SonicOS Log Event Reference Guide

COMPREHENSIVE INTERNET SECURITY ™
SonicWALL Internet Security Appliances

SonicOS Log Event Reference Guide
Using the SonicOS Log Event
Reference Guide
This reference guide lists and describes SonicOS log event messages. Reference a log event mes-
sage by using the alphabetical index of log event messages.
This document contains the following sections:
• “SonicOS Log Event Messages Overview” on page 1
• “Configuring SonicOS ‘Log’ > ‘View’” on page 4
• “Referencing the SonicOS ‘Log’ > ‘View ’ Field Display” on page 7
• “Index of Log Event Messages” on page 9
• “Index of Syslog Tag Field Description” on page 57
SonicOS Log Event Messages Overview

During the operation of a SonicWALL security appliance, SonicOS software sends log event mes-
sages to the ‘Log’ > ‘View’ page in the SonicWALL management interface.
In Figure 1, the ‘Log’ > ‘View’ page is displayed.
Figure 1 SonicOS Enhanced ‘Log’ > ‘View’ page
Event logging automatically begins when the SonicWALL security appliance is powered on and con-
figured. SonicOS supports a traffic log containing entries with multiple fields.
Log event messages provide operational informational and debugging information to help you diag-
nose problems with communication lines, internal hardware, or your firmware configuration.
Note: For the SonicOS CLI console display, use the show log command to display log events. Refer
to the SonicOS CLI Reference Guide located on the SonicWALL Web site:
<http://www.sonicwall.com/support/documentation.html>
SONICOS LOG EVENT REFERENCE GUIDE 1

Note: Not all log event messages indicate operational issues with your SonicWALL security
appliance.
SonicOS Log Entries

Each log entry contains the date and time of the event and a brief message describing the event. The
SonicWALL manages log events in the following manner:
• TCP, UDP, or ICMP packets dropped
When IP packets are dropped by the SonicWALL security appliance, dropped TCP, UDP and
ICMP messages are displayed. The messages include the source and destination IP addresses of
the packet. The TCP or UDP port number or the ICMP code follows the IP address. Log event
messages usually include the name of the service in quotation marks.
• Web, FTP, Gopher, or Newsgroup blocked
When a computer attempts to connect to the blocked site or newsgroup, a log event is displayed.
Blocked is defined as a Web site, connection, or event that is denied access from the SonicWALL
security appliance. The computer’s IP address, Ethernet address, the name of the blocked Web
site, and the Content Filter List Code is displayed. Code definitions for the 12 Content Filter List
categories are shown below.
1. Violence 7. Cult
2. Intimate Apparel/Swim- 8. Drugs/Illegal Drugs

suit
3. Nudism 9. Criminal Skills/Illegal Skills
4. Adult/Mature Content/ 10. Sex Education

Pornography
5. Weapons 11. Gambling
6. Hate/Racism 12. Alcohol & Tobacco
• ActiveX, Java, Cookie or Code Archive blocked

When ActiveX, Java or Web cookies are blocked, messages with the source and destination IP
addresses of the connection attempt is displayed.
• Ping of Death, IP Spoof, and SYN Flood Attacks
The IP address of the machine under attack and the source of the attack is displayed. In most
attacks, the source address shown is fake and does not reflect the real source of the attack.
SonicOS ‘Log View Settings’

The ‘Log View Settings’ section of the ‘Log’ > ‘View’ page provides you the filtering controls to filter log
event messages based on your configured log filter logic. It also contains the following log manage-
ment buttons:
• Refresh—Renews the ‘Log View’ table with current log event messages.
• Clear Log—Empties the entries in the ‘Log View’ table.
• E-mail Log—E-mails log event messages to your configured SMTP server or list of e-mail
addresses.
• Export Log—Exports the log into a plain .txt or .csv file format.
2 SONICOS LOG EVENT REFERENCE GUIDE

SonicOS ‘Log View’ Display Format
The ‘Log’ > ‘View’ page displays log event messages in following format for alert notification:
• Time—Displays the hour and minute the event occurred.
• Priority—Displays the level urgency for the event.
• Category—Displays the event type.
• Message—Displays a description of the event.
• Source—Displays the source IP address of incoming IP packet.
• Destination—Displays the destination IP address of incoming IP packet.
• Note—Displays displays additional information specific to a particular event occurrence.
• Rule—Displays the source and destination zones for the access rule. This field provides a link to
the access rule defined in the ‘Firewall’ > ‘Access Rules’ page.
The display fields for a log event message provides you with data to verify your configurations, trou-
ble-shoot your security appliance, and track IP traffic.

Configuring SonicOS ‘Log’ > ‘View’
The ‘Log’ > ‘View” page in the Web-based SonicWALL management interface allows you to export log
reports, e-mail log reports, and monitor real-time Syslog data. As soon as you power on your Son-
icWALL security appliance, SonicOS software sends Syslog data to your log. In the SonicWALL man-
agement interface, you can navigate through the subcategories of the ‘Log’ setting for reporting and
customizing log reports.
In Figure 2, the ‘Log’ > ‘View’ page is displayed.
Figure 2 SonicOS Enhanced ‘Log’ > ‘View’ page

Setting the Log Filter Logic
By default, the SonicOS filter logic is set to “Priority && Category && Source && Destination.” The
double ampersand symbols (&&) indicate the boolean expression “and.” The default SonicOS filter
logic displays all log events.
In Figure 3, the ‘Log’ > ‘View’ > ‘Log View Settings’ page is displayed.
Figure 3 SonicOS ‘Log View Settings’
Log Event Message Filters
Default filter logic value Group filters
Apply filters Default filter logic Export logs
Reset filters
Applying Custom Log Event Message Filters

This section provides examples on using the ‘Log View Settings’ to filter log event messages dis-
played in the ‘Log View’ page.
Configuration Example: Filtering Log Event Messages by Priority Value

To set the log filter logic to display only log event messages with a priority level of Emergency:
1. Select Emergency from the filter-Priority Value pull-down menu.
2. Click on the Apply Filters button.
Configuration Example: Filtering Log Event Messages by Category Value

To set the log filter logic to display only log event messages with a category event type of Attacks:
1. Select Attacks from the filter-Category Value pull-down menu.

Configuration Example: Filtering Log Event Messages by Source Value
To set the log filter logic to display only log event messages associated to a source IP address:
1. Enter the source IP address or select an interface from the filter-Source Value pull-down menu.
Configuration Example: Filtering Log Event Messages by Destination Value

To set the log filter logic to display only log event messages associated to a destination IP address:
1. Enter the destination IP address or select an interface from the filter-Source Value pull-down
menu.
Using Group Filters

Use Group filters to change the default SonicOS filter logic (Priority && Category && Source && Des-
tination) from double ampersand symbols (&&) to double pipe symbols (||) to indicate the boolean
expression “or.” When using group filters, select two or more Group Filters checkboxes.
Note: If you select only one Group Filter checkbox, the filter logic will remain the same. Selecting only
the Priority-Group Filter checkbox provides you with the following filter logic:
(Priority) && Category && Source && Destination
Configuration Example: Using the ‘Priority’ Group Filter and ‘Category Group’ Filter
To set the log filter logic to display log event messages with a priority level of Emergency or a category
event type of Attack:
1. Select the ‘Priority’ group filter checkbox.
2. Select the ‘Category’ group filter checkbox.
3. Select Emergency from the filter-Priority Value pull-down menu.
4. Select Attacks from the filter-Category Value pull-down menu.
Figure 4 illustrates the SonicOS filter logic updated as follows:
(Priority || Category) && Source && Destination
Figure 4 SonicOS Log Group Filters
A filter logic using the boolean expression “||” is less restrictive than the default filter logic using the
boolean expression “&&”. With the boolean expression “||”, log event messages are displayed if they
match either filter values. With the boolean expression “&&”, log event messages are displayed if they
match both filter values.

Exporting the Logs to a File
This section provides instructions to export your log to a file.
To export the log to a file:
1. Click on the Export Log button. You will be prompted to select a export file format type as
illustrated in Figure 5.
Figure 5 SonicOS Export Log
2. Select a file format:

Plain text format used in log and alert e-mail—Saves the log file as plain text, which can be
used for alert e-mails.
Comma-Separated Value (CSV) format—Saves the log file for importing into Microsoft Excel or
other presentation development application.
3. Click on the Export button.
4. Save the exported log file to a location on your personal computer’s hard drive.
Note: You can export a log to a file with applied filter settings.
Referencing the SonicOS ‘Log’ > ‘View ’

Field Display
SonicOS 2.5 Enhanced and Standard releases and greater provide the SonicOS ‘Log’ > ‘View’ field
display as illustrated in Figure 6.
Figure 6 SonicOS ‘Log’ > ‘View’ Field Display
Time and Date Stamp Category Source IP Address Log Event Notes
Message Descrition Destination IP Network Rule

Priority

Referencing the SonicWALL Firmware ‘Log’ > ‘View Log’ Field Display
SonicWALL Firmware 6.6.0.0 release and greater provide the SonicWALL Firmware ‘Log’ > ‘View
Log’ field display as illustrated in Figure 7.
Figure 7 SonicWALL Firmware Log’ > ‘View Log’ Field Display
Time and Date Stamp Source IP Address Additional Information
Event Message Destination IP Address Rule Number (If Applicable)

Index of Log Event Messages
This section contains a list of log event messages for all SonicWALL Firmware and SonicOS Software
Releases, ordered alphabetically. Use your web browser’s Find function to search for a command.
Log Event Message Symbols Key
Log Event Message Symbol Description Context
%s Ethernet Port Down Represents a character string. [WAN | LAN | DMZ] Ethernet Port
Down
The cache is full; %u open Represents a numerical string. The cache is full; [40,000] open
connections; some will be dropped connections; some will be dropped
TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling

In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be
rejected by a deeper layer of packet processing. In these cases, the connection request has not been
forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event
message should be ignored in favor of the TCP Connection Dropped log event message.
Each log event message described in the following table provides the following log event details:
• SonicOS Category—Displays the SonicOS Software category event type.
• Legacy Category—Displays the SonicWALL Firmware Software category event type.
• Priority Level—Displays the level of urgency of the log event message.
• Log Message ID Number—Displays the ID number of the log event message.
• SNMP Trap Type—Displays the SNMP Trap ID number of the log event message.
Log Event SonicOS Legacy Priority Log SNMP Log Event Type
Message Category Category Level Message Trap
ID Type
Number
#Web site hit Network Traffic Connection Traffic Information 97 --- Standard HTTP Traffic
Report
%s VPN IKE User Activity Information 171 --- Standard

Message String
%s High --- Error 826 --- Simple

Availability Message String
%s High --- Warning 827 --- Simple

%s High --- Information 828 --- Simple

%s High --- Alert 829 --- Simple

%s High --- Notice 830 --- Simple

%s High --- Debug 831 --- Simple

%s ARS --- Information 840 --- Standard

Message String
%s ARS --- Notice 841 --- Standard

Message String

%s ARS --- Debug 842 --- Standard
Message String
%s Ethernet Port Firewall Event System Error Error 333 641 Simple
Message String
Down
%s Ethernet Port Up Firewall Event System Error Warning 332 640 Simple
Message String
%s-payload VPN IKE Debug Error 616 --- Standard

Message String
processing error
SonicWALL Security Services Maintenance Warning 496 --- Simple

Registration Update
Needed: Restore
your existing
security service
subscriptions by
clicking here.
802.11b Wireless 802.11b Information 518 --- Simple

Management Destination
Management
A prior version of Firewall Event System Error Warning 572 648 Simple
preferences was
loaded because the
most recent
preferences file was
inaccessible
A SonicOS Firewall Event Maintenance Information 611 --- Simple

Standard to
Enhanced Upgrade
was performed
Access attempt Security Services Maintenance Information 761 --- Standard

from host out of
compliance with
GSC policy
Access attempt Security Services Maintenance Information 123 --- Standard

from host without
Anti-Virus agent
installed
Access attempt Security Services Maintenance Information 763 524 Standard

from host without
GSC installed
Access rule added Security Services User Activity Information 440 --- Simple Rule
Access rule deleted Firewall Rule User Activity Information 442 --- Simple Rule String
Access rule Firewall Rule User Activity Information 441 --- Simple Rule
modified
Access to proxy Network Access Blocked Sites Notice 60 705 Standard Note Blocked
server denied
ActiveX access Network Access Blocked Code Notice 18 --- Standard Note Blocked
denied

ActiveX or Java Network Access Blocked Code Notice 20 --- Standard Note Blocked
archive access
denied
ADConnector %s Security Services --- Error 769 --- Standard

Message String
response
timed-out;
applying caching
policy
Add an attack Firewall Event Attack Error 143 525 Simple String
message
Adding Dynamic Network --- Information 813 --- Standard Note ENET
Entry for Bound
MAC Address
Adding L2TP IP L2TP Server System Error Error 603 661 Simple
pool Address object
Failed.
Adding to Multicast --- Debug 697 --- Standard

Message String
multicast
policyList,
interface:%s
Adding to Multicast --- Debug 699 --- Standard

Message String
Multicast
policyList, VPN
SPI:%s
Administrator Authentication User Activity Information 261 --- Standard

Access
logged out
Administrator Authentication User Activity Information 262 --- Standard

Access
logged out -
inactivity timer
expired
Administrator login Authentication User Activity Information 29 --- Standard

Access
allowed
Administrator login Authentication Attack Alert 30 560 Standard

Access
denied due to bad
credentials
Administrator login Authentication Attack Alert 35 506 Standard

Access Message String
denied from %s;
logins
disabled from this
interface
Adminstrator name Authentication Maintenance Information 328 --- Standard

Access
changed
All DDNS DDNS Maintenance Information 783 --- Simple

associations have
been deleted

All preference Firewall Event System Error Warning 574 650 Simple
values have been
set to factory
default values
Allowed LDAP RADIUS User Activity Warning 752 --- Standard Note String
server certificate
with wrong host
name
Anti-Spyware Intrusion Attack Alert 795 576 Standard AS Message

Detection String
Detection Alert: %s
Anti-Spyware Intrusion Attack Alert 794 575 Standard AS Message

Detection String
Prevention Alert:
%s
Anti-Spyware Security Services Maintenance Warning 796 577 Simple

Service Expired
Anti-Virus agent Security Services Maintenance Information 124 --- Standard

out-of-date on host
Anti-Virus Licenses Security Services Maintenance Information 408 --- Standard

Exceeded
ARP request packet Network --- Information 717 --- Standard Note ENET
received
ARP request packet Network --- Information 715 --- Standard Note ENET
sent
ARP response Network --- Information 716 --- Standard Note ENET
packet received
ARP response Network --- Information 718 --- Standard Note ENET
packet sent
ARP timeout Network Debug Debug 45 --- Standard
Association Flood WLAN IDS WLAN IDS Alert 548 903 Simple Destination
from WLAN station
Authentication Authentication User Activity Information 821 --- Simple

Access
timeout during
Remotely
Triggered Dial-out
session
Back Orifice attack Intrusion Attack Alert 73 512 Standard

Detection
dropped
Backup active High Availability System Error Information 825 --- Simple
Backup firewall High Availability System Error Error 152 619 Simple
being preempted by
Primary
Backup firewall has High Availability Maintenance Information 145 --- Simple
transitioned to
Active

Backup firewall has High Availability Maintenance Information 147 --- Simple
transitioned to Idle
Backup going High Availability System Error Error 170 622 Simple
Active in preempt
mode after reboot
Backup missed High Availability System Error Error 149 616 Simple
heartbeats from
Primary
Backup received High Availability System Error Error 151 618 Simple
error signal from
Primary
Backup received High Availability System Error Error 672 666 Simple
reboot signal from
Primary
Backup shut down High Availability System Error Error 824 --- Simple
because license is
expired
Backup will be shut High Availability System Error Error 823 --- Simple Message String
down in %s minutes
Bad CRL format VPN PKI User Activity Alert 277 --- Simple Destination
Blocked Quick VPN Client System Error Error 505 660 Standard
Mode for Client
using Default KeyID
BOOTP Client IP BOOTP Maintenance Information 619 --- Standard Destination

address on LAN
conflicts with
remote device IP,
deleting IP address
from remote table
BOOTP reply BOOTP Maintenance Information 620 --- Standard Destination

relayed to local
device
BOOTP Request BOOTP Debug Debug 621 --- Standard Destination

received from
remote device
BOOTP server BOOTP Debug Debug 618 --- Standard Destination

response relayed to
remote device
Broadcast packet Network Access Debug Debug 46 --- Standard Note Protocol
dropped
Cannot connect to VPN PKI User Activity Alert 274 --- Simple Destination
the CRL server
Cannot Validate VPN PKI User Activity Alert 878 --- Simple Destination
Issuer Path
Certificate on VPN PKI User Activity Alert 279 --- Simple Destination
Revoked list (CRL)

CFL Security Services Maintenance Information 268 --- Simple
auto-download dis-
abled, time prob-
lem detected
CLI administrator Authentication User Activity Information 520 --- Simple

Access
logged out
CLI administrator Authentication User Activity Information 199 --- Simple

Access
login allowed
CLI administrator Authentication User Activity Warning 200 --- Simple

Access
login denied due to
bad credentials
Computed hash VPN IKE User Activity Warning 410 --- Standard Destination
does not match
hash received from
peer
Connection Closed Network Traffic Connection Traffic Information 537 --- Standard Traffic Report
Connection Opened Network Traffic Connection Information 98 --- Standard Note Protocol
Connection timed VPN PKI User Activity Alert 273 --- Simple Destination
out
Cookie removed Network Access Blocked Code Notice 21 --- Standard String Service
CRL has expired VPN PKI User Activity Alert 874 --- Simple Destination
CRL loaded from VPN PKI User Activity Information 270 --- Simple Destination
CRL missing - VPN PKI User Activity Alert 876 --- Simple Destination
Issuer requires CRL
checking.
CRL validation VPN PKI User Activity Alert 877 --- Simple Destination
failure for Root
Certificate
Crypto DES test Crypto Test Maintenance Error 360 --- Simple
failed
Crypto DH test Crypto Test Maintenance Error 361 --- Simple

failed
Crypto Hardware Crypto Test Maintenance Error 367 --- Simple

3Des test failed
Crypto Hardware Crypto Test Maintenance Error 369 --- Simple

3DES with SHA test
failed
Crypto Hardware Crypto Test Maintenance Error 610 --- Standard

AES test failed
Crypto hardware Crypto Test Maintenance Error 366 --- Simple

DES test failed
Crypto Crypto Test Maintenance Error 368 --- Simple

Hardware DES with
SHA test failed

Crypto Hmac-MD5 Crypto Test Maintenance Error 362 --- Simple
fest failed
Crypto Crypto Test Maintenance Error 363 --- Simple

Hmac-Sha1 test
failed
Crypto MD5 test Crypto Test Maintenance Error 370 --- Simple
failed
Crypto RSA test Crypto Test Maintenance Error 364 --- Simple
failed
Crypto Sha1 test Crypto Test Maintenance Error 365 --- Simple
failed
DDNS DDNS Maintenance Information 781 --- Simple Message String

association %s
disabled

association %s
enabled

association %s
added

association %s
deactivated

association %s
deleted

Association %s put
on line

association %s
taken Offline locally
DDNS Failure: DDNS System Error Error 774 --- Simple Message String
Provider %s
Provider %s
Provider %s
DDNS Update DDNS Maintenance Information 776 --- Standard Message

String
success for domain
%s
DDNS Warning: DDNS System Error Warning 777 --- Simple Message String
Provider %s

Deleting from Multicast --- Debug 698 --- Standard Message
String
Multicast policy list,
interface: %s
Deleting from Multicast --- Debug 700 --- Standard Message

String
Multicast policy list,
VPN SPI: %s
Deleting IPSec SA VPN IKE User Activity Information 92 --- Standard Note SPI
DHCP client DHCP Client Maintenance Information 504 --- Simple

enabled but not
ready
DHCP Client did not DHCP Client Maintenance Information 109 --- Standard
get DHCP ACK.
DHCP Client failed DHCP Client Maintenance Information 119 --- Standard
to verify and lease
has expired. Go to
INIT state.
DHCP Client got a DHCP Client Maintenance Information 121 --- Standard Destination
new IP address
lease.
DHCP Client got DHCP Client Maintenance Information 111 --- Standard Destination
ACK from server.
DHCP Client got DHCP Client Maintenance Information 110 --- Standard
NACK.
DHCP Client is DHCP Client Maintenance Information 112 --- Standard Destination
declining address
offered by the
server.
DHCP Client DHCP Client Maintenance Information 113 --- Standard Destination
sending REQUEST
and going to
REBIND state.
DHCP Client DHCP Client Maintenance Information 114 --- Standard Destination
sending REQUEST
and going to
RENEW state.
DHCP DISCOVER DHCP Relay Debug Information 474 --- Standard Destination
received from
remote device
DHCP lease DHCP Relay Maintenance Warning 228 --- Standard Destination
dropped. Lease
from Central
Gateway conflicts
with Relay IP

DHCP lease DHCP Relay Maintenance Warning 484 --- Standard Destination
dropped. Lease
from Central
Gateway conflicts
with Remote
Management IP
DHCP lease relayed DHCP Relay Maintenance Information 223 --- Standard Destination
to local device
DHCP lease relayed DHCP Relay Debug Information 225 --- Standard Destination
to remote device
DHCP lease to LAN DHCP Relay Maintenance Information 226 --- Standard Destination
device
conflicts with
remote device,
deleting remote IP
entry
DHCP NAK received DHCP Relay Debug Information 477 --- Standard Destination
from server
DHCP OFFER DHCP Relay Debug Information 476 --- Standard Destination
received from
server
DHCP Ranges Firewall Event --- Information 832 --- Simple Message String
altered
automatically due to
change in network
settings for
interface %s
DHCP RELEASE DHCP Relay Debug Information 224 --- Standard Destination
received from
remote device
DHCP RELEASE DHCP Relay Maintenance Information 222 --- Standard Destination
relayed to Central
Gateway
DHCP REQUEST DHCP Relay Debug Information 473 --- Standard Destination
received from
remote device
DHCP Server not DHCP Client Maintenance Information 106 --- Standard
available. Did not
get any DHCP
OFFER.
Diagnostic Firewall System Error Error 93 611 Simple Note String

Hardware
Code A

Hardware
Code B

Hardware
Code C

Diagnostic Firewall System Error Error 64 610 Standard Note Code
Hardware
Code D
Hardware
Code D
Diagnostic VPN IPSec System Error Error 61 609 Standard Note Code
Code E
Hardware
Code F
Hardware
Code G
Hardware
Code H
Hardware
Code I
Disconnecting L2TP L2TP Client Maintenance Information 215 --- Simple

Tunnel due to traffic
timeout
Disconnecting PPPPoE Maintenance Information 168 --- Simple

PPPoE due to traffic
timeout
Disconnecting PPTP Maintenance Information 389 --- Simple

PPTP Tunnel due to
traffic timeout
Discovered HA High Availability Maintenance Information 156 --- Simple

Backup Firewall
DNS packet allowed Network Access Debug Information 602 --- Standard Policy
Drop WLAN traffic Intrusion Attack Error 662 572 Standard

Detection
from non
SonicPoint devices
Dynamic IPSec VPN IPSec User Activity Information 62 --- Standard Destination
client connected
EIGRP packet Network Access Debug Notice 714 --- Standard Note String
dropped
E-Mail fragment Intrusion Attack Error 437 550 Standard

Detection
dropped
Error initializing Firewall Maintenance Error 374 --- Simple

Hardware
Hardware
acceleration for
VPN
Error Rebooting HA High Availability System Error Error 669 663 Simple
Peer Firewall

Error setting the IP High Availability System Error Error 191 629 Simple
address of the
backup, please
manually set to
backup LAN IP
Error High Availability System Error Error 158 662 Simple Message String
synchronizing HA
peer firewall (%s)
Exceeded Max Multicast --- Warning 703 --- Standard

multicast address
limit
Failed payload VPN IKE User Activity Warning 405 --- Standard
validation
Failed payload VPN IKE User Activity Warning 404 --- Standard
verification after
decryption.
Possible
preshared key
mismatch
Failed to find VPN PKI User Activity Alert 875 --- Simple Destination
certificate
Failed to get CRL VPN PKI User Activity Alert 271 --- Simple Destination
from
Failed to Process VPN PKI User Activity Alert 276 --- Simple Destination
CRL from
Failed to resolve Network Maintenance Information 84 --- Simple Destination

name
Failed to DHCP Relay System Error Warning 234 632 Standard

synchronize Relay
IP Table
Failure to reach High Availability System Error Error 675 647 Simple Message String
Interface %s probe
Fan Failure Firewall System Alert 576 102 Simple

Hardware Environment
Forbidden E-Mail Intrusion Attack Error 248 534 Standard Destination

Detection
attachment deleted
Forbidden E-Mail Intrusion Attack Alert 165 527 Standard Destination

Detection
attachment
disabled
Found Rogue WLAN IDS WLAN IDS Alert 546 901 Simple Destination
Access Point
Found Rogue WLAN IDS WLAN IDS Alert 556 901 Simple Destination
Access Point
Fragmented packet Network TCP | UDP | ICMP Notice 28 --- Standard Note Protocol
dropped

Fraudulent Intrusion Attack Error 193 532 Standard
Detection
Microsoft
certificate found;
access denied
FTP: Data Network Access Attack Alert 538 557 Standard

connection from
non default port
dropped
FTP: PASV Intrusion Attack Alert 528 556 Standard Note String
Detection
response bounce
attack dropped.
FTP: PASV Intrusion Attack Error 446 551 Standard

Detection
response spoof
attack dropped
FTP: PORT bounce Intrusion Attack Alert 527 555 Standard Note String
Detection
attack dropped.
Gateway Security Services Attack Alert 809 --- Standard Message

String
Anti-Virus Alert: %s
Gateway Anti-Virus Security Services Maintenance Warning 810 --- Simple

Service expired
Global VPN VPN Client System Error Information 529 643 Standard
Client connection is
not allowed.
Appliance is not
registered.
Global VPN VPN Client System Error Information 494 658 Standard
Client License
Exceeded:
Connection denied.
Global VPN VPN Client User Activity Information 604 --- Standard Destination
Client version
cannot enforce
personal firewall.
Minimum Version
required is 2.1
Got DHCP OFFER. DHCP Client Maintenance Information 107 --- Standard Destination
Selecting.
GSC policy Security Services Maintenance Information 762 --- Standard

out-of-date on host
Guest account '%s' Authentication User Activity Information 558 --- Standard Message
Access String
created
Access String
deleted
Access String
disabled

Access String
pruned
Access String
re-enabled
Access String
re-generated
Guest login denied. Authentication User Activity Information 557 --- Standard Message
Access String
Guest '%s' is
already logged in.
Please try again
later.
H.323/H.225 VoIP VoIP Debug 634 --- Standard Note String

Connect
H.323/H.225 Setup VoIP VoIP Debug 633 --- Standard Note String
H.323/H.245 VoIP VoIP Debug 635 --- Standard Note String

Address
H.323/H.245 End VoIP VoIP Debug 636 --- Standard Note String
Session
H.323/RAS VoIP VoIP Debug 625 --- Standard Note String

Admission
Confirm

Admission Reject

Admission Request

Bandwidth Reject

Disengage Confirm

Disengage Reject

Gatekeeper Reject

Location Confirm

Location Reject

Registration Reject

Unknown
Message Response

Unregistration
Reject
HA packet High Availability Maintenance Information 162 --- Simple

processing error
HA Peer Firewall High Availability Maintenance Information 668 --- Simple

Rebooted
HA Peer Firewall High Availability Maintenance Information 157 --- Simple

Synchronized
Hardware Failover Firewall Event Maintenance Information 743 --- Simple

settings were not
upgraded.
Header VPN IKE User Activity Warning 587 --- Standard

verification failed
HTTP Firewall Event Maintenance Information 340 --- Simple Note String
management port
has changed
HTTP method Network Access TCP Debug 882 --- Standard Policy
detected;
examining stream
for host header
HTTPS Firewall Event Maintenance Information 341 --- Simple Note String
management port
has changed
ICMP checksum Network Access UDP Notice 886 --- Standard

error
ICMP packet Network Access Debug Information 597 --- Standard Policy
allowed
ICMP packet Network Access ICMP Notice 38 --- Standard Policy

dropped
ICMP packet Network Access ICMP Notice 523 --- Standard ICMP Service
dropped
ICMP packet from Network Access Debug Information 598 --- Standard ICMP Service
LAN allowed
ICMP packet from Network Access LAN ICMP | LAN Notice 175 --- Standard ICMP Service
TCP
LAN dropped
If not already Firewall System Error Warning 540 645 Simple

Hardware
enabled, enabling
NTP is
recommended
IGMP packet Multicast --- Notice 683 --- Standard Message

String
dropped, wrong
checksum received
on interface %s

IGMP Leave group Multicast --- Information 682 --- Standard Message
String
message Received
on interface %s
IGMP packet Multicast --- Notice 686 --- Standard

dropped, decoding
error
IGMP Packet Not Multicast --- Notice 687 --- Standard Message
String
handled. Packet
type: %s
IGMP querier Multicast --- Debug 701 --- Standard Message

String
Router detected on
interface %s
IGMP querier Multicast --- Debug 702 --- Standard Message

String
Router detected on
VPN tunnel, SPI %S
IGMP state table Multicast --- Debug 692 --- Standard Message
String
entry time out,
deleting interface:
%s for multicast
address: %s
IGMP state table Multicast --- Debug 693 --- Standard Message
String
entry time out,
deleting VPN
SPI:%s for Multicast
address: %s
IGMP V2 client Multicast --- Information 676 --- Standard Message

String
joined multicast
Group: %s
IGMP V2 Multicast --- Debug 679 --- Standard Message

String
Membership report
received from
interface %s
IGMP V3 client Multicast --- Information 677 --- Standard Message

String
joined multicast
Group: %s
IGMP V3 Multicast --- Debug 678 --- Standard Message

String
Membership report
received from inter-
face %s
IGMP V3 packet Multicast --- Notice 688 --- Standard Message

String
dropped,
unsupported
Record type: %s
IGMP V3 reord type: Multicast --- Debug 689 --- Standard Message
String
%s not
Handled
IKE ID mismatch %s VPN IKE Debug Debug 658 --- Simple Message String

IKE Initiator drop: VPN IKE User Activity Information 544 --- Standard
Packet dest
address does not
match selected
local interface
address
IKE Initiator: VPN IKE User Activity Information 372 --- Standard Note String
Accepting IPSec
proposal (Phase 2)
IKE Initiator: VPN IKE User Activity Information 445 --- Standard Destination
Accepting peer
lifetime. (Phase 1)
IKE Initiator: VPN IKE User Activity Information 354 --- Standard Destination
Aggressive Mode
complete (Phase 1).
IKE Initiator: Main VPN IKE User Activity Information 353 --- Standard Destination
Mode complete
(Phase 1)
IKE Initiator: VPN IKE User Activity Warning 401 --- Standard Destination
Received notify.
NO_PROPOSAL_
CHOSEN
IKE Initiator: Start VPN IKE User Activity Information 358 --- Standard
Aggressive Mode
negotiation
(Phase 1)
Main Mode
negotiation
(Phase 1)
Quick Mode
(Phase 2).
IKE Initiator: Using VPN IKE User Activity Information 543 --- Standard Destination
secondary gateway
to
negotiate
IKE negotiation VPN IKE User Activity Information 403 --- Standard
aborted due to
timeout
IKE negotiation VPN IKE User Activity Information 89 --- Standard

complete. Adding
IPSec SA. (Phase 2)

IKE Responder VPN IKE User Activity Information 545 --- Standard
drop: Packet dest
address does not
match selected
local interface
address
IKE Responder: %s VPN Client System Error Error 660 --- Standard Message
String
policy does not
allow static IP for
Virtual Adapter.
IKE Responder: VPN IKE User Activity Information 87 --- Standard Note String
Accepting IPSec
proposal
(Phase 2)
IKE Responder: VPN IKE User Activity Information 373 --- Standard Destination
Aggressive Mode
complete
(Phase 1)
IKE Responder: AH VPN IKE User Activity Warning 258 544 Standard
Perfect
Forward Secrecy
mismatch
IKE Responder: VPN IKE User Activity Warning 260 546 Standard
Algorithms and/or
keys do not match
IKE Responder: VPN IKE Attack Error 516 553 Standard Note String
Default LAN
gateway is not set
but peer is
proposing to use
this SA as a default
route
IKE Responder: VPN IKE User Activity Warning 253 539 Standard Note String
Default LAN
gateway is set but
peer is not
proposing to use
this SA as a default
route
ESP Perfect
Forward Secrecy
mismatch
IKE Responder: IKE VPN IKE User Activity Warning 402 --- Standard Destination
proposal does not
match (Phase 1)

IKE Responder: IP VPN Client System Error Error 659 --- Standard Note String
Address already
exists in the DHCP
relay table. Client
traffic not allowed.
IPSec proposal
does not match
(Phase 2)
IKE Responder: VPN IKE User Activity Information 357 --- Standard Destination
Main Mode
complete
(Phase 1)
IKE Responder: VPN IKE Debug Warning 342 --- Standard Message
Number
Mode %d - not
transport mode.
Xauth is required
but not supported
by peer.
IKE Responder: VPN IKE User Activity Warning 249 535 Standard Message
Number
Mode %d - not
tunnel mode
IKE Responder: No VPN IKE User Activity Warning 252 538 Standard Note String
match for
proposed remote
network address
IKE Responder: No VPN IKE User Activity Warning 250 536 Standard Note String
matching Phase 1
ID found for
proposed remote
network
Proposed local
network is 0.0.0.0
but SA has no LAN
Default
Gateway
Proposed remote
network is 0.0.0.0
but not DHCP relay
nor default route
IKE Responder: VPN IKE User Activity Information 356 --- Standard
Received
Aggressive Mode
request (Phase 1)
Received Main
Mode request
(Phase 1)

Received Quick
Mode Request
(Phase 2)
Tunnel
terminates inside
firewall but
proposed local
network is not
inside firewall
Tunnel
terminates on DMZ
but
proposed local
network is on LAN
Tunnel terminates
on LAN but pro-
posed local network
is on DMZ
Tunnel
terminates
outside firewall but
proposed local
network is not NAT
public address
Tunnel
terminates
outside firewall but
proposed remote
network is not NAT
public address
IKE SA lifetime VPN IKE User Activity Information 350 --- Standard
expired.
Illegal IPSec SPI VPN IPSec User Activity Information 65 --- Standard Destination
Imported VPN SA is Firewall Event Maintenance Warning 348 --- Standard Note String
invalid -
disabled
Inbound RBL --- Notice 798 --- Standard

connection from
RBL-listed SMTP
server dropped

Incoming call Authentication User Activity Information 817 --- Simple
Access
received for
Remotely
Triggered Dial-out
session
Incompatible IPSec VPN IPSec User Activity Information 69 --- Standard Destination
Security
Association
Incorrect Authentication User Activity Information 819 --- Simple

Access
authentication
received for
Remotely
Triggered Dial-out
Ini Killer attack Intrusion Detec- Attack Alert 80 519 Standard

tion
dropped
Interface %s Link Is Firewall Event System Error Error 566 647 Simple Message String
Down
Interface %s Link Is Firewall Event System Error Warning 565 646 Simple Message String
Up
Interface IP Firewall Event Maintenance Information 568 --- Simple Message String
Assignment:
Binding and
initializing %s
Interface IP Firewall Event Maintenance Information 567 --- Simple Message String
Assignment
changed:
Shutting down %s
Interface GMS --- Information 805 --- Simple Interface Status

statistics report
Invalid VLAN packet Network --- Alert 836 --- Standard Note String
dropped
IP Header Network Access TCP|UDP Notice 883 --- Standard

checksum error
IP spoof detected DHCP Relay Attack Error 229 533 Standard Note ENET
on packet to
Central Gateway,
packet dropped
IP spoof dropped Intrusion Attack Alert 23 502 Standard Note ENET

Detection
IP type %s packet Network Access LAN UDP | LAN Notice 590 --- Standard Message
TCP String
dropped
IPS Detection Alert: Intrusion Attack Alert 608 569 Standard IDP Message
Detection String
%s
IPS Detection Alert: Intrusion Attack Alert 789 573 Standard Message
Detection String
%s

IPS Prevention Intrusion Attack Alert 609 570 Standard IDP Message
Detection String
Alert: %s
IPS Prevention Intrusion Attack Alert 790 574 Standard Message

Detection String
Alert: %s
IPSec (AH) packet VPN IPSec TCP | UDP | ICMP Notice 534 --- Standard Note String
dropped
IPSec (AH) packet VPN IPSec Debug Debug 536 --- Standard
dropped; waiting for
pending IPSec
connection
IPSec (ESP) packet VPN IPSec TCP | UDP | ICMP Notice 533 --- Standard Note String
dropped
IPSec (ESP) packet VPN IPSec Debug Debug 535 --- Standard
pending IPSec
connection
IPSec VPN IPSec Attack Error 67 508 Standard Destination

Authentication
Failed
IPSec connection Network Access Debug Debug 43 --- Standard

interrupt
IPSec Decryption VPN IPSec Attack Error 68 509 Standard Destination

Failed
IPSec packet Network Access TCP | UDP | ICMP Notice 40 --- Standard
dropped
IPSec packet Network Access Debug Debug 42 --- Standard

pending IPSec
connection
IPSec packet from VPN IPSec Maintenance Information 247 --- Standard Destination
an illegal host
IPSec packet from VPN IPSec Attack Error 70 510 Standard Destination
or to an illegal host
IPSEC Replay VPN IPSec Attack Alert 180 531 Standard Note String
Detected
IPSecTunnel VPN VPN Tunnel Status Information 427 801 Simple

status changed
ISDN Driver Firewall Event Maintenance Information 493 --- Simple

Firmware
successfully
updated
Issuer match failed VPN PKI User Activity Alert 278 --- Simple Destination
Java access denied Network Access Blocked Code Notice 19 --- Standard Note Blocked

L2TP Max L2TP Client Maintenance Information 203 --- Simple
Retransmission
Exceeded
L2TP PPP Authenti- L2TP Client Maintenance Information 212 --- Simple
cation Failed
L2TP PPP Down L2TP Client Maintenance Information 211 --- Simple
L2TP PPP link down L2TP Client Maintenance Information 217 --- Simple
L2TP PPP L2TP Client Maintenance Information 208 --- Simple

Negotiation Started
L2TP PPP L2TP Client Maintenance Information 210 --- Simple

Session Up
L2TP Server: L2TP Server Maintenance Information 337 --- Standard Destination
Deleting the L2TP
active Session
Deleting the
Tunnel
L2TP Server: L2TP L2TP Server Maintenance Information 309 --- Standard Destination
Session
Established.
L2TP Server: L2TP L2TP Server Maintenance Information 308 --- Standard Destination
Tunnel Established.
Retransmission
Timeout, Deleting
the Tunnel
L2TP Server: User L2TP Server Maintenance Information 344 --- Standard Destination
Name
authentication
Failure locally.
L2TP Server: Local L2TP Server Maintenance Information 312 --- Standard Destination
Authentication
Failure
L2TP Server: Local L2TP Server Maintenance Information 318 --- Standard Destination
Authentication
Success.
Radius
Authentication
Success
Radius reports
Authentication
Failure

Radius server not
assigned IP
address
L2TP Server: Call L2TP Server Maintenance Information 334 --- Standard Destination
Disconnect from
Remote.
L2TP Server: Tunnel L2TP Server Maintenance Information 335 --- Standard Destination
Disconnect from
Remote.
L2TP Session L2TP Client Maintenance Information 207 --- Simple

Disconnect from
Remote

Established

Negotiation Started
L2TP Tunnel L2TP Client Maintenance Information 205 --- Simple

Disconnect from
Remote

Established

Negotiation Started
LAN Subnet Firewall Event Maintenance Information 741 --- Simple

configurations were
not upgraded.
Land attack Intrusion Attack Alert 27 505 Standard

Detection
dropped
License exceeded: Firewall Event System Error Error 58 608 Standard

Connection
dropped because
too many IP
addresses are in
use on your LAN
License of HA pair High Availability System Error Error 670 664 Simple
doesn't match
Local user login Authentication User Activity Information 31 --- Standard String Service
Access
allowed
Local user login Authentication User Activity Information 32 --- Standard String Service
Access
denied due to bad
credentials
Locked-out user Authentication User Activity Information 438 --- Standard Note String
Access
logins allowed -
lockout period
expired

Locked-out user Authentication User Activity Information 439 --- Standard Note String
Access
logins allowed by
administrator
Log Cleared Firewall Logging Maintenance Information 5 --- Simple
Log Debug Firewall Event Debug Error 142 --- Simple String
Log successfully Firewall Logging Maintenance Information 6 --- Simple

sent via email
Login screen timed Authentication User Activity Information 34 --- Standard String Service
Access
out
MAC address Network --- Notice 814 --- Standard Note ENET
collides with Static
ARP Entry with
Bound MAC
address; packet
dropped
Machine %s Intrusion --- Alert 865 --- Simple Message String

Detection
removed from SYN
flood
blacklist
Malformed or Network Access Debug Alert 522 554 Standard Destination

unhandled IP
packet dropped
Maximum events Firewall Logging System Error Critical 654 --- Simple
per second
threshold exceeded
Maximum PPP Dial-Up Attack Error 591 566 Standard Message

String
sequential failed
dial attempts (10) to
a single dial-up
number: %s
Maximum syslog Firewall Logging System Error Critical 655 --- Simple
data per second
threshold exceeded
Multicast Multicast --- Information 696 --- Standard Message

String
application %s not
supported
Multicast packet Multicast --- Alert 685 --- Standard Message

String
dropped, Invalid src
IP received on
interface: %s
Multicast packet Multicast --- Alert 684 --- Standard Message

String
dropped, wrong
MAC address
received on inter-
face: %s
Multicast TCP Multicast --- Notice 691 --- Standard

packet dropped

Multicast UDP Multicast --- Notice 690 --- Standard
packet dropped,
no state entry
Multicast UDP Multicast --- Warning 695 --- Standard

packet dropped,
RTCP stateful failed
Multicast UDP Multicast --- Warning 694 --- Standard

packet dropped,
RTP stateful failed
NAT device may not VPN IPSec Maintenance Information 266 --- Simple
support IPSec AH
passthrough
NAT Discovery: No VPN IKE User Activity Information 241 --- Standard
NAT/NAPT device
detected between
IPSec Security
gateways
NAT Discovery: VPN IKE User Activity Information 240 --- Standard
Local IPSec
Security Gateway
behind a NAT/NAPT
Device
Peer IPSec
Security Gateway
behind a NAT/NAPT
Device
Peer IPSec
Security Gateway
doesn't support
VPN NAT Traversal
NAT translated Network Debug Debug 339 --- Standard

packet exceeds size
limit, packet
dropped
Net Spy attack Intrusion Attack Alert 74 513 Standard

Detection
dropped
NetBIOS settings Firewall Event Maintenance Information 740 --- Simple

were not upgraded.
Use Network>IP
Helper to
configure
NetBIOS support
NetBus attack Intrusion Attack Alert 72 511 Standard

Detection
dropped

Network for Firewall Event Maintenance Information 569 --- Simple Message String
interface %s
overlaps with
another interface.
Network Modem PPP Dial-Up Maintenance Information 531 --- Simple

Mode Disabled:
re-enabling NAT
Network Modem PPP Dial-Up Maintenance Information 530 --- Simple

Mode Enabled:
turning off NAT
New URL List Security Services Maintenance Information 8 --- Simple

loaded
Newsgroup access Network Access Blocked Sites Notice 17 704 Standard Note Blocked
allowed
Newsgroup access Network Access Blocked Sites Notice 15 702 Standard Note Blocked
denied
No Certificate for VPN PKI User Activity Alert 280 --- Simple Destination
No new URL List Security Services Maintenance Information 9 --- Simple

available
No response from PPPPoE Maintenance Information 169 --- Simple

ISP Disconnecting
PPPoE.
No response from PPTP Maintenance Information 431 --- Simple

PPTP server to call
requests

PPTP server to
control connection
requests

server to Echo
Requests,
disconnecting
PPTP Tunnel
No valid DNS server RBL --- Error 800 --- Simple

specified for RBL
lookups
Not all Firewall Event Maintenance Information 612 --- Simple

configurations may
have been
completely
upgraded
Not enough VPN PKI User Activity Warning 272 --- Simple Destination
memory to hold the
CRL

Obtained Relay IP DHCP Relay Maintenance Information 233 --- Standard
Table from Remote
Gateway
OCSP Failed to VPN PKI User Activity Error 853 --- Standard Note String
Resolve Domain
Name.
OCSP Internal error VPN PKI User Activity Error 854 --- Standard Note String
handling received
response.
OCSP received VPN PKI User Activity Error 851 --- Standard Note String
response error.
OCSP received VPN PKI User Activity Information 850 --- Standard Note String
response.
OCSP Resolved VPN PKI User Activity Information 852 --- Standard Note String
Domain Name.
OCSP send request VPN PKI User Activity Error 849 --- Standard Note String
message failed.
OCSP sending VPN PKI User Activity Information 848 --- Standard Note String
request.
Outbound RBL --- Notice 797 --- Standard

connection to
RBL-listed SMTP
server dropped
Out-of-order Network Access Debug Debug 48 --- Standard

command packet
dropped
Packet dropped by Wireless TCP | UDP | ICMP Warning 488 --- Standard Destination
WLAN guest check
Packet dropped by Wireless TCP | UDP | ICMP Warning 495 --- Standard Destination
WLAN VPN
traversal check
Packet dropped. VPN System Error Alert 739 --- Standard Note String
No firewall rule
associated with
VPN policy.
Ping of death Intrusion Detec- Attack Alert 22 501 Standard

tion
dropped
PKI Failure: CA VPN PKI Maintenance Error 453 --- Simple

certificates store
exceeded.
Cannot verify this
Local Certificate
PKI Failure: VPN PKI Maintenance Error 449 --- Simple

Cannot alloc
memory

Certificate's ID does
not match this
SonicWALL

Duplicate local
certificate

Duplicate local
certificate name

Import failed

Improper file
format. Please
select PKCS#12
(*.p12) file

Incorrect admin
password

Internal error
PKI Failure: Loaded VPN PKI Maintenance Error 469 --- Simple
but could not verify
certificate
PKI Failure: Loaded VPN PKI Maintenance Error 470 --- Simple
the certificate but
could not verify it's
chain
PKI Failure: No CA VPN PKI Maintenance Error 459 --- Simple

certificates yet
loaded

Output buffer too
small

public-private key
mismatch

Reached the limit
for local certs, cant
load any more

Temporary
memory shortage,
try again

PKI Failure: The VPN PKI Maintenance Error 464 --- Simple
certificate chain has
no root
certificate chain is
circular
certificate chain is
incomplete
certificate or a cer-
tificate in the chain
has a bad signature
certificate or a
certificate in the
chain has a
validity period in
the future
certificate or a
certificate in the
chain has expired
certificate or a
certificate in the
chain is corrupt
Please connect Firewall Event Maintenance Information 570 --- Simple Message String
interface %s to
another network to
function properly
Please manually Firewall Event Maintenance Information 613 --- Simple

check all system
configurations for
correctness of
Upgrade
Port configured to Network Access TCP | UDP | ICMP Warning 347 --- Standard Destination
receive IPSEC
ONLY. Drop packet
received in the
clear.
Possible port scan Intrusion Attack Alert 82 521 Standard Note String
Detection
dropped
Possible SYN flood Intrusion Attack Warning 25 503 Standard

Detection
attack detected

Possible SYN flood Intrusion --- Alert 859 --- Simple Message String
Detection
detected on WAN IF
%s - switching to
connection-proxy
mode
Possible SYN Flood Intrusion --- Alert 860 --- Simple Message String
Detection
on IF %s
Possible SYN Flood Intrusion --- Warning 866 --- Simple Message String
Detection
on IF %s continues
Possible SYN Flood Intrusion --- Alert 867 --- Simple Message String
Detection
on IF %s has
ceased
PPP Dial-Up: PPP Dial-Up User Activity Information 306 --- Simple
Connect request
canceled
PPP Dial-Up: PPP Dial-Up User Activity Information 286 --- Simple Message String
Connected at %s
bps - starting PPP
PPP Dial-Up: PPP Dial-Up --- Information 666 --- Standard

Connection
disconnected as
scheduled.
PPP Dial-Up: Dial PPP Dial-Up Maintenance Information 324 --- Standard Message
String
initiated by %s
PPP Dial-Up: Dialed PPP Dial-Up User Activity Information 285 --- Simple
number did not
answer
PPP Dial-Up: Dialed PPP Dial-Up User Activity Information 284 --- Simple
number is busy
PPP Dial-Up: PPP Dial-Up --- Information 665 --- Standard Message
String
Dialing not allowed
by schedule. %s
Dialing: %s
PPP Dial-Up: Idle PPP Dial-Up User Activity Information 297 --- Simple
time limit exceeded
-
disconnecting
Initialization: %s
PPP Dial-Up: Link PPP Dial-Up User Activity Information 288 --- Simple
carrier lost

PPP Dial-Up: Man- PPP Dial-Up User Activity Information 321 --- Simple
ual
intervention
needed. Check Pri-
mary Profile or Pro-
file details
Maximum
connection time
exceeded -
disconnecting
PPP Dial-Up: No PPP Dial-Up User Activity Information 282 --- Simple
dialtone detected -
check
phone-line
connection
PPP Dial-Up: No PPP Dial-Up User Activity Information 283 --- Simple
link carrier detected
- check phone num-
ber
PPP Dial-Up: No PPP Dial-Up Maintenance Information 481 --- Simple

peer IP address
from Dial-Up ISP,
local and remote
IPs will be the same
PPP Dial-Up: PPP PPP Dial-Up User Activity Information 301 --- Simple
link down
PPP Dial-Up: PPP PPP Dial-Up User Activity Information 300 --- Simple
link established
Previous session
was connected for
%s
PPP Dial-Up: PPP Dial-Up User Activity Information 299 --- Standard
Received new IP
address
Shutting down link
PPP Dial-Up: The PPP Dial-Up Maintenance Information 330 --- Simple
profile in use
disabled VPN
networking.
PPP Dial-Up: WAN Failover User Activity Information 434 --- Simple
Trying to failover
but Alternate Pro-
file is manual

Trying to failover
but Primary
Profile is manual
Unknown dialing
failure
PPP Dial-Up: User PPP Dial-Up User Activity Information 305 --- Simple
requested
connect
PPP Dial-Up: User PPP Dial-Up User Activity Information 304 --- Simple
requested
disconnect
PPP Dial-Up: VPN PPP Dial-Up Maintenance Information 331 --- Simple
networking
restored.
PPP: PPP User Activity Information 289 --- Simple

Authentication
successful
PPP: CHAP PPP User Activity Information 291 --- Simple

authentication
failed - check
username /
password
PPP: MS-CHAP PPP User Activity Information 292 --- Simple

authentication
failed - check
username /
password
PPP: PAP PPP User Activity Information 290 --- Simple

Authentication
failed - check
username /
password
PPP: Starting CHAP PPP User Activity Information 294 --- Simple
authentication
PPP: Starting PPP User Activity Information 293 --- Simple

MS-CHAP
authentication
PPP: Starting PAP PPP User Activity Information 295 --- Simple
authentication
PPPoE PPPPoE Maintenance Information 130 --- Simple

terminated
PPPoE discovery PPPPoE Maintenance Information 133 --- Simple

process complete
PPPoE enabled but PPPPoE Maintenance Information 499 --- Simple

not ready

PPPoE LCP Link PPPPoE Maintenance Information 129 --- Simple
Down
PPPoE LCP Link Up PPPPoE Maintenance Information 128 --- Simple
PPPoE Network PPPPoE Maintenance Information 131 --- Simple

Connected
PPPoE Network PPPPoE Maintenance Information 132 --- Simple

Disconnected
PPPoE starting PPPPoE Maintenance Information 134 --- Simple

CHAP
Authentication
PPTP enabled but PPTP Maintenance Information 501 --- Simple

not ready
PPTP Connect PPTP Maintenance Information 390 --- Standard Destination

Initiated by the User
PPTP Control PPTP Maintenance Information 378 --- Simple

Connection
Established
PPTP Control PPTP Maintenance Information 375 --- Simple

Connection
Negotiation Started
PPTP decode PPTP Debug Debug 596 --- Standard

failure
PPTP Disconnect PPTP Maintenance Information 388 --- Standard Destination

Initiated by the User
PPTP PAP PPTP Maintenance Information 396 --- Simple

Authentication
success.
PPTP PPP Down PPTP Maintenance Information 385 --- Simple
PPTP PPP Link PPTP Maintenance Information 399 --- Simple

down
PPTP PPP Link PPTP Maintenance Information 400 --- Simple

Finished
PPTP PPP Link Up PPTP Maintenance Information 398 --- Simple
PPTP PPP PPTP Maintenance Information 382 --- Simple

Negotiation Started
PPTP PPP PPTP Maintenance Information 384 --- Simple

Session Up
PPTP Server is not PPTP Maintenance Information 444 --- Simple

responding, check
if the server is UP
and running.
PPTP server PPTP Maintenance Information 432 --- Simple

rejected control
connection

PPTP server PPTP Maintenance Information 433 --- Simple
rejected the call
request
PPTP Session PPTP Maintenance Information 381 --- Simple

Disconnect from
Remote

Established

Negotiation Started
PPTP starting CHAP PPTP Maintenance Information 392 --- Simple

Authentication
PPTP starting PAP PPTP Maintenance Information 393 --- Simple

Authentication
PPTP Tunnel PPTP Maintenance Information 379 --- Simple

Disconnect from
Remote
Primary firewall has High Availability Maintenance Information 144 --- Simple
transitioned to
Active
Primary firewall has High Availability System Error Error 146 614 Simple
transitioned to Idle
Primary firewall High Availability System Error Error 153 620 Simple
preempting Backup
Primary missed High Availability System Error Error 148 615 Simple
heartbeats from
Backup
Primary received High Availability System Error Error 150 617 Simple
error signal from
Backup
Primary received High Availability System Error Error 671 665 Simple
reboot signal from
Backup
Priority attack Intrusion Detec- Attack Alert 79 518 Standard

tion
dropped
Probable port scan Intrusion Detec- Attack Alert 83 522 Standard Note String
tion
dropped
Probable TCP FIN Intrusion Detec- Attack Alert 177 528 Standard
tion
scan dropped
Probable TCP NULL Intrusion Detec- Attack Alert 179 530 Standard Note String
tion
scan dropped
Probable TCP Intrusion Detec- Attack Alert 178 529 Standard Note String
tion
XMAS scan
dropped

Probing failure on WAN Failover System Error Alert 326 637 Standard Message
String
%s
Probing WAN Failover System Error Alert 436 638 Standard Message
String
succeeded on %s
Problem loading the Security Services System Error Error 183 623 Simple
URL List; Appli-
ance not registered.
Problem loading the Security Services System Error Error 10 602 Standard Note Code
URL List; check
Filter settings
URL List; check
your DNS server
URL List; Flash
write failure.
Problem loading the Security Services System Error Error 186 626 Standard
URL List; Retrying
later.
Problem loading the Security Services System Error Error 184 624 Standard
URL List;
Subscription
expired.
URL List; Try
loading it again.
Problem sending Firewall Logging System Error Warning 12 604 Simple

log e-mail; check
log settings
Real time clock Firewall System Error Warning 539 644 Simple
Hardware
battery failure Time
values may be
incorrect
Received a path Network User Activity Information 182 --- Standard Note SPI
MTU ICMP
message from
router/gateway
Received a path Network User Activity Information 188 --- Standard Note MTU
MTU ICMP
message from
router/gateway
Received AV Alert: Security Services Maintenance Warning 125 524 Simple Message String
%s

Your SonicWALL
Network Anti-Virus
subscription has
expired. %s
Your SonicWALL
Network Anti-Virus
subscription will
expire in 7 days. %s
Received CFS Alert: Security Services Maintenance Warning 490 563 Simple
Your SonicWALL
Content Filtering
subscription has
expired.
Received CFS Alert: Security Services Maintenance Warning 489 562 Simple
Your SonicWALL
Content Filtering
subscription will
expire in 7 days.
Received DHCP DHCP Client Maintenance Information 588 --- Standard Destination
offer packet has
errors
Received E-Mail Security Services Maintenance Warning 492 565 Simple

Filter Alert: Your
SonicWALL E-Mail
Filtering
subscription has
expired.
Received E-Mail Security Services Maintenance Warning 491 564 Simple

Filter Alert: Your
SonicWALL E-Mail
Filtering
subscription will
expire in 7 days.
Received Network Debug Debug 63 --- Standard

fragmented packet
or fragmentation
needed
Received IKE SA VPN IKE User Activity Information 413 --- Standard
delete request
Received IPS Alert: Security Services Maintenance Warning 614 571 Simple
Your SonicWALL
Intrusion
Prevention (IDP)
subscription has
expired.
Received IPSEC SA VPN IKE User Activity Information 412 --- Standard Destination
delete request

Received ISAKMP VPN IKE Debug | UDP Information 607 --- Standard Message
String
packet destined to
port %s
Received LCP Echo PPPPoE Maintenance Information 723 --- Simple

Reply
Received LCP Echo PPPPoE Maintenance Information 721 --- Simple

Request
Received notify: VPN IKE User Activity Information 414 --- Standard Destination
INVALID_COOKIES
Received notify: VPN IPSec User Activity Warning 483 --- Standard
INVALID_ID_INFO
Received notify: VPN IKE User Activity Error 661 --- Standard
INVALID_PAYLOAD
INVALID_SPI
Received notify: VPN IKE User Activity Warning 409 --- Standard Destination
ISAKMP_AUTH_
FAILED
Received notify: VPN IKE User Activity Warning 411 --- Standard Destination
PAYLOAD_
MALFORMED
RESPONDER_
LIFETIME
Received packet VPN IKE User Activity Warning 406 --- Standard
retransmission.
Drop duplicate
packet
Received PPPoE PPPPoE Maintenance Information 593 --- Simple

Active Discovery
Offer
Received PPPoE PPPPoE Maintenance Information 594 --- Simple

Active Discovery
Session_
confirmation
Received response DHCP Client Maintenance Information 589 --- Standard Destination
packet for DHCP
request has errors
Received VPN IKE User Activity Warning 605 --- Standard

unencrypted packet
while crypto active
Regulatory PPP Dial-Up Attack Error 592 567 Standard Message

String
requirements pro-
hibit %s from being
re-dialed for 30
minutes

Remotely Triggered Authentication User Activity Information 822 --- Simple
Access
Dial-out session
ended. Valid WAN
bound data found.
Normal dial-up
sequence will
commence
Remotely Triggered Authentication User Activity Information 818 --- Simple

Access
Dial-out session
started. Requesting
authentication
Request for Relay DHCP Relay Maintenance Information 230 --- Standard
IP Table from
Central Gateway
Requesting CRL VPN PKI User Activity Information 269 --- Simple Destination
from
Requesting Relay IP DHCP Relay Maintenance Information 231 --- Standard

Table from Remote
Gateway
Retransmitting DHCP Client Maintenance Information 99 --- Standard Destination

DHCP DISCOVER.

DHCP REQUEST
(Rebinding).

DHCP REQUEST
(Rebooting).

DHCP REQUEST
(Renewing).

DHCP REQUEST
(Requesting).

DHCP REQUEST
(Verifying).
RIP disabled on RIP Maintenance Information 419 --- Simple Message String
interface %s
Ripper attack Intrusion Attack Alert 76 515 Standard

Detection
dropped
RIPv1 enabled on RIP Maintenance Information 420 --- Simple Message String
interface %s
RIPv2 compatibility RIP Maintenance Information 422 --- Simple Message String
(broadcast) mode
enabled on
interface %s

RIPv2 enabled on RIP Maintenance Information 421 --- Simple Message String
interface %s
Router IGMP Multicast --- Debug 680 --- Standard Message

String
General query
received on
interface %s
Router IGMP Multicast --- Debug 681 --- Standard Message

String
Membership query
received on
interface %s
Sending DHCP DHCP Client Maintenance Information 105 --- Standard Destination
DISCOVER.
RELEASE.
REQUEST
(Rebinding).
REQUEST
(Rebooting).
REQUEST
(Renewing).
REQUEST
(Verifying).
REQUEST.
Sending LCP Echo PPPPoE Maintenance Information 722 --- Simple

Reply
Sending LCP Echo PPPPoE Maintenance Information 720 --- Simple

Request
Sending PPPoE PPPPoE Maintenance Information 595 --- Simple

Active Discovery
Request
Senna Spy attack Intrusion Attack Alert 78 517 Standard

Detection
dropped
Sent Relay IP Table DHCP Relay Maintenance Information 232 --- Standard
to Central Gateway
SIP Register VoIP VoIP Warning 645 --- Standard Note String
expiration exceeds
configured
Signaling inactivity
time out
SIP Request VoIP VoIP Debug 643 --- Standard Note String

SIP Response VoIP VoIP Debug 644 --- Standard Note String
SMTP Firewall Logging System Error Warning 656 --- Simple

POP-Before-SMTP
authentication
failed
SMTP server found RBL --- Notice 799 --- Standard Note String
on RBL blacklist
Smurf Intrusion Attack Alert 81 520 Standard

Detection
Amplification attack
dropped
SonicPoint SonicPoint SonicPoint Information 727 --- Simple Destination

Provision
SonicPoint GMS --- Information 806 --- Simple SonicPoint Sta-

tus
statistics report
SonicPoint Status SonicPoint SonicPoint Information 667 --- Simple Destination
SonicWALL Firewall Event Maintenance Alert 4 --- Simple

activated
SonicWALL Firewall Event Maintenance Information 521 --- Simple

initializing
Source routed IP Intrusion | Debug Warning 428 --- Standard

Detection
packet dropped
Spank attack Intrusion Attack Alert 606 568 Standard

Detection
multicast packet
dropped
Starting IKE VPN IKE User Activity Information 90 --- Standard Note String
negotiation
Starting PPPoE PPPPoE Maintenance Information 127 --- Simple

discovery
Status GMS Maintenance Emergency 96 --- Simple GMS Status
Striker attack Intrusion Attack Alert 77 516 Standard

Detection
dropped
Sub Seven attack Intrusion Attack Alert 75 514 Standard

Detection
dropped
Success to reach High Availability System Error Information 674 --- Simple Message String
Interface %s probe
Successful Authentication User Activity Information 820 --- Simple

Access
authentication
received for
Remotely Triggered
Dial-out
SYN Flood Intrusion --- Warning 868 --- Simple Message String
Detection
Blacklist on IF %s
continues

SYN Flood Intrusion --- Warning 863 --- Standard
Detection
blacklisting dis-
abled by user
SYN Flood Intrusion --- Warning 862 --- Standard

Detection
blacklisting enabled
by user
SYN flood ceased Intrusion --- Alert 861 --- Standard

Detection
or flooding
machines
blacklisted -
connection proxy
disabled
SYN Flood Mode Intrusion --- Warning 858 --- Standard

Detection
changed by user to:
Always proxy WAN
connections

Detection
changed by user to:
Watch and proxy
WAN connections
when under attack

Detection
changed by user to:
Watch and report
possible SYN floods
Synchronizing pref- High Availability Maintenance Information 673 --- Simple

erences to HA Peer
Firewall
SYN-Flooding Intrusion --- Alert 864 --- Simple Message String

Detection
machine %s
blacklisted
System clock Firewall Logging --- Notice 881 --- Simple Note String
manually updated
TCP checksum Network Access TCP Notice 884 --- Standard

error
TCP connection Network Debug Debug 713 --- Standard Note String
abort received; TCP
connection dropped
TCP connection Network Access TCP Notice 36 --- Standard Policy

dropped
TCP connection Network Access LAN TCP Notice 173 --- Standard Service
from LAN denied
TCP connection Network Debug Debug 712 --- Standard Note String
reject received; TCP
connection dropped
TCP FIN packet Network Debug Debug 181 --- Standard Note String
dropped

TCP handshake Network Access --- Notice 760 --- Standard Note String
violation detected;
TCP connection
dropped
TCP packet Network Debug Debug 891 --- Standard Note String
received on a
closing
connection; TCP
packet dropped
received on
non-existent/closed
connection; TCP
packet dropped
received with
invalid ACK
number; TCP
packet dropped
received with
invalid header
length; TCP packet
dropped
received with
invalid MSS option
length; TCP packet
dropped
received with
invalid option
length; TCP packet
dropped
received with
invalid SACK option
length; TCP packet
dropped
received with
invalid SEQ
number; TCP
packet dropped
received with
invalid source port;
TCP packet
dropped

TCP packet Network Debug Information 897 --- Standard Note String
received with
invalid SYN Flood
cookie; TCP packet
dropped
TCP packet Network Debug Information 892 --- Standard Note String
received with SYN
flag on an existing
connection; TCP
packet dropped
received without
mandatory ACK
flag; TCP packet
dropped
received without
mandatory SYN
flag; TCP packet
dropped
TCP SYN received Intrusion Detec- --- Debug 869 --- Standard
tion
TCP Syn/Fin packet Network Access Attack Alert 580 558 Standard Note String
dropped
TCP Xmas Tree Intrusion Detec- Attack Alert 267 547 Standard
tion
dropped
The cache is full; Firewall Event System Error Error 53 607 Standard Message
Number
%u open
connections; some
will be dropped
The loaded content Security Services System Error Error 190 628 Simple
URL List has
expired.
The network WAN Failover System Error Warning 307 639 Standard Message
String
connection in use is
%s
The preferences file Firewall Event System Error Warning 573 649 Simple
is too large to be
saved in available
flash memory
Thermal Red Firewall Hard- System Environ- Alert 578 104 Simple
ware ment
Thermal Red Timer Firewall Hard- System Environ- Alert 579 105 Simple
ware ment
Exceeded
Thermal Yellow Firewall Hard- System Environ- Alert 577 103 Simple
ware ment

Time of day settings Firewall Event Maintenance Information 742 --- Simple
for firewall policies
were not upgraded.
UDP checksum Network Access UDP Notice 885 --- Standard

error
UDP packet Network Access UDP Notice 37 --- Standard Policy

dropped
UDP packet from Network Access LAN UDP | LAN Notice 174 --- Standard Service
TCP
LAN dropped
Unknown protocol Network Access Debug Notice 41 --- Standard Note String
dropped
Unknown reason VPN PKI User Activity Error 275 --- Simple Destination
User logged out Authentication User Activity Information 263 --- Standard String Service
Access
User logged out - Authentication User Activity Information 265 --- Standard Note String
Access
inactivity timer
expired
Access
max session time
exceeded
Access
user disconnect
detected (heartbeat
timer expired)
User login denied - RADIUS User Activity Warning 750 --- Standard String Service
insufficient access
on LDAP server
invalid credentials
on LDAP server
User login denied - RADIUS User Activity Information 745 --- Standard String Service
LDAP authentica-
tion failure
LDAP communica-
tion problem
LDAP directory mis-
match
LDAP schema mis-
match
LDAP server certifi-
cate not valid

LDAP server down
or misconfigured
LDAP server name
resolution failed
LDAP server time-
out
RADIUS authentica-
tion failure
RADIUS communi-
cation problem
RADIUS configura-
tion error
RADIUS server
name resolution
failed
RADIUS server
timeout
TLS or local certifi-
cate problem
User has no
privileges for login
from that location
User login denied - Authentication User Activity Information 486 --- Standard Destination
Access
User has no
privileges for WLAN
guest service
User login denied Authentication User Activity Information 33 --- Standard String Service
Access
due to bad creden-
tials
User login disabled Authentication Attack Error 583 559 Standard Message
Access String
from %s
User login failed - Authentication User Activity Information 549 --- Standard Note String
Access
Guest service limit
reached

User login failure Authentication Attack Error 329 561 Standard Destination
Access
rate exceeded -
logins from user IP
address denied
Virtual Access Point SonicPoint 802.11b Information 731 --- Simple Destination
Management
is disabled
Virtual Access Point SonicPoint 802.11b Information 730 --- Simple Destination
Management
is enabled
VoIP %s Endpoint VoIP VoIP Debug 637 --- Simple Message String
added
VoIP %s Endpoint VoIP VoIP Warning 639 --- Simple Message String
not added -
configured 'public'
endpoint limit
reached
VoIP %s Endpoint VoIP VoIP Debug 638 --- Simple Message String
removed
VoIP Call VoIP VoIP Information 622 --- Standard Note String
Connected
VoIP Call VoIP VoIP Information 623 --- Standard Note String
Disconnected
Voltages Out of Firewall Hard- System Environ- Error 575 101 Simple
ware ment
Tolerance
VPN Cleanup: VPN User Activity Information 471 --- Standard

Dynamic network
settings change
VPN Client Policy VPN Client User Activity Information 371 --- Standard Destination
Provisioning
VPN disabled by Authentication Maintenance Information 506 --- Simple

Access
administrator
VPN enabled by Authentication Maintenance Information 507 --- Simple

Access
administrator
VPN Log Debug VPN IKE Debug Information 172 --- Simple String
VPN policy count VPN System Error Error 719 --- Simple Message String
received exceeds
the limit; %s
VPN zone Authentication User Activity Information 235 --- Standard

Access
administrator login
allowed
VPN zone remote Authentication User Activity Information 237 --- Standard String Service
Access
user login allowed
WAN Interface not Firewall Event Maintenance Information 498 --- Simple
setup
Wan IP Changed Firewall Event System Error Warning 138 636 Standard

WAN not ready Firewall Event Maintenance Information 502 --- Simple
WAN zone Authentication User Activity Information 236 --- Standard

Access
administrator login
allowed
WAN zone remote Authentication User Activity Information 238 --- Standard String Service
Access
user login allowed
WARNING: DHCP DHCP Relay Maintenance Information 227 --- Standard Destination
lease relayed from
Central Gateway
conflicts with IP in
Static Devices list
Web access request Network Access TCP Notice 524 --- Standard Policy
dropped
Web management Network Access User Activity Notice 526 --- Standard Service
request allowed
Web site access Network Access Blocked Sites Notice 16 703 Standard Note Blocked
allowed
Web site access Network Access Blocked Sites Error 14 701 Standard Note Blocked
denied
Wireless MAC Filter Authentication Maintenance Information 513 --- Simple

Access
List disabled by
administrator
Wireless MAC Filter Authentication Maintenance Information 512 --- Simple

Access
List enabled by
administrator
WLAN client null WLAN IDS WLAN IDS Warning 615 904 Standard Destination
probing
WLAN disabled by Authentication Maintenance Information 508 --- Simple

Access
administrator
WLAN disabled by Authentication Maintenance Information 728 --- Simple

Access
schedule
WLAN drop traffic Network Access --- Information 724 --- Standard Note String
to deny network
WLAN enabled by Authentication Maintenance Information 509 --- Simple

Access
administrator
WLAN enabled by Authentication Maintenance Information 729 --- Simple

Access
schedule
WLAN firmware Wireless Maintenance Information 487 --- Simple String

image has been
updated
WLAN Guest Authentication User Activity Information 551 --- Standard Note String
Access
Account Timeout
WLAN Guest Idle Authentication User Activity Information 564 --- Standard Note String
Access
Timeout

WLAN Guest Authentication User Activity Information 550 --- Standard Note String
Access
Session Timeout
WLAN max Network Access --- Information 726 --- Standard Note String
concurrent users
reached already
WLAN not in AP Wireless Maintenance Information 617 --- Simple

mode, DHCP server
will not provide
lease to clients on
WLAN
WLAN pass traffic Network Access --- Information 725 --- Standard Note String
to access allow
network
WLAN recovery Wireless Maintenance Information 519 --- Simple String
WLAN sequence WLAN IDS WLAN IDS Warning 547 902 Simple Destination
number out of order
WLB Failback WAN Failover System Error Alert 435 652 Standard Message
String
initiated by %s
WLB Failover in WAN Failover System Error Alert 584 651 Standard
progress
WLB Resource WAN Failover System Error Alert 586 654 Standard
failed
WLB Resource is WAN Failover System Error Alert 585 653 Standard
now available
WLB Spill-over WAN Failover Maintenance Warning 581 --- Simple

started, configured
threshold exceeded
WLB Spill-over WAN Failover Maintenance Warning 582 --- Simple

stopped
WPA MIC Failure Wireless 802.11b Warning 663 --- Simple Destination
Management
WPA Radius Server Wireless 802.11b Information 664 --- Simple Destination
Management
Timeout
XAUTH Failed with VPN Client User Activity Information 140 --- Standard Destination
VPN client,
Authentication
failure
XAUTH Failed with VPN Client User Activity Information 141 --- Standard Destination
VPN client, Cannot
Contact RADIUS
Server
XAUTH Succeeded VPN Client User Activity Error 139 --- Standard Destination
with VPN client

Index of Syslog Tag Field Description
This section provides an alphabetical listing of Syslog tags and the associated field description.
Tag Field Description
<ddd> Syslog message prefix The beginning of each syslog message has a
string of the form <ddd> where ddd is a decimal
number indicating facility and priority of the mes-
sage. (See [1] Section 4.1.1)
arg URL Used to render a URL: arg represents the URL

path name part.
bcastRx Interface statistics report Displays the broadcast packets received
bcastTx Interface statistics report Displays the broadcast packets transmitted
bytesRx Interface statistics report Displays the bytes received
bytesTx Interface statistics report Displays the bytes transmitted
c Message category (legacy only) Indicates the legacy category number (Note: We
are not currently sending new category informa-
tion.)
change Configuration change webpage Displays the basename of the firewall web page
that performed the last configuration change
code Blocking code Indicates the CFS block code category
code ICMP type and code Indicates the ICMP code
conns Firewall status report Indicates the number of connections in use
cpuUtil Firewall status report Displays the CPU utilization (not in use)
dst Destination Destination IP address, and optionally, port, net-

work interface, and resolved name.
dstname Destination URL Displays the URL of web site hit and other legacy
destination strings
dstname URL Used to render a URL: dstname represents the

URL host part
dyn Firewall status report Displays the HA and dialup connection state (ren-
dered as “h.d” where “h” is “n” (not enabled), “b”
(backup), or “p” (primary) and “d” is “1” (enabled)
or “0” (disabled))
fw Firewall WAN IP Indicates the WAN IP Address
fwlan Firewall status report Indicates the LAN zone IP address
goodRxBytes SonicPoint statistics report Indicates the well formed bytes recevied
goodTxBytes SonicPoint statistics report Indicates the well formed bytes transmitted

i Firewall status report Displays the GMS message interval in seconds
id=firewall Webtrends prefix Syntactic sugar for WebTrends (and GMS by

habit)
if Interface statistics report Displays the interface on which statistics are

reported
ipscat IPS message Displays the IPS category
ipspri IPS message Displays the IPS priority
lic Firewall status report Indicates the number of licenses for firewalls with
limited modes
m Message ID Provides the message ID number
mac MAC address Provides the MAC address
msg Static message Displays the event message (from spreadsheet)
msg Dynamically-defined message Displays a dynamically defined message string
msg Static message with dynamic string Displays a message using the predefined mes-
sage string containing a “%s” and a dynamic
string argument.
msg Static message with dynamic num- Displays a message using the predefined string
ber string containing a “%s” and a dynamic numeric
argument.
msg IPS message Displays a message using the predefined mes-

sage string containing a “%s” and a dynamic
string argument.
msg Anti-Spyware message Displays the event message (from spreadsheet)
n Message count Indicates the number of times event occurs
op HTTP OP code Displays the HTTP operation (GET, POST, etc.)

of web site hit
pri Message priority Displays the event priority level (0=emer-

gency..7=debug)
proto IP protocol Indicates the IP protocol and detail information
proto Protocol and service Displays the protocol information (rendered as

“proto/service”)
proto Protocol and service Displays the protocol information (rendered as

“proto/service”)
pt Firewall status report Displays the HTTP/HTTPS management port

(rendered as “hhh.sss”)
radio SonicPoint statistics report Displays the SonicPoint radio on which event
occurred
ramUtil Firewall status report Displays the RAM utilization (not in use)

rcvd Bytes received Indicates the number of bytes received within
connection
result HTTP Result code Displays the HTTP result code (200, 403, etc.) of
web site hit
rule Rule ID Displays the Access Rule number causing packet

drop
sent Bytes sent Displays the number of bytes sent within connec-
tion
sid IPS message Provides the IPS signature ID
sid Anti-Spyware message Provides the AntiSpyware signature ID
sn Firewall serial number Indicates the device serial number
spycat Anti-Spyware message Displays the antiSpyware category
spypri Anti-Spyware message Displays the AntiSpyware priority
src Source Indicates the source IP address, and optionally,

port, network interface, and resolved name.
station SonicPoint statistics report Displays the client (station) on which event
occurred
time Time Reports the time of event
type ICMP type and code Indicates the ICMP type
ucastRx Interface statistics report Displays the unicast packets received
ucastTx Interface statistics report Displays the unicast packets transmitted
unsynched Firewall status report Reports the time since last local change in sec-
onds
usesstandbysa Firewall status report Displays whether standby SA is in use (“1” or “0”)
for GMS management
usr (or user) User Displays the user name (“user” is the tag used by
WebTrends)
vpnpolicy VPN policy name Displays the VPN policy name of event

SonicWALL,Inc.
1143 Borregas Avenue T: 408.745.9600 www.sonicwall.com
Sunnyvale,CA 94089-1306 F: 408.745.9300
© 2002 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be
trademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.
P/ N 232-000827-00
Rev B 10/05

SonicOS Log Event Reference Guide

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

SonicOS Log Event Reference Guide

Caricato da

Copyright:

Formati disponibili

COMPREHENSIVE INTERNET SECURITY ™

SonicWALL Internet Security Appliances

SonicOS Log Event Messages Overview

SONICOS LOG EVENT REFERENCE GUIDE 1

SonicOS Log Entries

2. Intimate Apparel/Swim- 8. Drugs/Illegal Drugs

3. Nudism 9. Criminal Skills/Illegal Skills

4. Adult/Mature Content/ 10. Sex Education

5. Weapons 11. Gambling

6. Hate/Racism 12. Alcohol & Tobacco

• ActiveX, Java, Cookie or Code Archive blocked

SonicOS ‘Log View Settings’

2 SONICOS LOG EVENT REFERENCE GUIDE

SONICOS LOG EVENT REFERENCE GUIDE 3

4 SONICOS LOG EVENT REFERENCE GUIDE

Default filter logic value Group filters

Apply filters Default filter logic Export logs

Applying Custom Log Event Message Filters

Configuration Example: Filtering Log Event Messages by Priority Value

Configuration Example: Filtering Log Event Messages by Category Value

SONICOS LOG EVENT REFERENCE GUIDE 5

Configuration Example: Filtering Log Event Messages by Destination Value

Using Group Filters

6 SONICOS LOG EVENT REFERENCE GUIDE

2. Select a file format:

Referencing the SonicOS ‘Log’ > ‘View ’

Message Descrition Destination IP Network Rule

SONICOS LOG EVENT REFERENCE GUIDE 7

Time and Date Stamp Source IP Address Additional Information

Event Message Destination IP Address Rule Number (If Applicable)

8 SONICOS LOG EVENT REFERENCE GUIDE

Log Event Message Symbols Key

Log Event Message Symbol Description Context

TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling

%s VPN IKE User Activity Information 171 --- Standard

%s High --- Error 826 --- Simple

%s High --- Warning 827 --- Simple

%s High --- Information 828 --- Simple

%s High --- Alert 829 --- Simple

%s High --- Notice 830 --- Simple

%s High --- Debug 831 --- Simple

%s ARS --- Information 840 --- Standard

%s ARS --- Notice 841 --- Standard

SONICOS LOG EVENT REFERENCE GUIDE 9

%s-payload VPN IKE Debug Error 616 --- Standard

SonicWALL Security Services Maintenance Warning 496 --- Simple

802.11b Wireless 802.11b Information 518 --- Simple

A SonicOS Firewall Event Maintenance Information 611 --- Simple

Access attempt Security Services Maintenance Information 761 --- Standard

Access attempt Security Services Maintenance Information 123 --- Standard

Access attempt Security Services Maintenance Information 763 524 Standard

10 SONICOS LOG EVENT REFERENCE GUIDE

ADConnector %s Security Services --- Error 769 --- Standard

Adding to Multicast --- Debug 697 --- Standard

Adding to Multicast --- Debug 699 --- Standard

Administrator Authentication User Activity Information 261 --- Standard

Administrator Authentication User Activity Information 262 --- Standard

Administrator login Authentication User Activity Information 29 --- Standard

Administrator login Authentication Attack Alert 30 560 Standard

Administrator login Authentication Attack Alert 35 506 Standard

Adminstrator name Authentication Maintenance Information 328 --- Standard

All DDNS DDNS Maintenance Information 783 --- Simple

SONICOS LOG EVENT REFERENCE GUIDE 11