These log messages refer to the FLOW category.
2.12.1. [ID: 1740] Flow HA sync failed unexpectedly
- Log Categories
- FLOW,HA
- Log Message
- Flow HA sync failed unexpectedly.
- Default Log Severity
- Notice
- Parameters
- error, matchkey
- Explanation
- The flow could not be installed on the inactive node due to some uncategorized error.
- Gateway Action
- Skip
- Action Description
- None
- Proposed Action
- None
2.12.2. [ID: 788] Flow HA sync failed due to ruleset lookup[...]
- Log Categories
- FLOW
- Log Message
- Flow HA sync failed due to ruleset lookup failure.
- Default Log Severity
- Error
- Parameters
- matchkey
- Explanation
- The flow could not be installed on the inactive node since the ruleset lookup on the inactive node failed.
- Gateway Action
- Skip
- Action Description
- None
- Proposed Action
- Make sure that logging is enabled on the rules that matches the traffic and look for other logs that could reveal the actual
cause of the ruleset lookup failure. Could, for instance, be related to resources (memory, port allocation, etc) or configuration.
2.12.3. [ID: 333] The flow cannot be updated to comply with[...]
- Log Categories
- FLOW
- Log Message
- The flow cannot be updated to comply with rule changes.
- Default Log Severity
- Notice
- Parameters
- conflictrule, flow, flowusage, app, rule, ruletype, ruleorigin, user, userid
- Explanation
- The rules had been changed in such a way that the flow state could not be updated to comply. Packets with the same traffic
parameters would still be able to setup new, slightly different, flow states but this flow state had to be closed.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.12.4. [ID: 1007] Flow closed by application control
- Log Categories
- FLOW
- Log Message
- Flow closed by application control.
- Default Log Severity
- Information
- Parameters
- flow, flowusage, user, userid
- Explanation
- The flow was closed by the application control function.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.12.5. [ID: 1127] Flow closed by an ALG
- Log Categories
- FLOW
- Log Message
- Flow closed by an ALG.
- Default Log Severity
- Information
- Parameters
- flow, flowusage, geoip, app, rule, ruletype, ruleorigin, user, userid
- Explanation
- A flow was closed by an ALG.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.12.6. [ID: 460] Flow closed by admin
- Log Categories
- FLOW
- Log Message
- Flow closed by admin.
- Default Log Severity
- Notice
- Parameters
- flow, flowusage, geoip, app, user, userid
- Explanation
- The flow was closed by request of the administrator.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.12.7. [ID: 1644] Flow closed by module
- Log Categories
- FLOW
- Log Message
- Flow closed by module.
- Default Log Severity
- Information
- Parameters
- module, reason, flow, flowusage, geoip, app, user, userid
- Explanation
- A module in the system closed the flow, due to error condition or rule violation.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.12.8. [ID: 341] Flow closed due to random replacement
- Log Categories
- FLOW
- Log Message
- Flow closed due to random replacement.
- Default Log Severity
- Warning
- Parameters
- flow, flowusage, geoip, app, user, userid
- Explanation
- There was a shortage of free flows and therefore, one randomly selected active flow or flow-pair was removed. This only happens
when someone is trying to open more flows than the system has been configured to support. For instance, a distributed denial-of-service
attack might trigger this event.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Configure the system to support more simultaneous flows, or try to track down the host(s) that overloads the network.
2.12.9. [ID: 379] Flow closed due to timeout
- Log Categories
- FLOW
- Log Message
- Flow closed due to timeout.
- Default Log Severity
- Information
- Parameters
- flow, flowusage, geoip, app, rule, ruletype, ruleorigin, user, userid
- Explanation
- The flow or flow-pair was closed since it had exceeded its idle lifetime.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- The idle lifetime can be increased or decreased per protocol type or service.
2.12.10. [ID: 367] Flow closed due to reopen
- Log Categories
- FLOW
- Log Message
- Flow closed due to reopen.
- Default Log Severity
- Information
- Parameters
- flow, flowusage, app, user, userid
- Explanation
- A received packet belonged to another logical connection than the one represented by the flow state that matched the packet.
The flow state was closed so that a new flow state could be opened for the packet. Currently, this applies when receiving
a TCP SYN that does not match the state of the existing flow state.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- If a new TCP SYN is allowed to close an existing flow state and create a new flow state is controlled by the setting TCPSettings:TCPAllowReopen.
2.12.11. [ID: 111] The matching flow cannot be used for the[...]
- Log Categories
- FLOW
- Log Message
- The matching flow cannot be used for the packet anymore.
- Default Log Severity
- Debug
- Parameters
- pkt
- Explanation
- The flow that matched the packet was changed, that is, updated or closed and opened up again, while the packet was processed
by the gateway. The changes in the flow made it impossible to continue processing the packet so the packet had to be dropped.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.12.12. [ID: 500] Out of memory during flow maintenance
- Log Categories
- FLOW,SYSTEM
- Log Message
- Out of memory during flow maintenance.
- Default Log Severity
- Emergency
- Parameters
-
- Explanation
- A memory allocation attempt failed while allocating memory needed for flow maintenance. Normal operation cannot be guaranteed.
- Gateway Action
- Abort
- Action Description
- None
- Proposed Action
- Investigate why the system is low on RAM. Review the configuration and try to free more RAM.
2.12.13. [ID: 400] Flow maintenance failed
- Log Categories
- FLOW
- Log Message
- Flow maintenance failed.
- Default Log Severity
- Error
- Parameters
- error, flow, flowusage, app, rule, ruletype, ruleorigin, user, userid
- Explanation
- The device failed to update a flow and had to close it. This can be a sign of a system-wide problem, for instance, low on
memory.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Search for other logs that can provide more information.
2.12.14. [ID: 300] There is no flow for the packet anymore
- Log Categories
- FLOW
- Log Message
- There is no flow for the packet anymore.
- Default Log Severity
- Debug
- Parameters
- pkt
- Explanation
- The flow that matched the packet was closed while the packet was processed by the gateway. Since the packet was partially
processed it could not safely be used to setup a new flow so the packet had to be dropped.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.12.15. [ID: 224] Packet not allowed to trigger maintenance of[...]
- Log Categories
- FLOW
- Log Message
- Packet not allowed to trigger maintenance of the flow state.
- Default Log Severity
- Warning
- Parameters
- flow, pkt, user, userid
- Explanation
- When trying to process a packet using a flow state, the flow state was found to be outdated. This packet could not be used
to update the flow state so the packet was dropped. There are several reasons why a packet cannot be used to trigger an update
of a flow state, for instance, that the packet has been partially processed or that the packet is related to the flow state
rather than belonging to the connection that the flow state represents. One example of related packets is ICMP errors.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.12.16. [ID: 424] The flow is not allowed anymore
- Log Categories
- FLOW
- Log Message
- The flow is not allowed anymore.
- Default Log Severity
- Notice
- Parameters
- conflictrule, flow, flowusage, app, rule, ruletype, ruleorigin, user, userid
- Explanation
- The rules had been changed so that the flow was not allowed anymore.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- If this flow should be allowed then verify that recent configuration changes are correct.
2.12.17. [ID: 1062] Not security equivalent after route change
- Log Categories
- FLOW
- Log Message
- Not security equivalent after route change.
- Default Log Severity
- Notice
- Parameters
- conflictrule, flow, flowusage, app, rule, ruletype, ruleorigin, user, userid
- Explanation
- The routes had been changed in such a way that the flow state would have been routed through interfaces that were not security
equivalent with the ones originally used. Packets with the same traffic parameters would still be able to setup new, slightly
different, flow states but this flow state had to be closed.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.12.18. [ID: 372] Flow opened
- Log Categories
- FLOW
- Log Message
- Flow opened.
- Default Log Severity
- Information
- Parameters
- trafficshaping, route, sessionid, ipsrule, flow, geoip, app, rule, ruletype, ruleorigin, user, userid
- Explanation
- A packet was received that triggered a new stateful flow to be created.
- Gateway Action
- Open
- Action Description
- None
- Proposed Action
- None
2.12.19. [ID: 1014] Flow opened stateless
- Log Categories
- FLOW
- Log Message
- Flow opened stateless.
- Default Log Severity
- Information
- Parameters
- trafficshaping, route, sessionid, ipsrule, flow, geoip, rule, ruletype, ruleorigin, user, userid
- Explanation
- A packet was received that triggered a new stateless flow to be created. Packets forwarded on stateless flows are only subject
for stateless packet validation.
- Gateway Action
- Open
- Action Description
- None
- Proposed Action
- None
2.12.20. [ID: 1390] Out of memory when attempting to allocate[...]
- Log Categories
- FLOW,SYSTEM
- Log Message
- Out of memory when attempting to allocate flow data.
- Default Log Severity
- Emergency
- Parameters
- matchkey
- Explanation
- The system was out of memory and failed to allocate a new flow. All new traffic may have been completely locked out.
- Gateway Action
- Discard
- Action Description
- The system was unable to open a flow, even though policy allowed it
- Proposed Action
- Investigate why the system is low on RAM. Contact technical support if the cause is not obvious.
2.12.21. [ID: 543] Reject flow opened
- Log Categories
- FLOW
- Log Message
- Reject flow opened.
- Default Log Severity
- Warning
- Parameters
- trafficshaping, route, flow, geoip, rule, user, userid
- Explanation
- A packet matched a reject rule and a corresponding reject flow was created. A reject flow is a flow with the purpose of rejecting
future packets matching the same parameters as the original packet.
- Gateway Action
- Open
- Action Description
- None
- Proposed Action
- None
2.12.22. [ID: 1646] Failed to reopen flow
- Log Categories
- FLOW
- Log Message
- Failed to reopen flow.
- Default Log Severity
- Error
- Parameters
- error, flow, rule, ruletype, ruleorigin, user, userid
- Explanation
- The system failed to reopen the flow. The flow will remain closed and the packet will be dropped.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.12.23. [ID: 122] Flow reopened
- Log Categories
- FLOW
- Log Message
- Flow reopened.
- Default Log Severity
- Information
- Parameters
- flow, app, user, userid
- Explanation
- A packet was received that triggered a new stateful flow to be created.
- Gateway Action
- Open
- Action Description
- None
- Proposed Action
- None
2.12.24. [ID: 790] Failed to setup flow due to ruleset lookup[...]
- Log Categories
- FLOW
- Log Message
- Failed to setup flow due to ruleset lookup failure.
- Default Log Severity
- Error
- Parameters
- pkt
- Explanation
- A flow could not be opened for the packet since the ruleset lookup failed. The packet was dropped.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- Make sure that logging is enabled on the rules that matches the traffic and look for other logs that could reveal the actual
cause of the ruleset lookup failure. Could, for instance, be related to resources (memory, port allocation, etc) or configuration.
2.12.25. [ID: 521] Flow maintenance failed
- Log Categories
- FLOW
- Log Message
- Flow maintenance failed.
- Default Log Severity
- Notice
- Parameters
- error, flow, flowusage, app, rule, ruletype, ruleorigin, user, userid
- Explanation
- The device failed to update a flow and had to close it. This can be a sign of a problem related to this particular flow but
it can also be sign of a system-wide problem, for instance, out of memory.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Search for other logs that can provide more information.
2.12.26. [ID: 1314] Packet MD5 digest did not match packet data
- Log Categories
- FLOW,TCP,BGP
- Log Message
- Packet MD5 digest did not match packet data.
- Default Log Severity
- Error
- Parameters
- pkt
- Explanation
- MD5 digest included in packet did not match rest of the packet data.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- Check BGP neighbor configuration.
2.12.27. [ID: 1320] Failed to insert MD5 digest to packet
- Log Categories
- FLOW,TCP,BGP
- Log Message
- Failed to insert MD5 digest to packet.
- Default Log Severity
- Error
- Parameters
- pkt
- Explanation
- System was unable to add MD5 digest to packet.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- Contact customer support.
2.12.28. [ID: 1317] Packet did not contain md5 digest
- Log Categories
- FLOW,TCP,BGP
- Log Message
- Packet did not contain md5 digest.
- Default Log Severity
- Error
- Parameters
- pkt
- Explanation
- Packet did not contain any MD5 digest.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.12.29. [ID: 1309] Packet is too small to contain MD5 digest
- Log Categories
- FLOW,TCP,BGP
- Log Message
- Packet is too small to contain MD5 digest.
- Default Log Severity
- Error
- Parameters
- pkt
- Explanation
- Packet is too small to contain MD5 digest.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.12.30. [ID: 1056] Same pipe used twice in same flow
- Log Categories
- FLOW,PIPES
- Log Message
- Same pipe used twice in same flow.
- Default Log Severity
- Warning
- Parameters
- pipe, conflictrule, rule
- Explanation
- The same pipe object pipe has been applied twice to the same flow by two different rules (rule and conflictrule). The effect of this is probably undesirable. Whether to log this event is controlled by the MiscSettings:PipeDupLog setting.
- Gateway Action
- Ignore
- Action Description
- None
- Proposed Action
- Review the configuration and consider re-arranging rules and traffic profiles so that no pipe object can be added by different
rules matching the same traffic.
2.12.31. [ID: 1389] Not enough ICMP data for protocol translation
- Log Categories
- FLOW,NAT64
- Log Message
- Not enough ICMP data for protocol translation.
- Default Log Severity
- Notice
- Parameters
- pkt
- Explanation
- An ICMP error was dropped because its payload was not large enough for protocol translation.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.12.32. [ID: 1397] Protocol translation was not applicable
- Log Categories
- FLOW,NAT64
- Log Message
- Protocol translation was not applicable.
- Default Log Severity
- Notice
- Parameters
- pkt
- Explanation
- An ICMP message was dropped because there was no applicable protocol translation.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.12.33. [ID: 1391] Unsupported media header in protocol[...]
- Log Categories
- FLOW,NAT64
- Log Message
- Unsupported media header in protocol translation.
- Default Log Severity
- Notice
- Parameters
- pkt
- Explanation
- A packet with an unsupported media header was dropped when attempting protocol translation.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
2.12.34. [ID: 1388] Unsupported transport header in protocol[...]
- Log Categories
- FLOW,NAT64
- Log Message
- Unsupported transport header in protocol translation.
- Default Log Severity
- Notice
- Parameters
- pkt
- Explanation
- A packet with an unsupported transport header was dropped when attempting protocol translation.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- None
cOS Stream 4.00.03 Log Reference Guide
