Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • DefenseFlow 2 4 1 UG

    Încărcat de

    Dinh Tuan Phong
    71 vizualizări8 pagini
    111

    Titlu original

    DefenseFlow_2_4_1_UG

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    111

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    71 vizualizări8 pagini

    DefenseFlow 2 4 1 UG

    Încărcat de

    Dinh Tuan Phong
    111

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 8

    DefenseFlow Installation and User Guide

    Alerts Table

    DefenseFlow 2.4.1 Alerts

    Alert Code Severity Text When


    Control Element
    DFC00100 WARNING Control element {CE_NAME}: operational status is now down.
    DFC00101 INFO Control element {CE_NAME}: operational status is now up.
    DFC00102 INFO Control element {CE_NAME}: is now enabled.
    DFC00103 INFO Control element {CE_NAME}: is now disabled.
    Network Element
    DFC00200 WARNING Network element {NE_NAME}: operational status is now down. Operation
    DFC00201 INFO Network element {NE_NAME}: operational status is now up. Operation
    DFC00202 INFO Network element {NE_NAME}: is now enabled. Operation
    DFC00203 INFO Network element {NE_NAME}: is now disabled. Operation
    DFC00204 WARNING Network element {NE_NAME}: statistics collection control element is down. Operation
    DFC00205 WARNING Network element {NE_NAME}: diversion control element is down. Operation
    DFC00336 WARNING Operation {OPERATION} cannot be performed for network element {NE}. BGP FlowSpec Operation
    support is not configured for network element {NE}.
    Network Element Group
    DFC00107 ERROR Unable to create a BGP peer for network element {NE_NAME}. The DefenseFlow local
    address does not match the network element IP {NE_IP} address family. To enable the peer,
    configure the control interface IP address.
    DFC00300 WARNING {GROUP_NAME}: group contains no network elements with status up.
    DFC00301 WARNING {GROUP_NAME}: group contains at least one network element with status up.
    DFC00348 INFO Protection of protected object {PO_NAME} by operation {OPERATION} has started for
    networks.
    Mitigation
    DFC00278 WARNING Unable to export policy from mitigation device {MITIGATION_NAME}. Delegation will use the
    operation template instead.
    DFC00321 WARNING Unable to update mitigation device {NAME}. Field {FIELD} contains invalid characters.
    DFC00400 WARNING Mitigation device {MITIGATION_NAME}: operational status is now down.

    Document ID: RDWR-DF-V2041_UG1608 182


    DefenseFlow Installation and User Guide
    Alerts Table

    Table 132: DefenseFlow Alerts (cont.)

    Alert Code Severity Text When


    DFC00401 INFO Mitigation device {MITIGATION_NAME}: operational status is now up.
    DFC00402 WARNING Mitigation device {MITIGATION_NAME}: network element connected to mitigation device is
    now down.
    DFC00405 INFO Mitigation device {MITIGATION_NAME}: network element connected to mitigation device is
    now up.
    DFC00411 ERROR Mitigation device {MITIGATION_NAME}: GRE tunnel {TUNNEL_IP} is down.
    DFC00412 INFO Mitigation device {MITIGATION_NAME}: GRE tunnel {TUNNEL_IP} is up.
    DFC00413 INFO Mitigation device {MITIGATION_NAME}: GRE tunnel {TUNNEL_IP} is now enabled.
    DFC00414 INFO Mitigation device {MITIGATION_NAME}: GRE tunnel {TUNNEL_IP} is now disabled.
    DFC00416 INFO Mitigation device {MITIGATION_NAME}: injection IP interface {IPIF_IP} is up.
    DFC00500 INFO Mitigation device {MITIGATION_NAME}: added BGP peer {PEER_LOOPBACK_IP}.
    DFC00501 ERROR Mitigation device {MITIGATION_NAME}: failed to add BGP peer {PEER_LOOPBACK_IP}.
    DFC00502 INFO Mitigation device {MITIGATION_NAME}: removed BGP peer {PEER_LOOPBACK_IP}.
    DFC00503 ERROR Mitigation device {MITIGATION_NAME}: failed to remove BGP peer {PEER_LOOPBACK_IP}.
    DFC00504 INFO Mitigation device {MITIGATION_NAME}: set BGP ASN to {ASN}.
    DFC00505 ERROR Mitigation device {MITIGATION_NAME}: failed to set BGP ASN to {ASN}.
    DFC00506 INFO Mitigation device {MITIGATION_NAME}: is now enabled.
    DFC00507 INFO Mitigation device {MITIGATION_NAME}: is now disabled.
    BGP
    DFC00600 INFO Added new BGP peer with IP address {IP}.
    DFC00601 INFO BGP peer with IP address {IP} changed its state to up.
    DFC00602 WARNING BGP peer with IP address {IP} changed its state to down.
    DFC00603 INFO Withdrew BGP announcement from peer {PEER} with route {ROUTE} and next hop
    {NEXT_HOP}.
    DFC00604 INFO BGP announcement sent to peer {PEER} with route {ROUTE} and next hop {NEXT_HOP}.
    DFC00983 ERROR Update BGP announcements failed.
    DFC00985 ERROR Update of BGP peers failed. See the DefenseFlow logs for more details.

    183 Document ID: RDWR-DF-V2041_UG1608


    DefenseFlow Installation and User Guide
    Alerts Table

    Table 132: DefenseFlow Alerts (cont.)

    Alert Code Severity Text When


    DFC00987 ERROR Unable to check internal BGP service status.
    DFC00988 ERROR Internal BGP service is not running or has failures.
    DFC00989 INFO Internal BGP service is back to normal.
    DFC00992 ERROR The {TYPE} network is not configured. Configure the network, and retry the operation.
    DFC00993 ERROR BGP service failed to load, because Python was not found on the computer.
    Protected Object
    DFC00177 WARNING Protected object {NAME} shares networks with the following protected objects with the same
    precedence level: {COLLIDING}
    DFC00179 WARNING Unable to set policy precedence for protected object {NAME}. Make sure the protected object
    template contains the variable {precedence}. Policy will be created without precedence.
    DFC00281 INFO Security policy {NAME} for protected object {PO_NAME} removed from mitigation device
    DFC00701 INFO Protected object {PO_NAME}: attack started on network {NETWORK} protocol {PROTOCOL}
    external ID {EXTERNAL_ID} bandwidth {VOLUME} detection source
    {SOURCE}{ALERT_INFO}.
    DFC00703 INFO Protected object {PO_NAME}: attack ended on network {NETWORK} protocol {PROTOCOL}
    external ID {EXTERNAL_ID} detection source {SOURCE}.
    DFC00705 INFO Protected object {PO_NAME}: BDoS detected start of attack. External detector
    sends a new attack
    signal.
    DFC00706 INFO Protected object {PO_NAME}: BDoS detected end of attack. External detector
    sends end of attack
    signal for the first
    time for a specific
    attack.
    DFC00709 INFO Protected object {PO_NAME}: detector {CE_NAME} detected end of an attack. Attacked IP After DefenseFlow
    {ATTACKED_IP_ADDRESS}/{ATTACKED_IP_MASK}. configures a policy
    successfully on
    DefensePro.
    DFC00712 INFO Provisioned a security policy {NAME} for protected object {PO_NAME} on mitigation device
    {MITIGATION_NAME}.

    Document ID: RDWR-DF-V2041_UG1608 184


    DefenseFlow Installation and User Guide
    Alerts Table

    Table 132: DefenseFlow Alerts (cont.)

    Alert Code Severity Text When


    DFC00713 ERROR Protected object {PO_NAME}: failed to provision a security policy on mitigation device
    {MITIGATION_NAME}.
    DFC00715 INFO Protected object {PO_NAME}: diverted traffic on peer {PEER_NAME} with destination IP
    address {ATTACKED_IP_ADDRESS}/{ATTACKED_IP_MASK} to mitigation device
    {MITIGATION_NAME}.
    DFC00716 ERROR Protected object {PO_NAME}: failed to divert traffic on peer {PEER_NAME} with destination
    IP address {ATTACKED_IP_ADDRESS}/{ATTACKED_IP_MASK} to mitigation device
    {MITIGATION_NAME}.
    DFC00717 INFO Protected object {PO_NAME}: cancelled diversion of traffic on peer {PEER_NAME} with
    destination IP address {ATTACKED_IP_ADDRESS}/{ATTACKED_IP_MASK} to mitigation
    device {MITIGATION_NAME}.
    DFC00718 ERROR Protected object {PO_NAME}: failed to cancel diversion of traffic on peer {PEER_NAME} with
    destination IP address {ATTACKED_IP_ADDRESS}/{ATTACKED_IP_MASK} to mitigation
    device {MITIGATION_NAME}.
    DFC00719 INFO Exported a security policy {NAME} for protected object {PO_NAME} from mitigation device
    {MITIGATION_NAME} to the database and removed it from mitigation device
    {MITIGATION_NAME}.
    DFC00720 ERROR Protected object {PO_NAME}: failed to export a security policy from mitigation device
    {MITIGATION_NAME} to the database and/or failed to remove it from mitigation device
    {MITIGATION_NAME}.
    DFC00721 INFO Protected object {PO_NAME}: finished the network convergence stage. Attack was detected
    and DefensePro was
    selected for a
    protected object in
    user confirmation
    mode.
    DFC00722 INFO Protected object {PO_NAME}: guard is going down. User gave a manual
    confirmation for a
    protected object.

    185 Document ID: RDWR-DF-V2041_UG1608


    DefenseFlow Installation and User Guide
    Alerts Table

    Table 132: DefenseFlow Alerts (cont.)

    Alert Code Severity Text When


    DFC00723 INFO Protected object {PO_NAME}: guard is going up. User manually
    activated a
    configured action
    for a protected
    object (manual
    start).
    DFC00724 INFO Protected object {PO_NAME}: has pending confirmation approval to start protection for User manually
    networks {NETWORKS}. deactivated a
    configured action
    for a protected
    object (manual
    stop).
    DFC00725 INFO Protected object {PO_NAME}: confirmed pending action. User manually
    activated or
    deactivated a
    configured action
    for a protected
    object, and its state
    changed to manual.
    DFC00728 INFO Protected object {PO_NAME}: action mode was changed to manual. DefenseFlow
    configured routing
    to a GRE tunnel on
    a specific
    DefensePro as part
    of mitigation.
    DFC00729 INFO Protected object {PO_NAME}: is now disabled. DefenseFlow
    configured routing
    to a DDOS router on
    a specific
    DefensePro as part
    of mitigation.

    Document ID: RDWR-DF-V2041_UG1608 186


    DefenseFlow Installation and User Guide
    Alerts Table

    Table 132: DefenseFlow Alerts (cont.)

    Alert Code Severity Text When


    DFC00730 INFO Protected object {PO_NAME}: is now enabled. DefenseFlow
    removed a
    configured routing
    to a GRE tunnel on
    a specific
    DefensePro as part
    of mitigation.
    DFC00731 INFO Clean traffic leaving mitigation device {MITIGATION_NAME} to protected object {PO_NAME}
    will use GRE tunnel. Routes: {ROUTES}.
    DFC00732 INFO Clean traffic leaving mitigation device {MITIGATION_NAME} to protected object {PO_NAME}
    will be routed to injection IP. Routes: {ROUTES}.
    DFC00733 INFO Removed clean traffic tunneling on mitigation device {MITIGATION_NAME} for protected
    object {PO_NAME}. Routes: {ROUTES}.
    DFC00734 INFO Removed clean traffic routing on mitigation device {MITIGATION_NAME} for protected object
    {PO_NAME}. Routes: {ROUTES}.
    DFC00735 ERROR Failed to provision clean traffic tunneling on mitigation device {MITIGATION_NAME} to
    protected object {PO_NAME}. Routes: {ROUTES}.
    DFC00736 ERROR Failed to provision clean traffic routing on mitigation device {MITIGATION_NAME} to
    protected object {PO_NAME}. Routes: {ROUTES}.
    DFC00737 ERROR Failed to remove clean traffic routing on mitigation device {MITIGATION_NAME} to protected
    object {PO_NAME}. Routes: {ROUTES}.
    DFC00738 ERROR Failed to remove clean traffic tunneling on mitigation device {MITIGATION_NAME} to
    protected object {PO_NAME}. Routes: {ROUTES}.
    DFC00741 INFO Protected object {NAME}: has pending confirmation approval to terminate protection for Protected object
    networks {NETWORKS}. goes down.
    DFC00746 WARNING No mitigation device available for protection of protected object {PO_NAME} through peer Protected object
    {PEER_NAME}. goes down.
    DFC00747 WARNING No mitigation device available for protection of protected object {PO_NAME}. Protected object
    goes down.
    DFC00749 ERROR Failed adding static route for IP address {IP} through gateway {GATEWAY}.

    187 Document ID: RDWR-DF-V2041_UG1608


    DefenseFlow Installation and User Guide
    Alerts Table

    Table 132: DefenseFlow Alerts (cont.)

    Alert Code Severity Text When


    DFC00995 ERROR Handling the protected object {NAME} protection has failed. See the DefenseFlow logs for
    more details.
    DFC01021 ERROR Unable to divert traffic of protected object {PO_NAME} network {NETWORK} to mitigation
    device {MITIGATION}. The IPv{VERSION} diversion address of the mitigation device it
    empty.
    DFC01027 ERROR Unable to handle clean traffic injection for network {NETWORK} of protected object
    {PO_NAME}. No tunnel with matching IP version on mitigation device {MITIGATION} is
    located on the protected object network elements.
    DFC01028 ERROR Unable to handle clean traffic injection for network {NETWORK} of protected object
    {PO_NAME}. No injection IP address with matching IP version is located on mitigation device
    {MITIGATION}.
    DFC01033 INFO Mitigation device {NAME} status is now up
    DFC01034 WARNING Mitigation device {NAME} status changed to from {OLD_OPER_STATUS} to
    {NEW_OPER_STATUS}
    DFC01050 WARNING Unable to activate protection for {PO_NAME}. Some mitigation devices in the mitigation
    group {MITIGATION_GROUP} are unable to handle the attack: {DEVICES}
    DFC01051 WARNING Unable to activate protection for {PO_NAME}. Mitigation group {MITIGATION_GROUP} is
    empty.
    DFC01055 INFO Protected object {PO_NAME}: ignored pending action.
    DFC01073 WARNING The amount of granular IPs collected has exceeded the limit {AMOUNT}. Detection will not be
    performed for the additional IPs.
    System
    DFC00742 WARNING CPU utilization {CURRENT}% is high (above the threshold of {LIMIT}%). Protected object
    goes down.
    DFC00743 WARNING Memory utilization {CURRENT}% is high (above the threshold of {LIMIT}%). Protected object
    goes down.
    DFC00744 INFO CPU utilization {CURRENT}% is back to normal (below the threshold of {LIMIT}%). Protected object
    goes down.
    DFC00745 INFO Memory utilization {CURRENT}% is back to normal (below the threshold of {LIMIT}%). Protected object
    goes down.

    Document ID: RDWR-DF-V2041_UG1608 188


    DefenseFlow Installation and User Guide
    Alerts Table

    Table 132: DefenseFlow Alerts (cont.)

    Alert Code Severity Text When


    DFC00776 INFO Protected object {PO_NAME}: activation threshold was crossed: attack started for protocol
    {PROTOCOL} type {TRAFFIC_UNIT} IP {IP}.
    DFC00777 INFO Protected object {PO_NAME}: termination threshold was crossed: attack ended for protocol
    {PROTOCOL} type {TRAFFIC_UNIT} IP {IP}.
    DFC00782 WARNING Protected object {PO_NAME}: learned fewer than {SAMPLES} traffic samples in all protocols,
    activating anyway.
    DFC00784 ERROR Protected object {PO_NAME}: received no traffic at all since creation. The protected object
    will be disabled.
    DFC00980 INFO Protected object {PO_NAME}: initiate traffic diversion on peer {PEER_NAME} with
    destinations {DESTINATIONS} to mitigation device {MITIGATION_NAME}.
    DFC00982 INFO Protected object {PO_NAME}: initiate stop of traffic diversion of traffic on peer
    {PEER_NAME} with destinations {DESTINATIONS} to mitigation device
    {MITIGATION_NAME}.

    189 Document ID: RDWR-DF-V2041_UG1608

    S-ar putea să vă placă și