended Action
If the connection is to be allowed, update the URL filter to include the hostname as whilelisted.
Revision
1
Parameters
hostname
algname
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.137. unknown_state (ID: 00200300)

Default Severity
WARNING
Log Message
H323ALG: H.225 parser is in unknown state
Explanation
The H.225 parser failed to parse the H.225 message. The ALG session will be closed.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
peer
state
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.138. invalid_message (ID: 00200301)

Default Severity
WARNING
Log Message
H323ALG: An invalid message was received from peer
Explanation
An invalid message was received from the peer. The ALG session will be closed.
Firewall Action
closing_session
Recommended Action
None
Revision
2
Parameters
peer
message
state
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.139. decode_failed (ID: 00200302)

Default Severity
WARNING
Log Message
H323ALG: Decoding of message from peer failed. Closing session
Explanation
The H.225 parser failed to decode the H.225 message. The ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
message_type
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.140. encode_failed (ID: 00200303)

Default Severity
WARNING
Log Message
H323ALG: Encoding of message from peer failed. Closing session
Explanation
The ASN.1 encoder failed to encode the message. The ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
message_type
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.141. encode_failed (ID: 00200304)

Default Severity
WARNING
Log Message
H323ALG: Failed before encoding message from peer. Closing session
Explanation
The ASN.1 encoder failed to allocate memory used for encoding of the message. The ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
message_type
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.142. encode_failed (ID: 00200305)

Default Severity
WARNING
Log Message
H323ALG: Failed after encoding message from peer. Closing session
Explanation
The ASN.1 encoder failed to encode the message properly. The ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
message_type
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.143. decode_failed (ID: 00200306)

Default Severity
WARNING
Log Message
H323ALG: Failed before encoding H.245 message. Closing connection
Explanation
The H.245 encoder failed to allocate memory used for encoding of the message. The ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.144. encode_failed (ID: 00200307)

Default Severity
WARNING
Log Message
H323ALG: Failed after encoding H.245 message. Closing connection
Explanation
The H.245 encoder failed to encode the message. The ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.145. max_tcp_data_connections_exceeded (ID: 00200308)

Default Severity
WARNING
Log Message
H323ALG: Maximum number of TCP data channels exceeded
Explanation
The maximum number of concurrent TCP data channels has been reached for this session.
Firewall Action
None
Recommended Action
If the maximum number of TCP data channels per session is too low, increase it.
Revision
1
Parameters
max_channels
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.146. max_connections_per_call_exceeded (ID: 00200309)

Default Severity
WARNING
Log Message
H323ALG: No more connections allowed for this call
Explanation
The maximum number of concurrent logical channels (calls) has been reached for this session.
Firewall Action
None
Recommended Action
If the maximum number of concurrent logical channels (calls) per session is too low, increase it.
Revision
1
Parameters
max_connections
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.147. ignoring_channel (ID: 00200310)

Default Severity
WARNING
Log Message
H323ALG: Ignoring mediaChannel info in openLogicalChannel
Explanation
Media channel information in the openLogicalChannel message is not handled.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.148. com_mode_response_message_not_translated (ID: 00200311)

Default Severity
WARNING
Log Message
H323ALG: CommunicationModeResponse not translated.
Explanation
The H.245 Communication Mode Response message is not translated.
Firewall Action
None
Recommended Action
None
Revision
2
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.149. max_h323_session_reached (ID: 00200312)

Default Severity
WARNING
Log Message
H323ALG: Maximum number of H.323 sessions (<max_sessions>) for service reached. Closing connection.
Explanation
The maximum number of concurrent H.323 sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of H.323 session is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.150. failed_create_new_session (ID: 00200313)

Default Severity
WARNING
Log Message
H323ALG: Failed to create new H.323 session (out of memory)
Explanation
Could not create a new H.323 session due to lack of memory. No more sessions can be created unless the system increases the amount of free memory.
Firewall Action
close
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.151. max_h323_gk_sessions_reached (ID: 00200314)

Default Severity
WARNING
Log Message
H323ALG: Maximum number of H.323 gatekeeper sessions for service reached
Explanation
The maximum number of concurrent H.323 gatekeeper sessions has been reached for this service. Connection will be closed.
Firewall Action
close
Recommended Action
If the maximum number of concurrent H.323 gatekeeper sessions is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.152. failed_create_new_session (ID: 00200315)

Default Severity
WARNING
Log Message
H323ALG: Failed to create new gatekeeper session (out of memory)
Explanation
Could not create a new H.323 gatekeeper session due to lack of memory. No more sessions can be created unless the system increases the amount of free memory.
Firewall Action
close
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.153. failure_connect_h323_server (ID: 00200316)

Default Severity
ERROR
Log Message
H323ALG: Failed to connect to the H.323 Server. Closing connection
Explanation
The unit failed to connect to the H.323 Server, resulting in that the ALG session could not open successfully.
Firewall Action
close
Recommended Action
Verify that there is a listening H.323 Server on the specified address.
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.154. com_mode_command_message_not_translated (ID: 00200317)

Default Severity
WARNING
Log Message
H323ALG: CommunicationModeCommand not translated.
Explanation
The H.245 Communication Mode Command message is not translated.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
peer
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.155. packet_failed_initial_test (ID: 00200350)

Default Severity
WARNING
Log Message
TFTPALG: Packet failed initial test (Invalid TFTP packet). Packet length <packet_length>
Explanation
An invalid TFTP packet was received. Refusing connection.
Firewall Action
reject
Recommended Action
None
Revision
1
Parameters
packet_length
Context Parameters
ALG Module Name
Connection

2.1.156. packet_failed_traversal_test (ID: 00200351)

Default Severity
WARNING
Log Message
TFTPALG: Filename <filename> failed test for directory traversal
Explanation
Filename failed test for directory traversal (contains invalid characters). Closing connection.
Firewall Action
reject
Recommended Action
If all characters in filenames should be allowed modify the TFTP Alg configuration.
Revision
1
Parameters
filename
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.157. command_not_allowed (ID: 00200353)

Default Severity
WARNING
Log Message
TFTPALG: <command> command not allowed
Explanation
Command (GET or PUT) not allowed. Closing connection.
Firewall Action
reject
Recommended Action
If command should be allowed modify the TFTP Alg configuration.
Revision
1
Parameters
command
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.158. option_value_invalid (ID: 00200354)

Default Severity
WARNING
Log Message
TFTPALG: Option <option> contained invalid value <value>
Explanation
Option contained invalid value. Closing connection.
Firewall Action
reject
Recommended Action
None
Revision
1
Parameters
option
value
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.159. option_value_invalid (ID: 00200355)

Default Severity
WARNING
Log Message
TFTPALG: Option <option> contained no readable value
Explanation
Option contained no readable value. Closing connection.
Firewall Action
reject
Recommended Action
None
Revision
1
Parameters
option
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.160. option_tsize_invalid (ID: 00200356)

Default Severity
WARNING
Log Message
TFTPALG: Option tsize value <value> exceeding allowed max value <maxvalue>
Explanation
Option tsize value exceeding allowed value. Closing connection.
Firewall Action
reject
Recommended Action
If connection should be allowed modify the filetransfersize of the TFTP Alg configuration .
Revision
1
Parameters
value
maxvalue
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.161. unknown_option_blocked (ID: 00200357)

Default Severity
WARNING
Log Message
TFTPALG: Request contained unknown option <option>
Explanation
Request contained unknown option. Closing connection.
Firewall Action
reject
Recommended Action
If connection should be allowed modify the TFTP Alg configuration .
Revision
1
Parameters
option
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.162. option_tsize_invalid (ID: 00200358)

Default Severity
WARNING
Log Message
TFTPALG: Option tsize value <value> exceeding allowed value <maxvalue>
Explanation
Option tsize value exceeding allowed value. Closing connection.
Firewall Action
close
Recommended Action
If connection should be allowed modify the filetransfersize of the TFTP Alg configuration .
Revision
1
Parameters
value
maxvalue
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.163. unknown_option_blocked (ID: 00200359)

Default Severity
WARNING
Log Message
TFTPALG: Request contained unknown option <option>
Explanation
Request contained unknown option. Closing connection.
Firewall Action
close
Recommended Action
If connection should be allowed modify the TFTP Alg configuration .
Revision
1
Parameters
option
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.164. option_not_sent (ID: 00200360)

Default Severity
WARNING
Log Message
TFTPALG: The received option <option> was not sent
Explanation
The received option was not sent. Closing connection.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
option
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.165. option_value_invalid (ID: 00200361)

Default Severity
WARNING
Log Message
TFTPALG: Option <option> contained invalid value <value> or option not sent
Explanation
Option contained invalid value or option not sent. Closing connection.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
option
value
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.166. option_value_invalid (ID: 00200362)

Default Severity
WARNING
Log Message
TFTPALG: Option <option> contained no readable value
Explanation
Option contained no readable value. Closing connection.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
option
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.167. blksize_out_of_range (ID: 00200363)

Default Severity
WARNING
Log Message
TFTPALG: Option blksize value <old_blksize> exceeding allowed value. Rewriting to <new_blksize>
Explanation
Option blksize value exceeding allowed value.Rewriting value.
Firewall Action
rewrite
Recommended Action
If the value should be allowed modify the TFTP Alg configuration.
Revision
1
Parameters
old_blksize
new_blksize
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.168. max_tftp_sessions_reached (ID: 00200364)

Default Severity
WARNING
Log Message
FTPALG: Maximum number of TFTP sessions (<max_sessions>) for service reached. Closing connection
Explanation
The maximum number of concurrent TFTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of TFTP sessions is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.169. failed_create_new_session (ID: 00200365)

Default Severity
ERROR
Log Message
TFTPALG: Failed to create new TFTPALG session (out of memory)
Explanation
An attempt to create a new TFTPALG session failed, because the unit is out of memory.
Firewall Action
close
Recommended Action
Decrease the maximum allowed TFTPALG sessions, or try to free some of the RAM used.
Revision
1
Context Parameters
ALG Module Name

2.1.170. invalid_packet_received (ID: 00200366)

Default Severity
WARNING
Log Message
TFTPALG: Received invalid packet Opcode <opcode> Packet length <packet_length>
Explanation
Received invalid packet. Closing connection.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
opcode
packet_length
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.171. failed_create_connection (ID: 00200367)

Default Severity
ERROR
Log Message
TFTPALG: Failed to create listening connection,internal error(<error_code>). Closing session
Explanation
The unit failed to create listening connection, resulting in that the ALG session could not be successfully opened.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
error_code
Context Parameters
ALG Module Name
ALG Session ID

2.1.172. invalid_packet_received_reopen (ID: 00200368)

Default Severity
WARNING
Log Message
TFTPALG: Received invalid packet Opcode <opcode> Packet length <packet_length>
Explanation
Received invalid packet. Closing listening connection and opening new instead.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
opcode
packet_length
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.173. packet_out_of_sequence (ID: 00200369)

Default Severity
WARNING
Log Message
TFTPALG: Received packet out of sequence opcode <opcode> packet length <packet_length>
Explanation
Received packet out of sequence. Closing connection.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
opcode
packet_length
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.174. transfer_size_exceeded (ID: 00200370)

Default Severity
WARNING
Log Message
TFTPALG: Received bytes <received> exceeding allowed max value <maxvalue>
Explanation
Transferred bytes exceeding allowed value. Closing connection.
Firewall Action
close
Recommended Action
If connection should be allowed modify the filetransfersize option of the TFTP Alg configuration .
Revision
1
Parameters
received
maxvalue
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.175. options_removed (ID: 00200371)

Default Severity
WARNING
Log Message
TFTPALG: Options not allowed. Stripping options from packet
Explanation
Options not allowed. Stripping options from packet.
Firewall Action
rewrite
Recommended Action
If options should be allowed modify the TFTP Alg configuration.
Revision
1
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.176. failed_strip_option (ID: 00200372)

Default Severity
ERROR
Log Message
TFTPALG: Failed to strip options , (internal error)
Explanation
An attempt to send request packet without options failed because of an internal error.
Firewall Action
close
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.177. failed_create_connection (ID: 00200373)

Default Severity
ERROR
Log Message
TFTPALG: Failed to create listening connection,internal error(<error_code>). Closing session
Explanation
The unit failed to create listening connection, resulting in that the ALG session could not be successfully opened.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
error_code
Context Parameters
ALG Module Name

2.1.178. invalid_error_message_received (ID: 00200374)

Default Severity
WARNING
Log Message
TFTPALG: Received invalid error message Opcode <opcode> Packet length <packet_length>
Explanation
Received invalid error message. Closing connection.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
opcode
packet_length
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.179. max_pop3_sessions_reached (ID: 00200380)

Default Severity
WARNING
Log Message
POP3ALG: Maximum number of POP3 sessions (<max_sessions>) for service reached. Closing connection
Explanation
The maximum number of concurrent POP3 sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of POP3 sessions is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.180. failed_create_new_session (ID: 00200381)

Default Severity
WARNING
Log Message
POP3ALG: Failed to create new POP3ALG session (out of memory)
Explanation
An attempt to create a new POP3ALG session failed, because the unit is out of memory.
Firewall Action
close
Recommended Action
Decrease the maximum allowed POP3ALG sessions, or try to free some of the RAM used.
Revision
1
Context Parameters
ALG Module Name

2.1.181. failed_connect_pop3_server (ID: 00200382)

Default Severity
ERROR
Log Message
POP3ALG: Failed to connect to the POP3 Server. Closing the connection.
Explanation
The unit failed to connect to the remote POP3 Server, resulting in that the ALG session could not be successfully opened.
Firewall Action
close
Recommended Action
Verify that there is a listening POP3 Server on the specified address.
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.182. out_of_memory (ID: 00200383)

Default Severity
ERROR
Log Message
POP3ALG: Failed to allocate memory (out of memory)
Explanation
An attempt to allocate memory failed.
Firewall Action
close
Recommended Action
Try to free up unwanted memory.
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.183. blocked_filetype (ID: 00200384)

Default Severity
NOTICE
Log Message
POP3ALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list.
Explanation
The file is present in the block list. It will be blocked as per configuration.
Firewall Action
block
Recommended Action
If this file should be allowed, update the ALLOW/BLOCK list.
Revision
1
Parameters
filename
filetype
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.1.184. response_blocked_unknown (ID: 00200385)

Default Severity
WARNING
Log Message
POP3ALG: Response blocked.Invalid response=<response>
Explanation
The server is sending unknown response. The response will be blocked.
Firewall Action
block
Recommended Action
None
Revision
1
Parameters
command"
response
Context Parameters
ALG Module Name
ALG Session ID

2.1.185. base64_decode_failed (ID: 00200386)

Default Severity
ERROR
Log Message
POP3ALG: Base 64 decode failed. Attachment blocked
Explanation
The data sent to Base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. The attachment has been blocked.
Firewall Action
block_data
Recommended Action
Research how the sender is encoding the data.
Revision
1
Parameters
filename
filetype
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.1.186. possible_invalid_mail_end (ID: 00200387)

Default Severity
WARNING
Log Message
POP3ALG: Possible invalid end of mail "\\n.\\n" received.
Explanation
The client is sending possible invalid end of mail.
Firewall Action
allow
Recommended Action
Research how the client is sending possible invalid end of mail.
Revision
1
Parameters
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.1.187. command_blocked_invalid_len (ID: 00200388)

Default Severity
WARNING
Log Message
POP3ALG: Command line blocked,line begins with linebegin. Invalid line length <len>
Explanation
The client is sending command with invalid command length. The command will be blocked.
Firewall Action
block
Recommended Action
None
Revision
1
Parameters
len
linebegin"
Context Parameters
ALG Module Name
ALG Session ID

2.1.188. response_blocked_invalid_len (ID: 00200389)

Default Severity
WARNING
Log Message
POP3ALG: Response blocked.Invalid response length <len>
Explanation
The server is sending response with invalid response length. The response will be blocked.
Firewall Action
block
Recommended Action
None
Revision
1
Parameters
command"
len
Context Parameters
ALG Module Name
ALG Session ID

2.1.189. content_type_mismatch (ID: 00200390)

Default Severity
NOTICE
Log Message
POP3ALG: Content type mismatch in file <filename>. Identified filetype <filetype>
Explanation
The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
Firewall Action
block_data
Recommended Action
None
Revision
1
Parameters
filename
filetype
sender_email_address
Context Parameters
ALG Module Name

2.1.190. content_type_mismatch_mimecheck_disabled (ID: 00200391)

Default Severity
NOTICE
Log Message
POP3ALG: Content type mismatch found for the file <filename>. It is identified as type <filetype> file
Explanation
Received type of data in the packet and its actual type do not match. As there is a mismatch and mime type check is disabled, the data will be allowed.
Firewall Action
allow
Recommended Action
Content type should be matched.
Revision
2
Parameters
filename
filetype
sender_email_address
Context Parameters
ALG Module Name

2.1.191. command_blocked_invalid_argument (ID: 00200392)

Default Severity
WARNING
Log Message
POP3ALG: Command blocked.Invalid argument <argument> given
Explanation
The client is sending command with invalid argument. The command will be blocked.
Firewall Action
block
Recommended Action
None
Revision
1
Parameters
command"
argument
Context Parameters
ALG Module Name
ALG Session ID

2.1.192. command_blocked (ID: 00200393)

Default Severity
WARNING
Log Message
POP3ALG: Command <command> blocked.
Explanation
The client is sending command that are not allowed. The command will be blocked.
Firewall Action
block
Recommended Action
If the command are to be allowed change the Alg configuration.Note: The STLS command is allways blocked!.
Revision
1
Parameters
command
Context Parameters
ALG Module Name
ALG Session ID

2.1.193. unknown_command_blocked (ID: 00200394)

Default Severity
WARNING
Log Message
POP3ALG: Unknown command blocked.
Explanation
The client is sending unknown command. The command will be blocked.
Firewall Action
block
Recommended Action
If the command are to be allowed change the Alg configuration.
Revision
1
Parameters
command"
Context Parameters
ALG Module Name
ALG Session ID

2.1.194. unexpected_mail_end (ID: 00200396)

Default Severity
WARNING
Log Message
POP3ALG: Unexpected end of mail received while parsing mail content.
Explanation
Unexpected end of mail received while parsing mail content..
Firewall Action
block
Recommended Action
Research if mail is not complete.
Revision
1
Parameters
sender_email_address
len
retrigs
Context Parameters
ALG Module Name
ALG Session ID

2.1.195. invalid_line_endings (ID: 00200397)

Default Severity
WARNING
Log Message
POP3ALG: Mail contains invalid line endings.
Explanation
Mail contains invalid line endings.
Firewall Action
block
Recommended Action
Research why mail contains invalid line endings.
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.196. top_mail_end_blocked (ID: 00200398)

Default Severity
WARNING
Log Message
POP3ALG: The last part of mail retreived with TOP command blocked.
Explanation
Only part of mail retrieved using TOP command was received. The last part was therefore blocked by the firewall.
Firewall Action
block
Recommended Action
None
Revision
1
Parameters
len
retrigs
Context Parameters
ALG Module Name
ALG Session ID

2.1.197. max_syslog_sessions_reached (ID: 00200400)

Default Severity
WARNING
Log Message
SyslogALG: Maximum number of sessions (<max_sessions>) for service reached. Closing connection
Explanation
The maximum number of concurrent syslog ALG sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of syslog sessions is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.198. out_of_memory (ID: 00200401)

Default Severity
CRITICAL
Log Message
SYSLOGALG: Failed to allocate memory
Explanation
The unit does not have enough available RAM.
Firewall Action
None
Recommended Action
Try to free up some RAM by changing configuration parameters.
Revision
1
Context Parameters
ALG Module Name
Connection

2.1.199. unauthenticated_syslog_detected (ID: 00200402)

Default Severity
ERROR
Log Message
SYSLOGALG: Unauthenticated session
Explanation
Syslog packet rejected due to unauthenticated connection.
Firewall Action
drop
Recommended Action
Investigate the reason to the unauthenticated syslog packets or change the configuration to allow unauthenticated packets.
Revision
1
Context Parameters
ALG Module Name
Connection

2.1.200. reverse_syslog_data (ID: 00200403)

Default Severity
ERROR
Log Message
SYSLOGALG: Reverse traffic detected on syslog connection
Explanation
The SYSLOG ALG detected data packets send in the reverse direction i.e from the server towards the client. The session is closed. .
Firewall Action
close
Recommended Action
Investigate why the packets are sent in the reverse direction of the syslog connection.
Revision
1
Context Parameters
ALG Module Name
Connection

2.1.201. large_syslog_received (ID: 00200404)

Default Severity
ERROR
Log Message
SYSLOGALG: Too large syslog packet received <size>
Explanation
Syslog packet rejected due to being larger than the configuration allows.
Firewall Action
drop
Recommended Action
If required, change the configuration to allow syslog packets with this size.
Revision
1
Parameters
size
limit
Context Parameters
ALG Module Name
Connection

2.1.202. prohibited_text_detected (ID: 00200405)

Default Severity
ERROR
Log Message
SYSLOGALG: Prohibited text <text> detected
Explanation
Syslog packet rejected due to presence of prohibited text.
Firewall Action
drop
Recommended Action
Change the configuration to allow syslog packets with this text.
Revision
1
Parameters
text
Context Parameters
ALG Module Name
Connection

2.1.203. internal_buffer_error (ID: 00200406)

Default Severity
ERROR
Log Message
SYSLOGALG: Internal buffer error
Explanation
Crafted syslog packet grew too large for internal buffer.
Firewall Action
drop
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name
Connection

2.1.204. max_tls_sessions_reached (ID: 00200450)

Default Severity
WARNING
Log Message
TLSALG: Maximum number of TLS sessions (<max_sessions>) for service reached. Closing connection
Explanation
The maximum number of concurrent TLS sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of TLS sessions is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.205. failed_create_new_session (ID: 00200451)

Default Severity
WARNING
Log Message
TLSALG: Failed to create new TLSALG session (out of memory)
Explanation
An attempt to create a new TLSALG session failed, because the unit is out of memory.
Firewall Action
close
Recommended Action
Decrease the maximum allowed TLSALG sessions, or try to free some of the RAM used.
Revision
1
Context Parameters
ALG Module Name

2.1.206. failure_connect_http_server (ID: 00200452)

Default Severity
ERROR
Log Message
TLSALG: Failed to connect to the HTTP Server. Closing connection. ALG name: <algname>.
Explanation
The unit failed to connect to the HTTP Server, resulting in that the ALG session could not be successfully opened.
Firewall Action
close
Recommended Action
Verify that there is a listening HTTP Server on the specified address.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.207. tls_alert_received (ID: 00200453)

Default Severity
ERROR
Log Message
TLSALG: Received TLS <alert> alert from peer.
Explanation
A TLS alert was received. The TLS ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
alert
level
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.208. tls_renegotiation_attempted (ID: 00200454)

Default Severity
WARNING
Log Message
TLSALG: TLS renegotiation attempted but not supported.
Explanation
The TLS peer initiated a renegotiation. Renegotiation is however not supported so an alert was sent to let the peer know that there will be no renegotiation.
Firewall Action
tls_alert_sent
Recommended Action
None
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.209. tls_alert_sent (ID: 00200455)

Default Severity
ERROR
Log Message
TLSALG: Sent TLS <alert> alert to peer.
Explanation
A TLS error has occured that caused an alert to be sent to the peer. The TLS ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
alert
level
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.210. ssl_renegotiation_attempted (ID: 00200457)

Default Severity
ERROR
Log Message
TLSALG: SSL renegotiation attempted but not supported.
Explanation
The SSL peer initiated a renegotiation. Renegotiation is however not supported so the TLS ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.211. tls_disallowed_key_exchange (ID: 00200458)

Default Severity
WARNING
Log Message
TLSALG: Disallowed key exchange.
Explanation
The TLS ALG session will be closed because there are not enough resources to process any TLS key exchanges at the moment. This could be a result of TLS handshake message flooding. This action is triggered by a system that monitors the amount of resources that is spent on key exchanges. This system is controlled by the advanced setting SSL_ProcessingPriority.
Firewall Action
close
Recommended Action
Investigate the source of this and try to find out if it is a part of a possible attack, or normal traffic.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.212. tls_invalid_message (ID: 00200459)

Default Severity
ERROR
Log Message
TLSALG: Invalid TLS <message_type> message received.
Explanation
A badly formatted TLS message has been received. The TLS ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
message_type
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.213. tls_bad_message_order (ID: 00200460)

Default Severity
ERROR
Log Message
TLSALG: Bad TLS handshake message order.
Explanation
A TLS handshake message of a type that is not expected in the current state of the handshake was received. The TLS ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.214. tls_no_shared_cipher_suites (ID: 00200461)

Default Severity
WARNING
Log Message
TLSALG: No shared cipher suites.
Explanation
A connecting TLS peer does not share any cipher suites with the unit. The TLS ALG session will be closed.
Firewall Action
close
Recommended Action
Make sure that the client and the unit share atleast one cipher suite.
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.215. tls_out_of_memory (ID: 00200462)

Default Severity
ERROR
Log Message
TLSALG: Out of memory.
Explanation
The unit was unable to allocate the memory required to process the TLS connection of a TLS ALG session. The TLS ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.216. tls_failed_to_verify_finished (ID: 00200463)

Default Severity
ERROR
Log Message
TLSALG: Failed to verify finished message.
Explanation
The unit failed to verify the TLS finished message. The finished message is used to verify that the key exchange and authentication processes were successful. The TLS ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.217. unknown_tls_error (ID: 00200464)

Default Severity
ERROR
Log Message
TLSALG: Unknown TLS error.
Explanation
An unknown TLS error has occured. The TLS ALG session will be closed.
Firewall Action
close
Recommended Action
None
Revision
1
Parameters
algname
Context Parameters
ALG Module Name
ALG Session ID

2.1.218. sdp_message_parsing_failed (ID: 00200501)

Default Severity
ERROR
Log Message
SIPALG: SDP message parsing failed
Explanation
SDP part of message failed parsing due to malformed message. Reason: [reason].
Firewall Action
drop
Recommended Action
Examine why client or server is sending a malformed SDP message.
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.219. sdp_message_validation_failed (ID: 00200502)

Default Severity
ERROR
Log Message
SIPALG: SDP message validation failed
Explanation
SDP part of message failed validation due to malformed message. Reason: [reason].
Firewall Action
drop
Recommended Action
Examine why client or server is sending a malformed SDP message.
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.220. sip_message_parsing_failed (ID: 00200503)

Default Severity
ERROR
Log Message
SIPALG: SIP message parsing failed
Explanation
SIP part of message failed parsing due to malformed message. Reason: [reason].
Firewall Action
drop
Recommended Action
Examine why client or server is sending a malformed SIP message.
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.221. sip_message_validation_failed (ID: 00200504)

Default Severity
ERROR
Log Message
SIPALG: SIP message validation failed due to malformed message
Explanation
SIP part of message failed validation due to malformed message. Reason: [reason].
Firewall Action
drop
Recommended Action
Examine why client or server is sending a malformed SIP message.
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.222. max_sessions_per_uri_reached (ID: 00200505)

Default Severity
WARNING
Log Message
SIPALG: Maximum number of sessions per SIP URI has been reached
Explanation
The configured maximum number of concurrent SIP sessions [max_ses_per_id] per SIP URI has been reached.
Firewall Action
close
Recommended Action
If the maximum number of SIPALG sessions per SIP URI is too low, increase it.
Revision
2
Parameters
max_ses_per_id
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.223. registration_hijack_detected (ID: 00200506)

Default Severity
ALERT
Log Message
Registration hijack attempt detected
Explanation
The number of registration attempts [reg_hijack_count] has been exceeded.
Firewall Action
drop
Recommended Action
Check with the user, why he is using false authentication to register.
Revision
2
Parameters
reg_hijack_count
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.224. sip_signal_timeout (ID: 00200507)

Default Severity
WARNING
Log Message
SIPALG: SIP signal timeout
Explanation
SIP signal timeout for session [method]. The session will be deleted.
Firewall Action
close
Recommended Action
If the configured SIP signal timeout value is too low, increase it.
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.225. sip_request_response_timeout (ID: 00200508)

Default Severity
WARNING
Log Message
SIPALG: SIP request-response timeout
Explanation
SIP request-response timeout for the session [method]. The session will be deleted.
Firewall Action
close
Recommended Action
If the configured SIP Request-Response timeout value is too low, increase it.
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.226. registration_time_modified (ID: 00200509)

Default Severity
NOTICE
Log Message
SIPALG: Expire value modified in registration request
Explanation
The SIP-ALG modified the requested registration time since it exceeds the configured maximum registration time value [cfg_registration_time].
Firewall Action
allow
Recommended Action
None
Revision
2
Parameters
cfg_registration_time
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.227. unsuccessful_registration (ID: 00200510)

Default Severity
WARNING
Log Message
SIPALG: Unsuccessful registration
Explanation
The user failed to register. Reason: [reason].
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.228. unsuccessful_unregistration (ID: 00200511)

Default Severity
NOTICE
Log Message
SIPALG: Failed unregistration
Explanation
The user failed to unregister. Reason: [reason].
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name
ALG Session ID

2.1.229. unsuccessful_search_in_registration_table (ID: 00200512)

Default Severity
WARNING
Log Message
SIPALG: Registration entry not found
Explanation
The specified user could not be found in the register table. Reason: [reason].
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.230. sipalg_session_created (ID: 00200513)

Default Severity
NOTICE
Log Message
SIPALG: New SIP-ALG session created
Explanation
New SIP-ALG session for [method] request created.
Firewall Action
allow
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.231. failed_to_create_session (ID: 00200514)

Default Severity
ERROR
Log Message
SIPALG: Failed to create sipalg session
Explanation
A new SIP-ALG session for [method] request could not be created.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.232. failed_to_find_session (ID: 00200515)

Default Severity
ERROR
Log Message
SIPALG: Failed to find sipalg session
Explanation
Failed to find sipalg session. Reason: [reason].
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.233. sipalg_session_deleted (ID: 00200516)

Default Severity
INFORMATIONAL
Log Message
SIPALG: SIP-ALG session deleted
Explanation
SIP-ALG session deleted for [method] request.
Firewall Action
close
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.234. sipalg_session_state_updated (ID: 00200517)

Default Severity
DEBUG
Log Message
SIPALG: SIP-ALG session state updated
Explanation
The SIP-ALG session state updated to [session_state] state.
Firewall Action
allow
Recommended Action
None
Revision
2
Parameters
session_state
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.235. sipalg_transaction_created (ID: 00200520)

Default Severity
NOTICE
Log Message
SIPALG: Transaction created
Explanation
SIP-ALG transaction created for [method] request.
Firewall Action
allow
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.236. failed_to_create_new_transaction (ID: 00200521)

Default Severity
ERROR
Log Message
SIPALG: Failed to create transaction
Explanation
The SIP-ALG failed to create transaction for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.237. failed_to_find_transaction (ID: 00200522)

Default Severity
WARNING
Log Message
SIPALG: Failed to find transaction
Explanation
Failed to find transaction for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.238. sipalg_transaction_deleted (ID: 00200523)

Default Severity
NOTICE
Log Message
SIPALG: sipalg transaction deleted
Explanation
The transaction for [method] request is deleted.
Firewall Action
close
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name
ALG Session ID

2.1.239. sipalg_transaction_state_updated (ID: 00200524)

Default Severity
DEBUG
Log Message
SIPALG: Transaction state updated
Explanation
A SIP-ALG transaction state has been updated to [transaction_state] state.
Firewall Action
allow
Recommended Action
None
Revision
2
Parameters
transaction_state
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.240. no_route_found (ID: 00200526)

Default Severity
ERROR
Log Message
SIPALG: Failed to find route for given host
Explanation
No route information found for the given host. Reason: [reason].
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.241. failed_to_get_free_port (ID: 00200527)

Default Severity
CRITICAL
Log Message
SIPALG: Failed to get free NAT port pair for the given host
Explanation
Failed to get free port for the given host. Reason: [reason].
Firewall Action
drop
Recommended Action
The system is unstable and might require a reboot.
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.242. failed_to_find_role (ID: 00200528)

Default Severity
ERROR
Log Message
SIPALG: Failed to find role
Explanation
SIPALG: Failed to find role for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.243. failed_to_update_port (ID: 00200529)

Default Severity
ERROR
Log Message
SIPALG: Failed to update port information
Explanation
Failed to update port into session for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.244. failed_to_update_contact (ID: 00200530)

Default Severity
ERROR
Log Message
SIPALG: Failed to update contact
Explanation
Failed to update contact into session for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.245. failed_to_modify_sdp_message (ID: 00200531)

Default Severity
ERROR
Log Message
SIPALG: Failed to modify SDP message
Explanation
Failed to modify SDP part of message. Reason: [reason].
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.246. failed_to_modify_via (ID: 00200532)

Default Severity
ERROR
Log Message
SIPALG: Failed to modify via in message
Explanation
Failed to modify the via header in message for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.247. failed_to_modify_from (ID: 00200533)

Default Severity
ERROR
Log Message
SIPALG: Failed to modify FROM tag in message
Explanation
Failed to modify the FROM tag in message for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.248. failed_to_modify_request_uri (ID: 00200534)

Default Severity
ERROR
Log Message
SIPALG: Failed to modify request URI in message
Explanation
Failed to modify the request URI in message for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.249. failed_to_modify_request (ID: 00200535)

Default Severity
ERROR
Log Message
SIPALG: Failed to modify the request
Explanation
Failed to modify the topology info in the [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.250. method_not_supported (ID: 00200536)

Default Severity
WARNING
Log Message
SIPALG: Method not supported
Explanation
The method [method] is not supported.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.251. general_error (ID: 00200537)

Default Severity
WARNING
Log Message
SIPALG: General Error
Explanation
General error while processing message. Reason: [reason].
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.252. third_party_call_control (ID: 00200538)

Default Severity
WARNING
Log Message
SIPALG: Block third party SIP request
Explanation
The SIP-ALG has detected a SIP/SDP message involving third party IP address. Reason: [reason]. The request will be dropped.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.253. out_of_memory (ID: 00200539)

Default Severity
EMERGENCY
Log Message
SIPALG: Out of memory
Explanation
Memory allocation failed while processing SIP message.
Firewall Action
drop
Recommended Action
Change configuration to free up more RAM.
Revision
1
Parameters
message

2.1.254. null_sip_message_received (ID: 00200540)

Default Severity
ERROR
Log Message
SIPALG: SIP packet reception error. Reason:<reason>
Explanation
Packet without data received.
Firewall Action
drop
Recommended Action
Research how SIPALG received NULL SIP packet.
Revision
1
Parameters
reason
Context Parameters
ALG Module Name

2.1.255. user_registered (ID: 00200541)

Default Severity
NOTICE
Log Message
SIPALG: Successful Registration
Explanation
User [user_name] registered.
Firewall Action
None
Recommended Action
None
Revision
2
Parameters
user_name
contact
Context Parameters
ALG Module Name

2.1.256. user_unregistered (ID: 00200542)

Default Severity
NOTICE
Log Message
SIPALG: Successful unregistration
Explanation
User [user_name] unregistered successfully.
Firewall Action
allow
Recommended Action
None
Revision
1
Parameters
user_name
contact
Context Parameters
ALG Module Name

2.1.257. dns_resolution_failed (ID: 00200545)

Default Severity
CRITICAL
Log Message
Failed to do dns resolve
Explanation
An attempt to resolve dns failed. Reason: [reason].
Firewall Action
drop
Recommended Action
Check if the dns servers are configured.
Revision
1
Parameters
reason
Context Parameters
ALG Module Name

2.1.258. failed_to_modify_contact (ID: 00200547)

Default Severity
ERROR
Log Message
SIPALG: Failed to modify contact tag in message
Explanation
Failed to modify the contact tag in SIP message. Reason: [reason].
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
reason
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.259. invalid_udp_packet (ID: 00200548)

Default Severity
ERROR
Log Message
SIPALG: Invalid SIP UDP packet received
Explanation
The SIP ALG received an invalid UDP packet. The packet will be dropped.
Firewall Action
drop
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.260. failed_to_parse_media (ID: 00200549)

Default Severity
ERROR
Log Message
SIPALG: Failed to parse media
Explanation
Failed to parse media for the request [method].
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.261. max_session_per_service_reached (ID: 00200550)

Default Severity
WARNING
Log Message
SIPALG: Maximum number of transaction per session has been reached
Explanation
The configured maximum number of concurrent SIP sessions [max_ses_per_service] per SIP SERVICE has been reached.
Firewall Action
close
Recommended Action
If the maximum number of SIPALG sessions per SIP service is too low, increase it.
Revision
2
Parameters
max_ses_per_service
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.262. max_tsxn_per_session_reached (ID: 00200551)

Default Severity
WARNING
Log Message
SIPALG: Maximum number of sessions per Service has been reached
Explanation
The configured maximum number of transaction [max_tsxn_per_session] per SIP SESSION has been reached.
Firewall Action
close
Recommended Action
None
Revision
2
Parameters
max_tsxn_per_session
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.263. invalid_transaction_state (ID: 00200552)

Default Severity
ERROR
Log Message
SIPALG: Invalid transaction state change
Explanation
Invalid transaction state found [tsxn_invalid_state].
Firewall Action
close
Recommended Action
None
Revision
2
Parameters
tsxn_invalid_state
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.264. invalid_session_state (ID: 00200553)

Default Severity
ERROR
Log Message
SIPALG: Invalid session state change
Explanation
Invalid session state found [session_invalid_state].
Firewall Action
close
Recommended Action
None
Revision
2
Parameters
session_invalid_state
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.265. sipalg_callleg_created (ID: 00200554)

Default Severity
NOTICE
Log Message
SIPALG: CallLeg created
Explanation
SIP-ALG callleg created for [method] request.
Firewall Action
allow
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.266. failed_to_create_new_callleg (ID: 00200555)

Default Severity
ERROR
Log Message
SIPALG: Failed to create callleg
Explanation
The SIP-ALG failed to create callleg for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.267. failed_to_find_callleg (ID: 00200556)

Default Severity
WARNING
Log Message
SIPALG: Failed to find callleg
Explanation
Failed to find callleg for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.268. failed_to_update_callleg (ID: 00200557)

Default Severity
WARNING
Log Message
SIPALG: Failed to update callleg
Explanation
Failed to update callleg for [method] request.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.269. sipalg_callleg_deleted (ID: 00200558)

Default Severity
NOTICE
Log Message
SIPALG: sipalg callleg deleted
Explanation
The callleg for [method] request is deleted.
Firewall Action
close
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name
ALG Session ID

2.1.270. failed_to_modify_response (ID: 00200559)

Default Severity
ERROR
Log Message
SIPALG: Failed to modify the response
Explanation
Failed to modify the topology info in the [method] response.
Firewall Action
drop
Recommended Action
None
Revision
2
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.271. sipalg_callleg_state_updated (ID: 00200560)

Default Severity
DEBUG
Log Message
SIPALG: SIP-ALG callleg state updated
Explanation
The SIP-ALG callleg state updated to [callleg_state] state.
Firewall Action
allow
Recommended Action
None
Revision
2
Parameters
callleg_state
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.272. failed_to_modify_sat_request (ID: 00200561)

Default Severity
ERROR
Log Message
SIPALG: Failed to modify the SAT request
Explanation
Failed to modify requst ip to SAT destination IP in the [method] request.
Firewall Action
drop
Recommended Action
None
Revision
1
Parameters
method
from_uri
to_uri
srcip
srcport
destip
destport
Context Parameters
ALG Module Name

2.1.273. max_pptp_sessions_reached (ID: 00200601)

Default Severity
WARNING
Log Message
PPTPALG: Maximum number of PPTP sessions (<max_sessions>) for service reached. Closing connection
Explanation
The maximum number of concurrent PPTP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of PPTP sessions is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.274. failed_create_new_session (ID: 00200602)

Default Severity
CRITICAL
Log Message
PPTPALG: Failed to create new PPTPALG session (out of memory)
Explanation
An attempt to create a new PPTPALG session failed. The unit has run out of memory.
Firewall Action
close
Recommended Action
Decrease the maximum allowed PPTPALG sessions, or try to free some of the RAM used.
Revision
1
Context Parameters
ALG Module Name

2.1.275. failed_connect_pptp_server (ID: 00200603)

Default Severity
ERROR
Log Message
PPTPALG: Failed to connect to the PPTP Server. Closing the connection.
Explanation
The PPTP ALG could not connect to the receiving PPTP server, resulting in that the ALG session could not be successfully opened.
Firewall Action
close
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.276. pptp_tunnel_established_client (ID: 00200604)

Default Severity
NOTICE
Log Message
PPTPALG: PPTP tunnel established from client
Explanation
A PPTP tunnel has been established between PPTP client and firewall.
Firewall Action
None
Recommended Action
None
Revision
2
Context Parameters
ALG Session ID
ALG Module Name

2.1.277. pptp_tunnel_removed_client (ID: 00200605)

Default Severity
NOTICE
Log Message
PPTPALG: PPTP tunnel between client and firewall removed
Explanation
A PPTP tunnel has been removed between the PPTP client and the PPTP-ALG.
Firewall Action
None
Recommended Action
None
Revision
2
Context Parameters
ALG Session ID
ALG Module Name

2.1.278. pptp_tunnel_removed_server (ID: 00200606)

Default Severity
NOTICE
Log Message
PPTPALG: PPTP tunnel between server and firewall removed
Explanation
A PPTP tunnel has been removed betweem the PPTP server and the PPTP-ALG.
Firewall Action
None
Recommended Action
None
Revision
2
Context Parameters
ALG Session ID
ALG Module Name

2.1.279. pptp_session_established (ID: 00200607)

Default Severity
NOTICE
Log Message
PPTPALG: PPTP session established
Explanation
A PPTP session has been established.
Firewall Action
None
Recommended Action
None
Revision
1
Context Parameters
ALG Session ID
ALG Module Name

2.1.280. pptp_session_removed (ID: 00200608)

Default Severity
NOTICE
Log Message
PPTPALG: PPTP session removed
Explanation
A PPTP session has been removed.
Firewall Action
None
Recommended Action
None
Revision
1
Context Parameters
ALG Session ID
ALG Module Name

2.1.281. pptp_malformed_packet (ID: 00200609)

Default Severity
WARNING
Log Message
Malformed packet received from <remotegw> on <iface>
Explanation
A malformed packet was received by the PPTP-ALG.
Firewall Action
drop
Recommended Action
None
Revision
1
Parameters
iface
remotegw

2.1.282. pptp_tunnel_established_server (ID: 00200610)

Default Severity
NOTICE
Log Message
PPTPALG: PPTP tunnel established from server
Explanation
A PPTP tunnel has been established between PPTP server and firewall.
Firewall Action
None
Recommended Action
None
Revision
2
Context Parameters
ALG Session ID
ALG Module Name

2.1.283. max_imap_sessions_reached (ID: 00200650)

Default Severity
WARNING
Log Message
IMAPALG: Maximum number of IMAP sessions (<max_sessions>) for service reached. Closing connection
Explanation
The maximum number of concurrent IMAP sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of IMAP sessions is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.284. failed_create_new_session (ID: 00200651)

Default Severity
WARNING
Log Message
IMAPALG: Failed to create new IMAP ALG session (out of memory)
Explanation
An attempt to create a new IMAP ALG session failed, because the unit is out of memory.
Firewall Action
close
Recommended Action
Decrease the maximum allowed IMAP ALG sessions, or try to free some of the RAM used.
Revision
1
Context Parameters
ALG Module Name

2.1.285. failed_connect_imap_server (ID: 00200652)

Default Severity
ERROR
Log Message
IMAPALG: Failed to connect to the IMAP Server. Closing the connection.
Explanation
The unit failed to connect to the remote IMAP Server, resulting in that the ALG session could not be successfully opened.
Firewall Action
close
Recommended Action
Verify that there is a listening IMAP Server on the specified address.
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.286. out_of_memory (ID: 00200656)

Default Severity
ERROR
Log Message
IMAPALG: Failed to allocate memory (out of memory)
Explanation
An attempt to allocate memory failed.
Firewall Action
close
Recommended Action
Try to free up unwanted memory.
Revision
2
Context Parameters
ALG Module Name
ALG Session ID

2.1.287. blocked_filetype (ID: 00200657)

Default Severity
NOTICE
Log Message
IMAPALG: Requested file:<filename> is blocked as this file is identified as type <filetype>, which is in block list.
Explanation
The file is present in the block list. It will be blocked as per configuration.
Firewall Action
block
Recommended Action
If this file should be allowed, update the ALLOW/BLOCK list.
Revision
2
Parameters
imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
filename
filetype
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.1.288. base64_decode_failed (ID: 00200658)

Default Severity
ERROR
Log Message
IMAPALG: Base 64 decode failed. Attachment blocked
Explanation
The data sent to Base64 decoding failed. This can occur if the email sender sends incorrectly formatted data. The attachment has been blocked.
Firewall Action
block_data
Recommended Action
Research how the sender is encoding the data.
Revision
2
Parameters
imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
filename
filetype
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.1.289. command_blocked (ID: 00200659)

Default Severity
WARNING
Log Message
IMAPALG: Command <imap_command> blocked.
Explanation
The client is sending command that are not allowed. The command will be blocked.
Firewall Action
block
Recommended Action
If the command are to be allowed change the Alg configuration.Note: The STLS command is allways blocked!.
Revision
2
Parameters
imap_userid
imap_command
Context Parameters
ALG Module Name
ALG Session ID

2.1.290. unknown_command_blocked (ID: 00200660)

Default Severity
WARNING
Log Message
IMAPALG: Unknown command blocked.
Explanation
The client is sending unknown command. The command will be blocked.
Firewall Action
block
Recommended Action
If the command are to be allowed change the Alg configuration.
Revision
2
Parameters
imap_userid
imap_command
Context Parameters
ALG Module Name
ALG Session ID

2.1.291. command_invalid (ID: 00200661)

Default Severity
WARNING
Log Message
IMAP_ALG: Command <imap_command> invalid.
Explanation
The client is sending command that is not a valid command. The command will be blocked.
Firewall Action
block
Recommended Action
If the command are to be allowed change the Alg configuration.
Revision
2
Parameters
imap_userid
imap_command
Context Parameters
ALG Module Name
ALG Session ID

2.1.292. response_blocked_unknown (ID: 00200662)

Default Severity
WARNING
Log Message
IMAP_ALG: Response blocked. Invalid response.
Explanation
The server is sending unknown response for command [imap_command]. The response will be blocked.
Firewall Action
block
Recommended Action
None
Revision
2
Parameters
imap_userid
imap_command
Context Parameters
ALG Module Name
ALG Session ID

2.1.293. content_type_mismatch (ID: 00200663)

Default Severity
NOTICE
Log Message
IMAPALG: Content type mismatch in file <filename>. Identified filetype <filetype>
Explanation
The filetype of the file does not match the actual content type. As there is a content type mismatch, data is discarded.
Firewall Action
block_data
Recommended Action
None
Revision
2
Parameters
imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
filename
filetype
sender_email_address
Context Parameters
ALG Module Name

2.1.294. plain_auth_blocked (ID: 00200664)

Default Severity
WARNING
Log Message
IMAPALG: Plain text authentication attempt blocked.
Explanation
The client is sending plain text authentication request. It will be blocked.
Firewall Action
block
Recommended Action
If this is not desired, allow plain text authentication in relative email profile.
Revision
2
Parameters
imap_userid
imap_command
Context Parameters
ALG Module Name
ALG Session ID

2.1.295. unknown_imap_syntax (ID: 00200665)

Default Severity
NOTICE
Log Message
IMAPALG: Unknown IMAP syntax in response
Explanation
Unknown IMAP syntax in response, content will be passed through without scanning.
Firewall Action
allow_response
Recommended Action
None
Revision
1
Parameters
imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
Context Parameters
ALG Module Name
ALG Session ID

2.1.296. unknown_mail_syntax (ID: 00200666)

Default Severity
NOTICE
Log Message
IMAPALG: Unknown syntax in mail header
Explanation
Unknown syntax in mail header, content will be passed through without scanning.
Firewall Action
allow_mail
Recommended Action
None
Revision
1
Parameters
imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
Context Parameters
ALG Module Name
ALG Session ID

2.1.297. unknown_mail_body_syntax (ID: 00200667)

Default Severity
NOTICE
Log Message
IMAPALG: Unknown syntax in mail content
Explanation
Unknown syntax in mail content, content will be passed through without scanning.
Firewall Action
allow_mail_content
Recommended Action
None
Revision
1
Parameters
sourceip
from
to
profile
imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
Context Parameters
ALG Module Name
ALG Session ID

2.1.298. imap_session_statistics (ID: 00200670)

Default Severity
DEBUG
Log Message
IMAPALG: Statistics for closing IMAP session
Explanation
Statistics for IMAP session.
Firewall Action
None
Recommended Action
None
Revision
3
Parameters
imap_userid
mail_scanned
mail_spam_detected
mail_virus_detected
blocked_attachments
unknown_syntax_imap
unknown_syntax_mail_header
unknown_syntax_mail_body
incomplete_mail_header
incomplete_mail_body
section_size_mail_header
section_size_mail_body
Context Parameters
ALG Module Name
ALG Session ID

2.1.299. max_dnscontrol_session_reached (ID: 00200680)

Default Severity
WARNING
Log Message
DNS Control: Maximum number of DNS Control sessions (<max_sessions>) for service reached. Closing connection.
Explanation
The maximum number of concurrent DNS Control sessions has been reached for this service. No more sessions can be opened before old sessions have been released.
Firewall Action
close
Recommended Action
If the maximum number of DNS Control session is too low, increase it.
Revision
1
Parameters
max_sessions
Context Parameters
ALG Module Name

2.1.300. failed_create_new_session (ID: 00200681)

Default Severity
WARNING
Log Message
DNS Control: Failed to create new DNS Control session (out of memory)
Explanation
Could not create a new DNS Control session due to lack of memory. No more sessions can be created unless the system increases the amount of free memory.
Firewall Action
close
Recommended Action
None
Revision
1
Context Parameters
ALG Module Name

2.1.301. failure_connect_dns_server (ID: 00200682)

Default Severity
INFORMATIONAL
Log Message
DNS Control: Failed to connect to DNS Server. Closing connection
Explanation
The unit failed to connect to DNS Server, resulting in that the ALG session could not open successfully.
Firewall Action
close
Recommended Action
Verify that there is a listening DNS Server on the specified address.
Revision
1
Context Parameters
ALG Module Name
ALG Session ID

2.1.302. dns_packet_rejected (ID: 00200683)

Default Severity
WARNING
Log Message
DNS Control: DNS packet rejected. Packet: <packet> TransactionID: <transactionid> payload_length: <payload_length>
Explanation
DNS packet rejected, dropping.
Firewall Action
drop
Recommended Action
None
Revision
1
Parameters
transactionid
reason
packet
payload_length
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.303. dns_transaction_opened (ID: 00200684)

Default Severity
INFORMATIONAL
Log Message
DNS Profile: Transaction opened.
Explanation
DNS Transaction opened.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
transactionid
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.304. dns_transaction_closed (ID: 00200685)

Default Severity
INFORMATIONAL
Log Message
DNS Profile: Transaction closed.
Explanation
DNS Transaction closed.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
transactionid
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.305. dns_resolving_address (ID: 00200690)

Default Severity
NOTICE
Log Message
DNS Profile: Resolving.
Explanation
DNS resolving address.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
transactionid
query-type
address
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.306. dns_resolved_address (ID: 00200692)

Default Severity
NOTICE
Log Message
DNS Profile: Resolved.
Explanation
DNS resolved address.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
transactionid
domain
query-type
pref
addresses
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.307. dns_resolved_address (ID: 00200693)

Default Severity
NOTICE
Log Message
DNS Profile: Resolved.
Explanation
DNS resolved address.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
transactionid
domain
query-type
addresses
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.1.308. dns_policy_violation (ID: 00200694)

Default Severity
WARNING
Log Message
DNS Profile: DNS packet rejected due to policy violation. Packet: <packet> TransactionID: <transactionid> Violation value <value>
Explanation
DNS packet rejected due to policy violation, dropping.
Firewall Action
drop
Recommended Action
Modify the DNS Profile if the packet should be allowed.
Revision
1
Parameters
transactionid
reason
packet
value
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.2. ANTISPAM

These log messages refer to the ANTISPAM (Anti-spam related events) category.

2.2.1. spam_found (ID: 05900001)

Default Severity
NOTICE
Log Message
Email was classified as spam.
Explanation
An email was classified as spam, but no action was taken.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
sourceip
from
to
profile
tests
link_categories
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.2. spam_found (ID: 05900002)

Default Severity
INFORMATIONAL
Log Message
Email was classified as spam and has been tagged.
Explanation
An email was classified as spam and was tagged according to the configuration.
Firewall Action
tag
Recommended Action
None
Revision
1
Parameters
sourceip
from
to
profile
methods
link_categories
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.3. spam_found (ID: 05900003)

Default Severity
INFORMATIONAL
Log Message
Email was classified as spam and was rejected.
Explanation
An email was classified as spam and was rejected.
Firewall Action
reject
Recommended Action
None
Revision
1
Parameters
sourceip
from
to
profile
methods
link_categories
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.4. memory_allocation_failure (ID: 05900010)

Default Severity
ERROR
Log Message
Failed to allocate memory required for anti-spam.
Explanation
A memory allocation failure occurred. The system will be unable to perform anti-spam scanning on this email.
Firewall Action
None
Recommended Action
Review configuration to reduce memory consumption.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.5. domain_verification_timeout (ID: 05900020)

Default Severity
ERROR
Log Message
Domain Verification failed because the DNS query timed out.
Explanation
Domain Verification failed because the DNS query timed out.
Firewall Action
None
Recommended Action
Verify that DNS is configured correctly.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.6. domain_verification_error (ID: 05900021)

Default Severity
ERROR
Log Message
Domain Verification failed because a DNS query could not be sent.
Explanation
Domain Verification failed because a DNS query could not be sent.
Firewall Action
None
Recommended Action
Verify that DNS is configured correctly.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.7. link_protection_allocation_failure (ID: 05900030)

Default Severity
ERROR
Log Message
Failed to allocate memory for Link Protection.
Explanation
A memory allocation failure occurred while performing Link Protection. Malicious links may slip through unnoticed as a result.
Firewall Action
None
Recommended Action
Review configuration to reduce memory consumption.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.8. link_protection_timeout (ID: 05900031)

Default Severity
ERROR
Log Message
Link Protection query timed out.
Explanation
A link could not be classified because the WCF servers did not respond.
Firewall Action
None
Recommended Action
Verify that the system is configured to allow WCF lookups.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.9. link_protection_wcf_error (ID: 05900032)

Default Severity
ERROR
Log Message
Link Protection WCF error.
Explanation
A link could not be classified because a query could not be sent to the WCF servers.
Firewall Action
None
Recommended Action
Verify that the system is configured to allow WCF lookups.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.10. link_protection_no_license (ID: 05900033)

Default Severity
ERROR
Log Message
Link Protection has been disabled due to license restrictions.
Explanation
A valid Web Content Filtering license is required to use Link Protection.
Firewall Action
None
Recommended Action
Extend valid time for Web Content Filtering.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.11. dnsbl_allocation_failure (ID: 05900040)

Default Severity
ERROR
Log Message
Failed to allocate memory for DNSBL lookup. DNSBL: <dnsbl>
Explanation
A memory allocation failure occurred while performing DNSBL lookup.
Firewall Action
None
Recommended Action
Review configuration to reduce memory consumption.
Revision
1
Parameters
sourceip
from
to
profile
dnsbl
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.12. dnsbl_timeout (ID: 05900041)

Default Severity
ERROR
Log Message
DNSBL check failed because the DNS query timed out. DNSBL: <dnsbl>
Explanation
DNSBL check failed because the DNS query timed out.
Firewall Action
None
Recommended Action
Verify that DNS is configured correctly.
Revision
1
Parameters
sourceip
from
to
profile
dnsbl
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.13. dnsbl_error (ID: 05900042)

Default Severity
ERROR
Log Message
DNSBL check failed because a DNS query could not be sent. DNSBL: <dnsbl>
Explanation
DNSBL check failed because a DNS query could not be sent.
Firewall Action
None
Recommended Action
Verify that DNS is configured correctly.
Revision
1
Parameters
sourceip
from
to
profile
dnsbl
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.14. dcc_allocation_failure (ID: 05900050)

Default Severity
ERROR
Log Message
Failed to allocate memory for DCC.
Explanation
A memory allocation failure occurred while performing DCC.
Firewall Action
None
Recommended Action
Review configuration to reduce memory consumption.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.15. dcc_timeout (ID: 05900051)

Default Severity
ERROR
Log Message
DCC query timed out.
Explanation
DCC check failed because no response was received from the DCC servers.
Firewall Action
None
Recommended Action
Verify that the DCC servers are reachable.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.16. dcc_query_error (ID: 05900052)

Default Severity
ERROR
Log Message
Failed to send DCC query.
Explanation
A DCC query could not be sent.
Firewall Action
None
Recommended Action
Verify that the DCC servers are reachable.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.17. dcc_no_license (ID: 05900053)

Default Severity
ERROR
Log Message
DCC has been disabled due to license restrictions.
Explanation
DCC has been disabled due to license restrictions.
Firewall Action
None
Recommended Action
Extend valid time for DCC.
Revision
1
Parameters
sourceip
from
to
profile
Context Parameters
Connection
ALG Module Name
ALG Session ID

2.2.18. recipient_email_changed_to_drop_address (ID: 05900196)

Default Severity
NOTICE
Log Message
SMTPALG: Recipient e-mail address is changed to DNSBL Drop address
Explanation
"RCPT TO:" e-mail address is changed to the Drop address configured in DNS Blacklist.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
sender_email_address
drop_address
Context Parameters
ALG Module Name
ALG Session ID

2.2.19. dnsbl_allocate_error (ID: 05900800)

Default Severity
EMERGENCY
Log Message
Could not allocate memory
Explanation
Could not allocate memory.
Firewall Action
None
Recommended Action
Check memory.
Revision
1
Parameters
type

2.2.20. dnsbl_ipcache_add (ID: 05900810)

Default Severity
NOTICE
Log Message
IP <ipaddr> added to IP Cache for <algname>
Explanation
An IP address was added to the IP Cache.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
type
algname
ipaddr

2.2.21. dnsbl_ipcache_remove (ID: 05900811)

Default Severity
NOTICE
Log Message
IP <ipaddr> removed from IP Cache for <algname> due to timeout
Explanation
An IP address was removed from the IP Cache due to timeout.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
type
algname
ipaddr

2.2.22. dnsbl_session_add (ID: 05900812)

Default Severity
NOTICE
Log Message
Session created for IP <ipaddr> for <algname>
Explanation
Session created and awaiting processing.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
type
algname
ipaddr

2.2.23. dnsbl_session_error (ID: 05900813)

Default Severity
ERROR
Log Message
Error creating Session for IP <ipaddr> for <algname>
Explanation
Error creating new Session.
Firewall Action
dnsbl will not process mail
Recommended Action
Check configuration and dns settings.
Revision
1
Parameters
type
algname
ipaddr

2.2.24. dnsbl_ipcache_add (ID: 05900814)

Default Severity
NOTICE
Log Message
Session for IP <ipaddr> for <algname> is done with result <result>
Explanation
An IP address was added to the IP Cache.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
type
algname
ipaddr
result

2.2.25. dnsbl_disabled (ID: 05900815)

Default Severity
EMERGENCY
Log Message
DNSBL for <algname> has been disabled
Explanation
The DNSBL has been disabled due to few active BlackLists.
Firewall Action
None
Recommended Action
Check configuration of DNSBL.
Revision
1
Parameters
type
algname

2.2.26. dnsbl_active (ID: 05900816)

Default Severity
NOTICE
Log Message
DNSBL for <algname> has been activated
Explanation
The DNSBL has changed status from disabled to active as contact with BlackLists have been restored.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
type
algname

2.2.27. dnsbl_query_add (ID: 05900817)

Default Severity
NOTICE
Log Message
Query created for IP <ipaddr> to BlackList <blacklist> for <algname>
Explanation
A DNS Query was created.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
type
algname
ipaddr
blacklist
query

2.2.28. dnsbl_blacklist_disable (ID: 05900818)

Default Severity
WARNING
Log Message
BlackList <blacklist> for <algname> has been disabled
Explanation
BlackList was disable as it failed to respond to the query.
Firewall Action
None
Recommended Action
Check configuration if keeps begin disabled.
Revision
1
Parameters
type
algname
blacklist

2.2.29. dnsbl_txtrecord_truncated (ID: 05900819)

Default Severity
WARNING
Log Message
TXT records does not fit buffer for Session with IP <ipaddr> for <algname>
Explanation
TXT records will not fit the string buffer and will be truncated.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
type
algname
ipaddr

2.2.30. dnsbl_record_truncated (ID: 05900820)

Default Severity
WARNING
Log Message
DNSBL name not fit buffer for Session with IP <ipaddr> for <algname>
Explanation
DNSBL name will not fit the string buffer and will be truncated.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
type
algname
ipaddr

2.3. ANTIVIRUS

These log messages refer to the ANTIVIRUS (Anti-Virus related events) category.

2.3.1. virus_found (ID: 05800001)

Default Severity
WARNING
Log Message
A virus has been detected in a data stream. Since anti-virus is running in protect mode, the data transfer will be aborted in order to protect the receiver.
Explanation
None
Firewall Action
block_data
Recommended Action
If the infected file is local, run anti-virus program to clean the file.
Revision
2
Parameters
filename
virusname
virussig
advisoryid
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.2. virus_found (ID: 05800002)

Default Severity
WARNING
Log Message
A virus has been detected in a data stream. Since anti-virus is running in audit mode, the data transfer will be allowed to continue.
Explanation
None
Firewall Action
allow_data
Recommended Action
If the infected file is local, run anti-virus program to clean the file.
Revision
2
Parameters
filename
virusname
virussig
advisoryid
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.3. excluded_file (ID: 05800003)

Default Severity
NOTICE
Log Message
File <filename> is excluded from scanning. Identified filetype: <filetype>.
Explanation
The named file will be excluded from anti-virus scanning. The filetype is present in the anti-virus scan exclusion list.
Firewall Action
allow_data_without_scan
Recommended Action
None
Revision
1
Parameters
filename
filetype
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.4. decompression_failed (ID: 05800004)

Default Severity
ERROR
Log Message
Decompression error for file <filename>
Explanation
The file could not be scanned by the anti-virus module since the decompression of the compressed file failed. Since anti-virus is running in protect mode, the data transfer will be aborted in order to protect the receiver.
Firewall Action
block_data
Recommended Action
Change Fail Mode parameter to allow if files that fail decompression should be allowed without scanning.
Revision
1
Parameters
filename
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.5. decompression_failed (ID: 05800005)

Default Severity
ERROR
Log Message
Decompression error for file <filename>
Explanation
The file could not be scanned by the anti-virus module since the decompression of the compressed file failed. Since anti-virus is running in audit mode, the data transfer will be allowed to continue.
Firewall Action
allow_data
Recommended Action
Change Fail Mode parameter to deny if files that fail decompression should be blocked.
Revision
1
Parameters
filename
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.6. compression_ratio_violation (ID: 05800007)

Default Severity
WARNING
Log Message
Compression ratio violation for file <filename>. Compression ratio threshold: <comp_ratio>
Explanation
Anti-virus has scanned a compressed file with a compression ratio higher than the specified value. Action is set to continue scan.
Firewall Action
abort_scan
Recommended Action
Files with too high compression ratio can consume large amount of resources. This can be a DoS attack.
Revision
2
Parameters
filename
comp_ratio
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.7. compression_ratio_violation (ID: 05800008)

Default Severity
WARNING
Log Message
Compression ratio violation for file <filename>. Compression ratio threshold: <comp_ratio>
Explanation
Anti-virus has scanned a compressed file with a compression ratio higher than the specified value. Action is set to continue scan.
Firewall Action
block_data
Recommended Action
Files with too high compression ratio can consume large amount of resources. This can be a DoS attack.
Revision
2
Parameters
filename
comp_ratio
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.8. out_of_memory (ID: 05800009)

Default Severity
ERROR
Log Message
Out of memory
Explanation
Memory allocation failed. Since anti-virus is running in audit mode, the data transfer will be allowed to continue.
Firewall Action
allow_data
Recommended Action
Try to free some memory by changing configuration parameters.
Revision
1
Parameters
filename
filetype
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.9. out_of_memory (ID: 05800010)

Default Severity
ERROR
Log Message
Out of memory
Explanation
Memory allocation failed. Since anti-virus is running in protect mode, the data transfer will be aborted in order to protect the receiver.
Firewall Action
block_data
Recommended Action
Try to free some memory by changing configuration parameters.
Revision
1
Parameters
filename
filetype
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.10. virus_scan_failure (ID: 05800011)

Default Severity
ERROR
Log Message
Anti-virus scan engine failed for the file: <filename>
Explanation
An error occured in the anti-virus scan engine. Since anti-virus is running in protect mode, the data transfer will be aborted in order to protect the receiver.
Firewall Action
block_data
Recommended Action
None
Revision
1
Parameters
filename
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.11. virus_scan_failure (ID: 05800012)

Default Severity
ERROR
Log Message
Anti-virus scan engine failed for the file: <filename>
Explanation
An error occured in the anti-virus scan engine. Since anti-virus is running in audit mode, the data transfer will be allowed to continue.
Firewall Action
allow_data
Recommended Action
None
Revision
1
Parameters
filename
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.12. no_valid_license (ID: 05800015)

Default Severity
CRITICAL
Log Message
AVSE: Virus scanning aborted. No valid license present.
Explanation
Anti-virus scanning is aborted since there is no valid license present.
Firewall Action
av_scanning_aborted
Recommended Action
If anti-virus scanning is wanted, you must get a valid license with anti-virus capabilities. Anti-virus scanning can be turned off in order to avoid future postings of this log message.
Revision
2
Context Parameters
ALG Session ID

2.3.13. av_signatures_missing (ID: 05800016)

Default Severity
CRITICAL
Log Message
AVSE: Virus scanning aborted. Not all virus signatures present.
Explanation
Anti-virus scanning is aborted since there is local anti-virus signature databases missing.
Firewall Action
av_scanning_denied
Recommended Action
Connect your firewall to the Internet and download the anti-virus databases or configure automatic updates of anti-virus.
Revision
4
Context Parameters
ALG Session ID

2.3.14. general_engine_error (ID: 05800017)

Default Severity
CRITICAL
Log Message
AVSE: Virus scanning aborted. General error occured during initialization.
Explanation
Anti-virus scanning is aborted since the scan engine returned a general error during initialization.
Firewall Action
av_scanning_aborted
Recommended Action
Try to restart the unit in order to solve this issue.
Revision
2
Context Parameters
ALG Session ID

2.3.15. out_of_memory (ID: 05800018)

Default Severity
CRITICAL
Log Message
AVSE: Virus scanning aborted. Out of memory during initialization.
Explanation
Anti-virus scanning is aborted since the scan engine run out of memory during initialization.
Firewall Action
av_scanning_denied
Recommended Action
Review your configuration in order to free up more RAM.
Revision
2
Context Parameters
ALG Session ID

2.3.16. virus_url_detected (ID: 05800020)

Default Severity
WARNING
Log Message
Virus infected URL found in URL <url>. Advisory ID: <advisoryid>.
Explanation
A virus infected URL request has been detected. Since anti-virus is running in protect mode, the request will be aborted in order to protect the receiver.
Firewall Action
block_data
Recommended Action
None
Revision
1
Parameters
url
advisoryid
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.17. virus_url_detected (ID: 05800021)

Default Severity
WARNING
Log Message
Virus infected URL found in URL <url>. Advisory ID: <advisoryid>.
Explanation
A virus infected URL request has been detected. Since anti-virus is running in audit mode, the request will be allowed to continue.
Firewall Action
allow_data
Recommended Action
None
Revision
1
Parameters
url
advisoryid
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.18. decompression_failed_encrypted_file (ID: 05800024)

Default Severity
WARNING
Log Message
Decompression failed for file <filename>. The file is encrypted.
Explanation
The file could not be scanned by the anti-virus module since the compressed file is encrypted with password protection. Since anti-virus is running in protect mode, the data transfer will be aborted in order to protect the receiver.
Firewall Action
block_data
Recommended Action
Change Fail Mode parameter to allow if files that fail decompression should be allowed without scanning.
Revision
1
Parameters
filename
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.19. decompression_failed_encrypted_file (ID: 05800025)

Default Severity
WARNING
Log Message
Decompression failed for file <filename>. The file is encrypted.
Explanation
The file could not be scanned by the anti-virus module since the compressed file is encrypted with password protection. Since anti-virus is running in audit mode, the data transfer will be allowed to continue.
Firewall Action
allow_data
Recommended Action
Change Fail Mode parameter to deny if files that fail decompression should be blocked.
Revision
1
Parameters
filename
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.20. out_of_memory (ID: 05800027)

Default Severity
CRITICAL
Log Message
Out of memory while allocating anti-virus cache entry.
Explanation
An attempt to add a detected virus to the anti-virus cache failed since the system has run out of memory. .
Firewall Action
ignore
Recommended Action
Try to free some memory by changing configuration parameters.
Revision
1

2.3.21. max_archive_depth_exceeded (ID: 05800028)

Default Severity
WARNING
Log Message
The file <filename> has too many archive levels. Maximum allowed is <max_depth>.
Explanation
The file archive exceeds the maximum allowed depth. Since Fail Mode is set to Deny the data transfer will be aborted in order to protect the receiver.
Firewall Action
block_data
Recommended Action
Change Fail Mode parameter to Allow if files that fail decompression should be allowed without scanning. Increase the Max. Archive Depth parameter to allow deeper files to be scanned.
Revision
1
Parameters
filename
max_depth
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.22. max_archive_depth_exceeded (ID: 05800029)

Default Severity
WARNING
Log Message
The file <filename> has too many archive levels. Maximum allowed is <max_depth>.
Explanation
The file archive exceeds the maximum allowed depth. Since Fail Mode is set to Allow the data transfer will be allowed to continue.
Firewall Action
allow_data
Recommended Action
Change Fail Mode parameter to Deny if files that fail decompression should be blocked. Increase the Max. Archive Depth parameter to allow deeper files to be scanned.
Revision
1
Parameters
filename
max_depth
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection

2.3.23. unknown_encoding (ID: 05800182)

Default Severity
WARNING
Log Message
SMTPALG: Content transfer encoding is unknown or not present
Explanation
Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail Mode is deny so data is blocked.
Firewall Action
block_data
Recommended Action
None
Revision
1
Parameters
filename
unknown_content_transfer_encoding
sender_email_address
recipient_email_addresses:
Context Parameters
ALG Module Name
ALG Session ID

2.3.24. unknown_encoding (ID: 05800183)

Default Severity
WARNING
Log Message
SMTPALG: Content transfer encoding is unknown or not present.
Explanation
Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail Mode is allow so data is allowed without scanning.
Firewall Action
allow_data_without_scan
Recommended Action
Research the Content Transfer Encoding format.
Revision
1
Parameters
filename
unknown_content_transfer_encoding
sender_email_address
recipient_email_addresses
Context Parameters
ALG Module Name
ALG Session ID

2.3.25. unknown_encoding (ID: 05800184)

Default Severity
WARNING
Log Message
POP3ALG: Content transfer encoding is unknown or not present
Explanation
Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail Mode is deny so data is blocked.
Firewall Action
block_data
Recommended Action
None
Revision
1
Parameters
filename
unknown_content_transfer_encoding
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.3.26. unknown_encoding (ID: 05800185)

Default Severity
WARNING
Log Message
POP3ALG: Content transfer encoding is unknown or not present.
Explanation
Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail Mode is allow so data is allowed without scanning.
Firewall Action
allow_data_without_scan
Recommended Action
Research the Content Transfer Encoding format.
Revision
1
Parameters
filename
unknown_content_transfer_encoding
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.3.27. unknown_encoding (ID: 05800654)

Default Severity
WARNING
Log Message
IMAPALG: Content transfer encoding is unknown or not present
Explanation
Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail Mode is deny so data is blocked.
Firewall Action
block_data
Recommended Action
None
Revision
2
Parameters
filename
unknown_content_transfer_encoding
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.3.28. unknown_encoding (ID: 05800655)

Default Severity
WARNING
Log Message
IMAPALG: Content transfer encoding is unknown or not present.
Explanation
Antivirus module cannot scan the attachment since the transfer encoding is missing or unknown. Fail Mode is allow so data is allowed without scanning.
Firewall Action
allow_data_without_scan
Recommended Action
Research the Content Transfer Encoding format.
Revision
2
Parameters
imap_userid
imap_mailbox
imap_msg_uid
imap_msg_sequence_number
imap_mail_size
filename
unknown_content_transfer_encoding
sender_email_address
Context Parameters
ALG Module Name
ALG Session ID

2.4. APPCONTROL

These log messages refer to the APPCONTROL (Application Control events) category.

2.4.1. application_identified (ID: 07200001)

Default Severity
INFORMATIONAL
Log Message
Application identified. Application: <application>.
Explanation
An application protocol has been recognized by the application control function.
Firewall Action
allow
Recommended Action
None
Revision
3
Parameters
application
applicationrule
applicationruleset
Context Parameters
Connection
Rule Information

2.4.2. application_identified (ID: 07200002)

Default Severity
INFORMATIONAL
Log Message
Application identified. Application: <application>.
Explanation
An application protocol has been recognized by the application control function.
Firewall Action
close
Recommended Action
None
Revision
4
Parameters
application
applicationrule
applicationruleset
applicationpath
Context Parameters
Connection
Rule Information

2.4.3. application_end (ID: 07200003)

Default Severity
INFORMATIONAL
Log Message
Application ended. Application: <application>.
Explanation
The end of an application protocol has been recognized by the application control function.
Firewall Action
None
Recommended Action
None
Revision
2
Parameters
application
family
risk
ssl_inspected
Context Parameters
Connection
UINT64
UINT64

2.4.4. no_valid_license (ID: 07200004)

Default Severity
CRITICAL
Log Message
Application Control disabled
Explanation
Application Control has been disabled due to license restriction.
Firewall Action
application_control_disabled
Recommended Action
Extend valid time for Application Control.
Revision
3

2.4.5. application_control_disabled (ID: 07200005)

Default Severity
CRITICAL
Log Message
Application Control disabled
Explanation
Application Control has been disabled due fatal subsystem failure. Traffic will be treated as 'unknown' by Application Control.
Firewall Action
treat_traffic_as_unknown
Recommended Action
Restart the device or restore the system from a full system backup to restore Application Control functionality. It is also possible to configure the device to automatically restart if Application Control is disabled due to fatal failure through the Application Control setting 'Restart On Fatal Failure'.
Revision
1

2.4.6. application_control_disabled (ID: 07200006)

Default Severity
CRITICAL
Log Message
Application Control disabled
Explanation
Application Control has been disabled due fatal subsystem failure. The device will restart itself to try to restore Application Control functionality.
Firewall Action
restart
Recommended Action
It is also possible to configure the device continue with Application Control disabled through the Application Control setting 'Restart On Fatal Failure'.
Revision
1

2.4.7. application_content (ID: 07200015)

Default Severity
INFORMATIONAL
Log Message
Application attribute found. Application: <application> Attribute: <attribute> Value: <value>
Explanation
An application attribute has been identified by Application Content Control.
Firewall Action
None
Recommended Action
None
Revision
1
Parameters
application
attribute
value
Context Parameters
Connection

2.4.8. application_content_allowed (ID: 07200016)

Default Severity
WARNING
Log Message
Application content allowed. Application: <application> Attribute: <attribute> Value: <value>
Explanation
The identified application attribute and its value is allowed by the Application Content Control policy.
Firewall Action
None
Recommended Action
Modify the Application Content Control policy if this traffic should be denied.
Revision
1
Parameters
application
attribute
value
Context Parameters
Connection

2.4.9. application_content_denied (ID: 07200017)

Default Severity
WARNING
Log Message
Application content denied. Application: <application> Attribute: <attribute> Value: <value>
Explanation
The configured Application Content Control policy does not allow the identified attribute or its value. The connection is closed.
Firewall Action
close
Recommended Action
Modify the Application Content Control policy if this traffic should be allowed.
Revision
1
Parameters
application
attribute
value
Context Parameters
Connection

2.4.10. out_of_memory (ID: 07200018)

Default Severity
ERROR
Log Message
Out of memory