Control Element DFC00100 WARNING Control element {CE_NAME}: operational status is now down. DFC00101 INFO Control element {CE_NAME}: operational status is now up. DFC00102 INFO Control element {CE_NAME}: is now enabled. DFC00103 INFO Control element {CE_NAME}: is now disabled. Network Element DFC00200 WARNING Network element {NE_NAME}: operational status is now down. Operation DFC00201 INFO Network element {NE_NAME}: operational status is now up. Operation DFC00202 INFO Network element {NE_NAME}: is now enabled. Operation DFC00203 INFO Network element {NE_NAME}: is now disabled. Operation DFC00204 WARNING Network element {NE_NAME}: statistics collection control element is down. Operation DFC00205 WARNING Network element {NE_NAME}: diversion control element is down. Operation DFC00336 WARNING Operation {OPERATION} cannot be performed for network element {NE}. BGP FlowSpec Operation support is not configured for network element {NE}. Network Element Group DFC00107 ERROR Unable to create a BGP peer for network element {NE_NAME}. The DefenseFlow local address does not match the network element IP {NE_IP} address family. To enable the peer, configure the control interface IP address. DFC00300 WARNING {GROUP_NAME}: group contains no network elements with status up. DFC00301 WARNING {GROUP_NAME}: group contains at least one network element with status up. DFC00348 INFO Protection of protected object {PO_NAME} by operation {OPERATION} has started for networks. Mitigation DFC00278 WARNING Unable to export policy from mitigation device {MITIGATION_NAME}. Delegation will use the operation template instead. DFC00321 WARNING Unable to update mitigation device {NAME}. Field {FIELD} contains invalid characters. DFC00400 WARNING Mitigation device {MITIGATION_NAME}: operational status is now down.
Document ID: RDWR-DF-V2041_UG1608 182
DefenseFlow Installation and User Guide Alerts Table
Table 132: DefenseFlow Alerts (cont.)
Alert Code Severity Text When
DFC00401 INFO Mitigation device {MITIGATION_NAME}: operational status is now up. DFC00402 WARNING Mitigation device {MITIGATION_NAME}: network element connected to mitigation device is now down. DFC00405 INFO Mitigation device {MITIGATION_NAME}: network element connected to mitigation device is now up. DFC00411 ERROR Mitigation device {MITIGATION_NAME}: GRE tunnel {TUNNEL_IP} is down. DFC00412 INFO Mitigation device {MITIGATION_NAME}: GRE tunnel {TUNNEL_IP} is up. DFC00413 INFO Mitigation device {MITIGATION_NAME}: GRE tunnel {TUNNEL_IP} is now enabled. DFC00414 INFO Mitigation device {MITIGATION_NAME}: GRE tunnel {TUNNEL_IP} is now disabled. DFC00416 INFO Mitigation device {MITIGATION_NAME}: injection IP interface {IPIF_IP} is up. DFC00500 INFO Mitigation device {MITIGATION_NAME}: added BGP peer {PEER_LOOPBACK_IP}. DFC00501 ERROR Mitigation device {MITIGATION_NAME}: failed to add BGP peer {PEER_LOOPBACK_IP}. DFC00502 INFO Mitigation device {MITIGATION_NAME}: removed BGP peer {PEER_LOOPBACK_IP}. DFC00503 ERROR Mitigation device {MITIGATION_NAME}: failed to remove BGP peer {PEER_LOOPBACK_IP}. DFC00504 INFO Mitigation device {MITIGATION_NAME}: set BGP ASN to {ASN}. DFC00505 ERROR Mitigation device {MITIGATION_NAME}: failed to set BGP ASN to {ASN}. DFC00506 INFO Mitigation device {MITIGATION_NAME}: is now enabled. DFC00507 INFO Mitigation device {MITIGATION_NAME}: is now disabled. BGP DFC00600 INFO Added new BGP peer with IP address {IP}. DFC00601 INFO BGP peer with IP address {IP} changed its state to up. DFC00602 WARNING BGP peer with IP address {IP} changed its state to down. DFC00603 INFO Withdrew BGP announcement from peer {PEER} with route {ROUTE} and next hop {NEXT_HOP}. DFC00604 INFO BGP announcement sent to peer {PEER} with route {ROUTE} and next hop {NEXT_HOP}. DFC00983 ERROR Update BGP announcements failed. DFC00985 ERROR Update of BGP peers failed. See the DefenseFlow logs for more details.
183 Document ID: RDWR-DF-V2041_UG1608
DefenseFlow Installation and User Guide Alerts Table
Table 132: DefenseFlow Alerts (cont.)
Alert Code Severity Text When
DFC00987 ERROR Unable to check internal BGP service status. DFC00988 ERROR Internal BGP service is not running or has failures. DFC00989 INFO Internal BGP service is back to normal. DFC00992 ERROR The {TYPE} network is not configured. Configure the network, and retry the operation. DFC00993 ERROR BGP service failed to load, because Python was not found on the computer. Protected Object DFC00177 WARNING Protected object {NAME} shares networks with the following protected objects with the same precedence level: {COLLIDING} DFC00179 WARNING Unable to set policy precedence for protected object {NAME}. Make sure the protected object template contains the variable {precedence}. Policy will be created without precedence. DFC00281 INFO Security policy {NAME} for protected object {PO_NAME} removed from mitigation device DFC00701 INFO Protected object {PO_NAME}: attack started on network {NETWORK} protocol {PROTOCOL} external ID {EXTERNAL_ID} bandwidth {VOLUME} detection source {SOURCE}{ALERT_INFO}. DFC00703 INFO Protected object {PO_NAME}: attack ended on network {NETWORK} protocol {PROTOCOL} external ID {EXTERNAL_ID} detection source {SOURCE}. DFC00705 INFO Protected object {PO_NAME}: BDoS detected start of attack. External detector sends a new attack signal. DFC00706 INFO Protected object {PO_NAME}: BDoS detected end of attack. External detector sends end of attack signal for the first time for a specific attack. DFC00709 INFO Protected object {PO_NAME}: detector {CE_NAME} detected end of an attack. Attacked IP After DefenseFlow {ATTACKED_IP_ADDRESS}/{ATTACKED_IP_MASK}. configures a policy successfully on DefensePro. DFC00712 INFO Provisioned a security policy {NAME} for protected object {PO_NAME} on mitigation device {MITIGATION_NAME}.
Document ID: RDWR-DF-V2041_UG1608 184
DefenseFlow Installation and User Guide Alerts Table
Table 132: DefenseFlow Alerts (cont.)
Alert Code Severity Text When
DFC00713 ERROR Protected object {PO_NAME}: failed to provision a security policy on mitigation device {MITIGATION_NAME}. DFC00715 INFO Protected object {PO_NAME}: diverted traffic on peer {PEER_NAME} with destination IP address {ATTACKED_IP_ADDRESS}/{ATTACKED_IP_MASK} to mitigation device {MITIGATION_NAME}. DFC00716 ERROR Protected object {PO_NAME}: failed to divert traffic on peer {PEER_NAME} with destination IP address {ATTACKED_IP_ADDRESS}/{ATTACKED_IP_MASK} to mitigation device {MITIGATION_NAME}. DFC00717 INFO Protected object {PO_NAME}: cancelled diversion of traffic on peer {PEER_NAME} with destination IP address {ATTACKED_IP_ADDRESS}/{ATTACKED_IP_MASK} to mitigation device {MITIGATION_NAME}. DFC00718 ERROR Protected object {PO_NAME}: failed to cancel diversion of traffic on peer {PEER_NAME} with destination IP address {ATTACKED_IP_ADDRESS}/{ATTACKED_IP_MASK} to mitigation device {MITIGATION_NAME}. DFC00719 INFO Exported a security policy {NAME} for protected object {PO_NAME} from mitigation device {MITIGATION_NAME} to the database and removed it from mitigation device {MITIGATION_NAME}. DFC00720 ERROR Protected object {PO_NAME}: failed to export a security policy from mitigation device {MITIGATION_NAME} to the database and/or failed to remove it from mitigation device {MITIGATION_NAME}. DFC00721 INFO Protected object {PO_NAME}: finished the network convergence stage. Attack was detected and DefensePro was selected for a protected object in user confirmation mode. DFC00722 INFO Protected object {PO_NAME}: guard is going down. User gave a manual confirmation for a protected object.
185 Document ID: RDWR-DF-V2041_UG1608
DefenseFlow Installation and User Guide Alerts Table
Table 132: DefenseFlow Alerts (cont.)
Alert Code Severity Text When
DFC00723 INFO Protected object {PO_NAME}: guard is going up. User manually activated a configured action for a protected object (manual start). DFC00724 INFO Protected object {PO_NAME}: has pending confirmation approval to start protection for User manually networks {NETWORKS}. deactivated a configured action for a protected object (manual stop). DFC00725 INFO Protected object {PO_NAME}: confirmed pending action. User manually activated or deactivated a configured action for a protected object, and its state changed to manual. DFC00728 INFO Protected object {PO_NAME}: action mode was changed to manual. DefenseFlow configured routing to a GRE tunnel on a specific DefensePro as part of mitigation. DFC00729 INFO Protected object {PO_NAME}: is now disabled. DefenseFlow configured routing to a DDOS router on a specific DefensePro as part of mitigation.
Document ID: RDWR-DF-V2041_UG1608 186
DefenseFlow Installation and User Guide Alerts Table
Table 132: DefenseFlow Alerts (cont.)
Alert Code Severity Text When
DFC00730 INFO Protected object {PO_NAME}: is now enabled. DefenseFlow removed a configured routing to a GRE tunnel on a specific DefensePro as part of mitigation. DFC00731 INFO Clean traffic leaving mitigation device {MITIGATION_NAME} to protected object {PO_NAME} will use GRE tunnel. Routes: {ROUTES}. DFC00732 INFO Clean traffic leaving mitigation device {MITIGATION_NAME} to protected object {PO_NAME} will be routed to injection IP. Routes: {ROUTES}. DFC00733 INFO Removed clean traffic tunneling on mitigation device {MITIGATION_NAME} for protected object {PO_NAME}. Routes: {ROUTES}. DFC00734 INFO Removed clean traffic routing on mitigation device {MITIGATION_NAME} for protected object {PO_NAME}. Routes: {ROUTES}. DFC00735 ERROR Failed to provision clean traffic tunneling on mitigation device {MITIGATION_NAME} to protected object {PO_NAME}. Routes: {ROUTES}. DFC00736 ERROR Failed to provision clean traffic routing on mitigation device {MITIGATION_NAME} to protected object {PO_NAME}. Routes: {ROUTES}. DFC00737 ERROR Failed to remove clean traffic routing on mitigation device {MITIGATION_NAME} to protected object {PO_NAME}. Routes: {ROUTES}. DFC00738 ERROR Failed to remove clean traffic tunneling on mitigation device {MITIGATION_NAME} to protected object {PO_NAME}. Routes: {ROUTES}. DFC00741 INFO Protected object {NAME}: has pending confirmation approval to terminate protection for Protected object networks {NETWORKS}. goes down. DFC00746 WARNING No mitigation device available for protection of protected object {PO_NAME} through peer Protected object {PEER_NAME}. goes down. DFC00747 WARNING No mitigation device available for protection of protected object {PO_NAME}. Protected object goes down. DFC00749 ERROR Failed adding static route for IP address {IP} through gateway {GATEWAY}.
187 Document ID: RDWR-DF-V2041_UG1608
DefenseFlow Installation and User Guide Alerts Table
Table 132: DefenseFlow Alerts (cont.)
Alert Code Severity Text When
DFC00995 ERROR Handling the protected object {NAME} protection has failed. See the DefenseFlow logs for more details. DFC01021 ERROR Unable to divert traffic of protected object {PO_NAME} network {NETWORK} to mitigation device {MITIGATION}. The IPv{VERSION} diversion address of the mitigation device it empty. DFC01027 ERROR Unable to handle clean traffic injection for network {NETWORK} of protected object {PO_NAME}. No tunnel with matching IP version on mitigation device {MITIGATION} is located on the protected object network elements. DFC01028 ERROR Unable to handle clean traffic injection for network {NETWORK} of protected object {PO_NAME}. No injection IP address with matching IP version is located on mitigation device {MITIGATION}. DFC01033 INFO Mitigation device {NAME} status is now up DFC01034 WARNING Mitigation device {NAME} status changed to from {OLD_OPER_STATUS} to {NEW_OPER_STATUS} DFC01050 WARNING Unable to activate protection for {PO_NAME}. Some mitigation devices in the mitigation group {MITIGATION_GROUP} are unable to handle the attack: {DEVICES} DFC01051 WARNING Unable to activate protection for {PO_NAME}. Mitigation group {MITIGATION_GROUP} is empty. DFC01055 INFO Protected object {PO_NAME}: ignored pending action. DFC01073 WARNING The amount of granular IPs collected has exceeded the limit {AMOUNT}. Detection will not be performed for the additional IPs. System DFC00742 WARNING CPU utilization {CURRENT}% is high (above the threshold of {LIMIT}%). Protected object goes down. DFC00743 WARNING Memory utilization {CURRENT}% is high (above the threshold of {LIMIT}%). Protected object goes down. DFC00744 INFO CPU utilization {CURRENT}% is back to normal (below the threshold of {LIMIT}%). Protected object goes down. DFC00745 INFO Memory utilization {CURRENT}% is back to normal (below the threshold of {LIMIT}%). Protected object goes down.
Document ID: RDWR-DF-V2041_UG1608 188
DefenseFlow Installation and User Guide Alerts Table
Table 132: DefenseFlow Alerts (cont.)
Alert Code Severity Text When
DFC00776 INFO Protected object {PO_NAME}: activation threshold was crossed: attack started for protocol {PROTOCOL} type {TRAFFIC_UNIT} IP {IP}. DFC00777 INFO Protected object {PO_NAME}: termination threshold was crossed: attack ended for protocol {PROTOCOL} type {TRAFFIC_UNIT} IP {IP}. DFC00782 WARNING Protected object {PO_NAME}: learned fewer than {SAMPLES} traffic samples in all protocols, activating anyway. DFC00784 ERROR Protected object {PO_NAME}: received no traffic at all since creation. The protected object will be disabled. DFC00980 INFO Protected object {PO_NAME}: initiate traffic diversion on peer {PEER_NAME} with destinations {DESTINATIONS} to mitigation device {MITIGATION_NAME}. DFC00982 INFO Protected object {PO_NAME}: initiate stop of traffic diversion of traffic on peer {PEER_NAME} with destinations {DESTINATIONS} to mitigation device {MITIGATION_NAME}.