SonicOS 6.2.5 LogEvents ReferenceGuide

Dell SonicWALL™ SonicOS 6.2.
5
Log Events Reference Guide
Copyright© 2016 Dell Inc. All rights reserved.
This product is protected by U.S. and international copyright and intellectual property laws. Dell™, the Dell logo, and
SonicWALL are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned
herein may be trademarks of their respective companies.
Legend
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
SonicOS Log Events Reference Guide

Updated - May 2016
Software Version - 6.2.5
232-003262-00 Rev A
Contents
Introduction to SonicOS log events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Log > Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Log > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Index of Log Event Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Syslog events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Log > Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Index of Syslog tag field descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Examples of standard Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Examples of ArcSight Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Legacy categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Expanded categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Priority levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
About Dell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
SonicOS 6.2.5 Log Events Reference Guide

3
1
Introduction to SonicOS log events
This reference guide lists and describes the SonicOS log event messages for SonicOS 6.2.5. The Log Event
Message Index table lists all events by event ID number. The Syslog Tags table lists and describes all available
Syslog tags which contain additional information specific to the log event.
Topics:
• Log > Monitor on page 4
• Log > Settings on page 5
Log > Monitor

The Dell SonicWALL security appliance maintains an Event log for tracking potential security threats. This log
can be viewed by navigating to the Dashboard > Log Monitor or Log > Log Monitor page, or it can be
automatically sent to an email address for convenience and archiving. The log is displayed in a table and can be
sorted by column.
For more information about configuring the Log Monitor page, refer to the SonicOS Administration Guide.

4
Log > Settings
The Log > Settings page allows you to categorize and customize the logging functions on your Dell SonicWALL
security appliance for troubleshooting and diagnostics.
For more information on configuring and managing the Log > Settings page, refer to the SonicOS Administration
Guide.

5
2
Index of Log Event Messages
This section contains the Log Event Message Index, which is a list of log event messages for the SonicOS 6.2.5
firmware.
Each log event message described in the table provides the following log event details:
• Event ID—Displays the ID number of the log event message.
• Legacy Category—Displays the category event type. This is the same category as Legacy categories on
page 53.
• SonicOS Category—Displays the SonicOS category type. This is the same category as Expanded categories
on page 54.
• Priority Level—Displays the level of urgency of the log event message. For additional information, see
Priority levels on page 57.
• SNMP Trap Type—Displays the SNMP Trap ID number of the log event message.
• Log Event Message—Displays the text of the log event message.

6
Table 1. Log Event Message Index
Event Legacy SonicOS Category Priority SNMP Log Event Message

ID Category Level Trap Type
4 Maintenance Firewall Event ALERT --- Network Security Appliance activated
5 Maintenance Firewall Logging INFO --- Log Cleared
6 Maintenance Firewall Logging INFO --- Log successfully sent via E-mail
10 System Error Security Services ERROR 602 Problem loading the URL List; check Filter
settings
12 System Error Firewall Logging WARNING 604 Problem sending log E-mail; check log
settings
14 Blocked Sites Network Access ERROR 701 Web site access denied
15 Blocked Sites Network Access NOTICE 702 Newsgroup access denied
16 Blocked Sites Network Access NOTICE 703 Web site access allowed
17 Blocked Sites Network Access NOTICE 704 Newsgroup access allowed
18 Blocked Code Network Access NOTICE --- ActiveX access denied
19 Blocked Code Network Access NOTICE --- Java access denied
20 Blocked Code Network Access NOTICE --- ActiveX or Java archive access denied
21 Blocked Code Network Access NOTICE --- Cookie removed
22 Attack Intrusion ALERT 501 Ping of death dropped
Detection
23 Attack Intrusion ALERT 502 IP spoof dropped
Detection
24 User Activity Authenticated INFO --- User logged out - user disconnect detected
Access
25 Attack Intrusion WARNING 503 Possible SYN flood attack detected
Detection
27 Attack Intrusion ALERT 505 Land attack dropped
Detection
28 TCP | UDP | Network NOTICE --- Fragmented packet dropped
ICMP
29 User Activity Authenticated INFO --- Administrator login allowed
Access
30 Attack Authenticated ALERT 560 Administrator login denied due to bad
Access credentials
31 User Activity Authenticated INFO --- User login from an internal zone allowed
Access
32 User Activity Authenticated INFO --- User login denied due to bad credentials
Access
33 User Activity Authenticated INFO --- User login denied due to bad credentials
Access
34 User Activity Authenticated INFO --- Pending login timed out
Access
35 Attack Authenticated ALERT 506 Administrator login denied from %s; logins
Access disabled from this interface
36 TCP Network Access NOTICE --- TCP connection dropped
37 UDP Network Access NOTICE --- UDP packet dropped
38 ICMP Network Access NOTICE --- ICMP packet dropped due to Policy
41 Debug Network Access NOTICE --- Unknown protocol dropped

7
43 Debug Network Access DEBUG --- IPsec connection interrupt
45 Debug Network DEBUG --- ARP Timeout
46 Debug Network Access DEBUG --- Broadcast packet dropped
48 Debug Network Access DEBUG --- Out-of-order command packet dropped
53 System Error Firewall Event ERROR 607 The cache is full; %s open connections;
some will be dropped
58 System Error Firewall Event ERROR 608 License exceeded: Connection dropped
because too many IP addresses are in use
on your LAN
60 Blocked Sites Network Access NOTICE 705 Access to proxy server denied
61 System Error VPN IPsec ERROR 609 Diagnostic Code E
63 Debug Network DEBUG --- Received fragmented packet or
fragmentation needed
65 User Activity VPN IPsec INFO --- Illegal IPsec SPI
67 Attack VPN IPsec ERROR 508 IPsec Authentication Failed
69 User Activity VPN IPsec INFO --- Incompatible IPsec Security Association
70 Attack VPN IPsec ERROR 510 IPsec packet from or to an illegal host
81 Attack Intrusion ALERT 520 Smurf Amplification attack dropped
Detection
82 Attack Intrusion ALERT 521 Possible port scan detected
Detection
83 Attack Intrusion ALERT 522 Probable port scan detected
Detection
84 Maintenance Network INFO --- Failed to resolve name
87 User Activity VPN IKE INFO --- IKE Responder: Accepting IPsec proposal
(Phase 2)
88 User Activity VPN IKE WARNING 523 IKE Responder: IPsec proposal does not
match (Phase 2)
89 User Activity VPN IKE INFO --- IKE negotiation complete. Adding IPsec SA.
(Phase 2)
93 System Error Firewall ERROR 611 Diagnostic Code A
Hardware
94 System Error Firewall ERROR 612 Diagnostic Code B
Hardware
95 System Error Firewall ERROR 613 Diagnostic Code C
Hardware
96 Maintenance GMS INFO --- Status
97 Connection Network Traffic INFO --- Web site hit
Traffic
98 Connection Network Traffic INFO --- Connection Opened
99 Maintenance DHCP Client INFO --- Retransmitting DHCP DISCOVER.
100 Maintenance DHCP Client INFO --- Retransmitting DHCP Request (Requesting).
101 Maintenance DHCP Client INFO --- Retransmitting DHCP Request (Renewing).
102 Maintenance DHCP Client INFO --- Retransmitting DHCP Request (Rebinding).
103 Maintenance DHCP Client INFO --- Retransmitting DHCP Request (Rebooting).
104 Maintenance DHCP Client INFO --- Retransmitting DHCP Request (Verifying).

8
105 Maintenance DHCP Client INFO --- Sending DHCP DISCOVER.
106 Maintenance DHCP Client INFO --- DHCP Server not available. Did not get any
DHCP OFFER.
107 Maintenance DHCP Client INFO --- Got DHCP OFFER. Selecting.
108 Maintenance DHCP Client INFO --- Sending DHCP Request.
109 Maintenance DHCP Client INFO --- DHCP Client did not get DHCP ACK.
110 Maintenance DHCP Client INFO --- DHCP Client got NACK.
111 Maintenance DHCP Client INFO --- DHCP Client got ACK from server.
112 Maintenance DHCP Client INFO --- DHCP Client is declining address offered by
the server.
113 Maintenance DHCP Client INFO --- DHCP Client sending Request and going to
REBIND state.
114 Maintenance DHCP Client INFO --- DHCP Client sending Request and going to
RENEW state.
115 Maintenance DHCP Client INFO --- Sending DHCP Request (Renewing).
116 Maintenance DHCP Client INFO --- Sending DHCP Request (Rebinding).
117 Maintenance DHCP Client INFO --- Sending DHCP Request (Rebooting).
118 Maintenance DHCP Client INFO --- Sending DHCP Request (Verifying).
119 Maintenance DHCP Client INFO --- DHCP Client failed to verify and lease has
expired. Go to INIT state.
121 Maintenance DHCP Client INFO --- DHCP Client got a new IP address lease.
122 Maintenance DHCP Client INFO --- Sending DHCP RELEASE.
123 Maintenance Security Services INFO --- Access attempt from host without Anti-
Virus agent installed
124 Maintenance Security Services INFO --- Anti-Virus agent out-of-date on host
125 Maintenance Security Services WARNING 524 Received AV Alert: %s
127 Maintenance PPPoE INFO --- Starting PPPoE discovery
128 Maintenance PPPoE INFO --- PPPoE LCP Link Up
129 Maintenance PPPoE INFO --- PPPoE LCP Link Down
130 Maintenance PPPoE INFO --- PPPoE terminated
131 Maintenance PPPoE INFO --- PPPoE Network Connected
132 Maintenance PPPoE INFO --- PPPoE Network Disconnected
133 Maintenance PPPoE INFO --- PPPoE discovery process complete
134 Maintenance PPPoE INFO --- PPPoE starting CHAP Authentication
138 System Error Firewall Event WARNING 636 Wan IP Changed
139 User Activity VPN Client INFO --- XAUTH Succeeded with VPN client
140 User Activity VPN Client ERROR --- XAUTH Failed with VPN client,
Authentication failure
141 User Activity VPN Client INFO --- XAUTH Failed with VPN client, Cannot
Contact %s Server
142 Debug Firewall Event ERROR --- Log Debug
143 Attack Firewall Event ERROR 525 Add an attack message
144 Maintenance High Availability ALERT 6201 Primary firewall has transitioned to Active
145 Maintenance High Availability ALERT 6202 Secondary firewall has transitioned to
Active

9
146 System Error High Availability ALERT 6203 Primary firewall has transitioned to
Standby
147 Maintenance High Availability ALERT 6204 Secondary firewall has transitioned to
Standby
148 System Error High Availability ERROR 615 Primary missed heartbeats from Secondary
149 System Error High Availability ERROR 616 Secondary missed heartbeats from Primary
150 System Error High Availability ERROR 617 Primary received error signal from
Secondary
151 System Error High Availability ERROR 618 Secondary received error signal from
Primary
153 System Error High Availability ERROR 620 Primary firewall preempting Secondary
157 Maintenance High Availability INFO --- HA Peer Firewall Synchronized
158 System Error High Availability ERROR 662 Error synchronizing HA peer firewall (%s)
159 Maintenance Security Services WARNING 526 Received AV Alert: Your Network Anti-Virus
subscription has expired. %s
162 Maintenance High Availability INFO --- HA packet processing error
164 System Error Firewall ERROR 621 Diagnostic Code F
Hardware
165 Attack Intrusion ALERT 527 Forbidden E-Mail attachment disabled
Detection
168 Maintenance PPPoE INFO --- Disconnecting PPPoE due to traffic Timeout
169 Maintenance PPPoE INFO --- No response from ISP Disconnecting PPPoE.
170 System Error High Availability ERROR 622 Secondary going Active in preempt mode
after reboot
171 User Activity VPN IKE DEBUG --- %s
173 LAN TCP Network Access NOTICE --- TCP connection from LAN denied
174 LAN UDP | LAN Network Access NOTICE --- UDP packet from LAN dropped
TCP
175 LAN ICMP | LAN Network Access NOTICE --- ICMP packet from LAN dropped
TCP
177 Attack Intrusion ALERT 528 Probable TCP FIN scan detected
Detection
178 Attack Intrusion ALERT 529 Probable TCP XMAS scan detected
Detection
179 Attack Intrusion ALERT 530 Probable TCP NULL scan detected
Detection
180 Attack VPN IPsec ALERT 531 IPsec Replay Detected
181 Debug Network DEBUG --- TCP FIN packet dropped
182 User Activity Network INFO --- Received a path MTU ICMP message from
router/gateway
183 System Error Security Services ERROR 623 Problem loading the URL List; Appliance
not registered.
188 User Activity Network INFO --- Received a path MTU ICMP message from
router/gateway
190 System Error Security Services ERROR 628 The loaded content URL List has expired.

10
191 System Error High Availability ERROR 629 Error setting the IP address of the
Secondary, please manually set to
Secondary LAN IP
199 User Activity Authenticated INFO --- CLI administrator login allowed
Access
200 User Activity Authenticated WARNING --- CLI administrator login denied due to bad
Access credentials
201 Maintenance L2TP Client INFO --- L2TP Tunnel Negotiation Started
202 Maintenance L2TP Client INFO --- L2TP Session Negotiation Started
204 Maintenance L2TP Client INFO --- L2TP Tunnel Established
205 Maintenance L2TP Client INFO --- L2TP Tunnel Disconnect from Remote
206 Maintenance L2TP Client INFO --- L2TP Session Established
207 Maintenance L2TP Client INFO --- L2TP Session Disconnect from Remote
208 Maintenance L2TP Client INFO --- L2TP PPP Negotiation Started
210 Maintenance L2TP Client INFO --- L2TP PPP Session Up
211 Maintenance L2TP Client INFO --- L2TP PPP Down
212 Maintenance L2TP Client INFO --- L2TP PPP Authentication Failed
215 Maintenance L2TP Client INFO --- Disconnecting L2TP Tunnel due to traffic
Timeout
216 Maintenance L2TP Client INFO --- L2TP Connect Initiated by the User
217 Maintenance L2TP Client INFO --- L2TP PPP link down
222 Maintenance DHCP Relay INFO --- DHCP RELEASE relayed to Central Gateway
223 Maintenance DHCP Relay INFO --- DHCP lease relayed to local device
224 Debug DHCP Relay INFO --- DHCP RELEASE received from remote
device
225 Debug DHCP Relay INFO --- DHCP lease relayed to remote device
226 Maintenance DHCP Relay INFO --- DHCP lease to LAN device conflicts with
remote device, deleting remote IP entry
227 Maintenance DHCP Relay INFO --- WARNING: DHCP lease relayed from
Central Gateway conflicts with IP in Static
Devices list
228 Maintenance DHCP Relay WARNING --- DHCP lease dropped. Lease from Central
Gateway conflicts with Relay IP
229 Attack DHCP Relay ERROR 533 IP spoof detected on packet to Central
Gateway, packet dropped
230 Maintenance DHCP Relay INFO --- Request for Relay IP Table from Central
Gateway
231 Maintenance DHCP Relay INFO --- Requesting Relay IP Table from Remote
Gateway
232 Maintenance DHCP Relay INFO --- Sent Relay IP Table to Central Gateway
233 Maintenance DHCP Relay INFO --- Obtained Relay IP Table from Remote
Gateway
234 System Error DHCP Relay WARNING 632 Failed to synchronize Relay IP Table
235 User Activity Authenticated INFO --- VPN zone administrator login allowed
Access

11
236 User Activity Authenticated INFO --- WAN zone administrator login allowed
Access
237 User Activity Authenticated INFO --- VPN zone remote user login allowed
Access
238 User Activity Authenticated INFO --- WAN zone remote user login allowed
Access
239 User Activity VPN IKE INFO --- NAT Discovery : Peer IPsec Security
Gateway behind a NAT/NAPT Device
240 User Activity VPN IKE INFO --- NAT Discovery : Local IPsec Security
Gateway behind a NAT/NAPT Device
241 User Activity VPN IKE INFO --- NAT Discovery : No NAT/NAPT device
detected between IPsec Security gateways
242 User Activity VPN IKE INFO --- NAT Discovery : Peer IPsec Security
Gateway doesn't support VPN NAT Traversal
243 User Activity RADIUS INFO --- User login denied - RADIUS authentication
failure
244 User Activity RADIUS WARNING --- User login denied - RADIUS server Timeout
245 User Activity RADIUS WARNING --- User login denied - RADIUS configuration
error
246 User Activity Authenticated INFO --- User login denied - User has no privileges
Access for login from that location
247 Maintenance VPN IPsec INFO --- IPsec packet from an illegal host
248 Attack Intrusion ERROR 534 Forbidden E-Mail attachment deleted
Detection
249 User Activity VPN IKE WARNING 535 IKE Responder: Mode %s - not tunnel mode
250 User Activity VPN IKE WARNING 536 IKE Responder: No matching Phase 1 ID
found for proposed remote network
251 User Activity VPN IKE WARNING 537 IKE Responder: Proposed remote network
is 0.0.0.0 but not DHCP relay nor default
route
252 User Activity VPN IKE WARNING 538 IKE Responder: No match for proposed
remote network address
253 User Activity VPN IKE WARNING 539 IKE Responder: Default LAN gateway is set
but peer is not proposing to use this SA as a
default route
254 User Activity VPN IKE WARNING 540 IKE Responder: Tunnel terminates outside
firewall but proposed local network is not
NAT public address
255 User Activity VPN IKE WARNING 541 IKE Responder: Tunnel terminates inside
firewall but proposed local network is not
inside firewall
256 User Activity VPN IKE WARNING 542 IKE Responder: Tunnel terminates on DMZ
but proposed local network is on LAN
257 User Activity VPN IKE WARNING 543 IKE Responder: Tunnel terminates on LAN
but proposed local network is on DMZ
258 User Activity VPN IKE WARNING 544 IKE Responder: AH Perfect Forward Secrecy
mismatch
259 User Activity VPN IKE WARNING 545 IKE Responder: ESP Perfect Forward
Secrecy mismatch

12
260 User Activity VPN IKE WARNING 546 IKE Responder: Algorithms and/or keys do
not match
261 User Activity Authenticated INFO --- Administrator logged out
Access
262 User Activity Authenticated INFO --- Administrator logged out - inactivity timer
Access expired
263 User Activity Authenticated INFO --- User logged out - %s
Access
264 User Activity Authenticated INFO --- User logged out - max session time
Access exceeded
265 User Activity Authenticated INFO --- User logged out - inactivity timer expired
Access
266 Maintenance VPN IPsec INFO --- NAT device may not support IPsec AH pass-
through
267 Attack Intrusion ALERT 547 TCP Xmas Tree dropped
Detection
269 User Activity VPN PKI INFO --- Requesting CRL from
270 User Activity VPN PKI INFO --- CRL loaded from
271 User Activity VPN PKI ALERT --- Failed to get CRL from
272 User Activity VPN PKI WARNING --- Not enough memory to hold the CRL
273 User Activity VPN PKI ALERT --- Connection timed out
274 User Activity VPN PKI ALERT --- Cannot connect to the CRL server
275 User Activity VPN PKI ERROR --- Unknown reason
276 User Activity VPN PKI ALERT --- Failed to Process CRL from
277 User Activity VPN PKI ALERT --- Bad CRL format
278 User Activity VPN PKI ALERT --- Issuer match failed
279 User Activity VPN PKI ALERT --- Certificate on Revoked list(CRL)
280 User Activity VPN PKI ALERT --- No Certificate for
281 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Dialing: %s
282 User Activity PPP Dial-Up INFO --- PPP Dial-Up: No dial tone detected - check
phone-line connection
283 User Activity PPP Dial-Up INFO --- PPP Dial-Up: No link carrier detected -
check phone number
284 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Dialed number is busy
285 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Dialed number did not answer
286 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Connected at %s bps - starting
PPP
287 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Unknown dialing failure
288 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Link carrier lost
289 --- PPP INFO --- PPP: Authentication successful
290 --- PPP INFO --- PPP: PAP Authentication failed - check
username / password
291 --- PPP INFO --- PPP: CHAP authentication failed - check
username / password
292 --- PPP INFO --- PPP: MS-CHAP authentication failed -
check username / password

13
293 --- PPP INFO --- PPP: Starting MS-CHAP authentication
294 --- PPP INFO --- PPP: Starting CHAP authentication
295 --- PPP INFO --- PPP: Starting PAP authentication
297 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Idle time limit exceeded -
disconnecting
299 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Received new IP address
300 User Activity PPP Dial-Up INFO --- PPP Dial-Up: PPP link established
301 User Activity PPP Dial-Up INFO --- PPP Dial-Up: PPP link down
302 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Shutting down link
303 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Initialization : %s
306 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Connect request canceled
307 System Error WAN Failover WARNING 639 The network connection in use is %s
308 Maintenance L2TP Server INFO --- L2TP Server : L2TP Tunnel Established.
309 Maintenance L2TP Server INFO --- L2TP Server : L2TP Session Established.
311 Maintenance L2TP Server INFO --- L2TP Server: RADIUS/LDAP reports
Authentication Failure
312 Maintenance L2TP Server INFO --- L2TP Server: Local Authentication Failure
318 Maintenance L2TP Server INFO --- L2TP Server: Local Authentication
Success.
319 Maintenance L2TP Server INFO --- L2TP Server: RADIUS/LDAP Authentication
Success
321 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Manual intervention needed.
Check Primary Profile or Profile details
322 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Trying to failover but Primary
Profile is manual
326 System Error WAN Failover ALERT 637 Probing failure on %s
327 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Maximum connection time
exceeded - disconnecting
328 Maintenance Authenticated INFO --- Administrator name changed
Access
329 Attack Authenticated ERROR 561 User login failure rate exceeded - logins
Access from user IP address denied
330 Maintenance PPP Dial-Up INFO --- PPP Dial-Up: The profile in use disabled
VPN networking.
331 Maintenance PPP Dial-Up INFO --- PPP Dial-Up: VPN networking restored.
335 Maintenance L2TP Server INFO --- L2TP Server: Tunnel Disconnect from
Remote.
336 Maintenance L2TP Server INFO --- L2TP Server : Deleting the Tunnel
337 Maintenance L2TP Server INFO --- L2TP Server : Deleting the L2TP active
Session
338 Maintenance L2TP Server INFO --- L2TP Server : Retransmission Timeout,
Deleting the Tunnel
339 Debug Network DEBUG --- NAT translated packet exceeds size limit,
packet dropped
340 Maintenance Firewall Event INFO --- HTTP management port has changed
341 Maintenance Firewall Event INFO --- HTTPS management port has changed

14
344 Maintenance L2TP Server INFO --- L2TP Server : User Name authentication
Failure locally.
346 User Activity VPN IKE INFO --- IKE Initiator: Start Quick Mode (Phase 2).
347 TCP | UDP | Network Access WARNING --- Port configured to receive IPsec protocol
ICMP ONLY; drop packet received in the clear
348 Maintenance Firewall Event WARNING --- Imported VPN SA is invalid - disabled
350 User Activity VPN IKE INFO --- IKE SA lifetime expired.
351 User Activity VPN IKE INFO --- IKE Initiator: Start Main Mode negotiation
(Phase 1)
352 User Activity VPN IKE INFO --- IKE Responder: Received Quick Mode
Request (Phase 2)
353 User Activity VPN IKE INFO --- IKE Initiator: Main Mode complete (Phase
1)
354 User Activity VPN IKE INFO --- IKE Initiator: Aggressive Mode complete
(Phase 1).
355 User Activity VPN IKE INFO --- IKE Responder: Received Main Mode
Request (Phase 1)
356 User Activity VPN IKE INFO --- IKE Responder: Received Aggressive Mode
Request (Phase 1)
357 User Activity VPN IKE INFO --- IKE Responder: Main Mode complete (Phase
1)
358 User Activity VPN IKE INFO --- IKE Initiator: Start Aggressive Mode
negotiation (Phase 1)
360 Maintenance Crypto Test ERROR --- Crypto DES test failed
361 Maintenance Crypto Test ERROR --- Crypto DH test failed
362 Maintenance Crypto Test ERROR --- Crypto Hmac-MD5 test failed
363 Maintenance Crypto Test ERROR --- Crypto Hmac-Sha1 test failed
364 Maintenance Crypto Test ERROR --- Crypto RSA test failed
365 Maintenance Crypto Test ERROR --- Crypto Sha1 test failed
366 Maintenance Crypto Test ERROR --- Crypto hardware DES test failed
367 Maintenance Crypto Test ERROR --- Crypto hardware 3DES test failed
368 Maintenance Crypto Test ERROR --- Crypto hardware DES with SHA test failed
369 Maintenance Crypto Test ERROR --- Crypto Hardware 3DES with SHA test failed
371 User Activity VPN Client INFO --- VPN Client Policy Provisioning
372 User Activity VPN IKE INFO --- IKE Initiator: Accepting IPsec proposal
(Phase 2)
373 User Activity VPN IKE INFO --- IKE Responder: Aggressive Mode complete
(Phase 1)
375 Maintenance PPTP INFO --- PPTP Control Connection Negotiation
Started
376 Maintenance PPTP INFO --- PPTP Session Negotiation Started
378 Maintenance PPTP INFO --- PPTP Control Connection Established
379 Maintenance PPTP INFO --- PPTP Tunnel Disconnect from Remote
380 Maintenance PPTP INFO --- PPTP Session Established
381 Maintenance PPTP INFO --- PPTP Session Disconnect from Remote
382 Maintenance PPTP INFO --- PPTP PPP Negotiation Started

15
384 Maintenance PPTP INFO --- PPTP PPP Session Up
385 Maintenance PPTP INFO --- PPTP PPP Down
388 Maintenance PPTP INFO --- PPTP Disconnect Initiated by the User
389 Maintenance PPTP INFO --- Disconnecting PPTP Tunnel due to traffic
Timeout
390 Maintenance PPTP INFO --- PPTP Connect Initiated by the User
392 Maintenance PPTP INFO --- PPTP starting CHAP Authentication
393 Maintenance PPTP INFO --- PPTP starting PAP Authentication
396 Maintenance PPTP INFO --- PPTP PAP Authentication success.
398 Maintenance PPTP INFO --- PPTP PPP Link Up
399 Maintenance PPTP INFO --- PPTP PPP Link down
400 Maintenance PPTP INFO --- PPTP PPP Link Finished
401 User Activity VPN IKE WARNING --- Received notify. NO_PROPOSAL_CHOSEN
402 User Activity VPN IKE WARNING --- IKE Responder: IKE proposal does not
match (Phase 1)
403 User Activity VPN IKE INFO --- IKE negotiation aborted due to Timeout
404 User Activity VPN IKE WARNING --- Failed payload verification after
decryption; possible preshared key
mismatch
405 User Activity VPN IKE WARNING --- Failed payload validation
406 User Activity VPN IKE WARNING --- Received packet retransmission. Drop
duplicate packet
408 Maintenance Security Services INFO --- Anti-Virus Licenses Exceeded
409 User Activity VPN IKE WARNING --- Received notify: ISAKMP_AUTH_FAILED
410 User Activity VPN IKE WARNING --- Computed hash does not match hash
received from peer; preshared key
mismatch
411 User Activity VPN IKE WARNING --- Received notify: PAYLOAD_MALFORMED
412 User Activity VPN IKE INFO --- Received IPsec SA delete request
413 User Activity VPN IKE INFO --- Received IKE SA delete request
414 User Activity VPN IKE INFO --- Received notify: INVALID_COOKIES
415 User Activity VPN IKE INFO --- Received notify: RESPONDER_LIFETIME
416 User Activity VPN IKE INFO --- Received notify: INVALID_SPI
419 Maintenance RIP INFO 8401 RIP disabled on interface %s
420 Maintenance RIP INFO 8402 RIPv1 enabled on interface %s
421 Maintenance RIP INFO 8403 RIPv2 enabled on interface %s
422 Maintenance RIP INFO 8404 RIPv2 compatibility (broadcast) mode
enabled on interface %s
423 Maintenance RIP INFO 8405 RIP disabled on DMZ interface
424 Maintenance RIP INFO 8406 RIPv1 enabled on DMZ interface
425 Maintenance RIP INFO 8407 RIPv2 enabled on DMZ interface
426 Maintenance RIP INFO 8408 RIPv2 compatibility (broadcast) mode
enabled on DMZ interface
427 VPN Tunnel VPN INFO 801 IPsec Tunnel status changed
Status

16
428 Debug Intrusion WARNING --- Source routed IP packet dropped
Detection
429 Maintenance PPTP INFO --- No response from server to Echo Requests,
disconnecting PPTP Tunnel
430 Maintenance PPTP INFO --- No response from PPTP server to control
connection requests
431 Maintenance PPTP INFO --- No response from PPTP server to call
requests
432 Maintenance PPTP INFO --- PPTP server rejected control connection
433 Maintenance PPTP INFO --- PPTP server rejected the call request
434 User Activity WAN Failover INFO --- PPP Dial-Up: Trying to failover but
Alternate Profile is manual
435 System Error WAN Failover ALERT 652 WLB Failback initiated by %s
436 System Error WAN Failover ALERT 638 Probing succeeded on %s
437 Attack Intrusion ERROR 550 E-Mail fragment dropped
Detection
438 User Activity Authenticated INFO --- Locked-out user logins allowed - lockout
Access period expired
439 User Activity Authenticated INFO --- Locked-out user logins allowed by %s
Access
440 User Activity Firewall Rule INFO --- Access rule added
441 User Activity Firewall Rule INFO --- Access rule modified
442 User Activity Firewall Rule INFO --- Access rule deleted
443 User Activity Firewall Rule INFO --- Access rules restored to defaults
444 Maintenance PPTP INFO --- PPTP Server is not responding, check if the
server is UP and running.
445 User Activity VPN IKE INFO --- IKE Initiator: Accepting peer lifetime.
(Phase 1)
446 Attack Intrusion ERROR 551 FTP: PASV response spoof attack dropped
Detection
448 Maintenance VPN PKI ERROR --- PKI Failure: Output buffer too small
449 Maintenance VPN PKI ERROR --- PKI Failure: Cannot alloc memory
450 Maintenance VPN PKI ERROR --- PKI Failure: Reached the limit for local
certificates, cant load any more
451 Maintenance VPN PKI ERROR --- PKI Failure: Import failed
452 Maintenance VPN PKI ERROR --- PKI Failure: Incorrect admin password
453 Maintenance VPN PKI ERROR --- PKI Failure: CA certificates store
exceeded. Cannot verify this Local
Certificate
454 Maintenance VPN PKI ERROR --- PKI Failure: Improper file format. Please
select PKCS#12 (*.p12) file
455 Maintenance VPN PKI ERROR --- PKI Failure: Certificate's ID does not match
this Network Security Appliance
456 Maintenance VPN PKI ERROR --- PKI Failure: public-private key mismatch
457 Maintenance VPN PKI ERROR --- PKI Failure: Duplicate local certificate
name
458 Maintenance VPN PKI ERROR --- PKI Failure: Duplicate local certificate

17
459 Maintenance VPN PKI ERROR --- PKI Failure: No CA certificates yet loaded
460 Maintenance VPN PKI ERROR --- PKI Failure: Internal error
461 Maintenance VPN PKI ERROR --- PKI Failure: Temporary memory shortage,
try again
462 Maintenance VPN PKI ERROR --- PKI Failure: The certificate chain is
circular
463 Maintenance VPN PKI ERROR --- PKI Failure: The certificate chain is
incomplete
464 Maintenance VPN PKI ERROR --- PKI Failure: The certificate chain has no
root
465 Maintenance VPN PKI ERROR --- PKI Failure: Certificate expiration
466 Maintenance VPN PKI ERROR --- PKI Failure: The certificate or a certificate
in the chain has a validity period in the
future
in the chain is corrupt
in the chain has a bad signature
469 Maintenance VPN PKI ERROR --- PKI Failure: Loaded but could not verify
certificate
470 Maintenance VPN PKI ERROR --- PKI Warning: Loaded the certificate but
could not verify its chain
473 Debug DHCP Relay INFO --- DHCP REQUEST received from remote
device
474 Debug DHCP Relay INFO --- DHCP DISCOVER received from remote
device
476 Debug DHCP Relay INFO --- DHCP OFFER received from server
477 Debug DHCP Relay INFO --- DHCP NACK received from server
481 Maintenance PPP Dial-Up INFO --- PPP Dial-Up: No peer IP address from Dial-
Up ISP, local and remote IPs will be the
same
482 Maintenance Security Services WARNING 552 Received AV Alert: Your Network Anti-Virus
subscription will expire in 7 days. %s
483 User Activity VPN IPsec WARNING --- Received notify: INVALID_ID_INFO
484 Maintenance DHCP Relay WARNING --- DHCP lease dropped. Lease from Central
Gateway conflicts with Remote
Management IP
486 User Activity Authenticated INFO --- User login denied - User has no privileges
Access for guest service
488 TCP | UDP | Network Access WARNING --- Packet dropped by guest check
ICMP
489 Maintenance Security Services WARNING 562 Received CFS Alert: Your Content Filtering
subscription will expire in 7 days.
490 Maintenance Security Services WARNING 563 Received CFS Alert: Your Content Filtering
subscription has expired.
491 Maintenance Security Services WARNING 564 Received E-Mail Filter Alert: Your E-Mail
Filtering subscription will expire in 7 days.

18
492 Maintenance Security Services WARNING 565 Received E-Mail Filter Alert: Your E-Mail
Filtering subscription has expired.
493 Maintenance Firewall Event INFO --- ISDN Driver Firmware successfully updated
494 System Error VPN Client INFO 658 Global VPN Client License Exceeded:
Connection denied.
496 Maintenance Security Services WARNING --- Registration Update Needed, Please
restore your existing security service
subscriptions.
502 Maintenance Firewall Event INFO --- WAN not ready
505 System Error VPN Client ERROR 660 Blocked Quick Mode for Client using
Default KeyId
506 Maintenance Authenticated INFO --- VPN disabled by administrator
Access
507 Maintenance Authenticated INFO --- VPN enabled by administrator
Access
508 Maintenance Authenticated INFO --- WLAN disabled by administrator
Access
509 Maintenance Authenticated INFO --- WLAN enabled by administrator
Access
518 802.11b Wireless INFO --- 802.11 Management
Management
520 User Activity Authenticated INFO --- CLI administrator logged out
Access
521 Maintenance Firewall Event INFO --- Network Security Appliance initializing
522 Debug Network Access ALERT 554 Malformed or unhandled IP packet dropped
523 ICMP Network Access NOTICE --- ICMP packet dropped no match
524 TCP Network Access NOTICE --- Web access Request dropped
526 User Activity Network Access NOTICE --- Web management request allowed
527 Attack Intrusion ALERT 555 FTP: PORT bounce attack dropped.
Detection
528 Attack Intrusion ALERT 556 FTP: PASV response bounce attack
Detection dropped.
529 System Error VPN Client INFO 643 Global VPN Client connection is not
allowed. Appliance is not registered.
533 TCP | UDP | VPN IPsec NOTICE --- IPsec (ESP) packet dropped
ICMP
534 TCP | UDP | VPN IPsec NOTICE --- IPsec (AH) packet dropped
ICMP
535 Debug VPN IPsec DEBUG --- IPsec (ESP) packet dropped; waiting for
pending IPsec connection
537 Connection Network Traffic INFO --- Connection Closed
Traffic
538 Attack Network Access ALERT 557 FTP: Data connection from non default
port dropped
542 User Activity PPP Dial-Up INFO --- PPP Dial-Up: Previous session was
connected for %s
543 User Activity VPN IKE INFO --- IKE Initiator: Using secondary gateway to
negotiate

19
544 User Activity VPN IKE INFO --- IKE Initiator drop: VPN tunnel end point
does not match configured VPN Policy
Bound to scope
545 User Activity VPN IKE INFO --- IKE Responder drop: VPN tunnel end point
does not match configured VPN Policy
Bound to scope
546 WLAN IDS WLAN IDS ALERT 901 Found Rogue Access Point
548 WLAN IDS WLAN IDS ALERT 903 Association Flood from WLAN station
549 User Activity Authenticated INFO --- User login failed - Guest service limit
Access reached
550 User Activity Authenticated INFO --- Guest Session Timeout
Access
551 User Activity Authenticated INFO --- Guest Account Timeout
Access
557 User Activity Authenticated INFO --- Guest login denied. Guest '%s' is already
Access logged in. Please try again later.
558 User Activity Authenticated INFO --- Guest account '%s' created
Access
559 User Activity Authenticated INFO --- Guest account '%s' deleted
Access
560 User Activity Authenticated INFO --- Guest account '%s' disabled
Access
561 User Activity Authenticated INFO --- Guest account '%s' re-enabled
Access
562 User Activity Authenticated INFO --- Guest account '%s' pruned
Access
563 User Activity Authenticated INFO --- Guest account '%s' re-generated
Access
564 User Activity Authenticated INFO --- Guest Idle Timeout
Access
565 System Error Firewall Event ALERT 646 Interface %s Link Is Up
566 System Error Firewall Event ALERT 647 Interface %s Link Is Down
567 Maintenance Firewall Event INFO --- Interface IP Assignment changed: Shutting
down %s
568 Maintenance Firewall Event INFO --- Interface IP Assignment : Binding and
initializing %s
569 Maintenance Firewall Event INFO --- Network for interface %s overlaps with
another interface.
570 Maintenance Firewall Event INFO --- Please connect interface %s to another
network to function properly
573 System Error Firewall Event WARNING 649 The preferences file is too large to be
saved in available flash memory
574 System Error Firewall Event WARNING 650 All preference values have been set to
factory default values
575 System Firewall ERROR 101 Voltages Out of Tolerance
Environment Hardware
576 System Firewall ALERT 102 Fan Failure

20
577 System Firewall ALERT 103 Thermal Yellow
578 System Firewall ALERT 104 Thermal Red
579 System Firewall ALERT 105 Thermal Red Timer Exceeded
580 Attack Network Access ALERT 558 TCP SYN/FIN packet dropped
581 Maintenance WAN Failover WARNING --- WLB Spill-over started, configured
threshold exceeded
582 Maintenance WAN Failover WARNING --- WLB Spill-over stopped
583 Attack Authenticated ERROR 559 User login disabled from %s
Access
584 System Error WAN Failover ALERT 651 WLB Failover in progress
585 System Error WAN Failover ALERT 653 WLB Resource is now available
586 System Error WAN Failover ALERT 654 WLB Resource failed
587 User Activity VPN IKE WARNING --- Header verification failed
588 Maintenance DHCP Client INFO --- Received DHCP offer packet has errors
589 Maintenance DHCP Client INFO --- Received response packet for DHCP
request has errors
590 LAN UDP | LAN Network Access NOTICE --- IP type %s packet dropped
TCP
591 Attack PPP Dial-Up ERROR 566 Maximum sequential failed dial attempts
(10) to a single dial-up number: %s
592 Attack PPP Dial-Up ERROR 567 Regulatory requirements prohibit %s from
being re-dialed for 30 minutes
593 Maintenance PPPoE INFO --- Received PPPoE Active Discovery Offer
594 Maintenance PPPoE INFO --- Received PPPoE Active Discovery
Session_confirmation
595 Maintenance PPPoE INFO --- Sending PPPoE Active Discovery Request
596 Debug PPTP DEBUG --- PPTP decode failure
597 Debug Network Access INFO --- ICMP packet allowed
598 Debug Network Access INFO --- ICMP packet from LAN allowed
599 System Error Firewall ERROR 655 Diagnostic Code G
Hardware
600 System Error Firewall ERROR 656 Diagnostic Code H
Hardware
601 System Error Firewall ERROR 657 Diagnostic Code I
Hardware
602 Debug Network Access INFO --- DNS packet allowed
603 System Error L2TP Server ERROR 661 Adding L2TP IP pool Address object Failed.
605 User Activity VPN IKE WARNING --- Received unencrypted packet in crypto
active state
606 Attack Intrusion ALERT 568 Spank attack multicast packet dropped
Detection
607 Debug | UDP VPN IKE INFO --- Received ISAKMP packet destined to port
%s

21
608 Attack Intrusion ALERT 569 IPS Detection Alert: %s
Detection
609 Attack Intrusion ALERT 570 IPS Prevention Alert: %s
Detection
610 Maintenance Crypto Test ERROR --- Crypto Hardware AES test failed
614 Maintenance Security Services WARNING 571 Received IPS Alert: Your Intrusion
Prevention (IDP) subscription has expired.
615 WLAN IDS WLAN IDS WARNING 904 WLAN client null probing
616 Debug VPN IKE ERROR --- Payload processing failed
617 Maintenance Wireless INFO --- WLAN not in AP mode, DHCP server will not
provide lease to clients on WLAN
618 Debug Bootp DEBUG --- BOOTP server response relayed to remote
device
619 Maintenance Bootp INFO --- BOOTP Client IP address on LAN conflicts
with remote device IP, deleting IP address
from remote table
620 Maintenance Bootp INFO --- BOOTP reply relayed to local device
622 VoIP VoIP INFO --- VoIP Call Connected
623 VoIP VoIP INFO --- VoIP Call Disconnected
624 VoIP VoIP DEBUG --- H.323/RAS Admission Reject
625 VoIP VoIP DEBUG --- H.323/RAS Admission Confirm
626 VoIP VoIP DEBUG --- H.323/RAS Admission Request
627 VoIP VoIP DEBUG --- H.323/RAS Bandwidth Reject
628 VoIP VoIP DEBUG --- H.323/RAS Disengage Confirm
629 VoIP VoIP DEBUG --- H.323/RAS Gatekeeper Reject
630 VoIP VoIP DEBUG --- H.323/RAS Location Confirm
631 VoIP VoIP DEBUG --- H.323/RAS Location Reject
632 VoIP VoIP DEBUG --- H.323/RAS Registration Reject
633 VoIP VoIP DEBUG --- H.323/H.225 Setup
634 VoIP VoIP DEBUG --- H.323/H.225 Connect
635 VoIP VoIP DEBUG --- H.323/H.245 Address
636 VoIP VoIP DEBUG --- H.323/H.245 End Session
637 VoIP VoIP DEBUG --- VoIP %s Endpoint added
638 VoIP VoIP DEBUG --- VoIP %s Endpoint removed
639 VoIP VoIP WARNING --- VoIP %s Endpoint not added - configured
'public' endpoint limit reached
640 VoIP VoIP DEBUG --- H.323/RAS Unknown Message Response
641 VoIP VoIP DEBUG --- H.323/RAS Disengage Reject
642 VoIP VoIP DEBUG --- H.323/RAS Unregistration Reject
643 VoIP VoIP DEBUG --- SIP Request
644 VoIP VoIP DEBUG --- SIP Response
645 VoIP VoIP WARNING --- SIP Register expiration exceeds configured
Signaling inactivity time out
646 System Error Firewall Event ALERT 5238 Packet dropped; connection limit for this
source IP address has been reached

22
647 System Error Firewall Event ALERT 5239 Packet dropped; connection limit for this
destination IP address has been reached
648 Attack VPN IPsec ERROR 572 Packet destination not in VPN Access list
651 Debug IPComp DEBUG --- IPComp connection interrupt
652 TCP | UDP | IPComp NOTICE --- IPComp packet dropped
ICMP
653 Debug IPComp DEBUG --- IPComp packet dropped; waiting for
pending IPComp connection
654 System Error Firewall Logging CRITICAL --- Maximum events per second threshold
exceeded
655 System Error Firewall Logging CRITICAL --- Maximum syslog data per second threshold
exceeded
656 System Error Firewall Logging WARNING --- SMTP POP-Before-SMTP authentication
failed
657 Maintenance Network INFO --- Syslog Server cannot be reached
658 System Error VPN IKE WARNING --- IKE Responder: Proposed IKE ID mismatch
659 System Error VPN Client ERROR --- IKE Responder: IP Address already exists in
the DHCP relay table. Client traffic not
allowed.
660 System Error VPN Client ERROR --- IKE Responder: %s Policy does not allow
static IP for Virtual Adapter.
661 User Activity VPN IKE ERROR --- Received notify: INVALID_PAYLOAD
662 Attack Intrusion ERROR 6434 Drop WLAN traffic from non-SonicPoint
Detection devices
665 --- PPP Dial-Up INFO --- PPP Dial-Up: Dialing not allowed by
schedule. %s
666 --- PPP Dial-Up INFO --- PPP Dial-Up: Connection disconnected as
scheduled.
667 SonicPoint SonicPoint INFO --- SonicPoint Status
668 Maintenance High Availability INFO --- HA Peer Firewall Rebooted
669 System Error High Availability ERROR 663 Error Rebooting HA Peer Firewall
670 System Error High Availability ERROR 664 License of HA pair doesn't match: %s
671 System Error High Availability ERROR 665 Primary received reboot signal from
Secondary
672 System Error High Availability ERROR 666 Secondary received reboot signal from
Primary
674 System Error High Availability INFO --- Success to reach Interface %s probe
675 System Error High Availability ERROR 6234 Failure to reach Interface %s probe
676 --- Multicast INFO --- IGMP V2 client joined multicast Group : %s
677 --- Multicast INFO --- IGMP V3 client joined multicast Group : %s
682 --- Multicast INFO --- IGMP Leave group message Received on
interface %s
683 --- Multicast NOTICE --- IGMP packet dropped, wrong checksum
received on interface %s
684 --- Multicast ALERT --- Multicast packet dropped, wrong MAC
address received on interface : %s

23
685 --- Multicast ALERT --- Multicast packet dropped, Invalid src IP
received on interface : %s
690 --- Multicast NOTICE --- Multicast UDP packet dropped, no state
entry
694 --- Multicast WARNING --- Multicast UDP packet dropped, RTP
stateful failed
701 --- Multicast DEBUG --- IGMP querier Router detected on interface
%s
706 --- Network Monitor ALERT 14005 Network Monitor: Host %s is offline
707 --- Network Monitor ALERT 14006 Network Monitor: Host %s is online
708 Debug Network DEBUG --- TCP packet received with invalid SEQ
number; TCP packet dropped
709 Debug Network DEBUG --- TCP packet received with invalid ACK
number; TCP packet dropped
712 Debug Network DEBUG --- TCP connection reject received; TCP
connection dropped
713 Debug Network DEBUG --- TCP connection abort received; TCP
connection dropped
714 Debug Network Access NOTICE --- EIGRP packet dropped
719 System Error VPN ERROR --- VPN policy count received exceeds the
limit; %s
720 Maintenance PPPoE INFO --- Sending LCP Echo Request
721 Maintenance PPPoE INFO --- Received LCP Echo Request
722 Maintenance PPPoE INFO --- Sending LCP Echo Reply
723 Maintenance PPPoE INFO --- Received LCP Echo Reply
724 --- Network Access INFO --- Guest Services drop traffic to deny
network
725 --- Network Access INFO --- Guest Services pass traffic to access allow
network
726 --- Network Access INFO --- WLAN max concurrent users reached
already
727 SonicPoint SonicPoint INFO --- SonicPoint Provision
728 Maintenance Authenticated INFO --- WLAN disabled by schedule
Access
729 Maintenance Authenticated INFO --- WLAN enabled by schedule
Access
732 TCP | UDP | Wireless WARNING --- Packet dropped by WLAN SSL VPN
ICMP enforcement check
733 Maintenance Wireless INFO --- SSL VPN enforcement
734 --- Firewall Event INFO --- Source IP address connection status: %s
735 --- Firewall Event INFO --- Destination IP address connection status:
%s
737 System Error Firewall Logging WARNING --- SMTP authentication problem:%s
738 Maintenance PPPoE INFO --- PPPoE Client: Previous session was
connected for %s
744 User Activity RADIUS WARNING --- User login denied - RADIUS communication
problem

24
745 User Activity RADIUS INFO --- User login denied - LDAP authentication
failure
746 User Activity RADIUS WARNING --- User login denied - LDAP server Timeout
747 User Activity RADIUS WARNING --- User login denied - LDAP server down or
misconfigured
748 User Activity RADIUS WARNING --- User login denied - LDAP communication
problem
749 User Activity RADIUS WARNING --- User login denied - invalid credentials on
LDAP server
750 User Activity RADIUS WARNING --- User login denied - insufficient access on
LDAP server
751 User Activity RADIUS WARNING --- User login denied - LDAP schema mismatch
752 User Activity RADIUS WARNING --- Allowed LDAP server certificate with
wrong host name
753 User Activity RADIUS WARNING --- User login denied - LDAP server name
resolution failed
754 User Activity RADIUS WARNING --- User login denied - RADIUS server name
resolution failed
755 User Activity RADIUS WARNING --- User login denied - LDAP server certificate
not valid
756 User Activity RADIUS WARNING --- User login denied - TLS or local certificate
problem
757 User Activity RADIUS WARNING --- User login denied - LDAP directory
mismatch
758 User Activity RADIUS WARNING --- LDAP server does not allow CHAP
759 User Activity Authenticated INFO --- User login denied - user already logged in
Access
760 --- Network Access NOTICE --- TCP handshake violation detected; TCP
connection dropped
766 Maintenance Security Services WARNING 8628 Failed to synchronize license information
with Licensing Server. %s
773 System Error DDNS ERROR --- DDNS Failure: Provider %s
776 Maintenance DDNS INFO --- DDNS Update success for domain %s
777 System Error DDNS WARNING --- DDNS Warning: Provider %s
778 Maintenance DDNS INFO --- DDNS association %s taken Offline locally
779 Maintenance DDNS INFO --- DDNS association %s added
780 Maintenance DDNS INFO --- DDNS association %s enabled
781 Maintenance DDNS INFO --- DDNS association %s disabled
782 Maintenance DDNS INFO --- DDNS Association %s put on line
783 Maintenance DDNS INFO --- All DDNS associations have been deleted
784 Maintenance DDNS INFO --- DDNS association %s deactivated
785 Maintenance DDNS INFO --- DDNS association %s deleted
786 --- DDNS INFO --- DDNS association %s updated

25
789 Attack Intrusion ALERT 6435 IDP Detection Alert: %s
Detection
790 Attack Intrusion ALERT 6436 IDP Prevention Alert: %s
Detection
791 --- DPI-SSL INFO --- DPI-SSL: %s
793 User Activity Application ALERT 13201 Application Firewall Alert: %s
Firewall
794 Attack Intrusion ALERT 6437 Anti-Spyware Prevention Alert: %s
Detection
795 Attack Intrusion ALERT 6438 Anti-Spyware Detection Alert: %s
Detection
796 Maintenance Security Services WARNING 8631 Anti-Spyware Service Expired
797 --- RBL NOTICE --- Outbound connection to RBL-listed SMTP
server dropped
798 --- RBL NOTICE --- Inbound connection from RBL-listed SMTP
server dropped
799 --- RBL NOTICE --- SMTP server found on RBL blacklist
800 --- RBL ERROR --- No valid DNS server specified for RBL
lookups
805 --- GMS INFO --- Interface statistics report
806 --- GMS INFO --- SonicPoint statistics report
809 Attack Security Services ALERT 8632 Gateway Anti-Virus Alert: %s
810 Maintenance Security Services WARNING 8633 Gateway Anti-Virus Service expired
811 Maintenance PPP Dial-Up INFO --- PPP Dial-Up: Invalid DNS IP address
returned from Dial-Up ISP; overriding using
dial-up profile settings
815 --- Network WARNING --- Too many gratuitous ARPs detected
817 User Activity Authenticated INFO --- Incoming call received for Remotely
Access Triggered Dial-out session
818 User Activity Authenticated INFO --- Remotely Triggered Dial-out session
Access started. Requesting authentication
819 User Activity Authenticated INFO --- Incorrect authentication received for
Access Remotely Triggered Dial-out
820 User Activity Authenticated INFO --- Successful authentication received for
Access Remotely Triggered Dial-out
821 User Activity Authenticated INFO --- Authentication Timeout during Remotely
Access Triggered Dial-out session
822 User Activity Authenticated INFO --- Remotely Triggered Dial-out session ended.
Access Valid WAN bound data found. Normal dial-
up sequence will commence
823 System Error High Availability ERROR --- Secondary will be shut down in %s minutes
824 System Error High Availability ERROR --- Secondary shut down because license is
expired
825 System Error High Availability INFO --- Secondary active
826 --- High Availability ERROR --- %s
828 --- High Availability INFO --- %s
829 --- High Availability ALERT --- %s

26
830 --- High Availability NOTICE --- %s
832 --- DHCP Server INFO --- DHCP Scopes altered automatically due to
change in network settings for interface %s
833 System Error DHCP Server WARNING --- DHCP lease file in the storage is corrupted;
read failed
834 System Error DHCP Server WARNING --- Failed to write DHCP leases to storage
835 Maintenance DHCP Server INFO --- DHCP leases written to storage
840 --- ARS INFO --- %s
841 --- ARS NOTICE --- %s
842 --- ARS DEBUG --- %s
847 Maintenance Network WARNING --- IP address conflict detected from Ethernet
address %s
848 User Activity VPN PKI INFO --- OCSP sending request.
849 User Activity VPN PKI ERROR --- OCSP send request message failed.
850 User Activity VPN PKI INFO --- OCSP received response.
852 User Activity VPN PKI INFO --- OCSP Resolved Domain Name.
853 User Activity VPN PKI ERROR --- OCSP Failed to Resolve Domain Name.
854 User Activity VPN PKI ERROR --- OCSP Internal error handling received
response.
856 Attack Intrusion WARNING --- SYN Flood Mode changed by user to: Watch
Detection and report possible SYN floods
857 Attack Intrusion WARNING --- SYN Flood Mode changed by user to: Watch
Detection and proxy WAN connections when under
attack
858 Attack Intrusion WARNING --- SYN Flood Mode changed by user to:
Detection Always proxy WAN connections
859 Attack Intrusion ALERT --- Possible SYN flood detected on WAN IF %s -
Detection switching to connection-proxy mode
860 Attack Intrusion ALERT --- Possible SYN Flood on IF %s
Detection
861 Attack Intrusion ALERT --- SYN flood ceased or flooding machines
Detection blacklisted - connection proxy disabled
862 Attack Intrusion WARNING --- SYN Flood blacklisting enabled by user
Detection
863 Attack Intrusion WARNING --- SYN Flood blacklisting disabled by user
Detection
864 Attack Intrusion ALERT --- SYN-Flooding machine %s blacklisted
Detection
865 Attack Intrusion ALERT --- Machine %s removed from SYN flood
Detection blacklist
866 Attack Intrusion WARNING --- Possible SYN Flood on IF %s continues
Detection
867 Attack Intrusion ALERT --- Possible SYN Flood on IF %s has ceased
Detection
868 Attack Intrusion WARNING --- SYN Flood Blacklist on IF %s continues
Detection

27
869 Attack Intrusion DEBUG --- TCP SYN received
Detection
872 User Activity Security Services NOTICE --- %s
874 User Activity VPN PKI ALERT --- CRL has expired
875 User Activity VPN PKI ALERT --- Failed to find certificate
876 User Activity VPN PKI ALERT --- CRL missing - Issuer requires CRL checking.
877 User Activity VPN PKI ALERT --- CRL validation failure for Root Certificate
878 User Activity VPN PKI ALERT --- Cannot Validate Issuer Path
879 --- RF Management WARNING --- WLAN radio frequency threat detected
880 Maintenance Dynamic Address INFO --- Unable to resolve dynamic address object
Objects
881 --- Firewall Logging NOTICE --- System clock manually updated
882 TCP Network Access DEBUG --- HTTP method detected; examining stream
for host header
883 TCP|UDP Network Access NOTICE --- IP Header checksum error; packet dropped
884 TCP Network Access NOTICE --- TCP checksum error; packet dropped
885 UDP Network Access NOTICE --- UDP checksum error; packet dropped
886 UDP Network Access NOTICE --- ICMP checksum error; packet dropped
887 Debug Network DEBUG --- TCP packet received with invalid header
length; TCP packet dropped
888 Debug Network DEBUG --- TCP packet received on non-
existent/closed connection; TCP packet
dropped
889 Debug Network DEBUG --- TCP packet received without mandatory
SYN flag; TCP packet dropped
890 Debug Network DEBUG --- TCP packet received without mandatory
ACK flag; TCP packet dropped
891 Debug Network DEBUG --- TCP packet received on a closing
connection; TCP packet dropped
892 Debug Network INFO --- TCP packet received with SYN flag on an
existing connection; TCP packet dropped
893 Debug Network DEBUG --- TCP packet received with invalid SACK
option length; TCP packet dropped
894 Debug Network DEBUG --- TCP packet received with invalid MSS
option length; TCP packet dropped
895 Debug Network DEBUG --- TCP packet received with invalid option
length; TCP packet dropped
896 Debug Network DEBUG --- TCP packet received with invalid source
port; TCP packet dropped
897 Attack Network INFO --- TCP packet received with invalid SYN Flood
cookie; TCP packet dropped
898 Attack Intrusion ALERT --- RST-Flooding machine %s blacklisted
Detection
899 Attack Intrusion WARNING --- RST Flood Blacklist on IF %s continues
Detection
900 Attack Intrusion ALERT --- Machine %s removed from RST flood
Detection blacklist

28
901 Attack Intrusion ALERT --- FIN-Flooding machine %s blacklisted
Detection
902 Attack Intrusion WARNING --- FIN Flood Blacklist on IF %s continues
Detection
903 Attack Intrusion ALERT --- Machine %s removed from FIN flood
Detection blacklist
904 Attack Intrusion ALERT --- Possible RST Flood on IF %s
Detection
905 Attack Intrusion ALERT --- Possible FIN Flood on IF %s
Detection
906 Attack Intrusion ALERT --- Possible RST Flood on IF %s has ceased
Detection
907 Attack Intrusion ALERT --- Possible FIN Flood on IF %s has ceased
Detection
908 Attack Intrusion WARNING --- Possible RST Flood on IF %s continues
Detection
909 Attack Intrusion WARNING --- Possible FIN Flood on IF %s continues
Detection
910 Debug Network WARNING --- Packet Dropped - IP TTL expired
911 Maintenance Dynamic Address INFO --- Added host entry to dynamic address
Objects object
912 Maintenance Dynamic Address INFO --- Removed host entry from dynamic address
Objects object
913 User Activity VPN IKE WARNING --- IKE Responder: Phase 1 Authentication
Method does not match
914 User Activity VPN IKE WARNING --- IKE Responder: Phase 1 encryption
algorithm does not match
915 User Activity VPN IKE WARNING --- IKE Responder: Phase 1 encryption
algorithm keylength does not match
916 User Activity VPN IKE WARNING --- IKE Responder: Phase 1 hash algorithm
does not match
917 User Activity VPN IKE WARNING --- IKE Responder: Phase 1 XAUTH required
but Policy has no user name
918 User Activity VPN IKE WARNING --- IKE Responder: Phase 1 XAUTH required
but Policy has no user password
919 User Activity VPN IKE WARNING --- IKE Responder: Phase 1 DH Group does not
match
920 User Activity VPN IKE WARNING --- IKE Responder: AH authentication
921 User Activity VPN IKE WARNING --- IKE Responder: ESP encryption algorithm
does not match
922 User Activity VPN IKE WARNING --- IKE Responder: ESP authentication
923 User Activity VPN IKE WARNING --- IKE Responder: AH authentication key
length does not match
924 User Activity VPN IKE WARNING --- IKE Responder: ESP encryption key length
does not match
925 User Activity VPN IKE WARNING --- IKE Responder: ESP authentication key
length does not match

29
926 User Activity VPN IKE WARNING --- IKE Responder: AH authentication key
rounds does not match
927 User Activity VPN IKE WARNING --- IKE Responder: ESP encryption key rounds
does not match
928 User Activity VPN IKE WARNING --- IKE Responder: ESP authentication key
rounds does not match
930 User Activity VPN IKE INFO --- IKE Initiator: Remote party Timeout -
Retransmitting IKE Request.
931 User Activity VPN IKE INFO --- IKE Responder: Remote party Timeout -
Retransmitting IKE Request.
932 User Activity VPN IKE WARNING --- IKE Responder: IPsec protocol mismatch
933 User Activity VPN IKE WARNING --- IKE Initiator: Proposed IKE ID mismatch
934 User Activity VPN IKE WARNING --- IKE Responder: Peer's local network does
not match VPN Policy's [Destination ]
935 User Activity VPN IKE WARNING --- IKE Responder: Peer's destination network
does not match VPN Policy's [Local
Network]
936 User Activity VPN IKE WARNING --- IKE Responder: Route table overrides VPN
Policy
937 User Activity VPN IKE WARNING --- IKE Initiator: IKE proposal does not match
(Phase 1)
938 User Activity VPN IKE INFO --- IKEv2 Initiator: Send IKE_SA_INIT Request
939 User Activity VPN IKE INFO --- IKEv2 Responder: Received IKE_SA_INIT
Request
940 User Activity VPN IKE INFO --- IKEv2 Initiator: Send IKE_AUTH Request
941 User Activity VPN IKE INFO --- IKEv2 Responder: Received IKE_AUTH
Request
942 User Activity VPN IKE INFO --- IKEv2 Authentication successful
943 User Activity VPN IKE INFO --- IKEv2 Accept IKE SA Proposal
944 User Activity VPN IKE INFO --- IKEv2 Accept IPsec SA Proposal
945 User Activity VPN IKE INFO --- IKEv2 Initiator: Send CREATE_CHILD_SA
Request
946 User Activity VPN IKE INFO --- IKEv2 Responder: Received
CREATE_CHILD_SA Request
947 User Activity VPN IKE INFO --- IKEv2 Send delete IKE SA Request
948 User Activity VPN IKE INFO --- IKEv2 Received delete IKE SA Request
949 User Activity VPN IKE INFO --- IKEv2 Send delete IPsec SA Request
950 User Activity VPN IKE INFO --- IKEv2 Received delete IPsec SA Request
951 User Activity VPN IKE INFO --- IKEv2 Responder: Peer's destination
network does not match VPN Policy's [Local
Network]
952 User Activity VPN IKE INFO --- IKEv2 Responder: Peer's local network does
not match VPN Policy's [Destination
Network]
953 User Activity VPN IKE WARNING --- IKEv2 Payload processing error
954 User Activity VPN IKE WARNING --- IKEv2 Initiator: Negotiations failed. Extra
payloads present.

30
955 User Activity VPN IKE WARNING --- IKEv2 Initiator: Negotiations failed. Missing
required payloads.
956 User Activity VPN IKE WARNING --- IKEv2 Initiator: Negotiations failed. Invalid
input state.
957 User Activity VPN IKE WARNING --- IKEv2 Initiator: Negotiations failed. Invalid
output state.
958 User Activity VPN IKE WARNING --- IKEv2 Payload validation failed.
959 User Activity VPN IKE WARNING --- IKEv2 Unable to find IKE SA
960 User Activity VPN IKE WARNING --- IKEv2 Decrypt packet failed
961 User Activity VPN IKE WARNING --- IKEv2 Out of memory
962 User Activity VPN IKE ERROR --- IKEv2 Responder: Policy for remote IKE ID
not found
963 User Activity VPN IKE WARNING --- IKEv2 Process Message queue failed
964 User Activity VPN IKE WARNING --- IKEv2 Invalid state
965 System Error VPN IKE ERROR --- IKE Responder: Client Policy has no VPN
Access Networks assigned. Check
Configuration.
966 User Activity VPN IKE WARNING --- IKEv2 Invalid SPI size
967 User Activity VPN IKE WARNING --- IKEv2 VPN Policy not found
968 User Activity VPN IKE WARNING --- IKEv2 IPsec proposal does not match
969 User Activity VPN IKE WARNING --- IKEv2 IPsec attribute not found
970 User Activity VPN IKE WARNING --- IKEv2 IKE attribute not found
971 User Activity VPN IKE WARNING --- IKEv2 Peer is not responding. Negotiation
aborted.
972 User Activity VPN IKE INFO --- IKEv2 Initiator: Remote party Timeout -
Retransmitting IKEv2 Request.
973 User Activity VPN IKE INFO --- IKEv2 Initiator: Received IKE_SA_INT
response
974 User Activity VPN IKE INFO --- IKEv2 Initiator: Received IKE_AUTH
response
975 User Activity VPN IKE INFO --- IKEv2 Initiator: Received CREATE_CHILD_SA
response
976 User Activity VPN IKE INFO --- IKEv2 Responder: Send IKE_SA_INIT
response
977 User Activity VPN IKE INFO --- IKEv2 Responder: Send IKE_AUTH response
978 User Activity VPN IKE INFO --- IKEv2 negotiation complete
979 User Activity VPN IKE ERROR --- IKEv2 Function sendto() failed to transmit
packet.
980 User Activity VPN IKE WARNING --- IKEv2 Initiator: Proposed IKE ID mismatch
981 User Activity VPN IKE WARNING --- IKEv2 IKE proposal does not match
982 User Activity VPN IKE INFO --- IKEv2 Received notify status payload
983 User Activity VPN IKE WARNING --- IKEv2 Received notify error payload
984 User Activity VPN IKE INFO --- IKEv2 No NAT device detected between
negotiating peers
985 User Activity VPN IKE INFO --- IKEv2 NAT device detected between
negotiating peers

31
986 User Activity Authenticated INFO --- User login denied - not allowed by Policy
Access rule
987 User Activity Authenticated INFO --- User login denied - not found locally
Access
988 User Activity Authenticated WARNING --- User login denied - SSO agent Timeout
Access
989 User Activity Authenticated WARNING --- User login denied - SSO agent configuration
Access error
990 User Activity Authenticated WARNING --- User login denied - SSO agent
Access communication problem
991 User Activity Authenticated WARNING --- User login denied - SSO agent name
Access resolution failed
992 User Activity CIA WARNING --- SSO agent returned user name too long
993 User Activity CIA WARNING --- SSO agent returned domain name too long
994 User Activity Authenticated INFO --- Configuration mode administration session
Access started
995 User Activity Authenticated INFO --- Configuration mode administration session
Access ended
996 User Activity Authenticated INFO --- Read-only mode GUI administration session
Access started
997 User Activity Authenticated INFO --- Non-config mode GUI administration
Access session started
998 User Activity Authenticated INFO --- GUI administration session ended
Access
999 Blocked Sites Network Access INFO --- SSL Control: Website found in blacklist
1000 Blocked Sites Network Access INFO --- SSL Control: Website found in whitelist
1001 Blocked Sites Network Access INFO --- SSL Control: HTTPS via SSL
1002 Blocked Sites Network Access INFO --- SSL Control: Certificate with invalid date
1003 Blocked Sites Network Access INFO --- SSL Control: Self-signed certificate
1004 Blocked Sites Network Access INFO --- SSL Control: Weak cipher being used
1005 Blocked Sites Network Access INFO --- SSL Control: Untrusted CA
1006 Blocked Sites Network Access INFO --- SSL Control: Certificate chain not
complete
1007 Blocked Sites Network Access INFO --- SSL Control: Failed to decode Server Hello
1008 User Activity Authenticated INFO --- User logged out - logout detected by SSO
Access
1009 System Error RADIUS ERROR --- Bind to LDAP server failed
1010 System Error RADIUS ALERT --- Using LDAP without TLS - highly insecure
1011 System Error RADIUS WARNING --- LDAP using non-administrative account -
VPN client user will not be able to change
passwords
1012 User Activity VPN IKE INFO --- IKEv2 Responder: Send CREATE_CHILD_SA
response
1013 User Activity VPN IKE INFO --- IKEv2 Send delete IKE SA response
1014 User Activity VPN IKE INFO --- IKEv2 Send delete IPsec SA response
1015 User Activity VPN IKE INFO --- IKEv2 Received delete IKE SA response

32
1016 User Activity VPN IKE INFO --- IKEv2 Received delete IPsec SA response
1017 System Firewall INFO --- 3G/4G %s device detected
1018 --- PPP INFO --- PPP message: %s
1019 User Activity PPP Dial-Up INFO --- Chat started
1020 User Activity PPP Dial-Up INFO --- Chat completed
1021 User Activity PPP Dial-Up INFO --- Chat wrote '%s'
1022 User Activity PPP Dial-Up INFO --- Chat %s
1023 User Activity PPP Dial-Up INFO --- Chat failed: %s
1024 System Error PPP Dial-Up ERROR --- Unable to send message to dial-up task
1026 User Activity PPP Dial-Up ALERT --- 3G/4G Dial-up: %s.
1027 User Activity PPP Dial-Up ALERT 7643 3G/4G Dial-up: data usage limit reached
for the '%s' billing cycle. Disconnecting the
session.
1028 System Error PPP Dial-Up ALERT --- %s auto-dial failed: Current Connection
Model is configured as Ethernet Only
1029 Debug Network DEBUG --- TCP packet received with non-permitted
option; TCP packet dropped
1030 Debug Network DEBUG --- TCP packet received with invalid Window
Scale option length; TCP packet dropped
1031 Debug Network DEBUG --- TCP packet received with invalid Window
Scale option value; TCP packet dropped
1033 User Activity Authenticated WARNING --- Problem occurred during user group
Access membership retrieval
1035 User Activity Authenticated INFO --- User login denied - password expired
Access
1036 User Activity VPN IKE ERROR --- IKE Responder: IKE Phase 1 exchange does
not match
1037 --- PPP Dial-Up INFO --- PPP Dial-Up: Starting PPP
1038 --- PPP Dial-Up INFO --- Dial-up: Traffic generated by '%s'
1039 --- PPP Dial-Up INFO --- Dial-up: Session initiated by data packet
1040 --- DHCP Server ALERT --- DHCP Server: IP conflict detected
1041 --- DHCP Server ALERT --- DHCP Server: Received DHCP decline from
client
1043 --- Firewall ERROR 5425 Power supply without redundancy
Hardware
1044 --- High Availability INFO --- Discovered HA %s Firewall
1045 --- Firewall Event INFO --- Diagnostic Auto-restart scheduled for %s
minutes from now
1046 --- Firewall Event INFO --- Diagnostic Auto-restart canceled
1047 --- Firewall Event INFO --- As per Diagnostic Auto-restart
configuration Request, restarting system
1048 --- Authenticated INFO --- User login denied - password doesn't meet
Access constraints
1050 User Activity VPN INFO --- VPN policy %s is added
1051 User Activity VPN INFO --- VPN policy %s is deleted

33
1052 User Activity VPN INFO --- VPN policy %s is modified
1053 --- Firewall ALERT 5418 PC Card removed.
Hardware
1054 --- Firewall ALERT 5419 PC Card inserted.
Hardware
1055 --- Firewall ALERT --- 3G/4G: No SIM detected
Hardware
1057 --- High Availability INFO --- Peer firewall rebooting (%s)
1058 --- High Availability INFO --- Primary firewall rebooting itself as it
transitioned from Active to Standby while
Preempt
1059 --- High Availability INFO --- Secondary firewall rebooting itself as it
transitioned from Active to Standby while
Preempt
1060 --- Crypto Test ERROR --- Crypto SHA1 based DRNG KAT test failed
1065 Maintenance Firewall Event INFO --- Successfully sent %s file to remote backup
server
1066 Maintenance Firewall Event INFO --- Failed to send file to remote backup
server, Error: %s
1068 --- DHCP Server WARNING --- Multiple DHCP Servers are detected on
network
1070 --- Firewall Event INFO --- Invalid DNS Server will not be accepted by
the dynamic client
1071 --- Firewall Event CRITICAL --- DHCP Server sanity check passed %s
1072 --- Firewall Event CRITICAL --- DHCP Server sanity check failed %s
1073 User Activity CIA WARNING --- SSO agent returned error
1074 --- L2TP Client INFO --- L2TP Tunnel Negotiation %s
1075 User Activity CIA ALERT --- SSO agent is down
1076 User Activity CIA ALERT --- SSO agent is up
1077 --- SonicPoint-N INFO --- %s Status
1078 --- SonicPoint-N INFO --- %s Provision
1079 --- SSL VPN INFO --- %s
1080 --- Authenticated INFO --- SSL VPN zone remote user login allowed
Access
1081 Blocked Sites Network Access INFO --- SSL Control: Certificate with MD5 Digest
Signature Algorithm
1082 --- Anti-Spam WARNING 13801 %s is operational.
1083 --- Anti-Spam WARNING 13802 %s is unavailable.
1084 --- Anti-Spam INFO 13803 Anti-Spam service is enabled by
administrator.
1085 --- Anti-Spam INFO 13804 Anti-Spam service is disabled by
administrator.
1086 --- Anti-Spam WARNING 13805 Your Anti-Spam Service subscription has
expired.
1087 --- Anti-Spam WARNING 13806 SMTP connection limit is reached.
Connection is dropped.
1088 --- Anti-Spam WARNING 13807 Anti-Spam Startup Failure - %s

34
1089 --- Anti-Spam WARNING 13808 Anti-Spam Teardown Failure - %s
1090 --- DHCP Server NOTICE --- DHCP Server: Received DHCP message from
untrusted relay agent
1091 --- Anti-Spam NOTICE 13809 Outbound connection to GRID-listed SMTP
server dropped
1092 --- Anti-Spam NOTICE 13810 Inbound connection from GRID-listed SMTP
server dropped
1093 --- Anti-Spam NOTICE 13811 SMTP server found on Reject List
1094 --- Anti-Spam ERROR 13812 No valid DNS server specified for GRID
lookups
1095 --- Anti-Spam INFO 13813 Unprocessed E-mail received from MTA on
Inbound SMTP port
1097 --- VPN PKI NOTICE --- SCEP Client: %s
1098 --- Intrusion ALERT 6465 Possible DNS rebind attack detected
Detection
1099 --- Intrusion ALERT 6466 DNS rebind attack blocked
Detection
1100 --- Network Monitor ALERT 14001 Network Monitor: Policy %s status is UP
1101 --- Network Monitor ALERT 14002 Network Monitor: Policy %s status is DOWN
1102 --- Network Monitor ALERT 14003 Network Monitor: Policy %s status is
UNKNOWN
1103 --- Network Monitor ALERT 14004 Network Monitor: Host %s status is
UNKNOWN
1104 --- Network Monitor INFO --- Network Monitor Policy %s Added
1105 --- Network Monitor INFO --- Network Monitor Policy %s Deleted
1106 --- Network Monitor INFO --- Network Monitor Policy %s Modified
1107 System Error Firewall Event ALERT --- %s
1108 --- Anti-Spam INFO --- Message blocked by Real-Time E-mail
Scanner
1109 --- VPN PKI INFO --- CSR Generation: %s
1110 --- DHCP Server INFO --- Assigned IP address %s
1111 --- DHCP Server INFO --- Released IP address %s
1112 --- Ftp DEBUG --- Ftp server accepted the connection
1113 --- Ftp DEBUG --- Ftp client user name was sent
1114 --- Ftp DEBUG --- Ftp client user logged in successfully
1115 --- Ftp DEBUG --- Ftp client user logged in failed
1116 --- Ftp DEBUG --- Ftp client user logged out
1117 User Activity Authenticated WARNING --- User login denied - SSO probe failed
Access
1118 User Activity Authenticated INFO --- User login denied - Mail Address(From/to)
Access or SMTP Server is not configured
1119 User Activity Authenticated INFO --- RADIUS user cannot use One Time Password
Access - no mail address set for equivalent local
user
1120 User Activity Authenticated WARNING --- User login denied - Terminal Services agent
Access Timeout

35
Access name resolution failed
1122 User Activity Authenticated WARNING --- User login denied - No name received from
Access Terminal Services agent
Access communication problem
1124 User Activity Authenticated INFO --- User logged out - logout reported by
Access Terminal Services agent
1125 User Activity High Availability INFO --- High Availability has been enabled, Dial-Up
device(s) are not supported in High
Availability processing.
1126 User Activity High Availability ERROR --- The High Availability monitoring IP
configuration of Interface %s is incorrect.
1127 User Activity VPN IKE WARNING --- IKE Responder: ESP mode mismatch Local -
Tunnel Remote - Transport
1128 User Activity VPN IKE WARNING --- IKE Responder: ESP mode mismatch Local -
Transport Remote - Tunnel
1131 --- Anti-Spam DEBUG --- Probe Response Success - %s
1132 --- Anti-Spam DEBUG --- Probe Response Failure - %s
1133 --- PPPoE INFO --- %s
1134 Maintenance PPTP INFO --- %s
1135 Maintenance L2TP Client INFO --- %s
1138 --- Anti-Spam DEBUG --- Received unauthenticated GRID response
1139 --- Anti-Spam DEBUG --- Invalid key or serial number used for GRID
response
1140 --- Anti-Spam DEBUG --- Invalid key version used for GRID response
1141 --- Anti-Spam DEBUG --- Host IP address not in GRID List
1142 --- Anti-Spam DEBUG --- No response received from DNS server
1143 --- Anti-Spam DEBUG --- Not blacklisted as per configuration
1144 --- Anti-Spam DEBUG --- Default to not blacklisted
1145 --- Anti-Spam DEBUG --- Failed to insert entry into GRID result IP
cached table
1146 --- Anti-Spam DEBUG --- Resolved ES Cloud - %s
1147 --- Anti-Spam DEBUG --- Updated ES Cloud Address - %s
1148 Advanced Advanced INFO --- %s
Switching Switching
1149 --- High Availability WARNING --- Your Active/Active Clustering subscription
has expired.
1150 User Activity CIA ALERT --- Terminal Services agent is down
1151 User Activity CIA ALERT --- Terminal Services agent is up
1152 --- High Availability ERROR --- Active/Active Clustering license is not
activated on the following cluster units: %s
1153 Connection SSL VPN INFO --- SSL VPN Traffic
Traffic
1154 --- Application ALERT 15001 Application Control Detection Alert: %s
Control Detection

36
1155 --- Application ALERT 15002 Application Control Prevention Alert: %s
Control Detection
1156 --- Firewall Event ERROR --- Name Resolution for Syslog or GMS failed.
1157 User Activity Authenticated INFO --- User account '%s' expired and disabled
Access
1158 User Activity Authenticated INFO --- User account '%s' expired and pruned
Access
1159 --- Security Services WARNING --- Received Alert: Your Visualization Control
subscription has expired.
1160 Maintenance Firewall Event DEBUG --- Attempt to contact Remote backup server
for upload approval failed
1161 Maintenance Firewall Event DEBUG --- Backup remote server did not approve
upload Request
1162 System Error High Availability ALERT 664 Modules attached to HA units do not
match: %s
1163 --- E1/T1 Status INFO --- E1_T1 Layer 1 status: No signal
1164 --- E1/T1 Status INFO --- E1_T1 Layer 1 status: No frame
synchronization
1165 --- E1/T1 Status INFO --- E1_T1 Layer 1 status: No multiframe
synchronization
1166 --- E1/T1 Status INFO --- E1_T1 Layer 1 status: Remote alarm
detected
1167 --- E1/T1 Status INFO --- E1_T1 Layer 1 status: Controlled slip
1168 --- E1/T1 Status INFO --- E1_T1 Layer 1 status: OK
1169 --- Bandwidth INFO --- WAN Acceleration device %s found
Optimization
1170 --- Bandwidth ALERT --- WAN Acceleration device %s is operational
Optimization
1171 --- Bandwidth ALERT --- WAN Acceleration device %s is no longer
Optimization operational
1172 --- Bandwidth ALERT --- WAN Acceleration device %s is being used
Optimization
1173 --- Bandwidth ALERT --- WAN Acceleration device %s is no longer
Optimization being used
1174 --- Bandwidth WARNING --- Remote WAN Acceleration device stopped
Optimization responding to probes
1175 --- Bandwidth WARNING --- Remote WAN Acceleration device started
Optimization responding to probes
1176 --- Bandwidth WARNING --- Your WAN Acceleration Service subscription
Optimization has expired.
1177 Debug Network Access ALERT --- Malformed DNS packet detected
1178 User Activity CIA ALERT --- A high percentage of the system packet
buffers are held waiting for SSO
1179 User Activity CIA ALERT --- A user has a very high number of
connections waiting for SSO
1183 --- VPN IKE DEBUG --- Deleting IPsec SA. (Phase 2)
1184 --- DHCP Server WARNING --- Delete invalid scope because port IP in the
range of this DHCP scope.

37
1185 --- DSL ALERT --- DSL: %s Device Up
1186 --- DSL ALERT --- DSL: %s Device Down
1187 --- DSL ALERT --- DSL: %s WAN is connected
1188 --- DSL ALERT --- DSL: %s WAN is initializing
1189 --- VPN IKE WARNING --- IKE Responder: Peer's proposed network
does not match VPN Policy's Network
1190 --- RADIUS INFO --- Added new LDAP mirror user group: %s
1191 --- RADIUS INFO --- Deleted LDAP mirror user group: %s
1192 --- RADIUS INFO --- Added a new member to an LDAP mirror
user group
1193 --- RADIUS INFO --- Removed a member from an LDAP mirror
user group
1194 --- High Availability ERROR --- Monitoring probe out interface mismatch
%s
1195 Security Security Services WARNING --- Received Alert: Your Firewall Botnet Filter
Services subscription has expired.
1196 Maintenance Firewall Event ALERT --- Product maximum entries reached - %s
1197 --- Network Access NOTICE --- NAT Mapping
1198 --- GeoIp ALERT --- Initiator from country blocked: %s
1199 --- GeoIp ALERT --- Responder from country blocked: %s
1200 --- Botnet ALERT --- Suspected Botnet initiator blocked: %s
1201 --- Botnet ALERT --- Suspected Botnet responder blocked: %s
1202 User Activity Authenticated INFO --- %s
Access
1203 User Activity Authenticated WARNING --- %s
Access
1204 User Activity Authenticated ERROR --- %s
Access
1205 System Error High Availability ALERT --- On HA peer firewall, Interface %s Link Is Up
1206 System Error High Availability ALERT --- On HA peer firewall, Interface %s Link Is
Down
1207 Maintenance High Availability INFO --- Peer firewall has reduced link status. In
event of failover, it will operate with
limited capability.
1208 Maintenance High Availability INFO --- Peer firewall has equivalent link status. In
event of failover, it will operate with equal
capability.
1209 Attack MacIP Spoof ALERT --- MAC-IP Anti-spoof check enforced for hosts
1210 Attack MacIP Spoof ALERT --- MAC-IP Anti-spoof cache not found for this
router
1211 Attack MacIP Spoof ALERT --- MAC-IP Anti-spoof cache found, but it is
not a router
1212 Attack MacIP Spoof ALERT --- MAC-IP Anti-spoof cache found, but it is
blacklisted device
1213 Attack Intrusion ALERT --- Possible UDP flood attack detected
Detection

38
1214 Attack Intrusion ALERT --- Possible ICMP flood attack detected
Detection
1215 Debug DHCP Relay INFO --- DHCP INFORM received from remote device
1216 --- --- DEBUG --- IP Pool of the VPN Policy is Full
1217 --- --- DEBUG --- IP Pool of the VPN Policy is Not Configured
1218 --- --- INFO --- MOBIKE: Update Peer Gateway IP
1219 --- --- INFO --- IP Address is allocated for Client
1220 --- --- WARNING --- Invalid SNMP packet
1221 --- --- WARNING --- Invalid SNMPv3 engineID
1222 --- --- WARNING --- Invalid SNMPv3 User
1223 --- --- WARNING --- Invalid SNMPv3 Time Window
1225 --- --- INFO --- SNMP Packet Dropped
1226 --- --- INFO --- HTTPS Handshake: %s
1227 User Activity --- INFO --- Guest traffic quota exceeded
1229 TCP | UDP | --- WARNING --- Packet dropped by wireless Advanced IDP
ICMP
1230 UDP --- NOTICE --- Failed on updating time from NTP server
1231 UDP --- NOTICE --- Time update from NTP server was
successful
1232 UDP --- NOTICE --- NTP Request sent
1233 Debug --- NOTICE --- Unhandled link-local or multicast IPv6
packet dropped
1235 --- Network INFO --- Packet allowed: %s
1236 --- Security Services DEBUG --- Received Blacklisted Directive from - %s
1237 --- Security Services DEBUG --- Not Blacklisted by domain - %s
1238 --- Security Services DEBUG --- No DNS response to domain - %s
1239 --- Security Services DEBUG --- RBL DNS server responded with error code
- %s
1240 --- --- INFO --- %s
1241 --- --- WARNING --- %s
1242 --- --- WARNING --- %s
1243 User Activity Authenticated INFO --- User login Failed - An error has occurred
Access while sending your one-time password
1244 --- RADIUS WARNING --- Failed to add an LDAP mirror user group
1245 --- RADIUS WARNING --- Failed to add a member to an LDAP mirror
user group
1246 --- RADIUS WARNING --- An LDAP user group nesting is not being
mirrored
1252 --- VPN IKE INFO --- IPv6 VPN only support IKEv2 mode
1253 --- VPN IKE NOTICE --- IPv6 Tunnel packet dropped
1254 --- Network NOTICE --- ICMPv6 packet from LAN dropped
1255 --- Network INFO --- ICMPv6 packet from LAN allowed
1256 --- Network INFO --- ICMPv6 packet allowed
1257 --- Network NOTICE --- ICMPv6 packet dropped due to policy

39
1258 --- --- DEBUG --- %s
1259 --- DHCP Server WARNING --- DHCPv6 lease file in the storage is
corrupted; read failed
1260 --- DHCP Server WARNING --- Failed to write DHCPv6 leases to storage
1261 --- DHCP Server INFO --- DHCPv6 leases written to storage
1262 --- Network Access DEBUG --- YouTube for school enforced
1263 Maintenance App Server Event INFO --- AppFlow Server Event
1264 --- Bandwidth WARNING --- WLAN HTTP traffic not being sent to WXA
Optimization WebCache; zone conflict
1265 --- Firewall Event WARNING --- SonicPoint association request to License
Manager failed: %s
1266 --- Firewall Event INFO --- SonicPoint association posted successfully
to License Manager
1267 User Activity VPN IKE DEBUG --- %s
1268 Firewall Firewall Event NOTICE --- Firmware Update Failed
Settings
1269 Firewall Firewall Event NOTICE --- Firmware Update Success
Settings
1270 Maintenance --- INFO --- Crypto DH test success
1271 Maintenance --- INFO --- Crypto Hmac-MD5 test success
1272 Maintenance --- INFO --- Crypto hardware DES test success
1274 --- --- INFO --- Crypto SHA1 based DRNG KAT test success
1275 Maintenance --- INFO --- Crypto Hmac-Sha1 test success
1276 Maintenance --- INFO --- Crypto hardware 3DES test success
1277 Maintenance --- INFO --- Crypto DES test success
1278 Maintenance --- ERROR --- Crypto AES test failed
1279 Maintenance --- INFO --- Crypto AES test success
1280 Maintenance --- INFO --- Crypto DRBG test success
1281 Maintenance --- ERROR --- Crypto DRBG test failed
1282 Maintenance --- INFO --- Crypto Hmac-Sha256 test success
1283 Maintenance --- ERROR --- Crypto Hmac-Sha256 test failed
1284 Maintenance --- INFO --- Crypto RSA test success
1285 Maintenance --- INFO --- Crypto Sha1 test success
1286 Maintenance --- INFO --- Crypto Sha256 test success
1287 Maintenance --- ERROR --- Crypto Sha256 test failed
1288 Maintenance --- INFO --- Crypto hardware AES test success
1289 Maintenance --- INFO --- Crypto hardware DES with SHA test success
1290 Maintenance --- INFO --- Crypto hardware 3DES with SHA test
success
1299 Maintenance --- ALERT --- Ndpp SelfTest write/read encrypt/decrypt
successsfully
1300 Maintenance --- ALERT --- Ndpp SelfTest write/read encrypt/decrypt
failure
1301 Debug Network Access ALERT --- Source or Destination IPv6 address is
reserved by RFC 4291. Packet is dropped

40
1302 Debug Network Access ALERT --- Destination IPv6 address is unspecified.
Packet is dropped
1303 Debug Network Access ALERT --- Source IPv6 address is unspecified but this
packet is not Neighbor Solicitation
message for DAD. Packet is dropped
1304 Debug Network Access ALERT --- Packet is dropped due to NDPP rules.
1305 User Activity VPN IKE WARNING --- IKE Responder : VPN Policy for IKE ID not
found
1306 User Activity VPN IKE WARNING --- IKE Responder : VPN Policy for gateway
address not found
1307 User Activity VPN IKE WARNING --- IKE Initiator : VPN Policy for IKE ID not
found
1308 User Activity VPN IKE WARNING --- IKE Initiator : VPN Policy for gateway
address not found
1309 --- Firewall Event WARNING --- HA association request to License Manager
failed: %s
1310 --- Firewall Event INFO --- HA association posted successfully to
License Manager
1311 --- DHCP Server ALERT --- DHCP Server: Resources of this pool ran
out. Client Info: %s
1312 --- VPN IKE INFO --- IKEv2: Peer's IP Version of Traffic Selector
does not match with ours
1313 --- --- INFO --- NAT policy added
1314 --- --- INFO --- NAT policy modified
1315 --- --- INFO --- NAT policy deleted
1316 --- Network ALERT --- Possible ARP attack from MAC address %s
1324 User Activity VPN IKE INFO --- IKEv2 Received Dead Peer Detection
Request
1325 User Activity VPN IKE INFO --- IKEv2 Received Dead Peer Detection
Response
1326 User Activity VPN IKE INFO --- IKEv2 Send Dead Peer Detection Request
1327 User Activity VPN IKE INFO --- IKEv2 Send Dead Peer Detection Response
1328 User Activity VPN IKE INFO --- IKEv2 Send Invalid SPI Request
1329 User Activity VPN IKE INFO --- IKEv2 Received Invalid SPI Request
1330 User Activity VPN IKE INFO --- IKEv2 Send Invalid SPI Response
1331 User Activity VPN IKE INFO --- IKEv2 Received Invalid SPI Response
1332 Maintenance Firewall Event ALERT --- NDPP mode is changed to %s
Access
Access
Access
1336 Firewall Firewall Event INFO --- Certification %s
Settings
1337 Firewall Firewall Event INFO --- %s
Settings

41
1338 Firewall Firewall Event INFO --- User %s password is changed
Settings
1339 Firewall Firewall Event INFO --- Password rule %s is changed
Settings
1340 Firewall Firewall Event INFO --- User Inactive timeout is changed to %s
Settings
Access
1342 User Activity Authenticated INFO --- Update administrator/user lockout params
Access - %s
1343 User Activity VPN INFO --- VPN Policy %s
1344 System Error Firewall Event INFO --- %s
1345 --- Crypto Test INFO --- Crypto Sha384 test success
1346 --- Crypto Test ERROR --- Crypto Sha384 test failed
1347 --- Crypto Test INFO --- Crypto Sha512 test success
1348 --- Crypto Test ERROR --- Crypto Sha512 test failed
1349 --- Crypto Test INFO --- Crypto Ikev1 test success
1350 --- Crypto Test ERROR --- Crypto Ikev1 test failed
1351 --- Crypto Test INFO --- Crypto Ikev2 test success
1352 --- Crypto Test ERROR --- Crypto Ikev2 test failed
1353 --- Crypto Test INFO --- Crypto SSH test success
1354 --- Crypto Test ERROR --- Crypto SSH test failed
1355 --- Crypto Test INFO --- Crypto SNMP test success
1356 --- Crypto Test ERROR --- Crypto SNMP test failed
1357 --- Crypto Test INFO --- Crypto TLS 1.0/1.1 test success
1358 --- Crypto Test ERROR --- Crypto TLS 1.0/1.1 test failed
1359 --- Crypto Test INFO --- Crypto Hmac-Sha384 test success
1360 --- Crypto Test ERROR --- Crypto Hmac-Sha384 test failed
1361 --- Crypto Test INFO --- Crypto Hmac-Sha512 test success
1362 --- Crypto Test ERROR --- Crypto Hmac-Sha512 test failed
1363 802.11b Wireless ALERT --- Wireless Flood Attack
Management
1364 --- VPN PKI ALERT --- Cert Payload processing failed
1365 --- DPI-SSL NOTICE --- DPI-SSL: %s
1366 Attack Intrusion ALERT --- TCP-Flooding machine %s blacklisted
Detection
1367 Attack Intrusion WARNING --- TCP Flood Blacklist on IF %s continues
Detection
1368 Attack Intrusion ALERT --- Machine %s removed from TCP flood
Detection blacklist
1369 Attack Intrusion ALERT --- Possible TCP Flood on IF %s
Detection
1370 Attack Intrusion ALERT --- Possible TCP Flood on IF %s has ceased
Detection

42
1371 Attack Intrusion WARNING --- Possible TCP Flood on IF %s continues
Detection
1372 --- RADIUS WARNING --- LDAP mirroring overflow: too many user
groups
1373 Attack Intrusion ALERT --- IPv6 fragment dropped, invalid length
Detection (<1280 Bytes)
1374 Attack Intrusion ALERT --- IGMP packet dropped, incomplete
Detection fragments
1375 Attack Intrusion ALERT --- UDP fragment dropped, exceeds maximum
Detection IP datagram size (>65535)
1376 Attack Intrusion ALERT --- Nestea/Teardrop attack dropped
Detection
1377 --- Anti-Spam ALERT --- SHLO verification failed with this client IP -
%s
1378 --- Anti-Spam ALERT --- Possible replay attack with this client IP -
%s
1379 --- Bandwidth WARNING --- WXA association request to License
Optimization Manager failed: %s
1380 --- Bandwidth INFO --- WXA association posted successfully to
Optimization License Manager
1381 --- Security Services WARNING 15003 Received App-Control Alert: Your
Application Control subscription has
expired.
1382 User Activity Firewall Logging INFO 5609 Configuration succeeded: %s
1383 User Activity Firewall Logging INFO 5610 Configuration failed: %s
1384 Debug Network DEBUG --- TCP packet received with invalid
Timestamps option length; TCP packet
dropped
1385 Debug Network DEBUG --- TCP packet received with wrapped
sequence number; TCP packet dropped
1387 Attack Intrusion ALERT --- TCP Null Flag dropped
Detection
1388 Attack VPN IPsec ALERT --- IPsec VPN Decryption Failed
1389 Maintenance Security Services INFO --- Access attempt from host without Client
CF agent installed
1390 Maintenance Security Services INFO --- Client CF agent out-of-date on host
1391 Attack Security Services ALERT --- Packet Data
1394 --- Bandwidth ERROR --- WXA Startup Failure - %s
Optimization
1395 --- Bandwidth WARNING --- WXA Get Failure - %s
Optimization
1396 --- Bandwidth NOTICE --- WXA Parse Failure - %s
Optimization
1397 --- Bandwidth NOTICE --- WXA Register Failure - %s
Optimization
1398 --- Bandwidth NOTICE --- WXA Unregister Failure - %s
Optimization

43
1399 --- Bandwidth NOTICE --- WXA Probe Failure - %s
Optimization
1400 --- Bandwidth ALERT --- WXA Create Failure - %s
Optimization
1401 --- Bandwidth WARNING --- WXA Set Failure - %s
Optimization
1402 --- Bandwidth ERROR --- WXA Delete Failure - %s
Optimization
1403 --- Bandwidth INFO --- WXA Enable - %s
Optimization
1404 --- Bandwidth INFO --- WXA Disable - %s
Optimization
1405 --- Bandwidth WARNING --- WXA Request Failure - %s
Optimization
1406 --- DHCP Client INFO --- General DHCPv6 Client Information [%s]
1407 --- DHCP Client DEBUG --- DHCPv6 Client sent message [%s]
1408 --- DHCP Client DEBUG --- DHCPv6 Client received message [%s]
1409 --- DHCP Client DEBUG --- DHCPv6 Client Duplicate Address Detection
[%s]
1410 --- DHCP Client DEBUG --- DHCPv6 Client waiting reply timeout [%s]
1411 --- DHCP Client DEBUG --- Router Advertisement flags [%s]
1412 --- DHCP Client INFO --- DHCPv6 Client got a new lease [%s]
1413 --- DHCP Client INFO --- DHCPv6 Client released lease [%s]
1414 --- DHCP Server INFO --- DHCPv6 Server assigned lease %s
1415 --- DHCP Server INFO --- DHCPv6 Server released lease %s
1416 --- DHCP Server INFO --- DHCPv6 Server received DHCPv6 Decline
from client %s
1417 --- DHCP Server WARNING --- DHCPv6 Server: Resources of this pool ran
out. Client Info: %s
1418 --- DHCP Server INFO --- DHCPv6 Server: Add a new scope (%s)
1419 --- DHCP Server INFO --- DHCPv6 Server: Delete scope (%s)
1420 --- DHCP Server DEBUG --- DHCPv6 Server received message (%s)
1421 --- DHCP Server DEBUG --- DHCPv6 Server sent message (%s)
1422 --- Network WARNING --- IPv6 address conflict detected from
Ethernet address %s
1423 --- Network WARNING --- Dropped NDP message:%s
1424 --- DPI-SSL ALERT 14601 DPI-SSL Connection: %s
1425 VPN Tunnel VPN WARNING --- IPsec Tunnel status down
Status
1426 --- SonicPoint-N INFO --- %s unexpected reboot. Please check
whether input power is adequate and
ethernet connection is secured.
(ACe/ACi/N2/NDR requires 802.3at PoE+)
1428 --- SSL VPN INFO --- %s
1429 Debug Network Access ALERT --- Source or Destination IPv6 address is site-
local unicast address. Packet is dropped

44
1430 Debug Network Access INFO --- IPv6 Packet with extension header
received
1431 --- Network INFO --- ICMPv6 packet received
1432 Firewall Firewall Event INFO --- Configuration changed: %s
Settings
1433 --- Network NOTICE --- %s
1434 --- Firewall Event NOTICE --- Interface %s up
1435 --- Firewall Event ERROR --- Interface %s down
1436 Debug Network INFO --- Packet dropped by NAT Policy, reason: %s
1437 --- --- WARNING --- %s
1438 --- VPN PKI NOTICE --- CA Certificate %s Added.
1439 --- VPN PKI NOTICE --- Local Certificate %s Added.
1440 --- VPN PKI NOTICE --- CA Certificate %s Deleted.
1441 --- VPN PKI NOTICE --- Local Certificate %s Deleted.
1442 System Firewall ALERT --- USB Over Current
1444 Maintenance High Availability ERROR --- Reboot occured (Reason :%s)
1445 --- Bandwidth WARNING --- WXA Warning - %s
Optimization
1446 --- DHCP Server NOTICE --- Delete invalid scope with mask of 31 bits
[%s]
1447 UDP Network Access NOTICE --- UDPv6 packet dropped
1448 UDP Network Access NOTICE --- UDPv6 checksum error; packet dropped
1449 UDP Network Access NOTICE --- ICMPv6 checksum error; packet dropped
1450 Attack Intrusion ALERT --- Possible UDPv6 flood attack detected
Detection
1451 Attack Intrusion ALERT --- Possible ICMPv6 flood attack detected
Detection
1452 Attack Intrusion ALERT --- Too many half-open TCP connections
Detection
1453 Debug Network INFO --- %s
1454 Debug Network INFO --- %s
1455 Debug Network INFO --- Extended Switch Port Status Change : %s
1458 --- Network NOTICE --- %s

45
3
Syslog events
This section provides information about using the detailed logs created from Syslog events. Syslog settings are
configured in the Log > Syslog page in SonicOS.
Topics:
• Log > Syslog on page 46
• Index of Syslog tag field descriptions on page 47
• Examples of standard Syslog messages on page 52
• Examples of ArcSight Syslog messages on page 52
• Legacy categories on page 53
• Expanded categories on page 54
• Priority levels on page 57
Log > Syslog

In addition to the standard event log, the Dell SonicWALL security appliance can send a detailed log to an
external Syslog server. The Dell SonicWALL Syslog captures all log activity and includes every connection source
and destination IP address, IP service, and number of bytes transferred. Syslog analyzers such as Dell SonicWALL
Analyzer or WebTrends Firewall Suite can be used to sort, analyze, and graph the Syslog data.
For more information on configuring the Log > Syslog page, refer to the SonicOS Administration Guide.

46
Index of Syslog tag field descriptions
This section provides an alphabetical listing of Syslog tags and the associated field description. For more
information about the “pri” Syslog Tag, see Priority levels on page 57. The value here is taken from the “Priority
Level” column of the Index of Log Event Messages on page 6. For more information about the “c” Syslog Tag, see
Legacy categories on page 53.
Table 2. Syslog Tags
Tag Tags for Arc-Sight Field Description

<ddd> Syslog message prefix The beginning of each Syslog message
has a string of the form <ddd> where
ddd is a decimal number indicating
facility and priority of the message
af_polid Application Filter Displays the Application Filter Policy
ID
af_policy Application Filter Displays the Application Policy name
af_type Application Filter Displays the Application Policy type
such as:
• SMTP Client Request
• HTTP Client Request
• HTTP Server Response
• FTP Client Request
• FTP Client Upload File
• FTP Client Download File
• POP3 Client Request
• POP3 Server Response
• FTP Data Transfer
• IPS Content
• App Control Content
• Custom Policy Type
• CFS
af_service Application Filter Displays the Application Policy service
name
af_action Application Filter Displays the Application Policy action
such as:
• HTTP Block Page
• HTTP Redirect
• Bandwidth Management
• Disable E-Mail Attachment
• FTP Notification Reply
• Reset/Drop
• Block SMTP E-Mail
• Bypass DPI
• CFS Block Page
• Packet Monitor
af_object Application policy object Displays the custom Application Policy
name object name

47
ai Active Interface via GMS Displays the Active WAN Interface.
heartbeat Normally it is Primary WAN, but in a
failover, it displays the value of the
failover default outbound WAN
interface, if there is more than one
WAN. When there is only one WAN
Interface, it is always Primary WAN
regardless of the link state
app app Numeric application ID Indicates the application for the
applied Syslog. Only displays when
Flow Reporting is enabled
appcat appcat Application Control Display the application category when
Application Control is enabled
appid appid Application ID Display the application ID when
Application Control is enabled
appName Non-Signature Application Indicates the non-signature
Name Application Name that matches the
Application ID “app” or “f” of the
Syslog; Only displays when Flow
Reporting is enabled
arg arg URL Used to render a URL: arg represents
the URL path name part
bcastRx bcastRx Interface statistics report Displays the broadcast packets
received
bcastTx bcastTx Interface statistics report Displays the broadcast packets
transmitted
bid bid Numeric Blade ID Indicates the blade that originated the
event and applies only to products
with blade architecture
bytesRx bytesRx Interface statistics report Displays the bytes received
bytesTx bytesTX Interface statistics report Displays the bytes transmitted
c cat Message category (legacy Indicates the legacy category number
only) (Note: Dell SonicWALL does not
currently send new category
information)
category category Blocking code description Applicable only when CFS is enabled,
indicates the category of the blocked
content such as “Gambling”. This
works in conjunction with “code”
Blocking code.
catid Rule category Indicates the category ID of the rule
cdur cn3Label Connection Duration Displays the connection duration in
milliseconds (ms) and only applies to
m=537 “Connection Closed” Syslog
change SWGMSchangeUrl Configuration change Displays the basename of the firewall
webpage web page that performed the last
configuration change
code reason Blocking code Indicates the CFS block code
icmpCode cn2 ICMP type and code Indicates the ICMP code
conns Firewall status report via Indicates the number of connections in
GMS heartbeat use

48
contentObject Application Filter Indicates rule name
cs4 Interface Statistics Display interface statistics
deviceOutboundInterfa Interface Indicates interface on which the
ce packet leaves the device
deviceInboundInterfac Interface Indicates interface on which the
e packet leaves the device
dpt Port Display destination port
dnpt NAT’ed Port Display NAT’ed destination port
dst dst Destination Destination IP address, and optionally,
port, network interface, and resolved
name
dstV6 dst Destination Destination IPv6 address, and
optionally, port, network interface,
and resolved name
dstname request URL Displays the URL of accessed Websites
and hosts
dstname dstname Notes Indicates additional information such
as description of forbidden/deleted
email attachments
dstZone cs4Label (destination) Destination zone name Displays destination zone
dur cs6label Numeric, session duration Displays the connection duration in
in seconds seconds; pertains to the activity time
of an authenticated user session (such
as logout messages)
dyn Firewall status report via Displays the HA and dialup connection
GMS heartbeat state (rendered as “h.d” where “h” is
“n” (not enabled), “b” (backup), or
“p” (primary) and “d” is “1” (enabled)
or “0” (disabled))
f flowType Numeric flow type Indicates the flow type when Flow
Reporting is disabled
fw Firewall WAN IP Indicates the WAN IP Address
fwlan Firewall status report via Indicates the LAN zone IP address
GS heartbeat
gcat gcat Group category Display event group category when
using Enhanced Syslog
goodRxBytes goodRxBytes SonicPoint statistics Indicates the well-formed bytes
report received
goodTxBytes goodTxBytes SonicPoint statistics Indicates the well-formed bytes
report transmitted
i Firewall status report via Displays the GMS message interval in
GMS heartbeat seconds
id=firewall WebTrends prefix Syntactic sugar for WebTrends (and
GMS by habit)
if if Interface statistics report Displays the interface on which
statistics are reported
ipscat ipscat IPS message Displays the IPS category
ipspri ipspri IPS message Displays the IPS priority
lic Firewall status report via Indicates the number of licenses for
GMS heartbeat firewalls with limited modes

49
m Message ID Provides the message ID number
mac smac or dmac MAC address Provides the source or destination MAC
address
mailFrom Email sender Originator of the email
msg msg Message Displays the message which is
composed of either or both a
predefined message and a dynamic
message containing a string %s or
numeric %d argument
n cnt Message count Indicates the number of times even
occurs
natDst cs2Label NAT destination IP Displays the NAT’ed destination IP
address
natDstV6 cs2Label NAT destination IPv6 Displays the NAT’ed destination IPv6
address
natSrc cs1Label NAT source IP Displays the NAT’ed source IP address
natSrcV6 cs1Label NAT source IPv6 Displays the NAT’ed source IPv6
address
note cs6 Additional Information Additional information that is
application-dependent
npcs cs5 URL Applicable only when Network Packet
Capture System (NPCS Solera) is
enabled, displays URL of an NPCS
object
op requestMethod HTTP OP code Displays the value assigned by SonicOS
Content Filtering based on its parsing
of an HTTP packet’s Method token for
the Request message. Supported
values are:
• 0 = NO OPERATION
• 1 = HTTP GET
• 2 = HTTP POST
• 3 = HTTP HEAD
where GET/POST/HEAD are standard
HTTP Methods and NO OPERATION is
used by SonicOS to indicate that none
of the other defined values apply.
pri Message priority Displays the event priority level
(0=emergency, 7=debug)
proto proto Protocol and service Displays the protocol information
(rendered as “proto=[protocol]” or
just “[proto]/[service]”)
pt Firewall status report via Displays the HTTP/HTTPS
GMS heartbeat management port (rendered as
“hhh.sss”)
radio radio SonicPoint statistics Displays the SonicPoint radio on which
report event occurred
rcptTo recipient Indicates the email recipient
rcvd in Bytes received Indicates the number of bytes
received within connection

50
result outcome HTTP Result code Displays the HTTP result code (200,
403, etc.) of Website hit
rpkt cn1Label Packet received Display the number of packet received
rule cs1 Rule ID Displays the Access Rule number
causing packet drop. The policy index
includes Address Object names
sent out Bytes sent Displays the number of bytes sent
within connection
sess cs5Label Pre-defined string Applies to Syslogs with an associated
indicating session type user session being tracked by the UTM.
Determined by the Authentication
mechanism and can be one of:
• None - the starting session type
when user authentication is
still pending or just started
• Web - identified as a Web
browser session
• Portal - SSL-VPN portal login
• l2tpc - L2TP client session
• vpnc - VPN client session
• sslvpnc - SSL-VPN client session
• Auto - Auto-logged in session,
for example Single Sign On
(SSO)
sid sid IPS or Anti-Spyware Provides either IPS or Anti-Spyware
message signature ID
sn Firewall serial number Indicates the device serial number
spkt cn2Label Packet sent Display the number of packets sent
spt Port Displays source port
spycat spycat Anti-Spyware message Displays the Anti-Spyware category
spypri spypri Anti-Spyware message Displays the Anti-Spyware priority
snpt NAT source port Display NAT’ed source port
src src Source Indicates the source IP address, and
optionally, port, network interface,
and resolved name
srcZone cs3Label (source) Source zone name Displays source zone
station station SonicPoint statistics Displays the client (station) on which
report event occurred
time Time Reports the time of event
type cn1 ICMP type and code Indicates the ICMP type
ucastRx ucastRx Interface statistics report Displays the unicast packets received
ucastTx ucastTx Interface statistics report Displays the unicast packets
transmitted
unsynched Firewall status report via Reports the time since last local
GMS heartbeat change in seconds
usestandbysa Firewall status report via Displays whether standby SA is in use
GMS heartbeat (“1” or “0”) for GMS management
usr (or user) susr User Displays the user name (“user” is the
tag used by WebTrends)

51
vpnpolicy cs2 (source) Source VPN policy name Displays the source VPN policy name of
event
vpnpolicyDst cs3 (destination) Destination VPN policy Displays the destination VPN policy
name name of event
Examples of standard Syslog messages

The following examples show the content of the Syslog packet. This type of message can be viewed on the
Syslog server or any packet analyzer application. Note that this is the Default Syslog Format.
id=firewall123 sn=0017C5991784 time="2013-03-20 11:56:53" fw=10.0.203.108 pri=6
c=1024 m=97 n=1 src=1.2.3.4:5432:X0 dst=4.3.2.1:2345:X1 proto=tcp/2345 op=1
sent=9876 rcvd=6789 result=403 dstname=http: arg=//www.gui.log.eng.sonicwall.com
code=20 Category="Online Banking"
c=262144 m=98 msg="Connection Opened" n=1437 usr="admin" src=192.168.168.1:61505:X0
dst=192.168.168.168:443:X0 proto=tcp/https sent=52
c=1024 m=537 msg="Connection Closed" n=3683 usr="admin" src=192.168.168.1:61505:X0
dst=192.168.168.168:443:X0 proto=tcp/https sent=1519 rcvd=951 spkt=7 rpkt=8
cdur=2133
id=firewall123 sn=0017C5991784 time="2013-03-20 11:56:53" fw=10.0.203.108 pri=1 c=32
m=609 msg="IPS Prevention Alert: P2P BitTorrent -- Peer Sync" sid=1994 ipscat=P2P
ipspri=3 P2P BitTorrent -- Peer Sync, SID: 1994, Priority: Low n=1
src=1.2.3.4:5432:X0 dst=4.3.2.1:2345:X1
id=firewall123 sn=0017C5991784 time="2013-01-29 23:38:24" bid=1 fw=10.8.70.22 pri=1
c=16 m=793 msg="App Rules Alert" af_polid=1 af_policy="test" af_type="SMTP Client
Request" af_service="SMTP (Send E-Mail)" af_action="No Action" n=0
src=10.10.10.245:50613:X0 dst=10.8.41.228:25:X1"
id=firewall123 sn=0017C5991784 mgmtip=10.0.203.108 time="2013-03-20 20:14:30 UTC"
fw=10.0.203.108 m=96 n=25 i=60 lic=0 unsynched=893 pt=80.443 usestandbysa=0 dyn=n.n
ai=1 fwlan=192.168.168.168 conns=0
Examples of ArcSight Syslog messages

The following examples show the content of the Syslog packet. This type of message can be viewed on the
Syslog server or any packet analyzer application.
MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|97|Syslog
Website Accessed|4|cat=1024 gcat=2 src=1.2.3.4 spt=5432 deviceInboundInterface=X0
cs1Label=1.2.4.5 snpt=1 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1
cs2Label=5.4.3.2 dnpt=2 proto=tcp/2345 out=9876 in=6789 requestMethod=1 outcome=403
request=http://www.gui.log.eng.sonicwall.com reason=20 Category-"Online Banking"

Connection Logged|4|cat=262144 gcat=2 src=192.168.168.1 spt=61693
deviceInboundInterface=X0 dst=192.168.168.168 dpt=443 deviceOutboundInterface=X0
susr="admin" proto=tcp/https out=52 cnt=1570

52
Close|4|cat=1024 gcat=2 smac=00:00:c5:b3:6b:e5 src=192.168.168.1 spt=61693
deviceInboundInterface=X0 cs3Label=Trusted dst=192.168.168.168 dpt=443
deviceOutboundInterface=X0 cs4Label=Trusted susr="admin" proto=tcp/https out=1519
in=967 cn2Label=7 cn1Label=8 cn3Label=2333 cnt=3815
MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|609|IDP

Prevention Alert|9|cat=32 gcat=3 src=1.2.3.4 spt=5432 deviceInboundInterface=X0
cs1Label=1.2.4.5 snpt=1 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1
cs2Label=5.4.3.2 dnpt=2 msg="IPS Prevention Alert: P2P BitTorrent -- Peer Sync, SID:
1994, Priority: Low" cnt=3
MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-

d_75o|793|Application Firewall Alert|9|cat=16 gcat=10 src=1.2.3.4 spt=5432
deviceInboundInterface=X0 dst=4.3.2.1 dpt=2345 deviceOutboundInterface=X1
msg="Application Firewall Alert: Policy: foobar, Action Type: Block SMTP E-Mail -
Send Error Reply, Mail From: an unknown string of unknown length" cnt=3
Legacy categories
This section can be used as a reference for understanding different categories and their descriptions. The
following table describes the Legacy categories shared in all SonicOS releases.
Table 3. Legacy Category Values
ID (used in Syslog) Name Description

0 Event is not Legacy Category, not backward
compatible.
1 System Maintenance Logs general system activity, such as system
activations.
2 System Errors Logs problems with DNS or Email.
4 Blocked Web Sites Logs Web sites or news groups blocked by
the Content Filter List or by customized
filtering.
8 Blocked Java Etc Logs Java, ActiveX, and Cookies blocked by
the Dell SonicWALL security appliance.
16 User Activity Logs successful and unsuccessful log in
attempts.
32 Attacks Logs messages showing Denial of Service
attacks, such as SYN Flood, Ping of Death,
and IP Spoofing.
64 Dropped TCP Logs blocked incoming TCP connections.
128 Dropped UDP Logs blocked incoming UDP packets.
256 Dropped ICMP Logs blocked incoming ICMP packets.

53
Table 3. Legacy Category Values
ID (used in Syslog) Name Description

512 Network Debug Logs NetBIOS broadcasts, ARP resolution
problems, and NAT resolution problems.
Also, detailed messages for VPN connections
are displayed to assist the network
administrator with troubleshooting
problems with active VPN tunnels. Network
Debug information is intended for
experienced network administrators.
1024 Syslog Only - For Traffic Reporting Used for Syslog only to report HTTP
connections opened and closed, and bytes
transferred.
2048 Dropped LAN TCP Used for Syslog only to report that the TCP
packet is dropped due to LAN management
policy.
4096 Dropped LAN UDP Used for Syslog only to report that the UDP
policy.
8192 Dropped LAN ICMP Used for Syslog only to report that the ICMP
policy.
32768 Modem Debug Logs Modem Debug activity.
65536 VPN Tunnel Status Logs status information on VPN tunnels.
131072 802.11 Management Logs WLAN IEEE 802.11 connections.
262144 Syslog Only - For Traffic Reporting Used for Syslog only to report that the
Network Traffic is logged when connection
is open.
524288 System Environment Logs system environment activity.
1048576 Expanded - VOIP Activity Used for Syslog only to log VoIP H.323-RAS,
H.323/H.225, and H.323/H.245 activity.
2097152 Expanded - WLAN IDS Activity Used for Syslog only to log WLAN IDS
activity.
4194304 Expanded - SonicPoint Activity Used for Syslog only to log SonicPoint
activity.
Expanded categories
The following table displays expanded category information, also known as the SonicOS category, for all
firmware releases and platforms.
Table 4. Expanded Categories
Category Description
802.11 Management Logs 802.11 management activity
Advanced Routing Logs Advanced Routing activity
Advanced Switching Logs Advanced Switching activity
Anti-Spam Service Logs the Anti-Spam service
App Flow Server Logs App Flow Server activity
App Rules Logs App Rules activity

54
Application Control Logs Application Control activity
Attacks Logs messages showing Denial of
Service attacks, such as SYN Flood,
Ping of Death, and IP Spoofing.
Authenticated Access Logs Authenticated Access activity
WAN Acceleration Logs the WAN Acceleration activity
Blocked Java Etc Logs Java, ActiveX, and Cookies
blocked
Blocked WebSites Logs Websites blocked
BOOTP Logs Bootstrap Protocol (BOOTP)
activity
Botnet Blocking Logs the Botnet Blocking activity
SSO Agent Authentication Logs the SSO Agent Authentication
activity
Crypto Test Logs Crypto Test activity
DDNS Logs Dynamic Domain Name System
(DDNS) activity
Denied LAN IP Logs LAN IP denied activity
DHCP Client Logs DHCP Client activity
DHCP Relay Logs DHCP Relay activity
DHCP Server Logs DHCP Server activity
DPI-SSL Logs the Deep Packet Inspection of
Secure Socket Layer (DPI-SSL)
activity
Dropped ICMP Logs blocked incoming Internet
Control Message Protocol (ICMP)
packet activity
Dropped TCP Logs blocked incoming Transmission
Control Protocol (TCP) connection
activity
Dropped UDP Logs blocked incoming User
Datagram Protocol (UDP) packet
activity
DSL Logs DSL activity
Dynamic Address Objects Logs Dynamic Address Object
activity
E1-T1 Logs E1-T1 activity
Firewall Event Logs Firewall Event alerts and
activity
Firewall Hardware Logs Firewall Hardware alerts and
activity
Firewall Logging Logs other Firewall-related activity
Firewall Rule Logs Firewall Rule alerts and
activity
FTP Logs File Transfer Protocol (FTP)
activity
Geolocation Logs the Geolocation service
activity

55
GMS Logs Dell SonicWALL Global
Management System (GMS) activity
High Availability Logs High Availability activity
Intrusion Prevention Logs Intrusion Prevention activity
IPComp Logs IP Compression (IPComp)
activity
IPNet Logs IPNet activity
IPv6 Tunnel Logs IPv6 activity
L2TP Client Logs Layer 2 Tunnel Protocol (L2TP)
client activity
L2TP Server Logs Layer 2 Tunnel Protocol (L2TP)
server activity
MAC-IP Anti-Spoof Logs the MAC-IP Spoofing activity
Modem Logs the Modem activity
Modem Debug Logs the Modem Debug activity
MSAD Logs Microsoft Active Directory
(MSAD) activity
Multicast Logs Multicast activity
Network Logs Network activity
Network Debug Logs NetBios broadcasts, ARP
resolution problems, and NAT
resolution problems
Network Access Logs successful and unsuccessful
Network Access activity
Network Monitor Logs Network Monitor activity
Network Traffic Logs Network Traffic activity
PPP Logs Point-to-Point (PPP) activity
PPP Dial-Up Logs Point-to-Point (PPP) Dial-Up
activity
PPPoE Logs Point-to-Point Protocol over
Ethernet (PPPoE) activity
PPTP Logs Point-to-Point Tunneling
Protocol (PPTP) activity
Remote Authentication Logs Remote Authentication
activity
RBL Logs Realtime Blackl LIST (RBL)
activity
RF Monitoring Logs RF Monitoring activity
Security Services Logs Security Services activity
SNMP Logs the Simple Network
Management Protocol (SNMP)
activity
SonicPoint Logs the SonicPoint activity
SonicPointN Logs the SonicPointN activity
SSLVPN Logs Secure Socket Layer Virtual
Private Network (SSLVPN) activity
System Environment Logs System Environment activity

56
System Errors Logs System Errors activity
System Maintenance Logs System Maintenance activity
User Activity Logs successful and unsuccessful
log in attempts
VOIP Logs Voice over IP (VOIP) activity
VPN Logs Virtual Private Network (VPN)
activity
VPN Tunnel Status Logs VPN Tunnel Status activity
VPN Client Logs VPN Client activity
VPN IKE Logs VPN IKE activity
VPN IPSec Logs VPN IP Security activity
WAN Availability Logs WAN Availability activity
Wireless Logs Wireless activity
WLAN IDS Logs Wireless LAN Intrusion
Detection System (IDS) activity
Priority levels
The following table displays the Priority Number and Name for Syslog Tags. The value here is taken from the
“Priority Level column of the Index of Log Event Messages on page 6, or the “pri” tag in Index of Syslog tag field
descriptions on page 47. For example, a tag with “pri=0” means Emergency Priority.
Table 5. Priority Level
Priority Number Priority Name

0 Emergency
1 Alert
2 Critical
3 Error
4 Warning
5 Notice
6 Info
7 Debug

57
About Dell
Dell listens to customers and delivers worldwide innovative technology, business solutions, and services they
trust and value. For more information, visit http://www.software.dell.com.
Contacting Dell
For sales or other inquiries, visit http://software.dell.com/company/contact-us.aspx or call 1-949-754-8000.
Technical support resources

Technical support is available to customers who have purchased Dell software with a valid maintenance
contract and to customers who have trial versions.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. In addition, the Support Portal provides direct access to product support engineers through
an online Service Request system.
To access the Support Portal, go to https://support.software.dell.com.
The Support Portal enables you to:
• Create, update, and manage Service Requests (cases).
• View Knowledge Base articles.
• Obtain product notifications.
• Download software. For trial software, go to http://software.dell.com/trials.
• View how-to videos.
• Engage in community discussions.
• Chat with a support engineer.

58

SonicOS 6.2.5 LogEvents ReferenceGuide

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

SonicOS 6.2.5 LogEvents ReferenceGuide

Încărcat de

Drepturi de autor:

Formate disponibile

Dell SonicWALL™ SonicOS 6.2.

SonicOS Log Events Reference Guide

Introduction to SonicOS log events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Index of Log Event Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

SonicOS 6.2.5 Log Events Reference Guide

Log > Monitor

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

Event Legacy SonicOS Category Priority SNMP Log Event Message

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

Log > Syslog

SonicOS 6.2.5 Log Events Reference Guide

Table 2. Syslog Tags

Tag Tags for Arc-Sight Field Description

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

SonicOS 6.2.5 Log Events Reference Guide

Examples of standard Syslog messages

Examples of ArcSight Syslog messages

MAR 20 2013 19:07:49 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|98|Syslog

SonicOS 6.2.5 Log Events Reference Guide

MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-d_75o|609|IDP

MAR 20 2013 19:07:43 0017C5991784 CEF:0|SonicWALL|NSA 2400|5.9.0.0-