These log messages refer to the IPS category.
2.25.1. [ID: 1403] Threat detected based on custom signature
- Log Categories
- IPS
- Log Message
- Threat detected based on custom signature.
- Default Log Severity
- Dynamic
- Parameters
- signature, signatureid, revision, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- A custom signature matched the traffic.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Research the CVE database (searchable by the unique ID).
2.25.2. [ID: 1415] Threat prevented based on custom signature
- Log Categories
- IPS
- Log Message
- Threat prevented based on custom signature.
- Default Log Severity
- Dynamic
- Parameters
- signature, signatureid, revision, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- A custom signature mapped to the "protect" action matched the traffic.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Research the CVE database (searchable by the unique ID).
2.25.3. [ID: 1405] Failed to scan data
- Log Categories
- IPS
- Log Message
- Failed to scan data.
- Default Log Severity
- Error
- Parameters
- reason, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- The unit failed to scan data.
- Gateway Action
- Ignore
- Action Description
- None
- Proposed Action
- None
2.25.4. [ID: 1406] Failed to scan data
- Log Categories
- IPS
- Log Message
- Failed to scan data.
- Default Log Severity
- Error
- Parameters
- reason, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- The unit failed to scan data.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- None
2.25.5. [ID: 1420] Failed to read current signature files
- Log Categories
- IPS
- Log Message
- Failed to read current signature files.
- Default Log Severity
- Error
- Parameters
-
- Explanation
- IPS failed to read the signature files currently in the active folder. This may be due to memory shortage.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- None
2.25.6. [ID: 1418] Failed to read new signature files
- Log Categories
- IPS
- Log Message
- Failed to read new signature files.
- Default Log Severity
- Warning
- Parameters
-
- Explanation
- IPS failed to read the new signature files. It will read the previously active signature files.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Check if signature file content is according to the documentation.
2.25.7. [ID: 1402] Failed to parse HTTP URL
- Log Categories
- IPS
- Log Message
- Failed to parse HTTP URL.
- Default Log Severity
- Warning
- Parameters
- url, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- The unit failed parsing an URL. The reason for this is probably because the URL has an invalid format, or it contains invalid
UTF8 formatted characters.
- Gateway Action
- Ignore
- Action Description
- None
- Proposed Action
- Make sure that the URL is formatted correctly.
2.25.8. [ID: 1424] Failed to parse HTTP URL
- Log Categories
- IPS
- Log Message
- Failed to parse HTTP URL.
- Default Log Severity
- Error
- Parameters
- url, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- The unit failed parsing an URL. The reason for this is probably because the URL has an invalid format, or it contains invalid
UTF8 formatted characters.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Make sure that the URL is formatted correctly.
2.25.9. [ID: 1407] IPS license is going to expire
- Log Categories
- IPS,LICENSE
- Log Message
- IPS license is going to expire.
- Default Log Severity
- Warning
- Parameters
- date
- Explanation
- IPS license is going to expire in the near future. This log is sent periodically.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Renew the license.
2.25.10. [ID: 1426] IPS license has expired
- Log Categories
- IPS,LICENSE
- Log Message
- IPS license has expired.
- Default Log Severity
- Critical
- Parameters
-
- Explanation
- IPS scanning will stop working until new license is activated.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Upload a valid license.
2.25.11. [ID: 1414] Max signatures match limit exceeded
- Log Categories
- IPS
- Log Message
- Max signatures match limit exceeded.
- Default Log Severity
- Notice
- Parameters
- max, ipsrule, direction, flow, pkt, user, userid
- Explanation
- Analysing a single chunk of data triggered more signatures that the system is designed to handle. Some signature matches will
be ignored. The incident will be handled according to the fail mode.
- Gateway Action
- None
- Action Description
- Node
- Proposed Action
- None
2.25.12. [ID: 1401] Max signatures match limit exceeded
- Log Categories
- IPS
- Log Message
- Max signatures match limit exceeded.
- Default Log Severity
- Warning
- Parameters
- max, ipsrule, direction, flow, pkt, user, userid
- Explanation
- Analysing a single chunk of data triggered more signatures that the system is designed to handle. Some signature matches will
be ignored. The incident will be handled according to the fail mode.
- Gateway Action
- Close
- Action Description
- Node
- Proposed Action
- None
2.25.13. [ID: 1419] No signature loaded
- Log Categories
- IPS
- Log Message
- No signature loaded.
- Default Log Severity
- Critical
- Parameters
- flow, flowusage, user, userid
- Explanation
- IPS signature file has been disabled or no signature file was found.
- Gateway Action
- Abort
- Action Description
- IPS Scanning has been aborted
- Proposed Action
- For IPS scanning, a valid license with IPS enabled must be installed. If already installed, manually initiate downloading
of the latest signature file. IPS scanning can be disabled to avoid this log message.
2.25.14. [ID: 1421] IPS Notice
- Log Categories
- IPS
- Log Message
- IPS Notice.
- Default Log Severity
- Dynamic
- Parameters
- signature, signatureid, revision, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- A notice signature matched the traffic.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- This is probably not an attack, but you may research the advisory (searchable by the unique ID).
2.25.15. [ID: 1417] IPS Notice
- Log Categories
- IPS
- Log Message
- IPS Notice.
- Default Log Severity
- Dynamic
- Parameters
- signature, signatureid, revision, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- A notice signature mapped to the "protect" action matched the traffic, closing connection.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- This is probably not an attack, but you may research the advisory (searchable by the unique ID).
2.25.16. [ID: 1412] Failed to scan data
- Log Categories
- IPS
- Log Message
- Failed to scan data.
- Default Log Severity
- Error
- Parameters
- ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- The unit failed to scan data. The reason for this is due to low amount of memory.
- Gateway Action
- Ignore
- Action Description
- None
- Proposed Action
- Review your configuration.
2.25.17. [ID: 1410] Failed to scan data
- Log Categories
- IPS
- Log Message
- Failed to scan data.
- Default Log Severity
- Error
- Parameters
- ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- The unit failed to scan data. The reason for this is due to low amount of memory.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Review your configuration.
2.25.18. [ID: 1409] Scan detected
- Log Categories
- IPS
- Log Message
- Scan detected.
- Default Log Severity
- Dynamic
- Parameters
- signature, signatureid, revision, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- A scan signature matched the traffic.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Research the advisory (searchable by the unique ID).
2.25.19. [ID: 1411] Scan detected
- Log Categories
- IPS
- Log Message
- Scan detected.
- Default Log Severity
- Dynamic
- Parameters
- signature, signatureid, revision, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- A scan signature mapped to the "protect" action matched the traffic, closing connection.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Research the advisory (searchable by the unique ID), if you suspect an attack.
2.25.20. [ID: 1404] Threat detected
- Log Categories
- IPS
- Log Message
- Threat detected.
- Default Log Severity
- Dynamic
- Parameters
- signature, signatureid, revision, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- An attack signature matched the traffic.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- Research the advisory (searchable by the unique ID).
2.25.21. [ID: 1427] Threat prevented
- Log Categories
- IPS
- Log Message
- Threat prevented.
- Default Log Severity
- Dynamic
- Parameters
- signature, signatureid, revision, ipsrule, direction, flow, flowusage, pkt, user, userid
- Explanation
- An attack signature mapped to the "protect" action matched the traffic.
- Gateway Action
- Close
- Action Description
- None
- Proposed Action
- Research the advisory (searchable by the unique ID).
cOS Stream 4.00.03 Log Reference Guide
