Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
296 views112 pages

Sonicos 6 5 4 Log Events Reference Guide

Uploaded by

felipe ruiz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
296 views112 pages

Sonicos 6 5 4 Log Events Reference Guide

Uploaded by

felipe ruiz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 112

SonicWall® SonicOS 6.5.

4
Log Events
Reference Guide
Contents 1
Introduction to SonicOS Log Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Event Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Log Settings Base Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Traffic Report Syslogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Access Rules Logging Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Index of Log Event Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Syslog Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Log Settings > Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Index of Syslog Tag Field Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Syslog Group Category (gcat) Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Examples of Standard Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Examples of ArcSight Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Legacy Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Priority Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111


About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

SonicOS 6.5.4 Log Events Reference Guide


2
Contents
1
Introduction to SonicOS Log Events

This reference guide lists and describes the SonicWall® SonicOS log event messages for the SonicOS 6.5.4 release
on SonicWall SuperMassive™, NSa , NSA, TZ, SOHO 250/250W, and SOHO W appliances. The Log Event Message
Index table lists all events by event ID number. The Syslog Tags table lists and describes all available Syslog tags
which contain additional information specific to the log event.
This section provides a basic overview of the INVESTIGATE | Logs | Event Logs and MANAGE | Logs & Reporting
| Log Settings > Base Setup pages and the Enable Logging option in the Add dialog on the MANAGE | Policies |
Rules > Access Rules page in the SonicOS web based management interface.
Topics:
• Event Logs on page 3
• Log Settings Base Setup on page 5
• Traffic Report Syslogs on page 5
• Access Rules Logging Control on page 8

Event Logs
The SonicWall security appliance maintains an Event log for tracking potential security threats. This log can be
viewed by navigating to the INVESTIGATE | Logs | Event Logs page, or it can be exported to a CSV file, text file,
or sent to an email address for convenience and archiving. The log is displayed in a table and can be sorted by
clicking on any of the column headings.
For more information about configuring the Event Logs page, refer to the SonicOS 6.5 Investigate administration
documentation.

SonicOS 6.5.4 Log Events Reference Guide


3
Introduction to SonicOS Log Events
Event Logs Page

SonicOS 6.5.4 Log Events Reference Guide


4
Introduction to SonicOS Log Events
Log Settings Base Setup
The MANAGE | Logs & Reporting | Log Settings > Base Setup page allows you to categorize and customize the
logging functions on your SonicWall security appliance for troubleshooting and diagnostics.
For more information on configuring and managing the Log Settings > Base Setup page, refer to the SonicOS 6.5
Logs and Reporting administration documentation.

Log Settings > Base Setup Page

Traffic Report Syslogs


The Traffic Report Syslog event messages, their ‘c’ values, Syslog IDs, and location in the table on the MANAGE |
Logs & Reporting | Log Settings > Base Setup page are listed in the Traffic Report Syslogs table.

Traffic Report Syslogs


Event Message Syslog ‘c’ Value Syslog ID Location in Base Setup Comments
Syslog Website c=1024 97 Category: Log This means Traffic
Accessed Group: Syslog Reporting, including
bytes transferred.
Event: Syslog Website
Accessed Has URL data
Connection Closed c=1024 537 Category: Network Non-URL traffic
Group: Network Access
Event: Connection Closed

SonicOS 6.5.4 Log Events Reference Guide


5
Introduction to SonicOS Log Events
Traffic Report Syslogs
Event Message Syslog ‘c’ Value Syslog ID Location in Base Setup Comments
SSL VPN Traffic c=1024 1153 Category: SSL VPN Statistics reported by SSL
Group: General VPN
Event: SSL VPN Traffic
DPI-SSL Inspection c=1024 1463 Category: Security Services Statistics reported by
Cleaned-up Group: DPI-SSL DPI-SSL
Event: DPI-SSL Inspection
Cleaned-up
Connection Opened c=262144 98 Category: Network This means Connection
Group: Network Access Opened (most probably
zero bytes transferred).
Event: Connection Opened
It is possible for some
packets to trigger a
Connection Opened, but
later be dropped due to
policy settings.

The Traffic Report Syslogs are generated only if those messages are enabled in the Log Settings > Base Setup
page with the desired Frequency Filter Interval, normally 0, which means do not filter. They are always
generated on Connection Closed events.
The Connection Closed event is represented by two different messages, id=97 and id=537. The Syslog Website
Accessed (97) contains URL data while Connection Closed (537) does not.
On the Log Settings > Base Setup page, expand the item in the Category column to display the group names and
then expand the group to display the events in that group. For example, expand Log, then expand Syslog to
display the Syslog Website Accessed event.

Events Displayed in Expanded Table

SonicOS 6.5.4 Log Events Reference Guide


6
Introduction to SonicOS Log Events
Click the Edit button in the row for the event to open the Edit Log Event dialog. You can then view or
enable/disable the Report Events via Syslog option and configure its Frequency Filter Interval. A value of zero
for the Frequency Filter Interval means to log every event (no filtering).

Event Edit Dialog

SonicOS 6.5.4 Log Events Reference Guide


7
Introduction to SonicOS Log Events
Access Rules Logging Control
The Add Rule dialog launched by clicking Add on the MANAGE | Policies | Rules > Access Rules page provides
the Enable Logging checkbox. This option controls the policy logs – when the option is selected, event messages
are logged for that policy, otherwise no messages are logged for it.

Add Rule Dialog with Enable Logging Option

The associated policy log events are listed in the Policy Logs Controlled by Enable Logging Option in Access Rules
table.

Policy Logs Controlled by Enable Logging Option in Access Rules


Syslog ID Event Message Packets Allowed or Dropped
526 Web Request Receiver Allowed
1235 Packet Allowed Allowed
36 TCP Packets Dropped Dropped
38 ICMP Packets Dropped Dropped
41 Unknown Protocol Dropped Dropped

SonicOS 6.5.4 Log Events Reference Guide


8
Introduction to SonicOS Log Events
Policy Logs Controlled by Enable Logging Option in Access Rules
Syslog ID Event Message Packets Allowed or Dropped
173 LAN TCP Deny Dropped
174 LAN UDP Deny Dropped
175 LAN ICMP Deny Dropped
522 Malformed IP Packet Dropped
524 Web Request Drop Dropped
533 ESP Drop Dropped
534 AH Drop Dropped
652 IPcomp Packet Drop Dropped
1253 IPv6 Tunnel Dropped Dropped
1254 LAN ICMPv6 Deny Dropped
1257 ICMPv6 Packets Dropped Dropped
1447 UDPv6 Packets Dropped Dropped

SonicOS 6.5.4 Log Events Reference Guide


9
Introduction to SonicOS Log Events
2
Index of Log Event Messages
This section contains the Log Event Message Index, which is a list of log event messages for the SonicOS 6.5.4
firmware.
Each log event message described in the table provides the following log event details:
• Event ID—Displays the ID number of the log event message.
• SonicOS Category Name—Displays category names as shown in the SonicOS MANAGE | Logs &
Reporting | Log Settings > Base Setup page in the Category column of the table. The INVESTIGATE | Logs
| Event Logs page also has the Category column, which can be displayed (if not already) by clicking the
Display Options button at the top and selecting the Category checkbox under General in the Select
Columns to Display dialog.
• SonicOS Group Name—Displays group names as shown in the SonicOS MANAGE | Logs & Reporting |
Log Settings > Base Setup page by expanding a category in the Category column of the table. The
INVESTIGATE | Logs | Event Logs page displays the groups in the Group column, which can be displayed
by clicking the Display Options button at the top and selecting the Group checkbox under General in
the Select Columns to Display dialog.
• Syslog Legacy Category—Displays the Syslog category event type. This is the same category as Legacy
Categories on page 109.
• Priority Level—Displays the level of urgency of the log event message. The table shows the factory
default value of Event Priority for the event. The field is displayed as the Priority column found in
MANAGE | Logs & Reporting | Log Settings > Base Setup and in INVESTIGATE | Logs | Event Logs (if
Priority column is enabled). For additional information, see Priority Levels on page 110.
• SNMP Trap Type—Displays the SNMP Trap ID number of the log event message. In order for an SNMP
Trap to be generated for the event, the Send Events as E-mail Alerts checkbox needs to be enabled with
the desired Frequency Filter Interval, normally 0, which means do not filter. Also, SNMP settings must be
configured. The values in this column are defined in the SONICWALL-FIREWALL-TRAP-MIB released with
each firmware.
• Event Name—Displays a descriptive name for the log event, corresponding to the event row label in
MANAGE | Logs & Reporting | Log Settings > Base Setup (after expanding both Category and Group)
and can be shown in the INVESTIGATE | Logs | Event Logs page by enabling the Event column in the
Display Options.
• Log Event Message—Displays the text of the log event message. Sometimes includes “%s”, which is
dynamically replaced by SonicOS with descriptive text in the actual log event message.

SonicOS 6.5.4 Log Events Reference Guide


10
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
4 System Status Maintenance ALERT --- Activate Network Security
Firewall Appliance activated
5 Log General Maintenance INFO --- Clear Log Log Cleared
6 Log E-mail Maintenance INFO --- E-mail Log Log successfully sent
via E-mail
10 Security General System Error ERROR 602 Setting Error Problem loading the
Services on Load URL List; check Filter
settings
12 Log E-mail System Error WARNING 604 E-mail Check Problem sending log
Error on Load E-mail; check log
settings
14 Security Content Filter Blocked Sites ERROR 701 Website Web site access
Services Blocked denied
16 Security Content Filter Blocked Sites NOTICE 703 Website Web site access
Services Accessed allowed
22 Security Attacks Attack ALERT 501 Ping of Death Ping of death
Services Blocked dropped
23 Security Attacks Attack ALERT 502 IP Spoof IP spoof dropped
Services Detected
24 Users Authentication User Activity INFO --- User User logged out -
Access Disconnect user disconnect
Detected detected
25 Firewall Flood Attack WARNING 503 Possible SYN Possible SYN flood
Settings Protection Flood attack detected
27 Security Attacks Attack ALERT 505 Land Attack Land attack dropped
Services
28 Network IP TCP | UDP | NOTICE --- Fragmented Fragmented packet
ICMP Packet dropped
29 Users Authentication User Activity INFO --- Successful Administrator login
Access Admin Login allowed
30 Users Authentication Attack ALERT 560 Wrong Admin Administrator login
Access Password denied due to bad
credentials
31 Users Authentication User Activity INFO --- Successful User User login from an
Access Login internal zone
allowed
32 Users Authentication User Activity INFO --- Wrong User User login denied
Access Password due to bad
credentials
33 Users Authentication User Activity INFO --- Unknown User User login denied
Access Login Attempt due to bad
credentials
34 Users Authentication User Activity INFO --- Login Timeout Pending login timed
Access out

SonicOS 6.5.4 Log Events Reference Guide


11
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
35 Users Authentication Attack ALERT 506 Admin Login Administrator login
Access Disabled denied from %s;
logins disabled from
this interface
36 Network TCP TCP NOTICE --- TCP Packets TCP connection
Dropped dropped
37 Network UDP UDP NOTICE --- UDP Packets UDP packet dropped
Dropped
38 Network ICMP ICMP NOTICE --- ICMP Packets ICMP packet
Dropped dropped due to
Policy
41 Network Network Access Debug NOTICE --- Unknown Unknown protocol
Protocol dropped
Dropped
43 VPN VPN IPsec Debug DEBUG --- IPsec Interrupt IPsec connection
Error interrupt
45 Network ARP Debug DEBUG --- ARP Failure ARP Timeout
46 Network Network Access Debug DEBUG --- Broadcast Broadcast packet
Packets dropped
Dropped
48 Network TCP Debug DEBUG --- Out of Order Out-of-order
Packets command packet
Dropped dropped
53 System Status System Error ERROR 607 Connection The cache is full; %s
Cache Full open connections;
some will be
dropped
58 Network Interfaces System Error ERROR 608 Too Many IP on License exceeded:
LAN Connection dropped
because too many IP
addresses are in use
on your LAN
61 VPN VPN IPsec System Error ERROR 609 Out of Memory Diagnostic Code E
63 Network ICMP Debug DEBUG --- ICMP Too Big Received
fragmented packet
or fragmentation
needed
65 VPN VPN IPsec User Activity INFO --- Illegal SPI Illegal IPsec SPI
67 VPN VPN IPsec Attack ERROR 508 IPsec IPsec Authentication
Authenticate Failed
Failure
69 VPN VPN IPsec User Activity INFO --- Incompatible Incompatible IPsec
SA Security Association
70 VPN VPN IPsec Attack ERROR 510 Illegal IPsec IPsec packet from or
Peer to an illegal host

SonicOS 6.5.4 Log Events Reference Guide


12
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
81 Security Attacks Attack ALERT 520 Smurf Attack Smurf Amplification
Services attack dropped
82 Security Attacks Attack ALERT 521 Port Scan Possible port scan
Services Possible detected
83 Security Attacks Attack ALERT 522 Port Scan Probable port scan
Services Probable detected
84 Network DNS Maintenance NOTICE --- Name Resolve Failed to resolve
Failed name
87 VPN VPN IKE User Activity INFO --- IPsec Proposal IKE Responder:
Accepted Accepting IPsec
proposal (Phase 2)
88 VPN VPN IKE User Activity WARNING 523 IPsec Proposal IKE Responder: IPsec
Rejected proposal does not
match (Phase 2)
89 VPN VPN IKE User Activity INFO --- IPsec SA Added IKE negotiation
complete. Adding
IPsec SA. (Phase 2)
93 System Restart System Error ERROR 611 Suspend Diagnostic Code A
Reboot
94 System Restart System Error ERROR 612 Deadlock Diagnostic Code B
Reboot
95 System Restart System Error ERROR 613 Low Memory Diagnostic Code C
Reboot
96 System GMS Maintenance INFO --- GMS Heartbeat Status
97 Log Syslog Connection INFO --- Syslog Website Web site hit
Traffic Accessed
98 Network Network Access Connection INFO --- Connection Connection Opened
Opened
99 Network DHCP Client Maintenance INFO --- DHCPC Retransmitting
Retransmit DHCP DISCOVER.
Discover
100 Network DHCP Client Maintenance INFO --- DHCPC Retransmitting
Retransmit DHCP Request
Request (Requesting).
101 Network DHCP Client Maintenance INFO --- DHCPC Retransmitting
Retransmit DHCP Request
Request Renew (Renewing).
102 Network DHCP Client Maintenance INFO --- DHCPC Retransmitting
Retransmit DHCP Request
Request Rebind (Rebinding).
103 Network DHCP Client Maintenance INFO --- DHCPC Retransmitting
Retransmit DHCP Request
Request (Rebooting).
Reboot

SonicOS 6.5.4 Log Events Reference Guide


13
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
104 Network DHCP Client Maintenance INFO --- DHCPC Retransmitting
Retransmit DHCP Request
Request Verify (Verifying).
105 Network DHCP Client Maintenance INFO --- DHCPC Sending DHCP
Discover DISCOVER.
106 Network DHCP Client Maintenance INFO --- DHCPC No DHCP Server not
Offer available. Did not
get any DHCP
OFFER.
107 Network DHCP Client Maintenance INFO --- DHCPC Offer Got DHCP OFFER.
Receive Selecting.
108 Network DHCP Client Maintenance INFO --- DHCPC Sending DHCP
Selecting Request.
109 Network DHCP Client Maintenance INFO --- DHCPC Request DHCP Client did not
Failed get DHCP ACK.
110 Network DHCP Client Maintenance INFO --- DHCPC Request DHCP Client got
NAK NACK.
111 Network DHCP Client Maintenance INFO --- DHCPC Request DHCP Client got ACK
ACK from server.
112 Network DHCP Client Maintenance INFO --- DHCPC Request DHCP Client is
Decline declining address
offered by the
server.
113 Network DHCP Client Maintenance INFO --- DHCPC Bound DHCP Client sending
Rebind Request and going
to REBIND state.
114 Network DHCP Client Maintenance INFO --- DHCPC Bound DHCP Client sending
Renew Request and going
to RENEW state.
115 Network DHCP Client Maintenance INFO --- DHCPC Request Sending DHCP
Renew Request (Renewing).
116 Network DHCP Client Maintenance INFO --- DHCPC Request Sending DHCP
Rebind Request (Rebinding).
117 Network DHCP Client Maintenance INFO --- DHCPC Request Sending DHCP
Reboot Request
(Rebooting).
118 Network DHCP Client Maintenance INFO --- DHCPC Request Sending DHCP
Verify Request (Verifying).
119 Network DHCP Client Maintenance INFO --- DHCPC Verify DHCP Client failed to
Initiation Failed verify and lease has
expired. Go to INIT
state.
121 Network DHCP Client Maintenance INFO --- DHCPC Get DHCP Client got a
New IP new IP address
lease.

SonicOS 6.5.4 Log Events Reference Guide


14
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
122 Network DHCP Client Maintenance INFO --- DHCPC Send Sending DHCP
Release RELEASE.
123 Security Anti-Virus Maintenance INFO --- AV Access Access attempt from
Services Without Agent host without
Anti-Virus agent
installed
124 Security Anti-Virus Maintenance INFO --- AV Agent Out Anti-Virus agent
Services of Date out-of-date on host
125 Security Anti-Virus Maintenance WARNING 524 AV Alert Received AV Alert:
Services Receive %s
127 Network PPPoE Maintenance INFO --- PPPoE Start Starting PPPoE
discovery
128 Network PPPoE Maintenance INFO --- PPPoE Link Up PPPoE LCP Link Up
129 Network PPPoE Maintenance INFO --- PPPoE Link PPPoE LCP Link
Down Down
130 Network PPPoE Maintenance INFO --- PPPoE Link PPPoE terminated
Finish
131 Network PPPoE Maintenance INFO --- PPPoE Network PPPoE Network
Up Connected
132 Network PPPoE Maintenance INFO --- PPPoE Network PPPoE Network
Down Disconnected
133 Network PPPoE Maintenance INFO --- PPPoE Discover PPPoE discovery
Complete process complete
134 Network PPPoE Maintenance INFO --- PPPoE CHAP PPPoE starting CHAP
Authentication Authentication
138 Network Interfaces System Error WARNING 636 WAN IP Change Wan IP Changed
139 VPN VPN Client User Activity INFO --- XAUTH Success XAUTH Succeeded
with VPN %s
140 VPN VPN Client User Activity ERROR --- XAUTH Failure XAUTH Failed with
VPN %s,
Authentication
failure
141 VPN VPN Client User Activity INFO --- XAUTH XAUTH Failed with
Timeout VPN client, Cannot
Contact %s Server
142 Log General Debug ERROR --- Log Debug Log Debug
144 High State Maintenance ALERT 6201 HA Active Primary firewall has
Availability Primary transitioned to
Active
145 High State Maintenance ALERT 6202 HA Active Secondary firewall
Availability Secondary has transitioned to
Active

SonicOS 6.5.4 Log Events Reference Guide


15
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
146 High State System Error ALERT 6203 HA Standby Primary firewall has
Availability Primary transitioned to
Standby
147 High State Maintenance ALERT 6204 HA Standby Secondary firewall
Availability Secondary has transitioned to
Standby
148 High Synchronization System Error ERROR 615 HA Primary Primary missed
Availability Missed heartbeats from
Heartbeat Secondary
149 High Synchronization System Error ERROR 616 HA Secondary Secondary missed
Availability Missed heartbeats from
Heartbeat Primary
150 High State System Error ERROR 617 HA Primary Primary received
Availability Error Receive error signal from
Secondary
151 High State System Error ERROR 618 HA Secondary Secondary received
Availability Error Receive error signal from
Primary
153 High State System Error ERROR 620 HA Primary Primary firewall
Availability Preempt preempting
Secondary
157 High Synchronization Maintenance INFO --- HA Sync HA HA Peer Firewall
Availability Peer Synchronized
158 High Synchronization System Error ERROR 662 HA Sync Error Error synchronizing
Availability HA peer firewall (%s)
159 Security Anti-Virus Maintenance WARNING 526 AV Expire Received AV Alert:
Services message Your Network
Anti-Virus
subscription has
expired. %s
162 High Synchronization Maintenance INFO --- HA Packet Error HA packet
Availability processing error
164 System Restart System Error ERROR 621 HTTP Server Diagnostic Code F
Reboot
165 Security E-mail Filtering Attack ALERT 527 Allow E-mail Forbidden E-Mail
Services Attachment attachment disabled
168 Network PPPoE Maintenance INFO --- PPPoE Traffic Disconnecting PPPoE
Timeout due to traffic
Timeout
169 Network PPPoE Maintenance INFO --- PPPoE LCP No response from
Unack ISP Disconnecting
PPPoE.
170 High State System Error ERROR 622 Secondary Secondary going
Availability Active Preempt Active in preempt
mode after reboot

SonicOS 6.5.4 Log Events Reference Guide


16
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
171 VPN VPN IKE User Activity DEBUG --- IPsec Dead %s
Peer Detection
173 Network TCP LAN TCP NOTICE --- LAN TCP Deny TCP connection from
LAN denied
174 Network UDP LAN UDP | NOTICE --- LAN UDP Deny UDP packet from
LAN TCP LAN dropped
175 Network ICMP LAN ICMP | NOTICE --- LAN ICMP Deny ICMP packet from
LAN TCP LAN dropped
177 Security Attacks Attack ALERT 528 TCP FIN Scan Probable TCP FIN
Services scan detected
178 Security Attacks Attack ALERT 529 TCP Xmas Scan Probable TCP XMAS
Services scan detected
179 Security Attacks Attack ALERT 530 TCP Null Scan Probable TCP NULL
Services scan detected
181 Network TCP Debug DEBUG --- TCP FIN Drop TCP FIN packet
dropped
182 Network ICMP User Activity INFO --- Path MTU Received a path
Receive MTU ICMP message
from router/gateway
188 Network ICMP User Activity INFO --- Path MTU Received a path
ICMP MTU ICMP message
from router/gateway
191 High Synchronization System Error ERROR 629 HA Set Error Error setting the IP
Availability address of the
Secondary, please
manually set to
Secondary LAN IP
199 Users Authentication User Activity INFO --- Admin Login CLI administrator
Access From CLI login allowed
200 Users Authentication User Activity WARNING --- Admin CLI administrator
Access Password Error login denied due to
From CLI bad credentials
201 Network L2TP Client Maintenance INFO --- L2TP Tunnel L2TP Tunnel
Start Negotiation Started
202 Network L2TP Client Maintenance INFO --- L2TP Session L2TP Session
Start Negotiation Started
204 Network L2TP Client Maintenance INFO --- L2TP Tunnel L2TP Tunnel
Finish Established
205 Network L2TP Client Maintenance INFO --- L2TP Tunnel L2TP Tunnel
Disconnect Disconnect from
From Remote Remote
206 Network L2TP Client Maintenance INFO --- L2TP Session L2TP Session
Success Established

SonicOS 6.5.4 Log Events Reference Guide


17
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
207 Network L2TP Client Maintenance INFO --- L2TP Session L2TP Session
Disconnect Disconnect from
From Remote Remote
208 Network L2TP Client Maintenance INFO --- L2TP PPP Start L2TP PPP
Negotiation Started
210 Network L2TP Client Maintenance INFO --- L2TP PPP Up L2TP PPP Session Up
211 Network L2TP Client Maintenance INFO --- L2TP Net Down L2TP PPP Down
212 Network L2TP Client Maintenance INFO --- L2TP PPP L2TP PPP
Authenticate Authentication
Failed Failed
215 Network L2TP Client Maintenance INFO --- L2TP Traffic Disconnecting L2TP
Timeout Tunnel due to traffic
Timeout
217 Network L2TP Client Maintenance INFO --- L2TP PPP Down L2TP PPP link down
222 VPN DHCP Relay Maintenance INFO --- DHCPR Remote DHCP RELEASE
Release relayed to Central
Gateway
223 VPN DHCP Relay Maintenance INFO --- DHCPR Remote DHCP lease relayed
ACK to local device
224 VPN DHCP Relay Debug INFO --- DHCPR Central DHCP RELEASE
Release received from
remote device
225 VPN DHCP Relay Debug INFO --- DHCPR Central DHCP lease relayed
ACK to remote device
226 VPN DHCP Relay Maintenance INFO --- DHCPR IP DHCP lease to LAN
Conflict device conflicts with
remote device,
deleting remote IP
entry
227 VPN DHCP Relay Maintenance INFO --- DHCPR IP WARNING: DHCP
Conflict With lease relayed from
Static IP Central Gateway
conflicts with IP in
Static Devices list
228 VPN DHCP Relay Maintenance WARNING --- DHCPR IP Drop DHCP lease
dropped. Lease
from Central
Gateway conflicts
with Relay IP
229 VPN DHCP Relay Attack ERROR 533 DHCPR IP IP spoof detected on
Spoof packet to Central
Gateway, packet
dropped
230 VPN DHCP Relay Maintenance INFO --- DHCPR Get Request for Relay IP
Remote IP Table from Central
Table Gateway

SonicOS 6.5.4 Log Events Reference Guide


18
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
231 VPN DHCP Relay Maintenance INFO --- DHCPR Get Requesting Relay IP
Central IP Table Table from Remote
Gateway
232 VPN DHCP Relay Maintenance INFO --- DHCPR Send Sent Relay IP Table
Remote IP to Central Gateway
Table
233 VPN DHCP Relay Maintenance INFO --- DHCPR Receive Obtained Relay IP
Remote IP Table from Remote
Table Gateway
234 VPN DHCP Relay System Error WARNING 632 DHCPR Table Failed to synchronize
Request Relay IP Table
Timeout
235 Users Authentication User Activity INFO --- Admin VPN VPN zone
Access Login administrator login
allowed
236 Users Authentication User Activity INFO --- Admin WAN WAN zone
Access Login administrator login
allowed
237 Users Authentication User Activity INFO --- User VPN Login VPN zone remote
Access user login allowed
238 Users Authentication User Activity INFO --- User WAN WAN zone remote
Access Login user login allowed
239 VPN VPN IKE User Activity INFO --- VPN Peer NAT Discovery : Peer
Behind NAT IPsec Security
Device Gateway behind a
NAT/NAPT Device
240 VPN VPN IKE User Activity INFO --- VPN Local NAT Discovery :
Behind NAT Local IPsec Security
Device Gateway behind a
NAT/NAPT Device
241 VPN VPN IKE User Activity INFO --- VPN No NAT NAT Discovery : No
Device NAT/NAPT device
Detected detected between
IPsec Security
gateways
242 VPN VPN IKE User Activity INFO --- VPN Peer Does NAT Discovery : Peer
Not Support IPsec Security
NAT Gateway doesn't
support VPN NAT
Traversal
243 Users Radius User Activity INFO --- User Login User login denied -
Authentication Failed RADIUS
authentication
failure

SonicOS 6.5.4 Log Events Reference Guide


19
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
244 Users Radius User Activity WARNING --- User Login User login denied -
Authentication Timeout RADIUS server
Timeout
245 Users Radius User Activity WARNING --- User Login User login denied -
Authentication Error RADIUS
configuration error
246 Users Authentication User Activity INFO --- User Login User login denied -
Access From Wrong User has no
Location privileges for login
from that location
247 VPN VPN IPsec Maintenance INFO --- Illegal Packet IPsec packet from an
from IPsec Host illegal host
248 Security E-mail Filtering Attack ERROR 534 E-mail Forbidden E-Mail
Services Attachment attachment deleted
249 VPN VPN IKE User Activity WARNING 535 Bad Tunnel IKE Responder:
Mode Mode %s - not
tunnel mode
250 VPN VPN IKE User Activity WARNING 536 Phase 1 ID IKE Responder: No
Mismatch matching Phase 1 ID
found for proposed
remote network
251 VPN VPN IKE User Activity WARNING 537 Bad Remote IKE Responder:
Network Proposed remote
network is 0.0.0.0
but not DHCP relay
nor default route
252 VPN VPN IKE User Activity WARNING 538 No Remote IKE Responder: No
Network Match match for proposed
remote network
address
253 VPN VPN IKE User Activity WARNING 539 Default IKE Responder:
Gateway Not Default LAN gateway
Match Proposal is set but peer is not
proposing to use this
SA as a default route
254 VPN VPN IKE User Activity WARNING 540 Tunnel IKE Responder:
Terminates Tunnel terminates
Outside outside firewall but
proposed local
network is not NAT
public address
255 VPN VPN IKE User Activity WARNING 541 Tunnel IKE Responder:
Terminates Tunnel terminates
Inside inside firewall but
proposed local
network is not inside
firewall

SonicOS 6.5.4 Log Events Reference Guide


20
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
256 VPN VPN IKE User Activity WARNING 542 Tunnel IKE Responder:
Terminates Tunnel terminates
DMZ on DMZ but
proposed local
network is on LAN
257 VPN VPN IKE User Activity WARNING 543 Tunnel IKE Responder:
Terminates LAN Tunnel terminates
on LAN but
proposed local
network is on DMZ
258 VPN VPN IKE User Activity WARNING 544 AH PFS IKE Responder: AH
Mismatch Perfect Forward
Secrecy mismatch
259 VPN VPN IKE User Activity WARNING 545 ESP PFS IKE Responder: ESP
Mismatch Perfect Forward
Secrecy mismatch
260 VPN VPN IKE User Activity WARNING 546 Algorithm or IKE Responder:
Key Mismatch Algorithms and/or
keys do not match
261 Users Authentication User Activity INFO --- Admin Logout Administrator
Access logged out
262 Users Authentication User Activity INFO --- Admin Logout - Administrator
Access Timer Expire logged out -
inactivity timer
expired
263 Users Authentication User Activity INFO --- User Logout User logged out - %s
Access
264 Users Authentication User Activity INFO --- User Logout - User logged out -
Access Max Session max session time
exceeded
265 Users Authentication User Activity INFO --- User Logout - User logged out -
Access Timer Expire inactivity timer
expired
266 VPN VPN IPsec Maintenance INFO --- IPsec AH Does NAT device may not
Not Support support IPsec AH
NAT pass-through
267 Security Attacks Attack ALERT 547 TCP Xmas Tree TCP Xmas Tree
Services Attack dropped
269 VPN VPN PKI User Activity INFO --- CRL Request Requesting CRL from
270 VPN VPN PKI User Activity INFO --- CRL Download CRL loaded from
Success
271 VPN VPN PKI User Activity ALERT --- CRL Download Failed to get CRL
Failed from
272 VPN VPN PKI User Activity WARNING --- CRL Failed - No Not enough memory
Memory to hold the CRL

SonicOS 6.5.4 Log Events Reference Guide


21
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
273 VPN VPN PKI User Activity ALERT --- CRL Failed - Connection timed
Timeout out
274 VPN VPN PKI User Activity ALERT --- CRL Failed - No Cannot connect to
Connect the CRL server
275 VPN VPN PKI User Activity ERROR --- CRL Failed - No Unknown reason
Reason
276 VPN VPN PKI User Activity ALERT --- CRL Process Failed to Process CRL
Failed from
277 VPN VPN PKI User Activity ALERT --- CRL Bad Bad CRL format
Format
278 VPN VPN PKI User Activity ALERT --- CRL Wrong Issuer match failed
Issuer
279 VPN VPN PKI User Activity ALERT --- CRL Certificate Certificate on
Revoke Revoked list(CRL)
280 VPN VPN PKI User Activity ALERT --- No Certificate No Certificate for
281 3G/4G, PPP Dial-Up User Activity INFO --- PPP Dial Up PPP Dial-Up: Dialing:
Modem, %s
and
Module
282 3G/4G, PPP Dial-Up User Activity INFO --- PPP No PPP Dial-Up: No dial
Modem, Dialtone tone detected -
and check phone-line
Module connection
283 3G/4G, PPP Dial-Up User Activity INFO --- PPP No Carrier PPP Dial-Up: No link
Modem, carrier detected -
and check phone
Module number
284 3G/4G, PPP Dial-Up User Activity INFO --- PPP Peer PPP Dial-Up: Dialed
Modem, Number Busy number is busy
and
Module
285 3G/4G, PPP Dial-Up User Activity INFO --- PPP No Answer PPP Dial-Up: Dialed
Modem, number did not
and answer
Module
286 3G/4G, PPP Dial-Up User Activity INFO --- Start PPP PPP Dial-Up:
Modem, Connected at %s bps
and - starting PPP
Module
287 3G/4G, PPP Dial-Up User Activity INFO --- PPP Failure PPP Dial-Up:
Modem, Unknown dialing
and failure
Module

SonicOS 6.5.4 Log Events Reference Guide


22
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
288 3G/4G, PPP Dial-Up User Activity INFO --- PPP Disconnect PPP Dial-Up: Link
Modem, carrier lost
and
Module
289 Network PPP --- INFO --- PPP PPP: Authentication
Authenticate successful
Success
290 Network PPP --- INFO --- PPP PAP Failed PPP: PAP
Authentication
failed - check
username /
password
291 Network PPP --- INFO --- PPP CHAP PPP: CHAP
Failed authentication failed
- check username /
password
292 Network PPP --- INFO --- PPP MS-CHAP PPP: MS-CHAP
Failed authentication failed
- check username /
password
293 Network PPP --- INFO --- PPP MS-CHAP PPP: Starting
Start MS-CHAP
authentication
294 Network PPP --- INFO --- PPP CHAP Start PPP: Starting CHAP
authentication
295 Network PPP --- INFO --- PPP PAP Start PPP: Starting PAP
authentication
299 3G/4G, PPP Dial-Up User Activity INFO --- PPP IP Update PPP Dial-Up:
Modem, Received new IP
and address
Module
300 3G/4G, PPP Dial-Up User Activity INFO --- PPP Link PPP Dial-Up: PPP link
Modem, Establish established
and
Module
301 3G/4G, PPP Dial-Up User Activity INFO --- PPP Link Down PPP Dial-Up: PPP link
Modem, down
and
Module
302 3G/4G, PPP Dial-Up User Activity INFO --- PPP Link PPP Dial-Up:
Modem, Closing Shutting down link
and
Module
303 3G/4G, PPP Dial-Up User Activity INFO --- PPP PPP Dial-Up:
Modem, Initialization Initialization : %s
and
Module

SonicOS 6.5.4 Log Events Reference Guide


23
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
306 3G/4G, PPP Dial-Up User Activity INFO --- PPP Dial Cancel PPP Dial-Up:
Modem, Connect request
and canceled
Module
307 Network Failover and System Error WARNING 639 WAN Mode The network
Load Balancing connection in use is
%s
308 VPN L2TP Server Maintenance INFO --- L2TP Tunnel L2TP Server : L2TP
Establish Tunnel Established.
309 VPN L2TP Server Maintenance INFO --- L2TP Session L2TP Server : L2TP
Establish Session Established.
311 VPN L2TP Server Maintenance INFO --- L2TP Radius L2TP Server:
Authentication RADIUS/LDAP
Failure reports
Authentication
Failure
312 VPN L2TP Server Maintenance INFO --- L2TP Local L2TP Server: Local
Authentication Authentication
Failure Failure
318 VPN L2TP Server Maintenance INFO --- L2TP Local L2TP Server: Local
Authentication Authentication
Success Success.
319 VPN L2TP Server Maintenance INFO --- L2TP Radius L2TP Server:
Authentication RADIUS/LDAP
Success Authentication
Success
321 3G/4G, PPP Dial-Up User Activity INFO --- PPP Manual PPP Dial-Up: Manual
Modem, Action Needed intervention
and needed. Check
Module Primary Profile or
Profile details
322 3G/4G, PPP Dial-Up User Activity INFO --- PPP Profile is PPP Dial-Up: Trying
Modem, Manual to failover but
and Primary Profile is
Module manual
326 Network Failover and System Error ALERT 637 Probe Failed Probing failure on
Load Balancing %s
327 3G/4G, PPP Dial-Up User Activity INFO --- PPP Max PPP Dial-Up:
Modem, Connection Maximum
and Exceed connection time
Module exceeded -
disconnecting
328 Users Authentication Maintenance INFO --- Admin Name Administrator name
Access Change changed

SonicOS 6.5.4 Log Events Reference Guide


24
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
329 Users Authentication Attack ERROR 561 User Login User login failure
Access Lockout rate exceeded -
logins from user IP
address denied
330 3G/4G, PPP Dial-Up Maintenance INFO --- Disable VPN PPP Dial-Up: The
Modem, Network profile in use
and disabled VPN
Module networking.
331 3G/4G, PPP Dial-Up Maintenance INFO --- Enable VPN PPP Dial-Up: VPN
Modem, Network networking
and restored.
Module
335 VPN L2TP Server Maintenance INFO --- L2TPS Tunnel L2TP Server: Tunnel
Disconnect Disconnect from
From Remote Remote.
336 VPN L2TP Server Maintenance INFO --- L2TPS Tunnel L2TP Server :
Delete Deleting the Tunnel
337 VPN L2TP Server Maintenance INFO --- L2TPS Session L2TP Server :
Delete Deleting the L2TP
active Session
338 VPN L2TP Server Maintenance INFO --- L2TPS L2TP Server :
Retransmission Retransmission
Timeout Timeout, Deleting
the Tunnel
339 Network NAT Debug DEBUG --- NAT Overwrite NAT translated
packet exceeds size
limit, packet
dropped
340 System Administration Maintenance INFO --- HTTP Port HTTP management
Change port has changed
341 System Administration Maintenance INFO --- HTTPS Port HTTPS management
Change port has changed
344 VPN L2TP Server Maintenance INFO --- L2TPS L2TP Server : User
Authentication Name
Local Failure authentication
Failure locally.
346 VPN VPN IKE User Activity INFO --- Quick Mode IKE Initiator: Start
Started Quick Mode (Phase
2).
347 Network Network Access TCP | UDP | WARNING --- Drop Clear Port configured to
ICMP Packet receive IPsec
protocol ONLY; drop
packet received in
the clear
348 VPN VPN IPsec Maintenance WARNING --- VPN SA Import Imported VPN SA is
Invalid invalid - disabled

SonicOS 6.5.4 Log Events Reference Guide


25
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
350 VPN VPN IKE User Activity INFO --- IKE SA Life IKE SA lifetime
Expired expired.
351 VPN VPN IKE User Activity INFO --- IKE Main Mode IKE Initiator: Start
Started Main Mode
negotiation (Phase
1)
352 VPN VPN IKE User Activity INFO --- IKE Quick IKE Responder:
Mode Request Received Quick
Received Mode Request
(Phase 2)
353 VPN VPN IKE User Activity INFO --- Initial Main IKE Initiator: Main
Mode Mode complete
Completed (Phase 1)
354 VPN VPN IKE User Activity INFO --- Initial IKE Initiator:
Aggressive Aggressive Mode
Mode complete (Phase 1).
Completed
355 VPN VPN IKE User Activity INFO --- Responder IKE Responder:
Main Mode Received Main
Request Mode Request
Received (Phase 1)
356 VPN VPN IKE User Activity INFO --- Responder IKE Responder:
Aggressive Received Aggressive
Mode Request Mode Request
Received (Phase 1)
357 VPN VPN IKE User Activity INFO --- Responder IKE Responder: Main
Main Mode Mode complete
Completed (Phase 1)
358 VPN VPN IKE User Activity INFO --- Aggressive IKE Initiator: Start
Mode Started Aggressive Mode
negotiation (Phase
1)
360 Security Crypto Test Maintenance ERROR --- DES Test Failed Crypto DES test
Services failed
361 Security Crypto Test Maintenance ERROR --- DH Test Failed Crypto DH test failed
Services
362 Security Crypto Test Maintenance ERROR --- HMAC-MD5 Crypto Hmac-MD5
Services Test Failed test failed
363 Security Crypto Test Maintenance ERROR --- HMAC-SHA1 Crypto Hmac-Sha1
Services Test Failed test failed
364 Security Crypto Test Maintenance ERROR --- RSA Test Failed Crypto RSA test
Services failed
365 Security Crypto Test Maintenance ERROR --- SHA1 Test Crypto Sha1 test
Services Failed failed
366 Security Crypto Test Maintenance ERROR --- Hardware DES Crypto hardware
Services Test Failed DES test failed

SonicOS 6.5.4 Log Events Reference Guide


26
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
367 Security Crypto Test Maintenance ERROR --- Hardware 3DES Crypto hardware
Services Test Failed 3DES test failed
368 Security Crypto Test Maintenance ERROR --- Hardware Crypto hardware
Services DES-SHA Test DES with SHA test
Failed failed
369 Security Crypto Test Maintenance ERROR --- Hardware Crypto Hardware
Services 3DES-SHA Test 3DES with SHA test
Failed failed
371 VPN VPN Client User Activity INFO --- Client Policy VPN Client Policy
Provisioned Provisioning
372 VPN VPN IKE User Activity INFO --- IKE Initiator: IKE Initiator:
Accept Accepting IPsec
Proposal proposal (Phase 2)
373 VPN VPN IKE User Activity INFO --- IKE Responder: IKE Responder:
Aggressive Aggressive Mode
Mode complete (Phase 1)
Complete
375 Network PPTP Maintenance INFO --- Start Control PPTP Control
Connection Connection
Negotiation Negotiation Started
376 Network PPTP Maintenance INFO --- Start Session PPTP Session
Negotiation Negotiation Started
378 Network PPTP Maintenance INFO --- PPTP Control PPTP Control
Establish Connection
Established
379 Network PPTP Maintenance INFO --- PPTP Remote PPTP Tunnel
Disconnect Disconnect from
Tunnel Remote
380 Network PPTP Maintenance INFO --- PPTP Session PPTP Session
Success Established
381 Network PPTP Maintenance INFO --- PPTP Remote PPTP Session
Disconnect Disconnect from
Session Remote
382 Network PPTP Maintenance INFO --- PPP Start PPTP PPP
Negotiation Started
384 Network PPTP Maintenance INFO --- PPP Up PPTP PPP Session Up
385 Network PPTP Maintenance INFO --- PPP Down PPTP PPP Down
388 Network PPTP Maintenance INFO --- PPTP User PPTP Disconnect
Diconnect Initiated by the User
389 Network PPTP Maintenance INFO --- PPTP Traffic Disconnecting PPTP
Timeout Tunnel due to traffic
Timeout
390 Network PPTP Maintenance INFO --- PPTP User PPTP Connect
Connect Initiated by the User

SonicOS 6.5.4 Log Events Reference Guide


27
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
392 Network PPTP Maintenance INFO --- PPTP CHAP PPTP starting CHAP
Authentication Authentication
393 Network PPTP Maintenance INFO --- PPTP PAP PPTP starting PAP
Authentication Authentication
396 Network PPTP Maintenance INFO --- PPTP PPTP PAP
Authentication Authentication
ACK success.
398 Network PPTP Maintenance INFO --- PPTP PPP Link PPTP PPP Link Up
Up
399 Network PPTP Maintenance INFO --- PPTP PPP Link PPTP PPP Link down
Down
400 Network PPTP Maintenance INFO --- PPTP PPP Link PPTP PPP Link
Finish Finished
401 VPN VPN IKE User Activity WARNING --- No Proposal Received notify.
Chosen NO_PROPOSAL_CHO
SEN
402 VPN VPN IKE User Activity WARNING --- Proposal IKE Responder: IKE
Rejected proposal does not
match (Phase 1)
403 VPN VPN IKE User Activity INFO --- Negotiation IKE negotiation
Aborted aborted due to
Timeout
404 VPN VPN IKE User Activity WARNING --- Decryption Failed payload
Failed: Key verification after
Mismatch decryption; possible
preshared key
mismatch
405 VPN VPN IKE User Activity WARNING --- Payload Failed payload
Validation validation
Failed
406 VPN VPN IKE User Activity WARNING --- Duplicate Received packet
Packet retransmission. Drop
Dropped duplicate packet
408 Security Anti-Virus Maintenance INFO --- AV License Anti-Virus Licenses
Services Exceeded Exceeded
409 VPN VPN IKE User Activity WARNING --- Authentication Received notify:
Failed ISAKMP_AUTH_FAIL
ED
410 VPN VPN IKE User Activity WARNING --- Hash Failed Computed hash
does not match hash
received from peer;
preshared key
mismatch
411 VPN VPN IKE User Activity WARNING --- Notification on Received notify:
Malformed PAYLOAD_MALFOR
Payload MED

SonicOS 6.5.4 Log Events Reference Guide


28
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
412 VPN VPN IKE User Activity INFO --- Receive IPsec Received IPsec SA
Delete Request delete request
413 VPN VPN IKE User Activity INFO --- Receive IKE Received IKE SA
Delete Request delete request
414 VPN VPN IKE User Activity INFO --- Invalid Cookies Received notify:
INVALID_COOKIES
415 VPN VPN IKE User Activity INFO --- Notification on Received notify:
Responder RESPONDER_LIFETI
Lifetime ME
416 VPN VPN IKE User Activity INFO --- Notification on Received notify:
Invalid SPI INVALID_SPI
419 Network RIP Maintenance INFO 8401 LAN RIP Disable RIP disabled on
interface %s
420 Network RIP Maintenance INFO 8402 LAN RIPv1 RIPv1 enabled on
Enable interface %s
421 Network RIP Maintenance INFO 8403 LAN RIPv2 RIPv2 enabled on
Enable interface %s
422 Network RIP Maintenance INFO 8404 LAN RIPv2c RIPv2 compatibility
Enable (broadcast) mode
enabled on interface
%s
427 VPN VPN IPsec VPN Tunnel INFO 801 IPsec Tunnel IPsec Tunnel status
Status Status Changed changed
428 Firewall Advanced Debug WARNING --- Drop Source Source routed IP
Settings Route Packet packet dropped
429 Network PPTP Maintenance INFO --- PPTP No response from
Disconnect server to Echo
Echo Request Requests,
disconnecting PPTP
Tunnel
430 Network PPTP Maintenance INFO --- PPTP No response from
Disconnect PPTP server to
Control control connection
Connection requests
Request
431 Network PPTP Maintenance INFO --- PPTP No response from
Disconnect PPTP server to call
Session requests
Request
432 Network PPTP Maintenance INFO --- PPTP PPTP server rejected
Disconnect control connection
Control
Connection
Reject

SonicOS 6.5.4 Log Events Reference Guide


29
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
433 Network PPTP Maintenance INFO --- PPTP PPTP server rejected
Disconnect the call request
Session Reject
434 Network Failover and User Activity INFO --- Manual PPP Dial-Up: Trying
Load Balancing Alternate to failover but
Profile Alternate Profile is
manual
435 Network Failover and System Error ALERT 652 WLB Failback WLB Failback
Load Balancing initiated by %s
436 Network Failover and System Error ALERT 638 WLB Probe Probing succeeded
Load Balancing Success on %s
437 Security E-mail Filtering Attack ERROR 550 E-mail E-Mail fragment
Services Fragment dropped
Dropped
438 Users Authentication User Activity INFO --- User Login Locked-out user
Access Lockout logins allowed -
Expired lockout period
expired
439 Users Authentication User Activity INFO --- User Login Locked-out user
Access Lockout Clear logins allowed by %s
440 Firewall Access Rules User Activity INFO --- Rule Added Access rule added
441 Firewall Access Rules User Activity INFO --- Rule Modified Access rule viewed
or modified
442 Firewall Access Rules User Activity INFO --- Rule Deleted Access rule deleted
444 Network PPTP Maintenance INFO --- PPTP Server PPTP Server is not
Down responding, check if
the server is UP and
running.
445 VPN VPN IKE User Activity INFO --- IKE Initiator: IKE Initiator:
Peer Lifetime Accepting peer
Accept lifetime. (Phase 1)
446 Firewall FTP Attack ERROR 551 FTP Passive FTP: PASV response
Settings Attack spoof attack
dropped
448 VPN VPN PKI Maintenance ERROR --- PKI Output PKI Failure: Output
Buffer Failure buffer too small
449 VPN VPN PKI Maintenance ERROR --- PKI Allocate PKI Failure: Cannot
Memory alloc memory
Failure
450 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Failure: Reached
Failure the limit for local
certs, cant load any
more
451 VPN VPN PKI Maintenance ERROR --- PKI Import PKI Failure: Import
Failure failed

SonicOS 6.5.4 Log Events Reference Guide


30
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
452 VPN VPN PKI Maintenance ERROR --- PKI Bad PKI Failure: Incorrect
Password admin password
453 VPN VPN PKI Maintenance ERROR --- PKI CA PKI Failure: CA
Certificate certificates store
Failure exceeded. Cannot
verify this Local
Certificate
454 VPN VPN PKI Maintenance ERROR --- PKI Import File PKI Failure:
Format Failure Improper file
format. Please select
PKCS#12 (*.p12) file
455 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Failure:
ID Failure Certificate's ID does
not match this
Network Security
Appliance
456 VPN VPN PKI Maintenance ERROR --- PKI Key PKI Failure:
Mismatch public-private key
mismatch
457 VPN VPN PKI Maintenance ERROR --- PKI Local PKI Failure:
Certificate Duplicate local
Name certificate name
Duplicate
458 VPN VPN PKI Maintenance ERROR --- PKI Local PKI Failure:
Certificate Duplicate local
Duplicate certificate
459 VPN VPN PKI Maintenance ERROR --- PKI No PKI Failure: No CA
Certificate certificates yet
loaded
460 VPN VPN PKI Maintenance ERROR --- PKI Internal PKI Failure: Internal
Error error
461 VPN VPN PKI Maintenance ERROR --- PKI No PKI Failure:
Resource Temporary memory
shortage, try again
462 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Failure: The
Chain Circular certificate chain is
circular
463 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Failure: The
Chain certificate chain is
Incomplete incomplete
464 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Failure: The
Chain No Root certificate chain has
no root
465 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Failure:
Expire Certificate
expiration

SonicOS 6.5.4 Log Events Reference Guide


31
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
466 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Failure: The
Invalid certificate or a
certificate in the
chain has a validity
period in the future
467 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Failure: The
Corrupt certificate or a
certificate in the
chain is corrupt
468 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Failure: The
Bad Signature certificate or a
certificate in the
chain has a bad
signature
469 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Failure: Loaded
Not Verified but could not verify
certificate
470 VPN VPN PKI Maintenance ERROR --- PKI Certificate PKI Warning: Loaded
Chain Not the certificate but
Verified could not verify its
chain
473 VPN DHCP Relay Debug INFO --- Remote: DHCP DHCP REQUEST
Request received from
remote device
474 VPN DHCP Relay Debug INFO --- Remote: DHCP DHCP DISCOVER
Discover received from
remote device
476 VPN DHCP Relay Debug INFO --- Server: DHCP DHCP OFFER
Offer received from server
477 VPN DHCP Relay Debug INFO --- Server: DHCP DHCP NACK received
Nack from server
481 3G/4G, PPP Dial-Up Maintenance INFO --- PPP No Peer IP PPP Dial-Up: No
Modem, peer IP address from
and Dial-Up ISP, local and
Module remote IPs will be
the same
482 Security Anti-Virus Maintenance WARNING 552 AV Expiration Received AV Alert:
Services Warning Your Network
Anti-Virus
subscription will
expire in 7 days. %s
483 VPN VPN IPsec User Activity WARNING --- Invalid ID Received notify:
INVALID_ID_INFO

SonicOS 6.5.4 Log Events Reference Guide


32
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
484 VPN DHCP Relay Maintenance WARNING --- DHCP Release DHCP lease
Drop dropped. Lease
from Central
Gateway conflicts
with Remote
Management IP
486 Users Authentication User Activity INFO --- WLAN User User login denied -
Access Login Deny User has no
privileges for guest
service
488 Wireless Wireless Access TCP | UDP | WARNING --- Guest Check Packet dropped by
ICMP guest check
491 Security E-mail Filtering Maintenance WARNING 564 E-mail Filtering Received E-Mail
Services Expiration Filter Alert: Your
Warning E-Mail Filtering
subscription will
expire in 7 days.
492 Security E-mail Filtering Maintenance WARNING 565 E-mail Filtering Received E-Mail
Services Expiration Filter Alert: Your
Message E-Mail Filtering
subscription has
expired.
493 Network Interfaces Maintenance INFO --- ISDN Update ISDN Driver
Firmware
successfully updated
494 VPN VPN Client System Error INFO 658 GVC License Global VPN Client
Exceed License Exceeded:
Connection denied.
496 Security General Maintenance WARNING --- DEA Registration Update
Services Registration Needed, Please
restore your existing
security service
subscriptions.
502 Network Interfaces Maintenance INFO --- WAN Not WAN not ready
Ready
505 VPN VPN Client System Error ERROR 660 Blocked Quick Blocked Quick Mode
Mode With for Client using
Default Key ID Default KeyId
506 Users Authentication Maintenance INFO --- VPN Disabled VPN disabled by
Access administrator
507 Users Authentication Maintenance INFO --- VPN Enabled VPN enabled by
Access administrator
508 Users Authentication Maintenance INFO --- WLAN Disabled WLAN disabled by
Access administrator
509 Users Authentication Maintenance INFO --- WLAN Enabled WLAN enabled by
Access administrator

SonicOS 6.5.4 Log Events Reference Guide


33
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
518 Wireless WLAN 802.11b INFO --- WLAN 802.11 802.11 Management
Management Management
520 Users Authentication User Activity INFO --- Admin Logout CLI administrator
Access From CLI logged out
521 System Status Maintenance INFO --- Initializing Network Security
Appliance initializing
522 Network IP Debug INFO 554 Malformed IP Malformed or
Packet unhandled IP packet
dropped
523 Network ICMP ICMP NOTICE --- No Match ICMP ICMP packet
Drop dropped no match
524 Network Network Access TCP NOTICE --- Web Request Web access Request
Drop dropped
526 Network Network Access User Activity NOTICE --- Web Request Web management
Receiver request allowed
527 Firewall FTP Attack ALERT 555 FTP Port FTP: PORT bounce
Settings Bounce Attack attack dropped.
528 Firewall FTP Attack ALERT 556 FTP Passive FTP: PASV response
Settings Bounce Attack bounce attack
dropped.
529 VPN VPN Client System Error INFO 643 GVC Not Global VPN Client
Authorized connection is not
allowed. Appliance
is not registered.
533 VPN VPN IPsec TCP | UDP | NOTICE --- ESP Drop IPsec (ESP) packet
ICMP dropped
534 VPN VPN IPsec TCP | UDP | NOTICE --- AH Drop IPsec (AH) packet
ICMP dropped
535 VPN VPN IPsec Debug DEBUG --- ESP Connection IPsec (ESP) packet
Drop dropped; waiting for
pending IPsec
connection
537 Network Network Access Connection INFO --- Connection Connection Closed
Traffic Closed
538 Firewall FTP Attack ALERT 557 FTP Data Port FTP: Data
Settings connection from
non default port
dropped
542 3G/4G, PPP Dial-Up User Activity INFO --- Duration PPP Dial-Up:
Modem, Previous session was
and connected for %s
Module
543 VPN VPN IKE User Activity INFO --- Negotiation on IKE Initiator: Using
Second GW secondary gateway
to negotiate

SonicOS 6.5.4 Log Events Reference Guide


34
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
544 VPN VPN IKE User Activity INFO --- Initiator: IKE Initiator drop:
Bound Scope VPN tunnel end
Mismatch point does not
match configured
VPN Policy Bound to
scope
545 VPN VPN IKE User Activity INFO --- Responder: IKE Responder drop:
Bound Scope VPN tunnel end
Mismatch point does not
match configured
VPN Policy Bound to
scope
546 Wireless WLAN IDS WLAN IDS ALERT 901 Rogue AP or Found Rogue or
MitM AP Found MitM Access Point
548 Wireless WLAN IDS WLAN IDS ALERT 903 WLAN Association Flood
Association from WLAN station
Flood
549 Users Authentication User Activity INFO --- WLAN Guest User login failed -
Access Limit Guest service limit
reached
550 Users Authentication User Activity INFO --- WLAN Session User Session Quota
Access Timeout Expired
551 Users Authentication User Activity INFO --- WLAN Account Guest Account
Access Timeout Timeout
557 Users Authentication User Activity INFO --- WLAN Guest Guest login denied.
Access Already Login Guest '%s' is already
logged in. Please try
again later.
558 Users Authentication User Activity INFO --- WLAN Guest Guest account '%s'
Access Create created
559 Users Authentication User Activity INFO --- WLAN Guest Guest account '%s'
Access Delete deleted
560 Users Authentication User Activity INFO --- WLAN Guest Guest account '%s'
Access Disable disabled
561 Users Authentication User Activity INFO --- WLAN Guest Guest account '%s'
Access Re-enable re-enabled
562 Users Authentication User Activity INFO --- WLAN Guest Guest account '%s'
Access Prune pruned
564 Users Authentication User Activity INFO --- WLAN Idle Guest Idle Timeout
Access Timeout
565 Network Interfaces System Error ALERT 646 Multi-Interface Interface %s Link Is
Link Up Up
566 Network Interfaces System Error ALERT 647 Multi-Interface Interface %s Link Is
Link Down Down

SonicOS 6.5.4 Log Events Reference Guide


35
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
567 Network Interfaces Maintenance INFO --- Multi-Interface Interface IP
Shutdown Assignment
changed: Shutting
down %s
568 Network Interfaces Maintenance INFO --- Multi-Interface Interface IP
Bind Initiate Assignment : Binding
and initializing %s
569 Network Interfaces Maintenance INFO --- Network Network for
Overlap interface %s
overlaps with
another interface.
570 Network Interfaces Maintenance INFO --- Invalid Please connect
Network interface %s to
another network to
function properly
573 System Settings System Error WARNING 649 Preferences The preferences file
Too Big is too large to be
saved in available
flash memory
574 System Settings System Error WARNING 650 Preferences All preference values
Defaulted have been set to
factory default
values
575 System Hardware System ERROR 101 Voltages Out of Voltages Out of
Environment Tolerance Tolerance
576 System Hardware System ALERT 102 Fan Failure Fan Failure
Environment
577 System Hardware System ALERT 103 Thermal Yellow Thermal Yellow
Environment
578 System Hardware System ALERT 104 Thermal Red Thermal Red
Environment
579 System Hardware System ALERT 105 Thermal Red Thermal Red Timer
Environment Timer Exceeded
Exceeded
580 Network TCP Attack ALERT 558 TCP SYN/FIN TCP SYN/FIN packet
Packet Drop dropped
581 Network Failover and Maintenance WARNING --- WLB Spill-Over WLB Spill-over
Load Balancing Start started, configured
threshold exceeded
582 Network Failover and Maintenance WARNING --- WLB Spill-Over WLB Spill-over
Load Balancing Stop stopped
583 Users Authentication Attack ERROR 559 User Login User login disabled
Access Disable from %s
584 Network Failover and System Error ALERT 651 WLB Failover WLB Failover in
Load Balancing progress

SonicOS 6.5.4 Log Events Reference Guide


36
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
585 Network Failover and System Error ALERT 653 WLB Resource WLB Resource is
Load Balancing Available now available
586 Network Failover and System Error ALERT 654 WLB Resource WLB Resource failed
Load Balancing Failed
587 VPN VPN IKE User Activity WARNING --- Header Header verification
Verification failed
Failed
588 Network DHCP Client Maintenance INFO --- Offer Error Received DHCP offer
packet has errors
589 Network DHCP Client Maintenance INFO --- Request Received response
Response Error packet for DHCP
request has errors
590 Network Network Access LAN UDP | NOTICE --- LAN IP Deny IP type %s packet
LAN TCP dropped
591 3G/4G, PPP Dial-Up Attack ERROR 566 Max Failed Maximum
Modem, Dials sequential failed dial
and attempts (10) to a
Module single dial-up
number: %s
592 3G/4G, PPP Dial-Up Attack ERROR 567 30 Mins Dial Regulatory
Modem, Delay requirements
and prohibit %s from
Module being re-dialed for
30 minutes
593 Network PPPoE Maintenance INFO --- Receive PAD Received PPPoE
Offer Active Discovery
Offer
594 Network PPPoE Maintenance INFO --- Receive PAD Received PPPoE
Conffirm Active Discovery
Session_confirmatio
n
595 Network PPPoE Maintenance INFO --- Sending PADR Sending PPPoE
Active Discovery
Request
596 Network PPTP Debug DEBUG --- Decode Failure PPTP decode failure
597 Network ICMP Debug INFO --- ICMP Allow ICMP packet allowed
598 Network ICMP Debug INFO --- LAN ICMP ICMP packet from
Allow LAN allowed
599 System Restart System Error ERROR 655 Stack Margin Diagnostic Code G
Reboot
600 System Restart System Error ERROR 656 Delete Reboot Diagnostic Code H
601 System Restart System Error ERROR 657 Delete Stack Diagnostic Code I
Reboot
602 Network DNS Debug INFO --- DNS Allow DNS packet allowed

SonicOS 6.5.4 Log Events Reference Guide


37
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
603 VPN L2TP Server System Error ERROR 661 Problem Adding L2TP IP pool
Adding L2TP IP Address object
Pool Failed.
605 VPN VPN IKE User Activity WARNING --- Received Received
Unencrypted unencrypted packet
Packet in crypto active state
606 Security Attacks Attack ALERT 568 Spank Attack Spank attack
Services multicast packet
dropped
607 VPN VPN IKE Debug | UDP INFO --- ISAKMP Packet Received ISAKMP
on Wrong Port packet destined to
port %s
608 Security IPS Attack ALERT 569 IPS Detection IPS Detection Alert:
Services Alert %s
609 Security IPS Attack ALERT 570 IPS Prevention IPS Prevention Alert:
Services Alert %s
610 Security Crypto Test Maintenance ERROR --- Hardware AES Crypto Hardware
Services Test Failed AES test failed
614 Security General Maintenance WARNING 571 IDP Expiration Received IPS Alert:
Services Message Your Intrusion
Prevention (IDP)
subscription has
expired.
615 Wireless WLAN IDS WLAN IDS WARNING 904 WLAN Probe WLAN client null
Check probing
616 VPN VPN IKE Debug ERROR --- Detail Error Log Payload processing
failed
617 Wireless WLAN Maintenance INFO --- WLAN Mode WLAN not in AP
Not With DHCP mode, DHCP server
will not provide
lease to clients on
WLAN
618 Network BOOTP Debug DEBUG --- Response to BOOTP server
Remote Device response relayed to
remote device
619 Network BOOTP Maintenance INFO --- Reply IP BOOTP Client IP
Conflict address on LAN
conflicts with
remote device IP,
deleting IP address
from remote table
620 Network BOOTP Maintenance INFO --- Response to BOOTP reply relayed
Local Device to local device
622 VoIP Call VoIP INFO --- Call Connect VoIP Call Connected
623 VoIP Call VoIP INFO --- Call Disconnect VoIP Call
Disconnected

SonicOS 6.5.4 Log Events Reference Guide


38
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
624 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS
Admission Admission Reject
Reject
625 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS
Admission Admission Confirm
Confirm
626 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS
Admission Admission Request
Request
627 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS
Bandwidth Bandwidth Reject
Reject
628 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS
Disengage Disengage Confirm
Confirm
629 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS
Gatekeeper Gatekeeper Reject
Reject
630 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS Location
Location Confirm
Confirm
631 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS Location
Location Reject Reject
632 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS
Registration Registration Reject
Reject
633 VoIP H.323 VoIP DEBUG --- H.323/H.225 H.323/H.225 Setup
Setup
634 VoIP H.323 VoIP DEBUG --- H.323/H.225 H.323/H.225
Connect Connect
635 VoIP H.323 VoIP DEBUG --- H.323/H.245 H.323/H.245
Address Address
636 VoIP H.323 VoIP DEBUG --- H.323/H.245 H.323/H.245 End
End Session Session
637 VoIP SIP VoIP DEBUG --- Endpoint VoIP %s Endpoint
Added added
638 VoIP SIP VoIP DEBUG --- Endpoint VoIP %s Endpoint
Removed removed
639 VoIP SIP VoIP WARNING --- Endpoint Deny VoIP %s Endpoint
not added -
configured 'public'
endpoint limit
reached

SonicOS 6.5.4 Log Events Reference Guide


39
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
640 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS Unknown
Unknown Message Response
Message
Response
641 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS
Disengage Disengage Reject
Reject
642 VoIP H.323 VoIP DEBUG --- H.323/RAS H.323/RAS
Unregistration Unregistration
Reject Reject
643 VoIP SIP VoIP DEBUG --- SIP Request SIP Request
644 VoIP SIP VoIP DEBUG --- SIP Response SIP Response
645 VoIP SIP VoIP WARNING --- SIP Register SIP Register
Expire expiration exceeds
configured Signaling
inactivity time out
646 Firewall Access Rules System Error ALERT 5238 Source IP Packet dropped;
Connection connection limit for
Limit this source IP
address has been
reached
647 Firewall Access Rules System Error ALERT 5239 Destination IP Packet dropped;
Connection connection limit for
Limit this destination IP
address has been
reached
648 VPN VPN IPsec Attack ERROR 572 Illegal Packet destination
Destination not in VPN Access
list
651 Network IPcomp Debug DEBUG --- IPcomp IPcomp connection
Interrupt Error interrupt
652 Network IPcomp TCP | UDP | NOTICE --- IPcomp Packet IPcomp packet
ICMP Drop dropped
653 Network IPcomp Debug DEBUG --- IPcomp Packet IPcomp packet
Drop, Waiting dropped; waiting for
pending IPcomp
connection
654 Log General System Error CRITICAL --- Maximum Maximum events
Events Rate per second
Exceeded threshold exceeded:
%s
655 Log Syslog System Error CRITICAL --- Maximum Maximum syslog
Syslog Data data per second
Rate Exceeded threshold exceeded:
%s

SonicOS 6.5.4 Log Events Reference Guide


40
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
656 Log E-mail System Error WARNING --- POP-Before-SM SMTP
TP POP-Before-SMTP
Authentication authentication failed
Failed
657 Log Syslog Maintenance INFO --- Syslog Server Syslog Server cannot
Unreachable be reached
658 VPN VPN IKE System Error WARNING --- Responder: IKE IKE Responder:
ID mismatch Proposed IKE ID
mismatch
659 VPN VPN Client System Error ERROR --- Responder: IKE Responder: IP
Duplicate Entry Address already
in Relay Table exists in the DHCP
relay table. Client
traffic not allowed.
660 VPN VPN Client System Error ERROR --- Responder: IKE Responder: %s
Static IP Not Policy does not allow
Allowed static IP for Virtual
Adapter.
661 VPN VPN IKE User Activity ERROR --- Invalid Payload Received notify:
INVALID_PAYLOAD
662 Wireless SonicPoint Attack ERROR 6434 Non SonicPoint Drop WLAN traffic
Traffic Drop from non-SonicPoint
devices
665 3G/4G, PPP Dial-Up --- INFO --- Dialing Not PPP Dial-Up: Dialing
Modem, Allowed not allowed by
and schedule. %s
Module
666 3G/4G, PPP Dial-Up --- INFO --- Scheduled PPP Dial-Up:
Modem, Disconnect Connection
and disconnected as
Module scheduled.
667 Wireless SonicPoint SonicPoint INFO 10401 SonicPoint SonicPoint Status
Status
668 High State Maintenance INFO --- HA Peer HA Peer Firewall
Availability Firewall Reboot Rebooted
669 High State System Error ERROR 663 Error Error Rebooting HA
Availability Rebooting HA Peer Firewall
Peer Firewall
670 High General System Error ERROR 664 HA License License of HA pair
Availability Error doesn't match: %s
671 High State System Error ERROR 665 Reboot Signal Primary received
Availability From reboot signal from
Secondary Secondary
672 High State System Error ERROR 666 Reboot Signal Secondary received
Availability From Primary reboot signal from
Primary

SonicOS 6.5.4 Log Events Reference Guide


41
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
674 High Monitoring System Error INFO --- Probe Success Success to reach
Availability Interface %s probe
675 High Monitoring System Error ERROR 6234 Probe Failed Failure to reach
Availability Interface %s probe
676 Firewall Multicast --- INFO --- IGMPv2 Client IGMP V2 client
Settings Joined joined multicast
Multicast Group : %s
Group
677 Firewall Multicast --- INFO --- IGMPv3 Client IGMP V3 client
Settings Joined joined multicast
Multicast Group : %s
Group
682 Firewall Multicast --- INFO --- IGMP Leave IGMP Leave group
Settings Group Message message Received
on interface %s
683 Firewall Multicast --- NOTICE --- Wrong IGMP IGMP packet
Settings Checksum dropped, wrong
checksum received
on interface %s
690 Firewall Multicast --- NOTICE --- UDP Packet Multicast UDP
Settings Drop packet dropped, no
state entry
694 Firewall Multicast --- WARNING --- RTP Stateful Multicast UDP
Settings Failed packet dropped, RTP
stateful failed
701 Firewall Multicast --- DEBUG --- IGMP Router IGMP querier Router
Settings Detected detected on
interface %s
706 Network Network --- ALERT 14005 Host Down Network Monitor:
Monitor Host %s is offline
707 Network Network --- ALERT 14006 Host Up Network Monitor:
Monitor Host %s is online
708 Network TCP Debug DEBUG --- TCP Invalid SEQ TCP packet received
Number with invalid SEQ
number; TCP packet
dropped
709 Network TCP Debug DEBUG --- TCP Invalid ACK TCP packet received
Number with invalid ACK
number; TCP packet
dropped
712 Network TCP Debug DEBUG --- TCP TCP connection
Connection reject received; TCP
Reject connection dropped
713 Network TCP Debug DEBUG --- TCP TCP connection
Connection abort received; TCP
Abort connection dropped

SonicOS 6.5.4 Log Events Reference Guide


42
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
714 Network Network Access Debug NOTICE --- EIGRP Packet EIGRP packet
Drop dropped
719 VPN VPN IPsec System Error ERROR --- Bad SA Count VPN policy count
received exceeds the
limit; %s
720 Network PPPoE Maintenance INFO --- Send LCP Echo Sending LCP Echo
Request Request
721 Network PPPoE Maintenance INFO --- Receive LCP Received LCP Echo
Echo Request Request
722 Network PPPoE Maintenance INFO --- Send LCP Echo Sending LCP Echo
Reply Reply
723 Network PPPoE Maintenance INFO --- Receive LCP Received LCP Echo
Echo Reply Reply
724 Wireless Wireless Access --- INFO --- Guest Services Guest Services drop
Deny Network traffic to deny
network
725 Wireless Wireless Access --- INFO --- Guest Services Guest Services pass
Allow Network traffic to access
allow network
726 Wireless Wireless Access --- INFO --- WLAN Max WLAN max
User Reached concurrent users
reached already
727 Wireless SonicPoint SonicPoint INFO 10402 SonicPoint SonicPoint Provision
Provision
728 Users Authentication Maintenance INFO --- WLAN Disable WLAN disabled by
Access By Schedule schedule
729 Users Authentication Maintenance INFO --- WLAN Enabled WLAN enabled by
Access By Schedule schedule
732 Wireless WLAN TCP | UDP | WARNING --- WLAN SSL VPN Packet dropped by
ICMP Enforcement WLAN SSL VPN
Check Drop enforcement check
733 SSL VPN General Maintenance INFO --- SSL VPN SSL VPN
Enforcement enforcement
734 Firewall Access Rules --- INFO --- Source Source IP address
Connection connection status:
Status %s
735 Firewall Access Rules --- INFO --- Destination Destination IP
Connection address connection
Status status: %s
737 Log E-mail System Error WARNING --- SMTP SMTP
Authentication authentication
Failed problem:%s
738 Network PPPoE Maintenance INFO --- Session PPPoE Client:
Duration Previous session was
connected for %s

SonicOS 6.5.4 Log Events Reference Guide


43
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
744 Users Radius User Activity WARNING --- RADIUS User login denied -
Authentication Communicatio RADIUS
n Problem communication
problem
745 Users Radius User Activity INFO --- LDAP User login denied -
Authentication Authentication LDAP authentication
Failure failure
746 Users Radius User Activity WARNING --- LDAP Server User login denied -
Authentication Timeout LDAP server Timeout
747 Users Radius User Activity WARNING --- LDAP Server User login denied -
Authentication Error LDAP server down or
misconfigured
748 Users Radius User Activity WARNING --- LDAP User login denied -
Authentication Communicatio LDAP
n Problem communication
problem
749 Users Radius User Activity WARNING --- LDAP Server User login denied -
Authentication Invalid invalid credentials
Credential on LDAP server
750 Users Radius User Activity WARNING --- LDAP Server User login denied -
Authentication Insufficient insufficient access
Access on LDAP server
751 Users Radius User Activity WARNING --- LDAP Schema User login denied -
Authentication Mismatch LDAP schema
mismatch
752 Users Radius User Activity WARNING --- LDAP Server Allowed LDAP server
Authentication Certificate certificate with
With Wrong wrong host name
Name
753 Users Radius User Activity WARNING --- LDAP Server User login denied -
Authentication Name LDAP server name
Resolution resolution failed
Failed
754 Users Radius User Activity WARNING --- RADIUS Server User login denied -
Authentication Name RADIUS server name
Resolution resolution failed
Failed
755 Users Radius User Activity WARNING --- LDAP Server User login denied -
Authentication Certificate LDAP server
Invalid certificate not valid
756 Users Radius User Activity WARNING --- LDAP TLS or User login denied -
Authentication Local Error TLS or local
certificate problem
757 Users Radius User Activity WARNING --- LDAP Directory User login denied -
Authentication Mismatch LDAP directory
mismatch

SonicOS 6.5.4 Log Events Reference Guide


44
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
758 Users Radius User Activity WARNING --- LDAP Server LDAP server does
Authentication Not Allowing not allow CHAP
CHAP
759 Users Authentication User Activity INFO --- User Already User login denied -
Access Logged-In user already logged
in
760 Network TCP --- NOTICE --- TCP Handshake TCP handshake
Violation violation detected;
Detected TCP connection
dropped
766 Security General Maintenance WARNING 8628 Synchronize Failed to synchronize
Services License Failed license information
with Licensing
Server. %s
773 Network Dynamic DNS System Error ERROR --- DDNS Abuse DDNS Failure:
Provider %s
774 Network Dynamic DNS System Error ERROR --- DDNS Invalid DDNS Failure:
Provider %s
776 Network Dynamic DNS Maintenance INFO --- DDNS Update DDNS Update
Success success for domain
%s
777 Network Dynamic DNS System Error WARNING --- DDNS Warning DDNS Warning:
Provider %s
778 Network Dynamic DNS Maintenance INFO --- DDNS Taken DDNS association %s
Offline taken Offline locally
779 Network Dynamic DNS Maintenance INFO --- DDNS Added DDNS association %s
added
780 Network Dynamic DNS Maintenance INFO --- DDNS DDNS association
Association %s enabled
Enable
781 Network Dynamic DNS Maintenance INFO --- DDNS DDNS association
Association %s disabled
Disable
782 Network Dynamic DNS Maintenance INFO --- DDNS DDNS Association
Association %s put on line
On-line
783 Network Dynamic DNS Maintenance INFO --- Deleted All All DDNS
DDNS associations have
Association been deleted
785 Network Dynamic DNS Maintenance INFO --- Delete DDNS DDNS association %s
Association deleted
786 Network Dynamic DNS --- INFO --- DDNS Updating DDNS association %s
updated
789 Security IDP Attack ALERT 6435 IDP Detection IDP Detection Alert:
Services Alert %s

SonicOS 6.5.4 Log Events Reference Guide


45
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
790 Security IDP Attack ALERT 6436 IDP Prevention IDP Prevention
Services Alert Alert: %s
791 Security DPI-SSL --- INFO --- DPI-SSL DPI-SSL: %s
Services
793 Firewall Application User Activity ALERT 13201 Application Application Firewall
Firewall Firewall Alert Alert: %s
794 Security Anti-Spyware Attack ALERT 6437 Anti-Spyware Anti-Spyware
Services Prevention Prevention Alert: %s
Alert
795 Security Anti-Spyware Attack ALERT 6438 Anti-Spyware Anti-Spyware
Services Detection Alert Detection Alert: %s
796 Security Anti-Spyware Maintenance WARNING 8631 Anti-Spyware Anti-Spyware
Services Service Expired Service Expired
797 Security RBL Filter --- NOTICE --- Outbound Outbound
Services Connection connection to
Drop RBL-listed SMTP
server dropped
798 Security RBL Filter --- NOTICE --- Inbound Inbound connection
Services Connection from RBL-listed
Drop SMTP server
dropped
799 Security RBL Filter --- NOTICE --- SMTP Server SMTP server found
Services on RBL Blacklist on RBL blacklist
800 Security RBL Filter --- ERROR --- No Valid DNS No valid DNS server
Services Server on RBL specified for RBL
lookups
805 System GMS --- INFO --- Interface Interface statistics
Statistics report
Report
806 System GMS --- INFO --- SonicPoint SonicPoint statistics
Statistics report
Report
809 Security GAV Attack ALERT 8632 AV Gateway Gateway Anti-Virus
Services Alert Alert: %s
810 Security GAV Maintenance WARNING 8633 AV Gateway Gateway Anti-Virus
Services Service Expire Service expired
811 3G/4G, PPP Dial-Up Maintenance INFO --- Invalid DNS PPP Dial-Up: Invalid
Modem, Server DNS IP address
and returned from
Module Dial-Up ISP;
overriding using
dial-up profile
settings
815 Network ARP --- WARNING --- Too Many Too many gratuitous
Gratuitous ARPs detected
ARPs Detected

SonicOS 6.5.4 Log Events Reference Guide


46
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
817 Users Authentication User Activity INFO --- Remote Dialup Incoming call
Access Received received for
Remotely Triggered
Dial-out session
818 Users Authentication User Activity INFO --- Remote Dialup Remotely Triggered
Access Authentication Dial-out session
Request started. Requesting
authentication
819 Users Authentication User Activity INFO --- Remote Dialup Incorrect
Access Authentication authentication
Password Error received for
Remotely Triggered
Dial-out
820 Users Authentication User Activity INFO --- Remote Dialup Successful
Access Authentication authentication
Password Valid received for
Remotely Triggered
Dial-out
821 Users Authentication User Activity INFO --- Remote Dialup Authentication
Access Authentication Timeout during
Password Remotely Triggered
Timeout Dial-out session
822 Users Authentication User Activity INFO --- Remote Dialup Remotely Triggered
Access Abort For Data Dial-out session
ended. Valid WAN
bound data found.
Normal dial-up
sequence will
commence
824 High General System Error ERROR --- License Expire Secondary shut
Availability to Shutdown down because
Secondary license is expired
825 High State System Error INFO --- Secondary Secondary active
Availability Active
826 High State --- ERROR --- HA Error %s
Availability
829 High State --- ALERT --- HA Alert %s
Availability
830 High State --- NOTICE --- HA Notice %s
Availability
832 Network DHCP Server --- INFO --- DHCP Scopes DHCP Scopes altered
Altered automatically due to
change in network
settings for interface
%s

SonicOS 6.5.4 Log Events Reference Guide


47
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
833 Network DHCP Server System Error WARNING --- DHCP Lease DHCP lease file in
File Corrupt the storage is
corrupted; read
failed
834 Network DHCP Server System Error WARNING --- Failed to Write Failed to write DHCP
DHCP Leases to leases to storage
Storage
835 Network DHCP Server Maintenance INFO --- DHCP Leases DHCP leases written
Written to to storage
Storage
840 Network Advanced --- INFO --- ARS Info %s
Routing
841 Network Advanced --- NOTICE --- ARS Warning %s
Routing
842 Network Advanced --- DEBUG --- ARS Debug %s
Routing
843 Network Advanced --- INFO --- OSPF Info %s
Routing
844 Network Advanced --- DEBUG --- OSPF Debug %s
Routing
845 Network Advanced --- INFO --- BGP Info %s
Routing
846 Network Advanced --- DEBUG --- BGP Debug %s
Routing
847 Network Interfaces Maintenance WARNING --- IP Address IP address conflict
Conflict detected from
Ethernet address %s
848 VPN VPN PKI User Activity INFO --- OCSP Send OCSP sending
Request request.
849 VPN VPN PKI User Activity ERROR --- OCSP Failed to OCSP send request
Send Request message failed.
850 VPN VPN PKI User Activity INFO --- OCSP Received OCSP received
Response response.
852 VPN VPN PKI User Activity INFO --- OCSP Resolved OCSP Resolved
Domain Name Domain Name.
853 VPN VPN PKI User Activity ERROR --- OCSP Failed to OCSP Failed to
Resolve Resolve Domain
Domain Name Name.
854 VPN VPN PKI User Activity ERROR --- OCSP Internal OCSP Internal error
Error handling received
response.
856 Firewall Flood Attack WARNING --- SYN Flood SYN Flood Mode
Settings Protection Watch Mode changed by user to:
Watch and report
possible SYN floods

SonicOS 6.5.4 Log Events Reference Guide


48
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
857 Firewall Flood Attack WARNING --- SYN Flood SYN Flood Mode
Settings Protection Trigger Mode changed by user to:
Watch and proxy
WAN connections
when under attack
858 Firewall Flood Attack WARNING --- SYN Flood SYN Flood Mode
Settings Protection Proxy Mode changed by user to:
Always proxy WAN
connections
859 Firewall Flood Attack ALERT --- SYN Flood Possible SYN flood
Settings Protection Proxy Trigger detected on WAN IF
Mode %s - switching to
connection-proxy
mode
860 Firewall Flood Attack ALERT --- SYN Flood Possible SYN Flood
Settings Protection Detected on IF %s
861 Firewall Flood Attack ALERT --- SYN Flood SYN flood ceased or
Settings Protection Proxy Mode flooding machines
Cancel blacklisted -
connection proxy
disabled
862 Firewall Flood Attack WARNING --- SYN Flood SYN Flood
Settings Protection Blacklist On blacklisting enabled
by user
863 Firewall Flood Attack WARNING --- SYN Flood SYN Flood
Settings Protection Blacklist Off blacklisting disabled
by user
864 Firewall Flood Attack ALERT --- SYN-Flooding SYN-Flooding
Settings Protection Machine machine %s
Blacklisted blacklisted
865 Firewall Flood Attack ALERT --- Machine Machine %s
Settings Protection removed from removed from SYN
SYN Flood flood blacklist
Blacklist
866 Firewall Flood Attack WARNING --- Possible SYN Possible SYN Flood
Settings Protection Flood on IF %s continues
Continues
867 Firewall Flood Attack ALERT --- Possible SYN Possible SYN Flood
Settings Protection Flood Ceased on IF %s has ceased
868 Firewall Flood Attack WARNING --- SYN Flood SYN Flood Blacklist
Settings Protection Blacklist on IF %s continues
Continues
869 Firewall Flood Attack DEBUG --- TCP SYN TCP SYN received
Settings Protection Receive

SonicOS 6.5.4 Log Events Reference Guide


49
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
872 Security General User Activity NOTICE --- Security %s
Services Service
Message
874 VPN VPN PKI User Activity ALERT --- CRL Expire CRL has expired
875 VPN VPN PKI User Activity ALERT --- Failed to Find Failed to find
Certificate certificate
876 VPN VPN PKI User Activity ALERT --- CRL Missing CRL missing - Issuer
requires CRL
checking.
877 VPN VPN PKI User Activity ALERT --- CRL Validation CRL validation
Error failure for Root
Certificate
878 VPN VPN PKI User Activity ALERT --- Can't Validate Cannot Validate
Issuer Path Issuer Path
879 Wireless RF Monitoring --- WARNING --- WLAN Radio WLAN radio
Frequency frequency threat
Threat detected
Detected
880 Network Dynamic Maintenance INFO --- Failed to Unable to resolve
Address Objects Resolve dynamic address
Dynamic object
Address Object
881 System Time --- NOTICE --- System Clock System clock
Manually manually updated
Updated
882 Network Network Access TCP DEBUG --- HTTP Drop HTTP method
detected; examining
stream for host
header
883 Firewall Checksum TCP|UDP NOTICE --- IP Checksum IP Header checksum
Settings Enforcement Error error; packet
dropped
884 Firewall Checksum TCP NOTICE --- TCP Checksum TCP checksum error;
Settings Enforcement Error packet dropped
885 Firewall Checksum UDP NOTICE --- UDP Checksum UDP checksum
Settings Enforcement Error error; packet
dropped
886 Firewall Checksum UDP NOTICE --- ICMP ICMP checksum
Settings Enforcement Checksum error; packet
Error dropped
887 Network TCP Debug DEBUG --- Invalid TCP TCP packet received
Header Length with invalid header
length; TCP packet
dropped

SonicOS 6.5.4 Log Events Reference Guide


50
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
888 Network TCP Debug DEBUG --- TCP TCP packet received
Connection on
Does Not Exist non-existent/closed
connection; TCP
packet dropped
889 Network TCP Debug DEBUG --- TCP Without TCP packet received
Mandatory SYN without mandatory
Flag SYN flag; TCP packet
dropped
890 Network TCP Debug DEBUG --- TCP Without TCP packet received
Mandatory without mandatory
ACK Flag ACK flag; TCP packet
dropped
891 Network TCP Debug DEBUG --- TCP Packet on TCP packet received
Closing on a closing
Connection connection; TCP
packet dropped
892 Network TCP Debug INFO --- SYN Flag on TCP packet received
Existing with SYN flag on an
Connection existing connection;
TCP packet dropped
893 Network TCP Debug DEBUG --- Invalid TCP TCP packet received
SACK Option with invalid SACK
Length option length; TCP
packet dropped
894 Network TCP Debug DEBUG --- Invalid TCP TCP packet received
MSS Option with invalid MSS
Length option length; TCP
packet dropped
895 Network TCP Debug DEBUG --- Invalid TCP TCP packet received
Option Length with invalid option
length; TCP packet
dropped
896 Network TCP Debug DEBUG --- Invalid TCP TCP packet received
Source Port with invalid source
port; TCP packet
dropped
897 Firewall Flood Attack INFO --- Invalid TCP SYN TCP packet received
Settings Protection Flood Cookie with invalid SYN
Flood cookie; TCP
packet dropped
898 Firewall Flood Attack ALERT --- RST-Flooding RST-Flooding
Settings Protection Machine machine %s
Blacklisted blacklisted
899 Firewall Flood Attack WARNING --- RST Flood RST Flood Blacklist
Settings Protection Blacklist on IF %s continues
Continues

SonicOS 6.5.4 Log Events Reference Guide


51
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
900 Firewall Flood Attack ALERT --- Machine Machine %s
Settings Protection Removed From removed from RST
RST Flood flood blacklist
Blacklist
901 Firewall Flood Attack ALERT --- FIN-Flooding FIN-Flooding
Settings Protection Machine machine %s
Blacklisted blacklisted
902 Firewall Flood Attack WARNING --- FIN Flood FIN Flood Blacklist
Settings Protection Blacklist on IF %s continues
Continues
903 Firewall Flood Attack ALERT --- Machine Machine %s
Settings Protection Removed From removed from FIN
FIN Flood flood blacklist
Blacklist
904 Firewall Flood Attack ALERT --- Possible RST Possible RST Flood
Settings Protection Flood on IF %s
905 Firewall Flood Attack ALERT --- Possible FIN Possible FIN Flood
Settings Protection Flood on IF %s
906 Firewall Flood Attack ALERT --- Possible RST Possible RST Flood
Settings Protection Flood Ceased on IF %s has ceased
907 Firewall Flood Attack ALERT --- Possible FIN Possible FIN Flood
Settings Protection Flood Ceased on IF %s has ceased
908 Firewall Flood Attack WARNING --- Possible RST Possible RST Flood
Settings Protection Flood on IF %s continues
Continues
909 Firewall Flood Attack WARNING --- Possible FIN Possible FIN Flood
Settings Protection Flood on IF %s continues
Continues
910 Network IP Debug WARNING --- IP TTL Expire Packet Dropped - IP
TTL expired
911 Network Dynamic Maintenance INFO --- Added Host Added host entry to
Address Objects Entry dynamic address
object
912 Network Dynamic Maintenance INFO --- Removed Host Removed host entry
Address Objects Entry from dynamic
address object
913 VPN VPN IKE User Activity WARNING --- Responder: IKE Responder:
Authentication Phase 1
Method Authentication
Mismatch Method does not
match
914 VPN VPN IKE User Activity WARNING --- Responder: IKE Responder:
Encryption Phase 1 encryption
Algorithm algorithm does not
Mismatch match

SonicOS 6.5.4 Log Events Reference Guide


52
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
915 VPN VPN IKE User Activity WARNING --- Responder: Key IKE Responder:
Length Phase 1 encryption
Mismatch algorithm keylength
does not match
916 VPN VPN IKE User Activity WARNING --- Responder: IKE Responder:
Hash Algorithm Phase 1 hash
Mismatch algorithm does not
match
917 VPN VPN IKE User Activity WARNING --- Responder: IKE Responder:
Policy Has no Phase 1 XAUTH
User Name required but Policy
has no user name
918 VPN VPN IKE User Activity WARNING --- Responder: IKE Responder:
Policy Has no Phase 1 XAUTH
Password required but Policy
has no user
password
919 VPN VPN IKE User Activity WARNING --- Responder: DH IKE Responder:
Group Phase 1 DH Group
Mismatch does not match
920 VPN VPN IKE User Activity WARNING --- Responder: AH IKE Responder: AH
Authentication authentication
Algorithm algorithm does not
Mismatch match
921 VPN VPN IKE User Activity WARNING --- Responder: ESP IKE Responder: ESP
Encryption encryption
Algorithm algorithm does not
Mismatch match
922 VPN VPN IKE User Activity WARNING --- Responder: ESP IKE Responder: ESP
Authentication authentication
Algorithm algorithm does not
Mismatch match
923 VPN VPN IKE User Activity WARNING --- Responder: AH IKE Responder: AH
Authentication authentication key
Key Length length does not
Mismatch match
924 VPN VPN IKE User Activity WARNING --- Responder: ESP IKE Responder: ESP
Encryption Key encryption key
Length length does not
Mismatch match
925 VPN VPN IKE User Activity WARNING --- Responder: ESP IKE Responder: ESP
Authentication authentication key
Key Length length does not
Mismatch match

SonicOS 6.5.4 Log Events Reference Guide


53
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
926 VPN VPN IKE User Activity WARNING --- Responder: AH IKE Responder: AH
Authentication authentication key
Key Rounds rounds does not
Mismatch match
927 VPN VPN IKE User Activity WARNING --- Responder: ESP IKE Responder: ESP
Encryption Key encryption key
Rounds rounds does not
Mismatch match
928 VPN VPN IKE User Activity WARNING --- Responder: ESP IKE Responder: ESP
Authentication authentication key
Key Rounds rounds does not
Mismatch match
930 VPN VPN IKE User Activity INFO --- Initiator: Peer IKE Initiator: Remote
Timeout - party Timeout -
Retransmitting Retransmitting IKE
Request.
931 VPN VPN IKE User Activity INFO --- Responder: IKE Responder:
Peer Timeout - Remote party
Retransmitting Timeout -
Retransmitting IKE
Request.
932 VPN VPN IKE User Activity WARNING --- Responder: IKE Responder: IPsec
IPsec Protocol protocol mismatch
Mismatch
933 VPN VPN IKE User Activity WARNING --- Initiator: IKE Initiator:
Proposed IKE Proposed IKE ID
ID Mismatch mismatch
934 VPN VPN IKE User Activity WARNING --- Responder: IKE Responder:
Local Network Peer's local network
Mismatch does not match VPN
Peer's Policy's [Destination
Destination ]
Network
935 VPN VPN IKE User Activity WARNING --- Responder: IKE Responder:
Destination Peer's destination
Network network does not
Mismatch match VPN Policy's
Peer's Local [Local Network]
Network
936 VPN VPN IKE User Activity WARNING --- Responder: IKE Responder:
Route Table Route table
Overrides VPN overrides VPN Policy
Policy
937 VPN VPN IKE User Activity WARNING --- Initiator: IKE IKE Initiator: IKE
Proposal proposal does not
Mismatch match (Phase 1)

SonicOS 6.5.4 Log Events Reference Guide


54
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
938 VPN VPN IKEv2 User Activity INFO --- Initiator: Send IKEv2 Initiator: Send
IKE_SA_INIT IKE_SA_INIT Request
Request
939 VPN VPN IKEv2 User Activity INFO --- Responder: IKEv2 Responder:
Received Received
IKE_SA_INIT IKE_SA_INIT Request
Request
940 VPN VPN IKEv2 User Activity INFO --- Initiator: Send IKEv2 Initiator: Send
IKE_AUTH IKE_AUTH Request
Request
941 VPN VPN IKEv2 User Activity INFO --- Responder: IKEv2 Responder:
Received Received IKE_AUTH
IKE_AUTH Request
Request
942 VPN VPN IKEv2 User Activity INFO --- Authentication IKEv2 Authentication
Successful successful
943 VPN VPN IKEv2 User Activity INFO --- Accept IKE SA IKEv2 Accept IKE SA
Proposal Proposal
944 VPN VPN IKEv2 User Activity INFO --- Accept IPsec SA IKEv2 Accept IPsec
Proposal SA Proposal
945 VPN VPN IKEv2 User Activity INFO --- Initiator: Send IKEv2 Initiator: Send
CREATE_CHILD CREATE_CHILD_SA
_SA Request Request
946 VPN VPN IKEv2 User Activity INFO --- Responder: IKEv2 Responder:
Received Received
CREATE_CHILD CREATE_CHILD_SA
_SA Request Request
947 VPN VPN IKEv2 User Activity INFO --- Send Delete IKE IKEv2 Send delete
SA Request IKE SA Request
948 VPN VPN IKEv2 User Activity INFO --- Received IKEv2 Received
Delete IKE SA delete IKE SA
Request Request
949 VPN VPN IKEv2 User Activity INFO --- Send Delete IKEv2 Send delete
IPsec SA IPsec SA Request
Request
950 VPN VPN IKEv2 User Activity INFO --- Received IKEv2 Received
Delete IPsec SA delete IPsec SA
Request Request
951 VPN VPN IKEv2 User Activity INFO --- Responder: IKEv2 Responder:
Destination Peer's destination
Network network does not
Mismatch match VPN Policy's
Peer's Local [Local Network]
Network

SonicOS 6.5.4 Log Events Reference Guide


55
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
952 VPN VPN IKEv2 User Activity INFO --- Responder: IKEv2 Responder:
Peer Local Peer's local network
Network does not match VPN
Mismatch Policy's [Destination
Peer's Network]
Destination
Network
953 VPN VPN IKEv2 User Activity WARNING --- Payload IKEv2 Payload
Processing processing error
Error
954 VPN VPN IKEv2 User Activity WARNING --- Initiator: Extra IKEv2 Initiator:
Payloads Negotiations failed.
Present Extra payloads
present.
955 VPN VPN IKEv2 User Activity WARNING --- Initiator: IKEv2 Initiator:
Missing Negotiations failed.
Required Missing required
Payloads payloads.
956 VPN VPN IKEv2 User Activity WARNING --- Initiator: IKEv2 Initiator:
Invalid Input Negotiations failed.
State Invalid input state.
957 VPN VPN IKEv2 User Activity WARNING --- Initiator: IKEv2 Initiator:
Invalid Output Negotiations failed.
State Invalid output state.
958 VPN VPN IKEv2 User Activity WARNING --- Payload IKEv2 Payload
Validation validation failed.
Failed
959 VPN VPN IKEv2 User Activity WARNING --- Unable to Find IKEv2 Unable to find
IKE SA IKE SA
960 VPN VPN IKEv2 User Activity WARNING --- Decrypt Packet IKEv2 Decrypt
Failed packet failed
961 VPN VPN IKEv2 User Activity WARNING --- Out of Memory IKEv2 Out of
memory
962 VPN VPN IKEv2 User Activity ERROR --- Responder: IKEv2 Responder:
Policy for Policy for remote IKE
Remote IKE ID ID not found
Not Found
963 VPN VPN IKEv2 User Activity WARNING --- Process IKEv2 Process
Message Message queue
Queue Failed failed
964 VPN VPN IKEv2 User Activity WARNING --- Invalid State IKEv2 Invalid state
965 VPN VPN IKE System Error ERROR --- IKE Responder: IKE Responder:
No VPN Access Client Policy has no
Networks VPN Access
Assigned Networks assigned.
Check Configuration.

SonicOS 6.5.4 Log Events Reference Guide


56
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
966 VPN VPN IKEv2 User Activity WARNING --- Invalid SPI Size IKEv2 Invalid SPI size
967 VPN VPN IKEv2 User Activity WARNING --- VPN Policy Not IKEv2 VPN Policy not
Found found
968 VPN VPN IKEv2 User Activity WARNING --- IPsec Proposal IKEv2 IPsec proposal
Mismatch does not match
969 VPN VPN IKEv2 User Activity WARNING --- IPsec Attribute IKEv2 IPsec attribute
Not Found not found
970 VPN VPN IKEv2 User Activity WARNING --- IKE Attribute IKEv2 IKE attribute
Not Found not found
971 VPN VPN IKEv2 User Activity WARNING --- Peer Not IKEv2 Peer is not
Responding responding.
Negotiation aborted.
972 VPN VPN IKEv2 User Activity INFO --- Initiator: IKEv2 Initiator:
Retransmit Remote party
IKEv2 Request Timeout -
Due to Remote Retransmitting IKEv2
Party Timeout Request.
973 VPN VPN IKEv2 User Activity INFO --- Initiator: IKEv2 Initiator:
Received Received
IKE_SA_INT IKE_SA_INT
Response response
974 VPN VPN IKEv2 User Activity INFO --- Initiator: IKEv2 Initiator:
Received Received IKE_AUTH
IKE_AUTH response
Response
975 VPN VPN IKEv2 User Activity INFO --- Initiator: IKEv2 Initiator:
Received Received
CREATE_CHILD CREATE_CHILD_SA
_SA Response response
976 VPN VPN IKEv2 User Activity INFO --- Responder: IKEv2 Responder:
Send Send IKE_SA_INIT
IKE_SA_INIT response
Response
977 VPN VPN IKEv2 User Activity INFO --- Responder: IKEv2 Responder:
Send IKE_AUTH Send IKE_AUTH
response response
978 VPN VPN IKEv2 User Activity INFO --- Negotiation IKEv2 negotiation
Completed complete
979 VPN VPN IKEv2 User Activity ERROR --- Failed to IKEv2 Function
Transmit sendto() failed to
Packet transmit packet.
980 VPN VPN IKEv2 User Activity WARNING --- Initiator: IKEv2 Initiator:
Proposed IKE Proposed IKE ID
ID Mismatch mismatch
981 VPN VPN IKEv2 User Activity WARNING --- IKE Proposal IKEv2 IKE proposal
Mismatch does not match

SonicOS 6.5.4 Log Events Reference Guide


57
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
982 VPN VPN IKEv2 User Activity INFO --- Received Notify IKEv2 Received
Status Payload notify status payload
983 VPN VPN IKEv2 User Activity WARNING --- Received Notify IKEv2 Received
Error Payload notify error payload
984 VPN VPN IKEv2 User Activity INFO --- No NAT Device IKEv2 No NAT device
Detected detected between
negotiating peers
985 VPN VPN IKEv2 User Activity INFO --- NAT Device IKEv2 NAT device
Detected detected between
Between negotiating peers
Negotiating
Peers
986 Users Authentication User Activity INFO --- Not Allowed by User login denied -
Access Policy Rule not allowed by
Policy rule
987 Users Authentication User Activity INFO --- Not Found User login denied -
Access Locally not found locally
988 Users SSO Agent User Activity WARNING --- Timeout User login denied -
Authentication SSO agent Timeout
989 Users SSO Agent User Activity WARNING --- Configuration User login denied -
Authentication Error SSO agent
configuration error
990 Users SSO Agent User Activity WARNING --- Communicatio User login denied -
Authentication n Problem SSO agent
communication
problem
991 Users SSO Agent User Activity WARNING --- Name User login denied -
Authentication Resolution SSO agent name
Failed resolution failed
992 Users SSO Agent User Activity WARNING --- User Name Too SSO agent returned
Authentication Long user name too long
993 Users SSO Agent User Activity WARNING --- Domain Name SSO agent returned
Authentication Too Long domain name too
long
994 Users Authentication User Activity INFO --- Configuration Configuration mode
Access Mode administration
Administration session started
Session Started
995 Users Authentication User Activity INFO --- Configuration Configuration mode
Access Mode administration
Administration session ended
Session Ended
996 Users Authentication User Activity INFO --- Read-only Read-only mode GUI
Access Mode GUI administration
Administration session started
Session Started

SonicOS 6.5.4 Log Events Reference Guide


58
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
997 Users Authentication User Activity INFO --- Non-Config Non-config mode
Access Mode GUI GUI administration
Administration session started
Session Started
998 Users Authentication User Activity INFO --- GUI GUI administration
Access Administration session ended
Session End
999 Firewall SSL Control Blocked Sites INFO --- Website Found SSL Control: Website
Settings in Blacklist found in blacklist
1000 Firewall SSL Control Blocked Sites INFO --- Website Found SSL Control: Website
Settings in Whitelist found in whitelist
1001 Firewall SSL Control Blocked Sites INFO --- Weak SSL SSL Control: Weak
Settings Version SSL Version being
used
1002 Firewall SSL Control Blocked Sites INFO --- Certificate SSL Control:
Settings With Invalid Certificate with
Date invalid date
1003 Firewall SSL Control Blocked Sites INFO --- Self-Signed SSL Control:
Settings Certificate Self-signed
certificate
1004 Firewall SSL Control Blocked Sites INFO --- Weak Cipher SSL Control: Weak
Settings Being Used cipher being used
1005 Firewall SSL Control Blocked Sites INFO --- Untrusted CA SSL Control:
Settings Untrusted CA
1006 Firewall SSL Control Blocked Sites INFO --- Certificate SSL Control:
Settings Chain Certificate chain not
Incomplete complete
1008 Users Authentication User Activity INFO --- Logout User logged out -
Access Detected by logout detected by
SSO SSO
1009 Users Radius System Error ERROR --- Bind to LDAP Bind to LDAP server
Authentication Server Failed failed
1010 Users Radius System Error ALERT --- Using LDAP Using LDAP without
Authentication Without TLS TLS - highly insecure
1011 Users Radius System Error WARNING --- Non-Administr LDAP using
Authentication ative Attempt non-administrative
to Change account - VPN client
Password user will not be able
to change passwords
1012 VPN VPN IKEv2 User Activity INFO --- Responder: IKEv2 Responder:
Send Send
CREATE_CHILD CREATE_CHILD_SA
_SA Response response
1013 VPN VPN IKEv2 User Activity INFO --- Send Delete IKE IKEv2 Send delete
SA Response IKE SA response

SonicOS 6.5.4 Log Events Reference Guide


59
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1014 VPN VPN IKEv2 User Activity INFO --- Send Delete IKEv2 Send delete
IPsec SA IPsec SA response
Response
1015 VPN VPN IKEv2 User Activity INFO --- Received IKEv2 Received
Delete IKE SA delete IKE SA
Response response
1016 VPN VPN IKEv2 User Activity INFO --- Received IKEv2 Received
Delete IPsec SA delete IPsec SA
Response response
1017 3G/4G, 3G/4G and System INFO --- 3G/4G Device 3G/4G %s device
Modem, Modem Environment Detected detected
and
Module
1018 Network PPP --- INFO --- PPP Message PPP message: %s
1019 3G/4G, PPP Dial-Up User Activity INFO --- Chat Start Chat started
Modem,
and
Module
1020 3G/4G, PPP Dial-Up User Activity INFO --- Chat Chat completed
Modem, Completed
and
Module
1021 3G/4G, PPP Dial-Up User Activity INFO --- Chat Wrote Chat wrote '%s'
Modem, Message
and
Module
1022 3G/4G, PPP Dial-Up User Activity INFO --- Chat Message Chat %s
Modem,
and
Module
1023 3G/4G, PPP Dial-Up User Activity INFO --- Chat Failed Chat failed: %s
Modem,
and
Module
1024 3G/4G, PPP Dial-Up System Error ERROR --- Unable to Send Unable to send
Modem, Message to message to dial-up
and Dial-Up Task task
Module
1026 3G/4G, PPP Dial-Up User Activity ALERT --- Data Usage 3G/4G Dial-up: %s.
Modem, Watermark
and Reached
Module
1027 3G/4G, PPP Dial-Up User Activity ALERT 7643 Data Usage 3G/4G Dial-up: data
Modem, Limit Reached usage limit reached
and for the '%s' billing
Module cycle. Disconnecting
the session.

SonicOS 6.5.4 Log Events Reference Guide


60
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1028 3G/4G, PPP Dial-Up System Error ALERT --- Auto-Dial %s auto-dial failed:
Modem, Failed Current Connection
and Model is configured
Module as Ethernet Only
1029 Network TCP Debug DEBUG --- Non-Permitted TCP packet received
Option TCP with non-permitted
Packet option; TCP packet
dropped
1030 Network TCP Debug DEBUG --- Invalid TCP TCP packet received
Window Scale with invalid Window
Option Length Scale option length;
TCP packet dropped
1031 Network TCP Debug DEBUG --- Invalid TCP TCP packet received
Window Scale with invalid Window
Option Value Scale option value;
TCP packet dropped
1033 Users Authentication User Activity WARNING --- Group Problem occurred
Access Membership during user group
Retrieval Failed membership
retrieval
1035 Users Authentication User Activity INFO --- Password User login denied -
Access Expire password expired
1036 VPN VPN IKE User Activity ERROR --- Responder: IKE IKE Responder: IKE
Phase 1 Phase 1 exchange
Exchange does not match
Mismatch
1037 3G/4G, PPP Dial-Up --- INFO --- Starting PPP PPP Dial-Up: Starting
Modem, PPP
and
Module
1038 3G/4G, PPP Dial-Up --- INFO --- Traffic Dial-up: Traffic
Modem, Generated generated by '%s'
and
Module
1039 3G/4G, PPP Dial-Up --- INFO --- Session Dial-up: Session
Modem, Initiated by initiated by data
and Data Packet packet
Module
1040 Network DHCP Server --- ALERT --- DHCP Server IP DHCP Server: IP
Conflict conflict detected
Detected
1041 Network DHCP Server --- ALERT --- DHCP Server DHCP Server:
Received DHCP Received DHCP
Decline decline from client
1043 System Hardware --- ERROR 5425 Power Supply Power supply
Without without redundancy
Redundancy

SonicOS 6.5.4 Log Events Reference Guide


61
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1044 High State --- INFO --- Discover HA Discovered HA %s
Availability Firewall Firewall
1046 System Restart --- INFO --- Diagnostic Diagnostic
Auto-Restart Auto-restart
Canceled canceled
1047 System Restart --- INFO --- Diagnostic As per Diagnostic
Auto-Restart Auto-restart
configuration
Request, restarting
system
1048 Users Authentication --- INFO --- Password User login denied -
Access doesn't meet password doesn't
constraints meet constraints
1049 System Settings --- INFO --- System Setting System Setting
Imported Imported
1050 VPN VPN IPsec User Activity INFO --- VPN Policy VPN policy %s is
Added added
1051 VPN VPN IPsec User Activity INFO --- VPN Policy VPN policy %s is
Deleted deleted
1052 VPN VPN IPsec User Activity INFO --- VPN Policy VPN policy %s is
Modified modified
1053 3G/4G, 3G/4G and --- ALERT 5418 PC Card PC Card removed.
Modem, Modem Removed
and
Module
1054 3G/4G, 3G/4G and --- ALERT 5419 PC Card PC Card inserted.
Modem, Modem Inserted
and
Module
1055 3G/4G, 3G/4G and --- ALERT --- 3G/4G: No SIM 3G/4G: No SIM
Modem, Modem Detected detected
and
Module
1058 High State --- INFO --- Primary Primary firewall
Availability Firewall Reboot rebooting itself as it
from Active to transitioned from
Standby Active to Standby
while Preempt
1059 High State --- INFO --- Secondary Secondary firewall
Availability Firewall Reboot rebooting itself as it
from Active to transitioned from
Standby Active to Standby
while Preempt
1060 Security Crypto Test --- ERROR --- DRNG KAT Test Crypto SHA1 based
Services Failed DRNG KAT test failed

SonicOS 6.5.4 Log Events Reference Guide


62
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1065 System Settings Maintenance INFO --- Remote Backup Successfully sent %s
Succeeded file to remote
backup server
1066 System Settings Maintenance INFO --- Remote Backup Failed to send file to
Failed remote backup
server, Error: %s
1068 Network DHCP Server --- WARNING --- Multiple DHCP Multiple DHCP
Servers Servers are detected
Detected on network
1070 Network DNS --- INFO --- Invalid DNS Invalid DNS Server
Server will not be accepted
by the dynamic
client
1071 Network DHCP Server --- CRITICAL --- DHCP Server DHCP Server sanity
Sanity Check check passed %s
Pass
1072 Network DHCP Server --- CRITICAL --- DHCP Server DHCP Server sanity
Sanity Check check failed %s
Failed
1073 Users SSO Agent User Activity WARNING --- Agent Error SSO agent returned
Authentication error
1074 Network L2TP Client --- INFO --- Tunnel L2TP Tunnel
Negotiation Negotiation %s
1075 Users SSO Agent User Activity ALERT --- Agent Down SSO agent is down
Authentication
1076 Users SSO Agent User Activity ALERT --- Agent Up SSO agent is up
Authentication
1077 Wireless SonicPoint/Soni --- INFO 13601 SonicPoint/Son %s Status
cWave icWave Status
1078 Wireless SonicPoint/Soni --- INFO 13602 SonicPoint/Son %s Provision
cWave icWave
Provision
1079 SSL VPN General --- INFO --- SSL VPN %s
1080 Users Authentication --- INFO --- Successful SSL SSL VPN zone
Access VPN User Login remote user login
allowed
1081 Firewall SSL Control Blocked Sites INFO --- Certificate SSL Control:
Settings Blocked Weak Certificate with
Digest Weak Digest
Signature Algorithm
1082 Anti-Spam Probe --- WARNING 13801 Entity %s is operational.
Operational
1083 Anti-Spam Probe --- WARNING 13802 Entity %s is unavailable.
Unreachable

SonicOS 6.5.4 Log Events Reference Guide


63
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1084 Anti-Spam General --- INFO 13803 Service Enable Anti-Spam service is
enabled by
administrator.
1085 Anti-Spam General --- INFO 13804 Service Disable Anti-Spam service is
disabled by
administrator.
1086 Anti-Spam General --- WARNING 13805 Service Your Anti-Spam
Subscription Service subscription
Expire has expired.
1087 Anti-Spam E-mail --- WARNING 13806 SMTP SMTP connection
Connection limit is reached.
Expire Connection is
dropped.
1088 Anti-Spam General --- WARNING 13807 Startup Failure Anti-Spam Startup
Failure - %s
1089 Anti-Spam General --- WARNING 13808 Teardown Anti-Spam Teardown
Failure Failure - %s
1090 Network DHCP Server --- NOTICE --- DHCP Message DHCP Server:
From Received DHCP
Untrusted message from
Relay Agent untrusted relay
agent
1091 Anti-Spam GRID --- NOTICE 13809 Outbound Outbound
Connection connection to
Drop GRID-listed SMTP
server dropped
1092 Anti-Spam GRID --- NOTICE 13810 Inbound Inbound connection
Connection from GRID-listed
Drop SMTP server
dropped
1093 Anti-Spam GRID --- NOTICE 13811 SMTP Server SMTP server found
Found on on Reject List
Reject List
1094 Anti-Spam GRID --- ERROR 13812 No Valid DNS No valid DNS server
Server specified for GRID
lookups
1095 Anti-Spam E-mail --- INFO 13813 Unprocessed Unprocessed E-mail
E-mail From received from MTA
MTA on Inbound SMTP
port
1097 VPN VPN PKI --- NOTICE --- SCEP Client SCEP Client: %s
1098 Network DNS --- ALERT 6465 DNS Rebind Possible DNS rebind
Attack attack detected
Detected
1099 Network DNS --- ALERT 6466 DNS Rebind DNS rebind attack
Attack Blocked blocked

SonicOS 6.5.4 Log Events Reference Guide


64
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1100 Network Network --- ALERT 14001 Policy Status is Network Monitor:
Monitor Up Policy %s status is
UP
1101 Network Network --- ALERT 14002 Policy Status is Network Monitor:
Monitor Down Policy %s status is
DOWN
1102 Network Network --- ALERT 14003 Policy Status is Network Monitor:
Monitor Unknown Policy %s status is
UNKNOWN
1103 Network Network --- ALERT 14004 Host Status is Network Monitor:
Monitor Unknown Host %s status is
UNKNOWN
1104 Network Network --- INFO --- Policy Added Network Monitor
Monitor Policy %s Added
1105 Network Network --- INFO --- Policy Deleted Network Monitor
Monitor Policy %s Deleted
1106 Network Network --- INFO --- Policy Modified Network Monitor
Monitor Policy %s Modified
1107 System Status System Error ALERT --- System Alert %s
1108 Anti-Spam E-mail --- INFO --- E-mail Message Message blocked by
Blocked Real-Time E-mail
Scanner
1109 VPN VPN PKI --- INFO --- CSR Generation CSR Generation: %s
1110 Network DHCP Server --- INFO --- Assigned IP Assigned IP address
Address %s
1111 Network DHCP Server --- INFO --- Released IP Released IP address
Address %s
1112 Firewall FTP --- DEBUG --- FTP Server Ftp server accepted
Settings Accepted the connection
Connection
1113 Firewall FTP --- DEBUG --- FTP Client Ftp client user name
Settings Username Sent was sent
1114 Firewall FTP --- DEBUG --- FTP Client User Ftp client user
Settings Login logged in
successfully
1115 Firewall FTP --- DEBUG --- FTP Client User Ftp client user
Settings Login Failed logged in failed
1116 Firewall FTP --- DEBUG --- FTP Client User Ftp client user
Settings Logout logged out
1117 Users Authentication User Activity WARNING --- SSO Probe User login denied -
Access Failed SSO probe failed

SonicOS 6.5.4 Log Events Reference Guide


65
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1118 Users Authentication User Activity INFO --- SMTP Server User login denied -
Access Not Configured Mail
Address(From/to) or
SMTP Server is not
configured
1119 Users Authentication User Activity INFO --- RADIUS User RADIUS user cannot
Access Cannot Use use One Time
One Time Password - no mail
Password address set for
equivalent local user
1120 Users Authentication User Activity WARNING --- TSA Timeout User login denied -
Access Terminal Services
agent Timeout
1121 Users Authentication User Activity WARNING --- TSA Name User login denied -
Access Resolution Terminal Services
Failed agent name
resolution failed
1122 Users Authentication User Activity WARNING --- No Name User login denied -
Access Received from No name received
TSA from Terminal
Services agent
1123 Users Authentication User Activity WARNING --- TSA User login denied -
Access Communicatio Terminal Services
n Problem agent
communication
problem
1124 Users Authentication User Activity INFO --- TSA User User logged out -
Access logout logout reported by
Terminal Services
agent
1125 High General User Activity INFO --- Dial Up Device High Availability has
Availability Unsupported in been enabled,
HA Dial-Up device(s) are
not supported in
High Availability
processing.
1126 High Monitoring User Activity ERROR --- Bad Monitoring The High Availability
Availability IP monitoring IP
configuration of
Interface %s is
incorrect.
1127 VPN VPN IKE User Activity WARNING --- IPsec Tunnel IKE Responder: ESP
Mode mode mismatch
Mismatch Local - Tunnel
Remote - Transport

SonicOS 6.5.4 Log Events Reference Guide


66
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1128 VPN VPN IKE User Activity WARNING --- IPsec Transport IKE Responder: ESP
Mode mode mismatch
Mismatch Local - Transport
Remote - Tunnel
1131 Anti-Spam Probe --- DEBUG --- Anti-Spam Probe Response
Probe Success - %s
Response
Success
1132 Anti-Spam Probe --- DEBUG --- Anti-Spam Probe Response
Probe Failure - %s
Response
Failure
1133 Network PPPoE --- INFO --- PPPoE %s
Overview
1134 Network PPTP Maintenance INFO --- PPTP Overview %s
1135 Network L2TP Client Maintenance INFO --- L2TP Overview %s
1138 Anti-Spam GRID --- DEBUG --- Anti-Spam Received
Unauth GRID unauthenticated
Response GRID response
1139 Anti-Spam GRID --- DEBUG --- Anti-Spam Invalid key or serial
Invalid Key in number used for
GRID Response GRID response
1140 Anti-Spam GRID --- DEBUG --- Anti-Spam Invalid key version
Invalid Key used for GRID
Version in GRID response
Response
1141 Anti-Spam GRID --- DEBUG --- Anti-Spam Host Host IP address not
Not GRID List in GRID List
1142 Anti-Spam General --- DEBUG --- Anti-Spam No No response
Response From received from DNS
DNS Server server
1143 Anti-Spam GRID --- DEBUG --- Anti-Spam Not Not blacklisted as
Blacklisted per configuration
1144 Anti-Spam GRID --- DEBUG --- Anti-Spam Default to not
Default Not blacklisted
Blacklisted
1145 Anti-Spam GRID --- DEBUG --- Anti-Spam Failed to insert entry
Insert Entry into GRID result IP
Failed cached table
1146 Anti-Spam General --- DEBUG --- Anti-Spam Resolved ES Cloud -
Resolved Cloud %s
Address
1147 Anti-Spam General --- DEBUG --- Anti-Spam Updated ES Cloud
Cloud Address Address - %s
Updated

SonicOS 6.5.4 Log Events Reference Guide


67
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1148 Network Interfaces --- INFO --- Advanced %s
Switching
1149 High Cluster --- WARNING --- VRRP Your Active/Active
Availability Expiration Clustering
Message subscription has
expired.
1150 Users SSO Agent User Activity ALERT --- Terminal Terminal Services
Authentication Services Agent agent is down
is Down
1151 Users SSO Agent User Activity ALERT --- Terminal Terminal Services
Authentication Services Agent agent is up
is Up
1152 High Cluster --- ERROR --- VRRP Cluster Active/Active
Availability No license Clustering license is
not activated on the
following cluster
units: %s
1153 SSL VPN General Connection INFO --- SSL VPN Traffic SSL VPN Traffic
Traffic
1154 Firewall Application --- ALERT 15001 Application Application Control
Control Control Detection Alert: %s
Detection Alert
1155 Firewall Application --- ALERT 15002 Application Application Control
Control Control Prevention Alert: %s
Prevention
Alert
1156 Network DNS --- ERROR --- Syslog/GMS Name Resolution for
Name Syslog or GMS failed.
Resolution
Failure
1157 Users Authentication User Activity INFO --- User Account User account '%s'
Access Expired expired and disabled
1158 Users Authentication User Activity INFO --- User Account User account '%s'
Access Pruned expired and pruned
1159 Security General --- WARNING --- Visualization Received Alert: Your
Services Control Expire Visualization Control
Message subscription has
expired.
1160 System Settings Maintenance DEBUG --- Failed to Ping Attempt to contact
Remote Backup Remote backup
Server server for upload
approval failed
1161 System Settings Maintenance DEBUG --- Failed to Backup remote
Upload Remote server did not
Backup Server approve upload
Request

SonicOS 6.5.4 Log Events Reference Guide


68
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1162 High Synchronization System Error ALERT --- HA Module Modules attached to
Availability Mismatched HA units do not
match: %s
1163 3G/4G, E1-T1 Module --- INFO --- E1-T1 No Signal E1_T1 Layer 1
Modem, status: No signal
and
Module
1164 3G/4G, E1-T1 Module --- INFO --- E1-T1 No E1_T1 Layer 1
Modem, Frame status: No frame
and synchronization
Module
1165 3G/4G, E1-T1 Module --- INFO --- E1-T1 No E1_T1 Layer 1
Modem, Multiframe status: No
and multiframe
Module synchronization
1166 3G/4G, E1-T1 Module --- INFO --- E1-T1 Remote E1_T1 Layer 1
Modem, Alarm status: Remote
and alarm detected
Module
1167 3G/4G, E1-T1 Module --- INFO --- E1-T1 Slip E1_T1 Layer 1
Modem, status: Controlled
and slip
Module
1168 3G/4G, E1-T1 Module --- INFO --- E1-T1 OK E1_T1 Layer 1
Modem, status: OK
and
Module
1169 WAN Local WXA --- INFO --- WXA Appliance WAN Acceleration
Acceleratio Appliance Found device %s found
n
1170 WAN Local WXA --- ALERT --- WXA Appliance WAN Acceleration
Acceleratio Appliance Operational device %s is
n operational
1171 WAN Local WXA --- ALERT --- WXA Appliance WAN Acceleration
Acceleratio Appliance Not device %s is no
n Operational longer operational
1172 WAN Local WXA --- ALERT --- WXA Appliance WAN Acceleration
Acceleratio Appliance Used device %s is being
n used
1173 WAN Local WXA --- ALERT --- WXA Appliance WAN Acceleration
Acceleratio Appliance Not Used device %s is no
n longer being used
1174 WAN Remote WXA --- WARNING --- WXA Appliance Remote WAN
Acceleratio Appliance Not Acceleration device
n Responding stopped responding
to probes

SonicOS 6.5.4 Log Events Reference Guide


69
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1175 WAN Remote WXA --- WARNING --- WXA Appliance Remote WAN
Acceleratio Appliance Responding Acceleration device
n started responding
to probes
1176 WAN Local WXA --- WARNING --- WAN Your WAN
Acceleratio Appliance Acceleration Acceleration Service
n Software subscription has
License Expired expired.
1177 Network DNS Debug ALERT --- Malformed Malformed DNS
DNS Packet packet detected
1178 Users SSO Agent User Activity ALERT --- High SSO A high percentage of
Authentication Packet Count the system packet
buffers are held
waiting for SSO
1179 Users SSO Agent User Activity ALERT --- High SSO User A user has a very
Authentication Connection high number of
connections waiting
for SSO
1180 Firewall Flood --- ALERT --- DOS Protection DOS protection on
Settings Protection on WAN Begin WAN begins %s
1181 Firewall Flood --- WARNING --- DOS Protection DOS protection on
Settings Protection on WAN WAN %s
In-Progress
1182 Firewall Flood --- ALERT --- DOS Protection DOS protection on
Settings Protection on WAN WAN %s
Stopped
1183 VPN VPN IKE --- DEBUG --- Deleting IPsec Deleting IPsec SA.
SA (Phase 2)
1184 Network DHCP Server --- WARNING --- Invalid Scope Delete invalid scope
Deleted because port IP in
the range of this
DHCP scope.
1185 3G/4G, DSL Module --- ALERT --- DSL Device Up DSL: %s Device Up
Modem,
and
Module
1186 3G/4G, DSL Module --- ALERT --- DSL Device DSL: %s Device
Modem, Down Down
and
Module
1187 3G/4G, DSL Module --- ALERT --- DSL WAN Up DSL: %s WAN is
Modem, connected
and
Module

SonicOS 6.5.4 Log Events Reference Guide


70
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1188 3G/4G, DSL Module --- ALERT --- DSL WAN down DSL: %s WAN is
Modem, initializing
and
Module
1189 VPN VPN IKE --- WARNING --- Network IKE Responder:
Mismatched Peer's proposed
network does not
match VPN Policy's
Network
1190 Users Radius --- INFO --- LDAP Mirror Added new LDAP
Authentication Added mirror user group:
%s
1191 Users Radius --- INFO --- LDAP Mirror Deleted LDAP mirror
Authentication Deleted user group: %s
1192 Users Radius --- INFO --- LDAP Mirror Added a new
Authentication Added member to an LDAP
Member mirror user group
1193 Users Radius --- INFO --- LDAP Mirror Removed a member
Authentication Deleted from an LDAP mirror
Member user group
1194 High Monitoring --- ERROR --- HA Monitor Monitoring probe
Availability Probe Interface out interface
Mismatched mismatch %s
1195 Security Botnet Filter --- WARNING --- Botnet Filter Received Alert: Your
Services Subscription Firewall Botnet Filter
Expired subscription has
expired.
1196 System Status Maintenance ALERT --- Firewall Limit Product maximum
Reached entries reached - %s
1197 Network NAT --- NOTICE --- Connection NAT Mapping
NAT Mapping
1198 Security Geo-IP Filter --- ALERT --- Geo IP Initiator Initiator from
Services Blocked country blocked: %s
1199 Security Geo-IP Filter --- ALERT --- Geo IP Responder from
Services Responder country blocked: %s
Blocked
1200 Security Botnet Filter --- ALERT --- Botnet Initiator Suspected Botnet
Services Blocked initiator blocked: %s
1201 Security Botnet Filter --- ALERT --- Botnet Suspected Botnet
Services Responder responder blocked:
Blocked %s
1202 Users Authentication User Activity INFO --- User Log Audit %s
Access Trail
1203 Users Authentication User Activity WARNING --- User Log Audit %s
Access Trail Warning

SonicOS 6.5.4 Log Events Reference Guide


71
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1204 Users Authentication User Activity ERROR --- User Log Audit %s
Access Trail Error
1205 High State System Error ALERT --- HA Peer On HA peer firewall,
Availability MultiInterface Interface %s Link Is
Link Up Up
1206 High State System Error ALERT --- HA Peer On HA peer firewall,
Availability MultiInterface Interface %s Link Is
Link Down Down
1207 High State Maintenance INFO --- HA Peer Link Peer firewall has
Availability Status Bad for reduced link status.
Failover In event of failover,
it will operate with
limited capability.
1208 High State Maintenance INFO --- HA Peer Link Peer firewall has
Availability Status Good for equivalent link
Failover status. In event of
failover, it will
operate with equal
capability.
1209 Network MAC-IP Attack ALERT --- MAC-IP MAC-IP Anti-spoof
Anti-Spoof Anti-Spoof check enforced for
Check Enforced hosts
For Hosts
1210 Network MAC-IP Attack ALERT --- MAC-IP MAC-IP Anti-spoof
Anti-Spoof Anti-Spoof cache not found for
Cache Not this router
Found For
Router
1211 Network MAC-IP Attack ALERT --- MAC-IP MAC-IP Anti-spoof
Anti-Spoof Anti-Spoof cache found, but it is
Cache Not not a router
Router
1212 Network MAC-IP Attack ALERT --- MAC-IP MAC-IP Anti-spoof
Anti-Spoof Anti-Spoof cache found, but it is
Cache blacklisted device
Blacklisted
Device
1213 Firewall Flood Attack ALERT --- UDP Flood Possible UDP flood
Settings Protection Detected attack detected
1214 Firewall Flood Attack ALERT --- ICMP Flood Possible ICMP flood
Settings Protection Detected attack detected
1215 VPN DHCP Relay Debug INFO --- Remote: DHCP DHCP INFORM
Inform received from
remote device
1216 VPN VPN IKE --- DEBUG --- IP Pool of VPN IP Pool of the VPN
Policy is Full Policy is Full

SonicOS 6.5.4 Log Events Reference Guide


72
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1217 VPN VPN IKE --- DEBUG --- IP Pool of VPN IP Pool of the VPN
Policy Not Policy is Not
Configured Configured
1218 VPN VPN IKE --- INFO --- Mobile IKE MOBIKE: Update
Update Peer Peer Gateway IP
Gateway IP
1219 VPN VPN IKE --- INFO --- IP Address IP Address is
Allocated For allocated for Client
Client
1220 System SNMP --- WARNING --- Invalid SNMPv3 Invalid SNMP packet
Packet
1221 System SNMP --- WARNING --- Invalid SNMPv3 Invalid SNMPv3
Engine ID engineID
1222 System SNMP --- WARNING --- Invalid SNMPv3 Invalid SNMPv3 User
User
1223 System SNMP --- WARNING --- Invalid SNMPv3 Invalid SNMPv3 Time
Time Window Window
1225 System SNMP --- INFO --- SNMP Packet SNMP Packet
Drop Dropped
1226 Network Network Access --- INFO --- HTTPS HTTPS Handshake:
Handshake %s
1227 Users Authentication User Activity INFO --- Guest Traffic User Traffic Quota
Access Quota Exceeded
Exceeded
1229 Wireless Wireless Access TCP | UDP | WARNING --- Wireless Packet dropped by
ICMP Advance IDP wireless Advanced
IDP
1230 System Time --- NOTICE --- NTP Update Failed on updating
Failure time from NTP
server
1231 System Time --- NOTICE --- NTP Update Time update from
Successful NTP server was
successful
1232 System Time --- NOTICE --- NTP Request NTP Request sent
Sent
1233 Firewall Multicast Debug NOTICE --- Link-Local/Mult Unhandled link-local
Settings icast IPv6 or multicast IPv6
Packet packet dropped
1235 Network Network Access --- INFO --- Packet Allowed Packet allowed: %s
1236 Security RBL Filter --- DEBUG --- RBL Received Received Blacklisted
Services Blacklist Directive from - %s
Directive
1237 Security RBL Filter --- DEBUG --- RBL Not Not Blacklisted by
Services Blacklisted by domain - %s
Domain

SonicOS 6.5.4 Log Events Reference Guide


73
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1238 Security RBL Filter --- DEBUG --- RBL No No DNS response to
Services Response to domain - %s
Domain
1239 Security RBL Filter --- DEBUG --- RBL DNS RBL DNS server
Services Response With responded with
Error Reply error code - %s
Code
1240 VoIP Anomaly --- INFO --- Endpoint %s
Anomaly
Detected
1241 VoIP Anomaly --- WARNING --- Endpoint %s
Anomaly
Lockout Started
1242 VoIP Anomaly --- WARNING --- Endpoint %s
Anomaly
Lockout Ended
1243 Users Authentication User Activity INFO --- Sending OTP User login Failed - An
Access Failed error has occurred
while sending your
one-time password
1244 Users Radius --- WARNING --- LDAP Mirror Failed to add an
Authentication User Group LDAP mirror user
Add Failure group
1245 Users Radius --- WARNING --- LDAP Mirror Failed to add a
Authentication User Group member to an LDAP
Member Add mirror user group
Failure
1246 Users Radius --- WARNING --- LDAP User An LDAP user group
Authentication Group Nesting nesting is not being
Not Being mirrored
Mirrored
1252 VPN VPN IKE --- INFO --- IPv6 IPsec IPv6 VPN only
Tunnel Mode support IKEv2 mode
Mismatch
1253 Network IPv6 Tunneling --- NOTICE --- IPv6 Tunnel IPv6 Tunnel packet
Dropped dropped
1254 Network ICMP --- NOTICE --- LAN ICMPv6 ICMPv6 packet from
Deny LAN dropped
1255 Network ICMP --- INFO --- LAN ICMPv6 ICMPv6 packet from
Allow LAN allowed
1256 Network ICMP --- INFO --- ICMPv6 Allow ICMPv6 packet
allowed
1257 Network ICMP --- NOTICE --- ICMPv6 ICMPv6 packet
Packets dropped due to
Dropped policy
1258 Network Network Access --- DEBUG --- TCP/IP Stack %s

SonicOS 6.5.4 Log Events Reference Guide


74
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1259 Network DHCPv6 Server --- WARNING --- DHCPv6 Lease DHCPv6 lease file in
File Corrupt the storage is
corrupted; read
failed
1260 Network DHCPv6 Server --- WARNING --- Failed To Write Failed to write
DHCPv6 Leases DHCPv6 leases to
to Storage storage
1261 Network DHCPv6 Server --- INFO --- DHCPv6 Leases DHCPv6 leases
Written to written to storage
Storage
1263 System AppFlow Maintenance INFO --- AppFlow AppFlow Server
Server Event
1264 WAN Remote WXA --- WARNING --- WXA WLAN HTTP traffic
Acceleratio Appliance Configuration not being sent to
n WXA WebCache;
zone conflict
1265 Wireless SonicPoint --- WARNING --- SonicPoint SonicPoint
Association association request
Post Request to License Manager
Failed failed: %s
1266 Wireless SonicPoint --- INFO --- SonicPoint SonicPoint
Association association posted
Post Request successfully to
Success License Manager
1267 VPN VPN IPsec User Activity DEBUG --- Phase2 Dead %s
Peer Detection
1268 System Settings --- NOTICE --- Firmware Firmware Update
Update Failed Failed
1269 System Settings --- NOTICE --- Firmware Firmware Update
Update Succeeded %s
Succeeded
1270 Security Crypto Test Maintenance INFO --- DH Test Crypto DH test
Services Success success
1271 Security Crypto Test Maintenance INFO --- HMAC-MD5 Crypto Hmac-MD5
Services Test Success test success
1272 Security Crypto Test Maintenance INFO --- Hardware DES Crypto hardware
Services Test Success DES test success
1274 Security Crypto Test --- INFO --- DRNG KAT Test Crypto SHA1 based
Services Success DRNG KAT test
success
1275 Security Crypto Test Maintenance INFO --- HMAC-SHA1 Crypto Hmac-Sha1
Services Test Success test success
1276 Security Crypto Test Maintenance INFO --- Hardware 3DES Crypto hardware
Services Test Success 3DES test success

SonicOS 6.5.4 Log Events Reference Guide


75
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1277 Security Crypto Test Maintenance INFO --- DES Test Crypto DES test
Services Success success
1278 Security Crypto Test Maintenance ERROR --- AES CBC Test Crypto AES CBC test
Services Failed failed
1279 Security Crypto Test Maintenance INFO --- AES CBC Test Crypto AES CBC test
Services Success success
1280 Security Crypto Test Maintenance INFO --- DRBG Test Crypto DRBG test
Services Success success
1281 Security Crypto Test Maintenance ERROR --- DRBG Test Crypto DRBG test
Services Failed failed
1282 Security Crypto Test Maintenance INFO --- HMAC-SHA256 Crypto
Services Test Success Hmac-Sha256 test
success
1283 Security Crypto Test Maintenance ERROR --- HMAC-SHA256 Crypto
Services Test Failed Hmac-Sha256 test
failed
1284 Security Crypto Test Maintenance INFO --- RSA Test Crypto RSA test
Services Success success
1285 Security Crypto Test Maintenance INFO --- SHA1 Test Crypto Sha1 test
Services Success success
1286 Security Crypto Test Maintenance INFO --- SHA256 Test Crypto Sha256 test
Services Success success
1287 Security Crypto Test Maintenance ERROR --- SHA256 Test Crypto Sha256 test
Services Failed failed
1288 Security Crypto Test Maintenance INFO --- Hardware AES Crypto hardware
Services Test Success AES test success
1289 Security Crypto Test Maintenance INFO --- Hardware Crypto hardware
Services DES-SHA Test DES with SHA test
Success success
1290 Security Crypto Test Maintenance INFO --- Hardware Crypto hardware
Services 3DES-SHA Test 3DES with SHA test
Success success
1299 Security Crypto Test Maintenance ALERT --- Self Test Passed Ndpp SelfTest
Services write/read
encrypt/decrypt
successsfully
1300 Security Crypto Test Maintenance ALERT --- Self Test Failed Ndpp SelfTest
Services write/read
encrypt/decrypt
failure
1301 Network IP Debug ALERT --- IPv6 Packet Source or
Dropped With Destination IPv6
Reserved IP address is reserved
by RFC 4291. Packet
is dropped

SonicOS 6.5.4 Log Events Reference Guide


76
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1302 Network IP Debug ALERT --- IPv6 Packet Destination IPv6
Dropped With address is
Unspecified unspecified. Packet
Destination IP is dropped
1303 Network IP Debug ALERT --- IPv6 Packet Source IPv6 address
Dropped With is unspecified but
Unspecified this packet is not
Source IP Neighbor
Solicitation message
for DAD. Packet is
dropped
1304 Network Network Access Debug ALERT --- Packet Packet is dropped
Dropped Due due to NDPP rules.
to NDPP Rules
1305 VPN VPN IKE User Activity WARNING --- IKE Responder: IKE Responder : VPN
No VPN Policy Policy for IKE ID not
found for IKE ID found
1306 VPN VPN IKE User Activity WARNING --- IKE Responder: IKE Responder : VPN
No VPN Policy Policy for gateway
found for address not found
Gateway
1307 VPN VPN IKE User Activity WARNING --- IKE Initiator: IKE Initiator : VPN
No VPN Policy Policy for IKE ID not
found for IKE ID found
1308 VPN VPN IKE User Activity WARNING --- IKE Initiator: IKE Initiator : VPN
No VPN Policy Policy for gateway
found for address not found
Gateway
1309 High General --- WARNING --- HA Association HA association
Availability Posted Failed request to License
Manager failed: %s
1310 High General --- INFO --- HA Association HA association
Availability Posted Success posted successfully
to License Manager
1311 Network DHCP Server --- NOTICE --- DHCP DHCP Server:
Resources of Resources of this
this Pool Ran pool ran out. Client
Out Info: %s
1312 VPN VPN IKEv2 --- INFO --- IP Version of IKEv2: Peer's IP
Traffic Selector Version of Traffic
Mismatch Selector does not
match with ours
1313 Network NAT Policy --- INFO --- NAT Policy Add NAT policy added
1314 Network NAT Policy --- INFO --- NAT Policy NAT policy modified
Modify

SonicOS 6.5.4 Log Events Reference Guide


77
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1315 Network NAT Policy --- INFO --- NAT Policy NAT policy deleted
Delete
1316 Network ARP --- ALERT --- ARP Attack Possible ARP attack
Detected from MAC address
%s
1324 VPN VPN IKEv2 User Activity INFO --- Received Dead IKEv2 Received Dead
Peer Detection Peer Detection
Request Request
1325 VPN VPN IKEv2 User Activity INFO --- Received Dead IKEv2 Received Dead
Peer Detection Peer Detection
Response Response
1326 VPN VPN IKEv2 User Activity INFO --- Send Dead IKEv2 Send Dead
Peer Detection Peer Detection
Request Request
1327 VPN VPN IKEv2 User Activity INFO --- Send Dead IKEv2 Send Dead
Peer Detection Peer Detection
Response Response
1328 VPN VPN IKEv2 User Activity INFO --- Send Invalid SPI IKEv2 Send Invalid
Request SPI Request
1329 VPN VPN IKEv2 User Activity INFO --- Received IKEv2 Received
Invalid SPI Invalid SPI Request
Request
1330 VPN VPN IKEv2 User Activity INFO --- Send Invalid SPI IKEv2 Send Invalid
Response SPI Response
1331 VPN VPN IKEv2 User Activity INFO --- Received IKEv2 Received
Invalid SPI Invalid SPI Response
Response
1332 System Status Maintenance ALERT --- NDPP Mode NDPP mode is
Change changed to %s
1333 Users Authentication User Activity INFO --- Create a User %s
Access
1334 Users Authentication User Activity INFO --- Edit a User %s
Access
1335 Users Authentication User Activity INFO --- Delete a User %s
Access
1336 System Settings --- INFO --- Change Certification %s
Certification
1337 System Settings --- INFO --- User Password %s
Changed by
Administrators
1338 System Settings --- INFO --- User Change User %s password is
Password changed
1339 System Settings --- INFO --- Change Password rule %s is
Password Rule changed

SonicOS 6.5.4 Log Events Reference Guide


78
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1340 System Settings --- INFO --- Change User User Inactive
Inactive time timeout is changed
out to %s
1341 Users Authentication User Activity INFO --- Edit Customize %s
Access Login Pages
1342 Users Authentication User Activity INFO --- Edit user Update
Access lockout params administrator/user
lockout params - %s
1343 VPN VPN IPsec User Activity INFO --- VPN Policy VPN Policy %s
Enabled/Disabl
ed
1344 Network Interfaces System Error INFO --- Interface %s
Configure
1345 Security Crypto Test --- INFO --- SHA384 Test Crypto Sha384 test
Services Success success
1346 Security Crypto Test --- ERROR --- SHA384 Test Crypto Sha384 test
Services Failed failed
1347 Security Crypto Test --- INFO --- SHA512 Test Crypto Sha512 test
Services Success success
1348 Security Crypto Test --- ERROR --- SHA512 Test Crypto Sha512 test
Services Failed failed
1349 Security Crypto Test --- INFO --- Ikev1 Test Crypto Ikev1 test
Services Success success
1350 Security Crypto Test --- ERROR --- Ikev1 Test Crypto Ikev1 test
Services Failed failed
1351 Security Crypto Test --- INFO --- Ikev2 Test Crypto Ikev2 test
Services Success success
1352 Security Crypto Test --- ERROR --- Ikev2 Test Crypto Ikev2 test
Services Failed failed
1353 Security Crypto Test --- INFO --- SSH Test Crypto SSH test
Services Success success
1354 Security Crypto Test --- ERROR --- SSH Test Failed Crypto SSH test
Services failed
1355 Security Crypto Test --- INFO --- SNMP Test Crypto SNMP test
Services Success success
1356 Security Crypto Test --- ERROR --- SNMP Test Crypto SNMP test
Services Failed failed
1357 Security Crypto Test --- INFO --- TLS 1.0/1.1/1.2 Crypto TLS
Services Test Success 1.0/1.1/1.2 test
success
1358 Security Crypto Test --- ERROR --- TLS 1.0/1.1/1.2 Crypto TLS
Services Test Failed 1.0/1.1/1.2 test
failed

SonicOS 6.5.4 Log Events Reference Guide


79
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1359 Security Crypto Test --- INFO --- HMAC-SHA384 Crypto
Services Test Success Hmac-Sha384 test
success
1360 Security Crypto Test --- ERROR --- HMAC-SHA384 Crypto
Services Test Failed Hmac-Sha384 test
failed
1361 Security Crypto Test --- INFO --- HMAC-SHA512 Crypto
Services Test Success Hmac-Sha512 test
success
1362 Security Crypto Test --- ERROR --- HMAC-SHA512 Crypto
Services Test Failed Hmac-Sha512 test
failed
1363 Wireless WLAN 802.11b ALERT --- WLAN 802.11 Wireless Flood
Management Flood Attack
1364 VPN VPN PKI --- ALERT --- Cert Payload Cert Payload
processing processing failed
failed
1365 Security DPI-SSL --- NOTICE --- DPI-SSL DPI-SSL: %s
Services Memory Check
1366 Firewall Flood Attack ALERT --- TCP-Flooding TCP-Flooding
Settings Protection Machine machine %s
Blacklisted blacklisted
1367 Firewall Flood Attack WARNING --- TCP Flood TCP Flood Blacklist
Settings Protection Blacklist on IF %s continues
Continues
1368 Firewall Flood Attack ALERT --- Machine Machine %s
Settings Protection Removed From removed from TCP
TCP Flood flood blacklist
Blacklist
1369 Firewall Flood Attack ALERT --- Possible TCP Possible TCP Flood
Settings Protection Flood on IF %s
1370 Firewall Flood Attack ALERT --- Possible TCP Possible TCP Flood
Settings Protection Flood Ceased on IF %s has ceased
1371 Firewall Flood --- WARNING --- Possible TCP Possible TCP Flood
Settings Protection Flood on IF %s continues
Continues
1372 Users Radius --- WARNING --- LDAP Mirroring LDAP mirroring
Authentication Overflow overflow: too many
user groups
1373 Security Attacks Attack ALERT --- IPv6 fragment IPv6 fragment
Services size is less than dropped, invalid
minimum length (<1280 Bytes)
(<1280)
1374 Security Attacks Attack ALERT --- IP Reassembly : IGMP packet
Services Incomplete dropped, incomplete
IGMP fragment fragments

SonicOS 6.5.4 Log Events Reference Guide


80
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1375 Security Attacks Attack ALERT --- UDP UDP fragment
Services fragmented dropped, exceeds
datagram is too maximum IP
big (>65535) datagram size
(>65535)
1376 Security Attacks Attack ALERT --- Nestea/Teardro Nestea/Teardrop
Services p Attack attack dropped
1377 Anti-Spam General --- ALERT --- SHLO SHLO verification
verification failed with this client
failed IP - %s
1378 Anti-Spam General --- ALERT --- SHLO replay Possible replay
attack attack with this
client IP - %s
1379 WAN Local WXA --- WARNING --- WXA WXA association
Acceleratio Appliance association request to License
n request failed Manager failed: %s
1380 WAN Local WXA --- INFO --- WXA WXA association
Acceleratio Appliance association posted successfully
n succeeded to License Manager
1381 Security General --- WARNING 15003 Application Received
Services Control App-Control Alert:
Expiration Your Application
Message Control subscription
has expired.
1382 Log Configuration User Activity INFO 5609 Configuration Configuration
Auditing Change succeeded: %s
Succeeded
1383 Log Configuration User Activity INFO 5610 Configuration Configuration failed:
Auditing Change Failed %s
1384 Network TCP Debug DEBUG --- Invalid TCP TCP packet received
Timestamps with invalid
Option Length Timestamps option
length; TCP packet
dropped
1385 Network TCP Debug DEBUG --- TCP Sequence TCP packet received
Number with wrapped
Wrapped sequence number;
TCP packet dropped
1387 Security Attacks Attack ALERT --- TCP Null Flag TCP Null Flag
Services Attack dropped
1388 VPN VPN IPsec Attack DEBUG --- Vpn Decryption IPSec VPN
Failed Decryption Failed
1389 Security Client CF Maintenance INFO --- Client CF Access attempt from
Services Access Without host without Client
Agent CF agent installed

SonicOS 6.5.4 Log Events Reference Guide


81
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1390 Security Client CF Maintenance INFO --- Client CF Agent Client CF agent
Services Out of Date out-of-date on host
1391 Security General Attack ALERT --- Raw Data Packet Data
Services
1392 System Restart Maintenance ALERT 5243 Blade up Blade up:%s
1393 System Restart Maintenance ALERT 5244 Blade down Blade down:%s
1394 WAN Local WXA --- ERROR --- Startup Failure WXA Startup Failure
Acceleratio Appliance - %s
n
1395 WAN Local WXA --- WARNING --- Get Failure WXA Get Failure - %s
Acceleratio Appliance
n
1396 WAN Local WXA --- NOTICE --- Parse Failure WXA Parse Failure -
Acceleratio Appliance %s
n
1397 WAN Local WXA --- NOTICE --- Register Failure WXA Register Failure
Acceleratio Appliance - %s
n
1398 WAN Local WXA --- NOTICE --- Unregister WXA Unregister
Acceleratio Appliance Failure Failure - %s
n
1399 WAN Local WXA --- NOTICE --- Probe Failure WXA Probe Failure -
Acceleratio Appliance %s
n
1400 WAN Local WXA --- ALERT --- Create Failure WXA Create Failure -
Acceleratio Appliance %s
n
1401 WAN Local WXA --- WARNING --- Set Failure WXA Set Failure - %s
Acceleratio Appliance
n
1402 WAN Local WXA --- ERROR --- Delete Failure WXA Delete Failure -
Acceleratio Appliance %s
n
1403 WAN Local WXA --- INFO --- Enable Service WXA Enable - %s
Acceleratio Appliance
n
1404 WAN Local WXA --- INFO --- Disable Service WXA Disable - %s
Acceleratio Appliance
n
1405 WAN Local WXA --- WARNING --- Request Failure WXA Request Failure
Acceleratio Appliance - %s
n
1406 Network DHCPv6 Client --- INFO --- General General DHCPv6
DHCPv6 Client Client Information
Info [%s]

SonicOS 6.5.4 Log Events Reference Guide


82
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1407 Network DHCPv6 Client --- DEBUG --- DHCPv6 Client DHCPv6 Client sent
Send Message message [%s]
1408 Network DHCPv6 Client --- DEBUG --- DHCPv6 Client DHCPv6 Client
Get Message received message
[%s]
1409 Network DHCPv6 Client --- DEBUG --- DHCPv6 Client DHCPv6 Client
DAD Duplicate Address
Detection [%s]
1410 Network DHCPv6 Client --- DEBUG --- DHCPv6 Client DHCPv6 Client
Timeout waiting reply
timeout [%s]
1411 Network DHCPv6 Client --- DEBUG --- DHCPv6 Client Router
Get RA Flags Advertisement flags
[%s]
1412 Network DHCPv6 Client --- INFO --- DHCPv6 Client DHCPv6 Client got a
Get New Lease new lease [%s]
1413 Network DHCPv6 Client --- INFO --- DHCPv6 Client DHCPv6 Client
Release Lease released lease [%s]
1414 Network DHCPv6 Server --- INFO --- DHCPv6 Server DHCPv6 Server
Assign Lease assigned lease %s
1415 Network DHCPv6 Server --- INFO --- DHCPv6 Server DHCPv6 Server
Release Lease released lease %s
1416 Network DHCPv6 Server --- INFO --- DHCPv6 Server DHCPv6 Server
Receive received DHCPv6
Decline Decline from client
%s
1417 Network DHCPv6 Server --- WARNING --- DHCPv6 Server DHCPv6 Server:
Resources of Resources of this
this Pool Ran pool ran out. Client
Out Info: %s
1418 Network DHCPv6 Server --- INFO --- Add DHCPv6 DHCPv6 Server: Add
Server Scope a new scope (%s)
1419 Network DHCPv6 Server --- INFO --- Delete DHCPv6 DHCPv6 Server:
Server Scope Delete scope (%s)
1420 Network DHCPv6 Server --- DEBUG --- DHCPv6 Server DHCPv6 Server
Get Message received message
(%s)
1421 Network DHCPv6 Server --- DEBUG --- DHCPv6 Server DHCPv6 Server sent
Send Message message (%s)
1422 Network Interfaces --- WARNING --- IPv6 Address IPv6 address conflict
Conflict detected from
Ethernet address %s
1423 Network Interfaces --- WARNING --- Exceed Max Dropped NDP
NDP Size message:%s

SonicOS 6.5.4 Log Events Reference Guide


83
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1424 Security DPI-SSL --- ALERT 14601 DPI-SSL DPI-SSL Connection:
Services Connection %s
Check
1426 Wireless SonicPoint/Soni --- INFO 13603 SonicPoint/Son %s unexpected
cWave icWave reboot. Please check
Unexpected whether input
Reboot power is adequate
and ethernet
connection is
secured.
(SonicWave/SonicPo
int AC/NDR requires
802.3at PoE+)
1428 SSL VPN General --- INFO --- SSL VPN Debug %s
1429 Network IP Debug ALERT --- IPv6 Packet Source or
Dropped With Destination IPv6
Site Local IP address is site-local
unicast address.
Packet is dropped
1430 Network IP Debug INFO --- IPv6 Packet IPv6 Packet with
with Ext extension header
Header received
1431 Network ICMP --- INFO --- ICMPv6 ICMPv6 packet
Packets received
Received
1432 System Settings --- INFO --- Configuration Configuration
Change changed: %s
1433 Network ICMP --- NOTICE --- NDP Packets %s
Dropped
1434 Network Interfaces --- NOTICE --- Group-port Interface %s up
Link Up
1435 Network Interfaces --- ERROR --- Group-port Interface %s down
Link Down
1436 Network NAT Debug INFO --- NAT Policy Packet dropped by
Dropped NAT Policy, reason:
Packets %s
1437 Network Default Address --- WARNING --- Delete Default %s
Objects AO Failed
1438 VPN VPN PKI --- NOTICE --- CA Cert Added CA Certificate %s
Added.
1439 VPN VPN PKI --- NOTICE --- Local Cert Local Certificate %s
Added Added.
1440 VPN VPN PKI --- NOTICE --- CA Cert CA Certificate %s
Deleted Deleted.
1441 VPN VPN PKI --- NOTICE --- Local Cert Local Certificate %s
Deleted Deleted.

SonicOS 6.5.4 Log Events Reference Guide


84
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1442 System Hardware System ALERT --- USB Over USB Over Current
Environment Current
1443 Firewall Advanced Debug WARNING --- Control Plane Control Plane Flood
Settings Flood Protection
Protection Threshold Exceeded:
Threshold %s
Exceeded
1444 High State Maintenance ERROR --- HA Reboot Reboot occured
Availability (Reason :%s)
1445 WAN Local WXA --- WARNING --- Connection WXA Warning - %s
Acceleratio Appliance Exceed
n
1446 Network DHCP Server --- NOTICE --- Mask 31-Bit Delete invalid scope
Scope Deleted with mask of 31 bits
[%s]
1447 Network UDP UDP NOTICE --- UDPv6 Packets UDPv6 packet
Dropped dropped
1448 Firewall Checksum UDP NOTICE --- UDPv6 UDPv6 checksum
Settings Enforcement Checksum error; packet
Error dropped
1449 Firewall Checksum UDP NOTICE --- ICMPv6 ICMPv6 checksum
Settings Enforcement Checksum error; packet
Error dropped
1450 Firewall Flood Attack ALERT --- UDPv6 Flood Possible UDPv6
Settings Protection Detected flood attack
detected
1451 Firewall Flood Attack ALERT --- ICMPv6 Flood Possible ICMPv6
Settings Protection Detected flood attack
detected
1452 Firewall Flood Attack ALERT --- Half Open TCP Too many half-open
Settings Protection Connection TCP connections
Threshold
Exceeded
1453 Network Network Access Debug INFO --- Extended %s
Switch Add
1454 Network Network Access Debug INFO --- Extended %s
Switch Remove
1455 Network Network Access Debug INFO --- Extended Extended Switch
Switch Port Port Status Change :
Speed Change %s
1456 Network Network Access Debug INFO --- Extended Extended Switch
Switch Port Port Status Change :
Duplex Mode %s
Change

SonicOS 6.5.4 Log Events Reference Guide


85
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1457 Network Network Access Debug INFO --- Extended Extended Switch
Switch Port Port Status Change :
Link Status %s
Change
1458 Network ICMP --- NOTICE --- NDP Packets %s
Received
1459 Security GAV Maintenance INFO --- Capture ATP Gateway Anti-Virus
Services File Transfer Status: %s
Attempt
1460 Security GAV Maintenance INFO --- Capture ATP Gateway Anti-Virus
Services File Transfer Status: %s
Result
1461 Security Content Filter --- NOTICE 703 CFS Alert CFS Alert: %s
Services
1462 Security GAV --- INFO --- AV Gateway Gateway Anti-Virus
Services Inform Inform: %s
1463 Security DPI-SSL Connection INFO --- DPI-SSL DPI-SSL Inspection
Services Traffic Inspection Cleaned-up
Cleaned-up
1471 Security Attacks Attack ALERT --- External IDS External IDS: %s
Services
1472 Log General System Error INFO --- Logs at 75% of Total current log
maximum entries is at 75% of
maximum
1473 Firewall Advanced Debug WARNING --- Drop Source IP Source IP is a subnet
Settings Subnet broadcast address
Broadcast
1474 Security Geo-IP Filter --- ALERT --- Custom Geo IP Initiator from
Services Initiator country blocked: %s,
Blocked Source: Custom List
1475 Security Geo-IP Filter --- ALERT --- Custom Geo IP Responder from
Services Responder country blocked: %s,
Blocked Source: Custom List
1476 Security Botnet Filter --- ALERT --- Custom Botnet Suspected Botnet
Services Initiator initiator blocked: %s,
Blocked Source: Custom List
1477 Security Botnet Filter --- ALERT --- Custom Botnet Suspected Botnet
Services Responder responder blocked:
Blocked %s, Source: Custom
List
1478 System Multicast Debug INFO --- Vendor Vendor database
Database downloaded
Download successfully
Success

SonicOS 6.5.4 Log Events Reference Guide


86
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1479 System Vendor Name Debug INFO --- Vendor Vendor database
Resolution Database download failed
Download
Failed
1480 Network DNS Maintenance INFO --- DNS Resolve Success in DNS
Success resolve
1481 Network DNS Proxy Maintenance INFO --- DNS Proxy Send DNS proxy
Packet Send query
1482 Network DNS Proxy Maintenance INFO --- DNS Proxy Receive DNS proxy
Packet reply
Received
1483 Network DNS Proxy Maintenance INFO --- DNS Proxy DNS respond
Request Acked directly by firewall
by Cache
1484 Network DNS Proxy Maintenance INFO --- DNS Proxy Add Add DNS cache
Cache
1485 Network DNS Proxy Maintenance INFO --- DNS Proxy Remove DNS cache
Delete Cache
1486 Network DNS Proxy Maintenance INFO --- DNS Proxy Drop DNS query
Request Packet packet
Drop
1487 Network DNS Proxy Maintenance INFO --- DNS Proxy Drop DNS response
Response packet
Packet Drop
1490 Network Network Access User Activity NOTICE --- HTTP HTTP connection
redirected redirected
1491 Network Network Access User Activity NOTICE --- HTTPS HTTPS connection
redirected redirected
1492 Security Crypto Test Maintenance INFO --- ECDSA Test Crypto ECDSA test
Services Success success
1493 Security Crypto Test Maintenance ERROR --- ECDSA Test Crypto ECDSA test
Services Failed failed
1494 System Settings --- INFO --- System Setting System Setting
Exported Exported
1495 System Status Maintenance INFO --- Firewall was Firewall was
Rebooted by rebooted by setting
Setting Import import at %s
1496 System Status Maintenance INFO --- Firewall was Firewall was
Rebooted by rebooted by %s
Firmware
1497 Network Network Access --- INFO --- Packet Packet Dissection
Dissection Check -- %s
Check

SonicOS 6.5.4 Log Events Reference Guide


87
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1498 3G/4G, 3G/4G and User Activity INFO --- WWAN WWAN - Connecting
Modem, Modem Connecting %s
and
Module
1499 3G/4G, 3G/4G and User Activity INFO --- WWAN Start WWAN - Starting a
Modem, Modem New Session new session
and
Module
1500 3G/4G, 3G/4G and User Activity INFO --- WWAN WWAN - Connection
Modem, Modem Connection established
and Established
Module
1501 3G/4G, 3G/4G and User Activity INFO --- WWAN IP WWAN - Received
Modem, Modem Update new IP address
and
Module
1502 3G/4G, 3G/4G and User Activity INFO --- WWAN WWAN - Link
Modem, Modem Disconnected disconnected
and
Module
1503 3G/4G, 3G/4G and User Activity INFO --- WWAN Session WWAN - Previous
Modem, Modem Duration session was
and connected for %s
Module
1504 3G/4G, 3G/4G and User Activity INFO --- WWAN WWAN -
Modem, Modem Disconnecting Disconnecting
and
Module
1505 3G/4G, 3G/4G and User Activity INFO --- WWAN Profile WWAN - Trying to
Modem, Modem is Manual failover but Primary
and Profile is manual
Module
1506 Wireless WLAN 802.11b INFO --- BandOver BandOver event
Management Event
1507 Network IPv6 MAC-IP Attack ALERT --- IPv6 MAC-IP IPv6 MAC-IP
Anti-Spoof Anti-Spoof Anti-spoof check
Check Enforced enforced for hosts
For Hosts
1508 Network IPv6 MAC-IP Attack ALERT --- IPv6 MAC-IP IPv6 MAC-IP
Anti-Spoof Anti-Spoof Anti-spoof cache not
Cache Not found for this router
Found For
Router
1509 Network IPv6 MAC-IP Attack ALERT --- IPv6 MAC-IP IPv6 MAC-IP
Anti-Spoof Anti-Spoof Anti-spoof cache
Cache Not found, but it is not a
Router router

SonicOS 6.5.4 Log Events Reference Guide


88
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1510 Network IPv6 MAC-IP Attack ALERT --- IPv6 MAC-IP IPv6 MAC-IP
Anti-Spoof Anti-Spoof Anti-spoof cache
Cache found, but it is
Blacklisted blacklisted device
Device
1511 System Cloud Backup --- INFO --- Automatic %s
Cloud Backup
Successful
1512 System Cloud Backup --- INFO --- Automatic %s
Cloud Backup
Failed
1513 System Cloud Backup --- INFO --- Manual Cloud %s
Backup
Successful
1514 System Cloud Backup --- INFO --- Manual Cloud %s
Backup Failed
1515 System Cloud Backup --- INFO --- Delete Cloud %s
Backup
Successful
1516 System Cloud Backup --- INFO --- Delete Cloud %s
Backup Failed
1517 Users Authentication User Activity INFO --- User Name User name invalid
Access Invalid Symbol symbol: %s
1518 Security Botnet Filter --- ALERT --- Botnet Initiator Suspected Botnet
Services Blocked By initiator blocked: %s,
Dynamic List Source: Dynamic List
1519 Security Botnet Filter --- ALERT --- Botnet Suspected Botnet
Services Responder responder blocked:
Blocked By %s, Source: Dynamic
Dynamic List List
1520 System Settings Maintenance INFO --- E-mail SFR Successfully sent SFR
Success file by E-mail
1521 System Settings Maintenance INFO --- E-mail SFR Failed to send SFR
Failed file by E-mail, %s
1522 Wireless SonicPoint/Soni --- INFO --- SonicPoint %s 3G/4G/LTE
cWave 3G/4G/LTE WWAN Status
WWAN Status
1523 VPN VPN PKI --- INFO --- Invalid Invalid certificate is
Certificate imported: %s
Imported
1524 Wireless SonicPoint/Soni --- ALERT --- SonicWave POE %s POE Warning
cWave warning
1525 Wireless SonicPoint/Soni --- INFO --- SonicWave SonicWave %s
cWave License Expired

SonicOS 6.5.4 Log Events Reference Guide


89
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1526 Wireless SonicPoint/Soni --- INFO --- SonicWave SonicWave %s
cWave License Invalid
1527 Security Crypto Test Maintenance ERROR --- AES GCM Test Crypto AES GCM test
Services Failed failed
1528 Security Crypto Test Maintenance INFO --- AES GCM Test Crypto AES GCM test
Services Success success
1532 Security DPI-SSH Users ALERT --- DPI-SSH PF DPI SSH Port
Services User Forward Alert: %s
1533 Security DPI-SSH --- INFO --- DPI-SSH DPI-SSH: %s
Services
1534 Security DPI-SSH --- ALERT --- DPI-SSH DPI-SSH Connection:
Services Connection %s
Check
1535 Network DNS Maintenance NOTICE --- Receive DNS Truncated flag is set
Reply With
Truncated Flag
Set
1536 Network DNS Maintenance INFO --- DNS Query Send DNS query
Over TCP Send over TCP
1537 Network DNS Maintenance INFO --- DNS Response Receive DNS
Over TCP response over TCP
Receive
1538 Network DNS Maintenance INFO --- DNS Response DNS response over
Over TCP TCP Timeout
Timeout
1539 System Global Search Debug DEBUG --- Global Search Global Search Data
Data Download downloaded
Success successfully
1540 System Global Search Debug INFO --- Global Search Global Search Data
Data Download download failed
Failed
1541 System Global Search Debug INFO --- Global Search Global Search Data
Data Incorrect Invalid Server Hash
Hash
1542 Security Crypto Test Maintenance INFO --- DSA Test Crypto DSA test
Services Success success
1543 Security Crypto Test Maintenance ERROR --- DSA Test Failed Crypto DSA test
Services failed
1544 System Storage Module --- WARNING --- Storage %s
Module
Association
Posted Failed

SonicOS 6.5.4 Log Events Reference Guide


90
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1545 System Storage Module --- INFO --- Storage %s
Module
Association
Posted Success
1547 VPN VPN IPsec TCP | UDP | INFO --- Fragmented Fragmented IPsec
ICMP IPsec packet DF packet DF bit set
bit set dropped dropped
1549 Network DNS Security Maintenance INFO --- Drop DNS Drop DNS Sinkhole
Sinkhole Forged IP Packets
Forged IP
Packets
1550 Network DNS Security Maintenance INFO --- Drop Hit DNS Drop Hit DNS
Sinkhole Sinkhole Malicious
Malicious Database Packets
Database
Packets
1551 Wireless WLAN 802.11b INFO --- RSSI Event RSSI event
Management
1552 Users Tacacs User Activity INFO --- User Login User login denied -
Authentication Failed TACACS+
authentication
failure
1553 Users Tacacs User Activity WARNING --- User Login User login denied -
Authentication Timeout TACACS+ server
Timeout
1554 Users Tacacs User Activity WARNING --- User Login User login denied -
Authentication Error TACACS+
configuration error
1555 Users Tacacs User Activity WARNING --- TACACS+ User login denied -
Authentication Communicatio TACACS+
n Problem communication
problem
1556 Users Tacacs User Activity WARNING --- TACACS+ User login denied -
Authentication Server Name TACACS+ server
Resolution name resolution
Failed failed
1557 Users Authentication User Activity INFO --- TACACS+ User TACACS+ user
Access Cannot Use cannot use One Time
One Time Password - no mail
Password address set for
equivalent local user
1558 Log General Debug ERROR --- Log DB Deleted Log DB Deleted due
to data corruption
1559 Security Next-Gen Maintenance INFO --- Next-Gen AV Access attempt from
Services Anti-Virus Access Without host without
Agent Next-Gen Anti-Virus
agent installed

SonicOS 6.5.4 Log Events Reference Guide


91
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1560 Security Next-Gen Maintenance INFO --- Next-Gen AV Next-Gen Anti-Virus
Services Anti-Virus Agent Out of agent out-of-date on
Date host
1561 Security Next-Gen Maintenance WARNING --- Next-Gen AV Received Next-Gen
Services Anti-Virus Expire message AV Alert: Your
Network Next-Gen
Anti-Virus
subscription has
expired. %s
1562 Security Next-Gen Maintenance WARNING --- Next-Gen AV Received Next-Gen
Services Anti-Virus Expiration AV Alert: Your
Warning Network Next-Gen
Anti-Virus
subscription will
expire in 7 days. %s
1563 Security DPI-SSL Maintenance INFO --- SSLE Access Access attempt from
Services Enforcement Without Agent host without DPI-SSL
Enforcement agent
installed
1564 Security DPI-SSL Maintenance WARNING --- SSLE Expire Received DPI-SSL
Services Enforcement Message Enforcement Alert:
Your Network
DPI-SSL Enforcement
subscription has
expired. %s
1565 System Settings Maintenance INFO --- FTP Transfer Successfully sent
Success Flow Report file by
FTP
1566 System Settings Maintenance INFO --- FTP Transfer Failed to send Flow
Failed Report file by FTP,
%s
1567 System Settings Maintenance INFO --- E-mail Transfer Successfully sent
Success Flow Report file by
E-mail
1568 System Settings Maintenance INFO --- E-mail Transfer Failed to send Flow
Failed Report file by E-mail,
%s
1569 Network SFP --- INFO --- Multi-Interface %s
SFP Event
1570 Users Authentication Attack ERROR --- User Account %s.
Access Lockout
1571 Users Authentication Attack ERROR --- User Account User %s account is
Access Unlocked unlocked.

SonicOS 6.5.4 Log Events Reference Guide


92
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1573 Firewall Advanced Debug INFO --- Drop All IPv6 IPv6 packet dropped
Settings Traffic due to IPv6 traffic
processing is
disabled on this
firewall
1574 Firewall Application --- INFO --- Filename Filename: %s
Control Logging
1575 Security DPI-SSL --- WARNING --- DPI-SSL Default DPI-SSL Exclusions:
Services Exclusions Couldn't get
DefaultExclusion
definitions from the
cloud
1576 Firewall Advanced Debug WARNING --- Drop Record Record routed IP
Settings Route Packet packet dropped
1585 Users Authentication User Activity INFO --- User Login User login denied -
Access Denied %s
1586 SD-WAN Path Selection --- ALERT --- Path Available SD-WAN PSP: %s
Profiles
1587 SD-WAN Path Selection --- ALERT --- All Paths SD-WAN PSP: %s
Profiles Removed
1588 SD-WAN Path Selection --- INFO --- Path Added SD-WAN PSP: %s
Profiles
1589 SD-WAN Path Selection --- ALERT --- Path Removed SD-WAN PSP: %s
Profiles
1590 Network Network Access Debug INFO --- Base Vlan Add %s
1591 Network Advanced --- INFO --- NSM Info %s
Routing
1592 Network Advanced --- DEBUG --- NSM Debug %s
Routing
1593 Network DNS Security Maintenance INFO --- DNS Tunnel Find DNS tunnel
Attack attack - %s
1594 Network DNS Security Maintenance INFO --- Drop DNS Drop DNS Packets
Packets Via Via Suspicious DNS
Suspicious DNS Tunnel - %s
Tunnel
1595 Wireless SonicPoint/Soni --- WARNING --- SonicWave BLE SonicWave %s
cWave warning
1596 Wireless SonicPoint/Soni --- INFO --- SonicWave BLE SonicWave %s
cWave Info
1597 Network POE --- INFO --- POE Overview %s
1598 Wireless WLAN 802.11b INFO --- AutoChannel AutoChannel event
Management Event
1599 Security Content Filter User Activity INFO --- CFS Policy CFS policy added
Services Added

SonicOS 6.5.4 Log Events Reference Guide


93
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1600 Security Content Filter User Activity INFO --- CFS Policy CFS policy modified
Services Modified
1601 Security Content Filter User Activity INFO --- CFS Policy CFS policy deleted
Services Deleted
1602 System API --- INFO --- Authentication API Auth: %s
1603 System API --- INFO --- Fetch Resource API Fetch Resource:
%s
1604 System API --- INFO --- Configuration API Configuration:
Change %s
1605 Log FTP Maintenance INFO --- Send Log to Log successfully sent
FTP via FTP
1606 Log FTP System Error WARNING --- FTP Check Problem sending log
Error on Load via FTP; check FTP
settings
1607 Log FTP System Error WARNING --- FTP Transfer FTP transfer failed :
Failed %s
1608 SD-WAN Performance --- INFO --- Probe Added Performance Probe
Probes added : %s
1609 SD-WAN Performance --- INFO --- Probe Deleted Performance Probe
Probes deleted : %s
1610 SD-WAN Performance --- INFO --- Probe Modified Performance Probe
Probes modified : %s
1611 SD-WAN Performance --- INFO --- Performance Performance Class
Class Objects Class Object Object added : %s
Added
1612 SD-WAN Performance --- INFO --- Performance Performance Class
Class Objects Class Object Object deleted : %s
Deleted
1613 SD-WAN Performance --- INFO --- Performance Performance Class
Class Objects Class Object Object modified : %s
Modified
1615 SD-WAN Path Selection --- INFO --- PSP Added SD-WAN Path
Profiles Performance Profile
added : %s
1616 SD-WAN Path Selection --- INFO --- PSP Modified SD-WAN Path
Profiles Selection Profile
modified : %s
1617 SD-WAN Path Selection --- INFO --- PSP Deleted SD-WAN Path
Profiles Selection Profile
deleted : %s
1618 SD-WAN SD-WAN Route --- INFO --- Route Added SD-WAN Route
added : %s
1619 SD-WAN SD-WAN Route --- INFO --- Route Modified SD-WAN Route
modified : %s

SonicOS 6.5.4 Log Events Reference Guide


94
Index of Log Event Messages
Log Event Message Index
Event SonicOS SonicOS Group Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Name Category Level Trap
Name Type
1620 SD-WAN SD-WAN Route --- INFO --- Route Deleted SD-WAN Route
deleted : %s
1621 SD-WAN SD-WAN --- INFO --- SD-WAN Group SD-WAN Group
Groups Added added %s
1622 SD-WAN SD-WAN --- INFO --- SD-WAN Group SD-WAN Group
Groups Modified modified %s
1623 SD-WAN SD-WAN --- INFO --- SD-WAN Group SD-WAN Group
Groups Deleted deleted %s
1624 SD-WAN SD-WAN --- INFO --- SD-WAN SD-WAN Group
Groups Interface Member added %s
Added to
Group
1625 SD-WAN SD-WAN --- INFO --- SD-WAN SD-WAN Group
Groups Interface Member deleted %s
Deleted from
Group
1626 SD-WAN SD-WAN --- INFO --- SD-WAN Group SD-WAN Group
Groups Member Member modified
Modified %s

SonicOS 6.5.4 Log Events Reference Guide


95
Index of Log Event Messages
3
Syslog Events
This section provides information about using the detailed logs created from Syslog events. Syslog settings are
configured in the MANAGE view on the Log Settings > SYSLOG page in SonicOS.
Topics:
• Log Settings > Syslog on page 96
• Index of Syslog Tag Field Descriptions on page 97
• Syslog Group Category (gcat) Values on page 105
• Examples of Standard Syslog Messages on page 106
• Examples of ArcSight Syslog Messages on page 107
• Legacy Categories on page 109
• Priority Levels on page 110

Log Settings > Syslog


In addition to the standard event log, the SonicWall security appliance can send a detailed log to an external
Syslog server. The detailed log captures all log activity and includes every connection source and destination IP
address, IP service, and number of bytes transferred. Syslog analyzers such as SonicWall Analyzer or WebTrends
Firewall Suite can be used to sort, analyze, and graph the Syslog data.
For more information on configuring the Log Settings > SYSLOG page, refer to the SonicOS 6.5 Logs and
Reporting administration documentation.

SonicOS 6.5.4 Log Events Reference Guide


96
Syslog Events
Log Settings > SYSLOG Page

Index of Syslog Tag Field Descriptions


This section provides an alphabetical listing of Syslog tags and the associated field description. For more
information about the “pri” Syslog Tag, see Priority Levels on page 110. The value here is taken from the
“Priority Level” column of the Index of Log Event Messages on page 10. For more information about the “c”
Syslog Tag, see Legacy Categories on page 109.

Syslog Tags

Tag Tags for Arc-Sight Field Description


<ddd> Syslog message prefix The beginning of each Syslog message
has a string of the form <ddd> where
ddd is a decimal number indicating
facility and priority of the message
af_polid Application Filter Displays the Application Filter Policy ID
af_policy Application Filter Displays the Application Policy name

SonicOS 6.5.4 Log Events Reference Guide


97
Syslog Events
Tag Tags for Arc-Sight Field Description
af_type Application Filter Displays the Application Policy type
such as:
• SMTP Client Request
• HTTP Client Request
• HTTP Server Response
• FTP Client Request
• FTP Client Upload File
• FTP Client Download File
• POP3 Client Request
• POP3 Server Response
• FTP Data Transfer
• IPS Content
• App Control Content
• Custom Policy Type
• CFS
af_service Application Filter Displays the Application Policy service
name
af_action Application Filter Displays the Application Policy action
such as:
• HTTP Block Page
• HTTP Redirect
• Bandwidth Management
• Disable E-Mail Attachment
• FTP Notification Reply
• Reset/Drop
• Block SMTP E-Mail
• Bypass DPI
• CFS Block Page
• Packet Monitor
af_object Application policy object Displays the custom Application Policy
name object name
ai Active Interface via GMS Displays the Active WAN Interface.
heartbeat Normally it is Primary WAN, but in a
failover, it displays the value of the
failover default outbound WAN
interface, if there is more than one
WAN. When there is only one WAN
Interface, it is always Primary WAN
regardless of the link state
app app Numeric application ID Indicates the application for the
applied Syslog. Only displays when
Flow Reporting is enabled
appcat appcat Application Control Display the application category when
Application Control is enabled
appid appid Application ID Display the application ID when
Application Control is enabled

SonicOS 6.5.4 Log Events Reference Guide


98
Syslog Events
Tag Tags for Arc-Sight Field Description
appName Non-Signature Indicates the non-signature
Application Name Application Name that matches the
Application ID “app” or “f” of the
Syslog; Only displays when Flow
Reporting is enabled
arg arg URL Used to render a URL: arg represents
the URL path name part
bcastRx bcastRx Interface statistics report Displays the broadcast packets
received
bcastTx bcastTx Interface statistics report Displays the broadcast packets
transmitted
bid bid Numeric Blade ID Indicates the blade that originated the
event and applies only to products
with blade architecture
bytesRx bytesRx Interface statistics report Displays the bytes received
bytesTx bytesTX Interface statistics report Displays the bytes transmitted
c cat Message category (legacy Indicates the legacy category number
only) (Note: SonicOS does not currently
send new category information)
category category Blocking code description Applicable only when CFS is enabled,
indicates the category of the blocked
content such as “Gambling”. This
works in conjunction with “code” for
the blocking code.
catid Rule category Indicates the category ID of the rule
cdur cn3Label Connection Duration Displays the connection duration in
milliseconds (ms) and only applies to
m=537 “Connection Closed” Syslog
change SWGMSchangeUrl Configuration change Displays the basename of the firewall
webpage web page that performed the last
configuration change
code reason Blocking code Indicates the CFS block code
conns Firewall status report via Indicates the number of connections
GMS heartbeat in use
contentObject Application Filter Indicates rule name
cs4 Interface Statistics Display interface statistics
deviceOutboundInterface Interface Indicates interface on which the
packet leaves the device
deviceInboundInterface Interface Indicates interface on which the
packet leaves the device

SonicOS 6.5.4 Log Events Reference Guide


99
Syslog Events
Tag Tags for Arc-Sight Field Description
dpi Numeric code Indicates that a flow underwent
inspection by Deep Packet Inspection.
The dpi tag only applies to Connection
Closed Syslog events with the message
ID defined as either:
• m=537 if the flow has no URL
information, or if CFS was not
enabled
• m=97 if CFS was enabled and
flow information includes URL
Possible values for dpi are:
• 1 = DPI inspection occurred
• 0 = no DPI inspection
dpt Port Display destination port
dnpt NAT’ed Port Display NAT’ed destination port
dst dst Destination Destination IP address, and optionally,
port, network interface, and resolved
name
dstMac dmac Destination MAC Address Destination MAC Address
dstV6 dst Destination Destination IPv6 address, and
optionally, port, network interface,
and resolved name
dstname request URL Displays the URL of accessed Websites
and hosts
dstname dstname Notes Indicates additional information such
as description of forbidden/deleted
email attachments
dstZone cs4Label (destination) Destination zone name Displays destination zone
dur cs6label Numeric, session duration Displays the connection duration in
in seconds seconds; pertains to the activity time
of an authenticated user session (such
as logout messages)
dyn Firewall status report via Displays the HA and dialup connection
GMS heartbeat state (rendered as “h.d” where “h” is
“n” (not enabled), “b” (backup), or “p”
(primary) and “d” is “1” (enabled) or
“0” (disabled))
f flowType Numeric flow type Indicates the flow type when Flow
Reporting is disabled
fileid URL or MD5 File identification or name, which may
(long URLs may be be in MD5 format or a URL. For
truncated) example, Capture ATP uses this tag to
indicate a file inspected by GAV or
CloudAV.

SonicOS 6.5.4 Log Events Reference Guide


100
Syslog Events
Tag Tags for Arc-Sight Field Description
filetxstatus Capture ATP: File Result of file transmission as reported
transmission status by Capture ATP. Possible values are:
100 : CONFIRMED
200 : TOO BIG
210 : PENDING
211 : GOOD
212 : BAD
213 : REQUEST SENT
214 : UNKNOWN
220 : CLOUDAV
230 : GAV
260 : SERVER COMMAND
270 : EXCESSIVE PACKET LOSS
280 : OUT OF MEMORY
300 : AWAITING CONFIRM
310 : CANT CONFIRM
400 : LOW MEMORY
410 : Files Per Hour EXCEEDED
420 : TOO MANY CONCURRENT
fw Firewall WAN IP Indicates the WAN IP Address
fwaction Firewall Action The explicit action performed on
network traffic (packets) encountered
by the firewall based on built-in or
user-configured policies that may
allow or drop packets. For events that
are not associated with specific
packets, the value “Not Applicable” or
“NA” is used. Possible values are:
• forward - packet is forwarded
due to a matching policy or rule
set
• drop - packet is dropped due to
a matching policy or rule set
• mgmt - packet is a
management packet,
management policy will be
applied
• NA - not associated with a
packet, firewall action is Not
Applicable
fwlan Firewall status report via Indicates the LAN zone IP address
GS heartbeat
gcat gcat Group category Display event group category when
using Enhanced Syslog
goodRxBytes goodRxBytes SonicPoint statistics Indicates the well-formed bytes
report received
goodTxBytes goodTxBytes SonicPoint statistics Indicates the well-formed bytes
report transmitted

SonicOS 6.5.4 Log Events Reference Guide


101
Syslog Events
Tag Tags for Arc-Sight Field Description
i Firewall status report via Displays the GMS message interval in
GMS heartbeat seconds
icmpCode cn2 ICMP type and code Indicates the ICMP code
id=firewall WebTrends prefix Syntactic sugar for WebTrends (and
GMS by habit)
if if Interface statistics report Displays the interface on which
statistics are reported
ipscat ipscat IPS message Displays the IPS category
ipspri ipspri IPS message Displays the IPS priority
lic Firewall status report via Indicates the number of licenses for
GMS heartbeat firewalls with limited modes
m Message ID Provides the message ID number
mailFrom Email sender Originator of the email
msg msg Message Displays the message which is
composed of either or both a
predefined message and a dynamic
message containing a string %s or
numeric %d argument
n cnt Message count Indicates the number of times event
occurs
natDst cs2Label NAT destination IP Displays the NAT’ed destination IP
address
natDstV6 cs2Label NAT destination IPv6 Displays the NAT’ed destination IPv6
address
natSrc cs1Label NAT source IP Displays the NAT’ed source IP address
natSrcV6 cs1Label NAT source IPv6 Displays the NAT’ed source IPv6
address
note cs6 Additional Information Additional information that is
application-dependent
npcs cs5 URL Applicable only when Network Packet
Capture System (NPCS Solera) is
enabled, displays URL of an NPCS
object
op requestMethod HTTP OP code Displays the value assigned by SonicOS
Content Filtering based on its parsing
of an HTTP packet’s Method token for
the Request message. Supported
values are:
• 0 = NO OPERATION
• 1 = HTTP GET
• 2 = HTTP POST
• 3 = HTTP HEAD
where GET/POST/HEAD are standard
HTTP Methods and NO OPERATION is
used by SonicOS to indicate that none
of the other defined values apply.

SonicOS 6.5.4 Log Events Reference Guide


102
Syslog Events
Tag Tags for Arc-Sight Field Description
packetdatId Raw Data used in Security Used in m=1391 (Raw Data) to indicate
packetdatNum Services Syslogs, disabled that Raw Data is available and
by default transmission had been enabled. When
packetdatEnc
enabled, Raw Data information is
provided to SonicWall GMS when
generating Security Service Syslogs:
m=14, 16, 608, 609, 761, 789, 790,
793, 794, 795, 809, 1154, 1155
pri Message priority Displays the event priority level
(0=emergency, 7=debug)
Refer to Priority Levels on page 110
proto proto Protocol and service Displays the protocol information
(rendered as “proto=[protocol]” or
just “[proto]/[service]”)
pt Firewall status report via Displays the HTTP/HTTPS
GMS heartbeat management port (rendered as
“hhh.sss”)
radio radio SonicPoint statistics Displays the SonicWave/SonicPoint
report radio on which event occurred
rcptTo recipient Indicates the email recipient
rcvd in Bytes received Indicates the number of bytes
received within connection
referer referer HTTP Referrer URI When HTTP content is detected, this
value distinguishes the referrer from
the requested URL for website access
result outcome HTTP Result code Displays the HTTP result code (200,
403, etc.) of Website hit
rpkt cn1Label Packet received Display the number of packet received
rule cs1 Rule ID Used to identify a policy or a rule
associated with an event
sent out Bytes sent Displays the number of bytes sent
within connection

SonicOS 6.5.4 Log Events Reference Guide


103
Syslog Events
Tag Tags for Arc-Sight Field Description
sess cs5Label Pre-defined string Applies to Syslogs with an associated
indicating session type user session being tracked by the
UTM. Determined by the
Authentication mechanism and can be
one of:
• None - the starting session type
when user authentication is
still pending or just started
• Web - identified as a Web
browser session
• Portal - SSL-VPN portal login
• l2tpc - L2TP client session
• vpnc - VPN client session
• sslvpnc - SSL-VPN client session
• Auto - Auto-logged in session,
for example Single Sign On
(SSO)
• Other - none of the known
types
• CLI - indicates a CLI session
sid sid IPS or Anti-Spyware Provides either IPS or Anti-Spyware
message signature ID
sn Firewall serial number Indicates the device serial number
spkt cn2Label Packet sent Display the number of packets sent
spt Port Displays source port
spycat spycat Anti-Spyware message Displays the Anti-Spyware category
spypri spypri Anti-Spyware message Displays the Anti-Spyware priority
snpt NAT source port Display NAT’ed source port
src src Source Indicates the source IP address, and
optionally, port, network interface,
and resolved name
srcMac smac Source MAC Address Source MAC Address
srcZone cs3Label (source) Source zone name Displays source zone
station station SonicPoint statistics Displays the client (station) on which
report event occurred
time Time Reports the time of event
type cn1 ICMP type and code Indicates the ICMP type
ucastRx ucastRx Interface statistics report Displays the unicast packets received
ucastTx ucastTx Interface statistics report Displays the unicast packets
transmitted
unsynched Firewall status report via Reports the time since last local
GMS heartbeat change in seconds
usestandbysa Firewall status report via Displays whether standby SA is in use
GMS heartbeat (“1” or “0”) for GMS management
usr (or user) susr User Displays the user name (“user” is the
tag used by WebTrends)

SonicOS 6.5.4 Log Events Reference Guide


104
Syslog Events
Tag Tags for Arc-Sight Field Description
vpnpolicy cs2 (source) Source VPN policy name Displays the source VPN policy name
of event
vpnpolicyDst cs3 (destination) Destination VPN policy Displays the destination VPN policy
name name of event

Syslog Group Category (gcat) Values


The following table defines the gcat values used in SonicOS Syslog events.

Syslog gcat Values


gcat Number Value
1 System
2 Log
3 Security Services
4 Users
5 Firewall Settings
6 Network
7 VPN
8 High Availability
9 3G/4G, Modem, and Module
10 Firewall
11 Wireless
12 VoIP
13 SSL VPN
14 Anti-Spam
15 WAN Acceleration
16 SD-WAN
17 Multi-Tenancy

For example gcat=3 means “Security Services” category, and gcat=6 means “Network” category:

Intrusion Prevention (IPS) example:


Feb 26 22:53:50 10.8.139.192 FEB 26 2019 06:53:50 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|608|IPS Detection Alert|9|cat=32 gcat=3 src=180.97.33.107 spt=8
deviceInboundInterface=X1 dst=36.50.1.220 dpt=1 deviceOutboundInterface=X0 msg="IPS
Detection Alert: ICMP Echo Reply, SID: 316, Priority: low" msg="IPS Detection Alert:
ICMP Echo Reply" sid=316 ipscat="ICMP Echo Reply" ipspri=3 cnt=6 fw_action="NA"

IP Spoof Detection example:


Feb 26 22:53:52 10.8.139.192 FEB 26 2019 06:53:52 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|23|IP Spoof Detected|9|cat=32 gcat=3 smac=00:50:56:9f:88:86
src=10.8.138.215 spt=68 deviceInboundInterface=MGMT cs3Label=Unknown
dmac=ff:ff:ff:ff:ff:ff dst=255.255.255.255 dpt=67 deviceOutboundInterface=X0
cs4Label=LAN proto=udp/67 in=328 cnt=4 fw_action="drop"

SonicOS 6.5.4 Log Events Reference Guide


105
Syslog Events
IPv6 / ICMPv6 example:
Feb 26 22:54:05 10.8.139.192 FEB 26 2019 06:54:05 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|1430|IPv6 Packet with Ext Header|4|cat=512 gcat=6
smac=00:1c:57:66:00:00 srcV6=fe80::1 deviceInboundInterface=X1
dmac=33:33:00:00:00:01 dstV6=ff02::1 proto=0 in=76 cs6="Extention header: 0"
cnt=1401 fw_action="NA"

Examples of Standard Syslog Messages


The following examples show the content of the Syslog packet. This type of message can be viewed on the
Syslog server or in any packet analyzer application. Note that this is the Default Syslog Format.

Connection Closed (with dpi tag) examples:


Feb 26 22:47:37 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26 06:47:37"
fw=10.8.139.192 pri=6 c=1024 m=537 msg="Connection Closed" app=9 n=2200
src=36.50.1.220:49196:X0 dst=216.58.195.67:80:X1 dstMac=00:1c:57:66:00:00
proto=tcp/http sent=152 spkt=3 dpi=0 cdur=40183 rule="9 (LAN->WAN)" fw_action="NA"
Jan 31 09:07:48 10.8.96.203 id=firewall sn=004010292F25 time="2019-01-30 18:17:17"
fw=10.8.96.203 pri=6 c=1024 m=537 msg="Connection Closed" app=9 n=1792
src=192.168.203.56:65440:X0 dst=10.8.96.159:80:X1 srcMac=00:50:56:a1:3e:5d
dstMac=00:0c:29:5b:4f:04 proto=tcp/1 sent=186 rcvd=94 spkt=4 rpkt=2 dpi=1 cdur=4983
rule="5 (LAN->WAN)" fw_action="NA"
Jan 31 09:07:48 10.8.96.203 id=firewall sn=004010292F25 time="2019-01-30 18:17:17"
fw=10.8.96.203 pri=6 c=1024 m=97 app=48 n=3 src=192.168.203.56:65439:X0
dst=10.8.96.159:80:X1 srcMac=00:50:56:a1:3e:5d dstMac=00:0c:29:5b:4f:04 proto=tcp/1
op=1 sent=1347 rcvd=2443 dpi=1 dstname=10.8.96.159 arg=/ code=64 Category="Not
Rated" note="Policy: CFS Default Policy, Info: 6148 " rule="5 (LAN->WAN)"
fw_action="NA"

Content Filtering (CFS) examples:


Feb 26 22:50:44 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:50:44" fw=10.8.139.192 pri=6 c=1024 m=97 app=48 n=19 src=36.50.1.220:49312:X0
dst=10.8.8.200:80:X1 srcMac=00:50:56:b4:54:f5 dstMac=00:1c:57:66:00:00
proto=tcp/http op=1 sent=4775 rcvd=173391 dpi=0 dstname=10.8.8.200 arg=/ code=64
Category="Not Rated" note="Policy: CFS Default Policy, Info: 6148 " rule="9
(LAN->WAN)" fw_action="NA"
Feb 26 22:49:51 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:49:51" fw=10.8.139.192 pri=3 c=4 m=14 msg="Web site access denied" app=9 n=1
src=36.50.1.220:49281:X0 dst=209.59.212.85:80:X1 srcMac=00:50:56:b4:54:f5
dstMac=18:b1:69:89:bf:80 proto=tcp/http dstname=www.gamble.com arg=/ code=11
Category="Gambling" rule="9 (LAN->WAN)" fw_action="drop"
Feb 26 22:50:50 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:50:49" fw=10.8.139.192 pri=6 c=1024 m=97 app=48 n=20 src=36.50.1.220:49315:X0
dst=10.8.8.200:80:X1 srcMac=00:50:56:b4:54:f5 dstMac=00:1c:57:66:00:00
proto=tcp/http op=1 sent=643 rcvd=4546 dpi=0 dstname=10.8.8.200
arg=/virus/klez.h.bin code=64 Category="Not Rated" note="Policy: CFS Default Policy,
Info: 6148 Referer: http://10.8.8.200/virus.htm"
referer="http://10.8.8.200/virus.htm" rule="9 (LAN->WAN)" fw_action="NA"

SonicOS 6.5.4 Log Events Reference Guide


106
Syslog Events
Feb 26 22:49:41 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:49:41" fw=10.8.139.192 pri=6 c=1024 m=97 app=48 n=18 src=36.50.1.220:49239:X0
dst=124.108.103.103:80:X1 srcMac=00:50:56:b4:54:f5 dstMac=00:1c:57:66:00:00
proto=tcp/http op=1 sent=626 rcvd=890 dpi=0 dstname=www.yahoo.com arg=/ code=29
Category="Search Engines and Portals" note="Policy: CFS Default Policy, Info: 6148 "
rule="9 (LAN->WAN)" fw_action="NA"

Capture ATP (Sandbox) example:


Feb 26 22:50:44 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:50:44" fw=10.8.139.192 pri=6 c=1 m=1460 msg="Gateway Anti-Virus Status: GAV
Detection. File forwarding to Sandbox truncated for:
http://10.8.8.200/virus/klez.h.bin, filename: klez.h.bin."
fileid="10.8.8.200/virus/klez.h.bin" filetxstatus=230 dstname=10.8.8.200
arg=/virus/klez.h.bin n=1 src=10.8.8.200:80:X1 dst=36.50.1.220:49312:X0
proto=tcp/http fw_action="NA"

Gateway Anti-Virus (GAV) example:


Feb 26 22:50:44 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:50:44" fw=10.8.139.192 pri=1 c=32 m=809 msg="Gateway Anti-Virus Alert:
Injected.AZ (Trojan) blocked." n=1 src=10.8.8.200:80:X1 dst=36.50.1.220:49312:X0
fw_action="NA"

Intrusion Prevention (IPS) example:


Feb 26 22:48:49 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:48:49" fw=10.8.139.192 pri=1 c=32 m=608 msg="IPS Detection Alert: ICMP Echo
Reply" sid=316 ipscat="ICMP Echo Reply" ipspri=3 n=1 src=180.97.33.107:8:X1
dst=36.50.1.220:1:X0 fw_action="NA"

Detected scan attack examples:


Feb 26 22:49:44 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:49:44" fw=10.8.139.192 pri=1 c=32 m=82 msg="Possible port scan detected" n=1
src=69.147.88.7:443:X1 dst=10.8.139.192:31894:X1 srcMac=00:1c:57:66:00:00
dstMac=18:b1:69:89:bf:81 proto=tcp/https note="TCP scanned port list, 42338, 28852,
6467, 55193, 47039" fw_action="NA"
Feb 26 22:49:45 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:49:45" fw=10.8.139.192 pri=1 c=32 m=177 msg="Probable TCP FIN scan detected" n=1
src=69.147.88.7:443:X1 dst=10.8.139.192:11269:X1 srcMac=00:1c:57:66:00:00
dstMac=18:b1:69:89:bf:81 proto=tcp/https note="TCP scanned port list, 42338, 28852,
6467, 55193, 47039, 31894, 45687, 2228, 62490, 11269" fw_action="NA"

Examples of ArcSight Syslog Messages


The following examples show the content of the Syslog packet. This type of message can be viewed on the
Syslog server or any packet analyzer application.

Content Filtering (CFS) examples:


Feb 26 22:53:28 10.8.139.192 WAN)" app=48 requestMethod=1
request=10.8.8.200/virus/Macro.Word97.Melissa.c reason=64 Category-"Not Rated"
cs6="Policy: CFS Default Policy, Info: 6148 Referer: http://10.8.8.200/virus.htm"
cnt=21 fw_action="NA" dpi=0 referer="http://10.8.8.200/virus.htm"

SonicOS 6.5.4 Log Events Reference Guide


107
Syslog Events
Feb 26 22:53:39 10.8.139.192 WAN)" app=48 requestMethod=1
request=ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedc
ertstl.cab?c4091b107fb9006c reason=27 Category-"Information Technology/Computers"
cs6="Policy: CFS Default Policy, Info: 6148 " cnt=22 fw_action="NA" dpi=0

Intrusion Prevention (IPS) example:


Feb 26 22:53:50 10.8.139.192 FEB 26 2019 06:53:50 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|608|IPS Detection Alert|9|cat=32 gcat=3 src=180.97.33.107 spt=8
deviceInboundInterface=X1 dst=36.50.1.220 dpt=1 deviceOutboundInterface=X0 msg="IPS
Detection Alert: ICMP Echo Reply, SID: 316, Priority: low" msg="IPS Detection Alert:
ICMP Echo Reply" sid=316 ipscat="ICMP Echo Reply" ipspri=3 cnt=6 fw_action="NA"

IP Spoof Detection example:


Feb 26 22:53:52 10.8.139.192 FEB 26 2019 06:53:52 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|23|IP Spoof Detected|9|cat=32 gcat=3 smac=00:50:56:9f:88:86
src=10.8.138.215 spt=68 deviceInboundInterface=MGMT cs3Label=Unknown
dmac=ff:ff:ff:ff:ff:ff dst=255.255.255.255 dpt=67 deviceOutboundInterface=X0
cs4Label=LAN proto=udp/67 in=328 cnt=4 fw_action="drop"

IPv6 / ICMPv6 examples:


Feb 26 22:54:05 10.8.139.192 FEB 26 2019 06:54:05 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|1430|IPv6 Packet with Ext Header|4|cat=512 gcat=6
smac=00:1c:57:66:00:00 srcV6=fe80::1 deviceInboundInterface=X1
dmac=33:33:00:00:00:01 dstV6=ff02::1 proto=0 in=76 cs6="Extention header: 0"
cnt=1401 fw_action="NA"
Feb 26 22:54:05 10.8.139.192 FEB 26 2019 06:54:05 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|1431|ICMPv6 Packets Received|4|cat=0 gcat=6 smac=00:1c:57:66:00:00
srcV6=fe80::1 deviceInboundInterface=X1 dmac=33:33:00:00:00:01 dstV6=ff02::1
proto=ipv6-icmp cn1=130 cn2=0 in=76 cs6="ICMPv6" cnt=1559 fw_action="NA"

Anti-Spyware Detection example:


Feb 26 22:54:59 10.8.139.192 FEB 26 2019 06:54:58 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|795|Anti-Spyware Detection Alert|9|cat=32 gcat=3 src=10.8.8.200
spt=80 deviceInboundInterface=X1 dst=36.50.1.220 dpt=49451
deviceOutboundInterface=X0 msg="Anti-Spyware Detection Alert: Search_Miracle
Download x.cab (Adware), SID: 2648, Danger Level: low" msg="Anti-Spyware Detection
Alert: Search_Miracle Download x.cab (Adware)" sid=2648 spycat="Search_Miracle
Download x.cab (Adware)" spypri=3 cnt=1 fw_action="NA"

Gateway Anti-Virus (GAV) example:


Feb 26 22:55:08 10.8.139.192 FEB 26 2019 06:55:08 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|809|AV Gateway Alert|9|cat=32 gcat=3 src=10.8.8.200 spt=80
deviceInboundInterface=X1 dst=36.50.1.220 dpt=49451 deviceOutboundInterface=X0
msg="Gateway Anti-Virus Alert: Injected.AZ (Trojan) blocked." cnt=4 fw_action="NA"

Capture ATP File Transfer examples:


Feb 26 22:55:41 10.8.139.192 FEB 26 2019 06:55:41 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|1460|Capture ATP File Transfer Result|4|cat=1 gcat=3 src=10.8.8.200
spt=80 deviceInboundInterface=X1 dst=36.50.1.220 dpt=49388
deviceOutboundInterface=X0 proto=tcp/http in=1500
request=10.8.8.200/spyware/3gargs.exe.bin msg="Gateway Anti-Virus Status: File sent
to Sandbox, but could not confirm receipt due to highly delayed acks. Time-wait
timer expired waiting for receipt confirmation:
http://10.8.8.200/spyware/3gargs.exe.bin, filename: 3gargs.exe.bin." cnt=4
fw_action="NA" fileid="64ab24d0e8b375cfba1cbcfe0ac614db" filetxstatus=310

SonicOS 6.5.4 Log Events Reference Guide


108
Syslog Events
Feb 26 22:55:48 10.8.139.192 FEB 26 2019 06:55:47 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|1460|Capture ATP File Transfer Result|4|cat=1 gcat=3 src=10.8.8.200
spt=80 deviceInboundInterface=X1 dst=36.50.1.220 dpt=49465
deviceOutboundInterface=X0 proto=tcp/http in=1500
request=10.8.8.200/spyware/3gargs.exe.bin msg="Gateway Anti-Virus Status:
GAV_BLOCK_REASON_SPYWARE. File forwarding to Sandbox truncated for:
http://10.8.8.200/spyware/3gargs.exe.bin, filename: 3gargs.exe.bin." cnt=5
fw_action="NA" fileid="10.8.8.200/spyware/3gargs.exe.bin" filetxstatus=230

Connection Opened/Closed (with dpi tag) examples:


Feb 26 22:53:14 10.8.139.192 FEB 26 2019 06:53:14 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|98|Connection Opened|4|cat=262144 gcat=6 src=36.50.1.220 spt=49385
deviceInboundInterface=X0 cs1Label=10.8.139.192 snpt=56339 dst=216.58.194.195
dpt=443 deviceOutboundInterface=X1 cs2Label=216.58.194.195 dnpt=443 proto=tcp/https
out=52 cnt=2764 fw_action="NA" dpi=0
Feb 26 22:53:16 10.8.139.192 FEB 26 2019 06:53:16 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|537|Connection Closed|4|cat=1024 gcat=6 src=10.8.139.192 spt=49153
deviceInboundInterface=X1 cs1Label=10.8.139.192 snpt=12830 dmac=00:1c:57:66:00:00
dst=10.190.202.200 dpt=53 deviceOutboundInterface=X1 cs2Label=10.190.202.200 dnpt=53
proto=udp/dns out=346 in=574 cn2Label=5 cn1Label=5 cn3Label=35750 app=2 cnt=2720
fw_action="NA" dpi=0

Legacy Categories
This section can be used as a reference for understanding different categories and their descriptions. The
following table describes the Legacy categories shared in all SonicOS releases.

Legacy Category Values


ID (used in Syslog) Name Description
0 Event is not Legacy Category, not backward compatible.
1 System Maintenance Logs general system activity, such as system activations.
2 System Errors Logs problems with DNS or Email.
4 Blocked Web Sites Logs Web sites or news groups blocked by the Content
Filter List or by customized filtering.
8 Blocked Java Etc Logs Java, ActiveX, and Cookies blocked by the SonicWall
security appliance.
16 User Activity Logs successful and unsuccessful log in attempts.
32 Attacks Logs messages showing Denial of Service attacks, such as
SYN Flood, Ping of Death, and IP Spoofing.
64 Dropped TCP Logs blocked incoming TCP connections.
128 Dropped UDP Logs blocked incoming UDP packets.
256 Dropped ICMP Logs blocked incoming ICMP packets.
512 Network Debug Logs NetBIOS broadcasts, ARP resolution problems, and
NAT resolution problems. Also, detailed messages for VPN
connections are displayed to assist the network
administrator with troubleshooting problems with active
VPN tunnels. Network Debug information is intended for
experienced network administrators.
1024 Syslog Only - For Traffic Used for Syslog only to report HTTP connections opened
Reporting and closed, and bytes transferred.

SonicOS 6.5.4 Log Events Reference Guide


109
Syslog Events
Legacy Category Values
ID (used in Syslog) Name Description
2048 Dropped LAN TCP Used for Syslog only to report that the TCP packet is
dropped due to LAN management policy.
4096 Dropped LAN UDP Used for Syslog only to report that the UDP packet is
dropped due to LAN management policy.
8192 Dropped LAN ICMP Used for Syslog only to report that the ICMP packet is
dropped due to LAN management policy.
32768 Modem Debug Logs Modem Debug activity.
65536 VPN Tunnel Status Logs status information on VPN tunnels.
131072 802.11 Management Logs WLAN IEEE 802.11 connections.
262144 Syslog Only - For Traffic Used for Syslog only to report that the Network Traffic is
Reporting logged when connection is open.
524288 System Environment Logs system environment activity.
1048576 Expanded - VOIP Activity Used for Syslog only to log VoIP H.323-RAS, H.323/H.225,
and H.323/H.245 activity.
2097152 Expanded - WLAN IDS Used for Syslog only to log WLAN IDS activity.
Activity
4194304 Expanded - SonicPoint Used for Syslog only to log SonicPoint activity.
Activity

Priority Levels
The following table displays the Priority Number and Priority Name for Syslog tags. The value here corresponds
to the Priority Level column of the Log Event Message Index table, or the pri tag in the Syslog Tags table. For
example, a tag with “pri=0” means Emergency Priority.

Priority Level

Priority Number Priority Name


0 Emergency
1 Alert
2 Critical
3 Error
4 Warning
5 Notice
6 Info
7 Debug

SonicOS 6.5.4 Log Events Reference Guide


110
Syslog Events
4
SonicWall Support
Technical support is available to customers who have purchased SonicWall products with a valid maintenance
contract.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.
The Support Portal enables you to:
• View knowledge base articles and technical documentation
• View and participate in the Community forum discussions at
https://community.sonicwall.com/technology-and-support
• View video tutorials
• Access MySonicWall
• Learn about SonicWall professional services
• Review SonicWall Support services and warranty information
• Register for training and certification
• Request technical support or customer service
To contact SonicWall Support, visit https://www.sonicwall.com/support/contact-support.

SonicOS 6.5.4 Log Events Reference Guide


111
SonicWall Support
About This Document
Legend
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

SonicOS Log Events Reference Guide


Updated - July 2021
Software Version - 6.5.4
232-004342-04 Rev B

Copyright © 2021 SonicWall Inc. All rights reserved.


SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other
trademarks and registered trademarks are property of their respective owners
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or
implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall
products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT,
SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY
WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT,
INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF
SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no
representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to
make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any
commitment to update the information contained in this document.
For more information, visit https://www.sonicwall.com/legal.

End User Product Agreement


To view the SonicWall End User Product Agreement, go to https://www.sonicwall.com/legal/end-user-product-agreements.

Open Source Code


SonicWall is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable
per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money
order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:
General Public License Source Code Request
SonicWall Inc. Attn: Jennifer Anderson
1033 McCarthy Blvd
Milpitas, CA 95035

SonicOS 6.5.4 Log Events Reference Guide


112
SonicWall Support

You might also like