SonicOS Enhanced 5.1 Log Event Reference Guide
SonicOS Enhanced 5.1 Log Event Reference Guide
This reference guide lists and describes SonicOS log event messages. Reference a log event message by using the alphabetical index of log event messages. This document contains the following sections: SonicOS Log Event Messages Overview on page 1 Configuring SonicOS Log > View on page 3 Referencing the SonicOS Log > View Field Display on page 5 Index of Log Event Messages on page 6 Index of Syslog Tag Field Description on page 53
Event logging automatically begins when the SonicWALL security appliance is powered on and configured. SonicOS supports a traffic log containing entries with multiple fields. Log event messages provide operational informational and debugging information to help you diagnose problems with communication lines, internal hardware, or your firmware configuration.
Note: For the SonicOS CLI console display, use the show log command to display log events. Refer to the SonicOS CLI Reference Guide located on the SonicWALL Web site: <http://www.sonicwall.com/support/documentation.html> SONICOS LOG EVENT REFERENCE GUIDE
1
Note: Not all log event messages indicate operational issues with your SonicWALL security appliance.
ActiveX, Java, Cookie or Code Archive blocked When ActiveX, Java or Web cookies are blocked, messages with the source and destination IP addresses of the connection attempt is displayed. Ping of Death, IP Spoof, and SYN Flood Attacks The IP address of the machine under attack and the source of the attack is displayed. In most attacks, the source address shown is fake and does not reflect the real source of the attack.
RuleDisplays the source and destination zones for the access rule. This field provides a link to the access rule defined in the Firewall > Access Rules page. The display fields for a log event message provides you with data to verify your configurations, trouble-shoot your security appliance, and track IP traffic.
Note: If you select only one Group Filter checkbox, the filter logic will remain the same. Selecting only the Priority-Group Filter checkbox provides you with the following filter logic: (Priority) && Category && Source && Destination
Configuration Example: Using the Priority Group Filter and Category Group Filter
To set the log filter logic to display log event messages with a priority level of Emergency or a category event type of Attack: 1. Select the Priority group filter checkbox. 2. Select the Category group filter checkbox. 3. Select Emergency from the filter-Priority Value pull-down menu. 4. Select Attacks from the filter-Category Value pull-down menu. Figure 3 illustrates the SonicOS filter logic updated as follows:
A filter logic using the boolean expression || is less restrictive than the default filter logic using the boolean expression &&. With the boolean expression ||, log event messages are displayed if they match either filter values. With the boolean expression &&, log event messages are displayed if they match both filter values.
2. Select a file format: Plain text format used in log and alert e-mailSaves the log file as plain text, which can be used for alert e-mails. Comma-Separated Value (CSV) formatSaves the log file for importing into Microsoft Excel or other presentation development application. 3. Click on the Export button. 4. Save the exported log file to a location on your personal computers hard drive.
Note: You can export a log to a file with applied filter settings.
Figure 5
Referencing the SonicWALL Firmware Log > View Log Field Display
SonicWALL Firmware 6.6.0.0 release and greater provide the SonicWALL Firmware Log > View Log field display.
Symbol Description
Represents a character string. Represents a numerical string.
Context
[WAN | LAN | DMZ] Ethernet Port Down The cache is full; [40,000] open connections; some will be dropped
TCP IP Layered-Data Packet Processing and SonicOS Log Event Handling In specific cases of multi-layer packet processing, a TCP connection initially logged as "open," will be rejected by a deeper layer of packet processing. In these cases, the connection request has not been forwarded by the SonicWALL security appliance, and the initial Connection Open SonicOS log event message should be ignored in favor of the TCP Connection Dropped log event message. Each log event message described in the following table provides the following log event details: SonicOS CategoryDisplays the SonicOS Software category event type. Legacy CategoryDisplays the SonicWALL Firmware Software category event type. Priority LevelDisplays the level of urgency of the log event message. Log Message ID NumberDisplays the ID number of the log event message. SNMP Trap TypeDisplays the SNMP Trap ID number of the log event message.
SonicOS Category
Legacy Category
Priority Level
"As per Diagnostic Auto- Firewall Event --restart configuration request, restarting system" #Web site hit Network Traffic Connection Traffic
6
Info
---
Simple
Info
97
---
%s Auto-dial failed: Current Connection Model is configured as Ethernet Only %s Ethernet Port Down %s Ethernet Port Up Dumped to email at *** Alert from SonicWALL *** SonicWALL Registration Update Needed: Restore your existing security service subscriptions by clicking here. 802.11b Management A prior version of preferences was loaded because the most recent preferences file was inaccessible A SonicOS Standard to Enhanced Upgrade was performed Access attempt from host out of compliance with GSC policy Access attempt from host without Anti-Virus agent installed Access attempt from host without GSC installed Access rule added Access rule deleted Access rule modified Access rules restored to defaults Access to proxy server denied Active Backup detects Active Primary: Backup going Idle ActiveX access denied ActiveX or Java archive access denied AD Connector %s response timed-out; applying caching policy Add an attack message
PPP Dial Up
1028
---
Firewall Event System Error Error Firewall Event System Error Warning None None Security Services ----Maintenance Debug Debug Warning
Wireless
80211bmgmt Info
518 572
--648
Info
611
---
Simple
Security Services Security Services Security Services Firewall Rule Firewall Rule Firewall Rule Firewall Rule Network Access High Availability Network Access Network Access Microsoft Active Directory Firewall Event
Maintenance
Info
761
---
Standard
Maintenance
Info
123
---
Standard
Standard Simple Rule Simple Rule String Simple Rule Unused Standard Note Blocked Unused
18 20 769
-------
Standard Note Blocked Standard Note Blocked Standard Message String Simple String
Attack
Error
143
525
Dynamic Address Objects Adding dynamic entry for Network bound MAC address Adding L2TP IP pool L2TP Server address object Failed. Adding to multicast policy Multicast list , interface : %s Adding to Multicast policy Multicast list , VPN SPI : %s Administrator logged out Authentication Access Administrator logged out - Authentication inactivity timer expired Access Administrator login Authentication allowed Access Authentication Administrator login denied due to bad Access credentials Administrator login Authentication denied from %s; logins Access disabled from this interface Administrator name Authentication changed Access Agent returned no user CIA name All DDNS associations DDNS have been deleted All preference values Firewall Event have been set to factory default values Allowed LDAP server RADIUS certificate with wrong host name Anti-Spyware detection Intrusion alert: %s Detection Anti-Spyware prevention Intrusion alert: %s Detection Anti-Spyware service Security expired Services Anti-Virus agent out-of- Security date on host Services Anti-Virus licenses Security exceeded Services Intrusion Application Filter Detection detection Alert: %s Application filters block Intrusion alert: %s Detection Application firewall alert: Network %s Access
Maintenance
Info
911
---
Standard Destination Standard Note Ethernet Network Simple Standard Message String Standard Message String Standard Note String Standard Standard String Service Standard String Service Standard Message String
---
Info
--661 ----------560
System Error Error ----User Activity User Activity User Activity Attack Debug Debug Info Info Info Alert
Attack
Alert
35
506
------650
User Activity
Warning
752
---
Standard Note String Standard As Message String Standard As Message String Simple Standard Standard Standard Message String Standard Message String Standard Application Firewall Message String
ARP request packet Network received ARP request packet sent Network ARP response packet received ARP response packet sent ARP timeout ARP unused/spare ARS unused/spare ARS unused/spare ARS unused/spare ARS unused/spare Association Flood from WLAN station Authentication timeout during Remotely Triggered Dial-out session AV unused/spare Back orifice attack dropped Backup active Network Network Network Network Unused Unused Unused Unused WLAN IDS
Info Info Info Info Debug Debug Debug Debug Debug Debug Alert Info
717 715 716 718 45 816 843 844 845 846 548 821
--------------------903 ---
Standard Note Ethernet Network Standard Note Ethernet Network Standard Note Ethernet Network Standard Note Ethernet Network Standard Unused Unused Unused Unused Unused Simple Destination Simple
Unused Intrusion Detection High Availability Backup firewall being High preempted by Primary Availability Backup firewall has High transitioned to Active Availability Backup firewall has High transitioned to Idle Availability Backup firewall rebooting High Availability itself as it transitioned from Active to Idle while Preempt Backup going active in High preempt mode after Availability reboot Backup missed High heartbeats from Primary Availability Backup received error High signal from Primary Availability Backup received High heartbeat from wrong Availability source Backup received reboot High signal from Primary Availability Backup shut down High because license is Availability expired Backup WAN link down, High Primary going Active Availability Backup will be shut down High in %s minutes Availability
--Attack
Debug Alert
System Error Info System Error Error Maintenance Maintenance --Info Info Info
170
622
Simple
672 824
666 ---
Simple Simple
219 823
633 ---
Bad CRL format Bind to LDAP server failed Blocked Quick Mode for Client using Default Key ID BOOTP Client IP address on LAN conflicts with remote device IP, deleting IP address from remote table BOOTP reply relayed to local device BOOTP Request received from remote device BOOTP server response relayed to remote device Broadcast packet dropped Cannot connect to the CRL server Cannot Validate Issuer Path Category: Certificate on Revoked list(CRL) CFL auto-download disabled, time problem detected Chat %s Chat completed Chat failed: %s Chat started Chat started by '%s' Chat wrote '%s' CLI administrator logged out CLI administrator login allowed CLI administrator login denied due to bad credentials Code: Computed hash does not match hash received from peer; preshared key mismatch
User Activity
Alert
----660
BOOTP
Maintenance
Info
619
---
Standard Destination
BOOTP BOOTP
Maintenance Debug
Info Debug
620 621
-----
Standard Destination Standard Destination Standard Destination Standard Note Protocol Simple Destination Simple Destination Unused Simple Destination Simple
BOOTP Network Access VPN PKI VPN PKI None VPN PKI Security Services PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up
---------------
User Activity User Activity User Activity User Activity User Activity User Activity
-------------------
Authentication User Activity Access Authentication User Activity Access Authentication User Activity Access None VPN IKE --User Activity
Standard Message String Standard Message String Standard Message String Standard Message String Standard Message String Standard Message String Simple Standard Note String Standard Note String Unused Standard Destination
Debug Warning
54 410
-----
10
Configuration mode administration session ended Configuration mode administration session started Connection closed Connection opened Connection timed out
Authentication User Activity Access Authentication User Activity Access Network Traffic Connection Traffic Network Traffic Connection VPN PKI User Activity
Info
995
---
Standard Note String Standard Note String Standard Traffic Report Standard Note Protocol Simple Destination Unused Standard String Service Simple Destination Simple Destination Simple Destination Simple Destination Simple Simple Simple Simple Standard Simple Simple Simple Simple Simple Simple Simple Simple Simple Message String Simple Message String Simple Message String Simple Message String Simple Message String
Info
994
---
537 98 273 197 21 874 270 876 877 360 361 367 369 610 366 368 362 363 370 364 1060 365 781 780 779 784 785
------631 -----------------------------------------------
Content filter subscription Security expired. Services Cookie removed Network Access CRL has expired VPN PKI CRL loaded from CRL missing - Issuer requires CRL checking. CRL validation failure for Root Certificate Crypto DES test failed Crypto DH test failed Crypto hardware 3DES test failed Crypto hardware 3DES with SHA test failed Crypto hardware AES test failed Crypto hardware DES test failed Crypto hardware DES with SHA test failed Crypto Hmac-MD5 fest failed Crypto Hmac-Sha1 test failed Crypto MD5 test failed Crypto RSA test failed Crypto SHA1 based DRNG KAT test failed Crypto Sha1 test failed DDNS association %s disabled DDNS association %s enabled DDNS association %s added DDNS association %s deactivated DDNS association %s deleted VPN PKI VPN PKI VPN PKI Crypto Test Crypto Test Crypto Test Crypto Test Crypto Test Crypto Test Crypto Test Crypto Test Crypto Test Crypto Test Crypto Test Crypto Test Crypto Test DDNS DDNS DDNS DDNS DDNS
System Error Error Blocked Code Notice User Activity User Activity User Activity User Activity Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance --Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Alert Info Alert Alert Error Error Error Error Error Error Error Error Error Error Error Error Error Info Info Info Info Info
11
DDNS Association %s put on line DDNS association %s taken Offline locally DDNS failure: provider %s DDNS failure: Provider %s DDNS failure: Provider %s DDNS update success for domain %s DDNS warning: Provider %s Deleting from Multicast policy list, interface: %s Deleting from multicast policy list, VPN SPI: %s Deleting IPsec SA Deleting IPsec SA for destination Destination IP address connection status: %s Destination: DHCP client enabled but not ready DHCP Client did not get DHCP ACK. DHCP Client failed to verify and lease has expired. Go to INIT state. DHCP Client failed to verify and lease is still valid. Go to BOUND state. DHCP Client got a new IP address lease. DHCP Client got ACK from server. DHCP Client got NACK. DHCP Client is declining address offered by the server. DHCP Client sending REQUEST and going to REBIND state. DHCP Client sending REQUEST and going to RENEW state. DHCP DECLINE received from remote device
DDNS DDNS DDNS DDNS DDNS DDNS DDNS Multicast Multicast VPN IKE VPN IKE
Maintenance Maintenance
Info Info
782 778 774 775 773 776 777 698 700 92 91 735 57 504 109 119
---------------------------------
System Error Error System Error Error System Error Error Maintenance Info
System Error Warning ----User Activity User Activity Debug Debug Info Info Info Debug Info Info Info
Simple Message String Simple Message String Simple Message String Simple Message String Simple Message String Standard Message String Simple Message String Standard Message String Standard Message String Standard Note SPI Unused Standard Message String Unused Simple Standard Standard
Firewall Event --None DHCP Client DHCP Client DHCP Client --Maintenance Maintenance Maintenance
DHCP Client
Maintenance
Info
120
---
Unused
---------
Standard Destination Standard Destination Standard Standard Destination Standard Destination Standard Destination Unused
DHCP Client
Maintenance
Info
113
---
DHCP Client
Maintenance
Info
114
---
DHCP Relay
Debug
Info
475
---
12
DHCP DISCOVER received from local device DHCP DISCOVER received from remote device DHCP lease dropped. Lease from Central Gateway conflicts with Relay IP DHCP lease dropped. Lease from Central Gateway conflicts with Remote Management IP DHCP lease file in the flash is corrupted; read failed DHCP lease relayed to local device DHCP lease relayed to remote device DHCP lease to LAN device conflicts with remote device, deleting remote IP entry DHCP leases written to flash DHCP NACK received from server DHCP OFFER received from server DHCP Ranges altered automatically due to change in network settings for interface %s DHCP RELEASE received from remote device DHCP RELEASE relayed to Central Gateway DHCP REQUEST received from local device DHCP REQUEST received from remote device DHCP Server not available. Did not get any DHCP OFFER. DHCP Server: IP conflict detected DHCP Server: Received DHCP decline from client Diagnostic Auto-restart canceled
DHCP Relay
Debug
Info
479
---
Unused
DHCP Relay
Debug
Info
474
---
DHCP Relay
Maintenance
Warning
228
---
DHCP Relay
Maintenance
Warning
484
---
Standard Destination
833
---
Simple
-------
---------
DHCP Relay
Debug
Info
224
---
Maintenance Debug
Info Info
222 480
-----
DHCP Relay
Debug
Info
473
---
DHCP Client
Maintenance
Info
106
---
-------
13
Diagnostic Auto-restart Firewall Event scheduled for %s minutes from now Diagnostic Code A Firewall Hardware Diagnostic Code B Firewall Hardware Diagnostic Code C Firewall Hardware Diagnostic Code D Firewall Hardware Diagnostic Code E VPN IPsec Firewall Hardware Diagnostic Code G Firewall Hardware Diagnostic Code H Firewall Hardware Diagnostic Code I Firewall Hardware Diagnostic Code J Firewall Hardware Dial-up: Session initiated PPP Dial Up by data packet Dial-up: Traffic generated PPP Dial Up by '%s' Disconnecting L2TP L2TP Client Tunnel due to traffic timeout Disconnecting PPPoE PPPoE due to traffic timeout Disconnecting PPTP PPTP Tunnel due to traffic timeout Discovered HA %s High Firewall Availability Discovered HA Backup High Firewall Availability DNS packet allowed Network Access Drop WLAN traffic from Intrusion non-SonicPoint devices Detection Duplicate packet dropped Network Access Dynamic IPsec client VPN IPsec connected EIGRP packet dropped Network Access E-Mail fragment dropped Intrusion Detection Entering FIPS ERROR Crypto Test state Entering FIPS Error Crypto Test State. Diagnostic Code F
---
Info
1045
---
Simple Message String Simple Note String Simple Note String Simple Note String Standard Note Code Standard Note Code Simple Note String Simple Note String Simple Note String Simple Note String Simple Note String Standard Service Standard Message String Simple
System Error Error System Error Error System Error Error System Error Error System Error Error System Error Error System Error Error System Error Error System Error Error System Error Error ----Maintenance Info Info Info
611 612 613 61--609 621 655 656 657 5423 -------
Maintenance Maintenance
Info Info
168 389
-----
Simple Simple
Simple Message String Simple Standard Policy Standard Unused Standard Destination Standard Note String Standard Unused Unused
14
Error initializing Hardware acceleration for VPN Error Rebooting HA Peer Firewall Error setting the IP address of the backup, please manually set to backup LAN IP Error synchronizing HA peer firewall (%s) Error updating HA peer configuration ERROR: DHCP over VPN policy is not defined. Cannot start IKE. Exceeded Max multicast address limit Failed payload validation
Maintenance
Error
--663 629
-------
VPN IKE Failed payload verification after decryption; possible preshared key mismatch Failed to find certificate VPN PKI Failed to get CRL from Failed to Process CRL from Failed to resolve name Failed to synchronize license information with Licensing Server. Please see HTTP:// help.mySonicWALL.com/ licsyncfail.html (code: %s) Failed to synchronize Relay IP Table Failed to write DHCP leases to flash Failure to add data channel Failure to reach Interface %s probe Fan Failure VPN PKI VPN PKI Network Security Services
--------8628
Simple Destination Simple Destination Simple Destination Simple Destination Simple Message String
DHCP Relay
Standard Simple Standard Simple Message String Simple Simple Message String Simple Message String Standard Destination
High Availability Firewall Hardware FIN Flood Blacklist on IF Intrusion %s continues Detection FIN-Flooding machine Intrusion %s blacklisted Detection Forbidden E-Mail Intrusion attachment deleted Detection
System Error Error System Environment Debug Debug Attack Alert Warning Alert Error
15
Forbidden E-Mail attachment disabled Found Rogue Access Point Found Rogue Access Point Fragmented packet dropped Fraudulent Microsoft certificate found; access denied FTP: Data connection from non default port dropped FTP: PASV response bounce attack dropped. FTP: PASV response spoof attack dropped FTP: PORT bounce attack dropped. Gateway Anti-Virus Alert: %s Gateway Anti-Virus Service expired Global VPN Client connection is not allowed. Appliance is not registered. Global VPN Client License Exceeded: Connection denied. Global VPN Client version cannot enforce personal firewall. Minimum Version required is 2.1 Got DHCP OFFER. Selecting. GSC policy out-of-date on host Guest account '%s' created Guest account '%s' deleted Guest account '%s' disabled Guest account '%s' pruned Guest account '%s' reenabled Guest account '%s' regenerated
Intrusion Detection WLAN IDS WLAN IDS Network Intrusion Detection Network Access Intrusion Detection Intrusion Detection Intrusion Detection Security Services Security Services VPN Client
Standard Destination 901 Simple Destination 10804 Simple Destination --Standard Note Protocol 532 Standard
527
Attack
Alert
538
557
Standard
Standard Note String Standard Standard Note String Standard Message String Simple Standard
VPN Client
494
658
Standard
VPN Client
User Activity
Info
604
---
Standard Destination
DHCP Client Security Services Authentication Access Authentication Access Authentication Access Authentication Access Authentication Access Authentication Access
Maintenance Maintenance User Activity User Activity User Activity User Activity User Activity User Activity
-----------------
Standard Destination Standard Standard Message String Standard Message String Standard Message String Standard Message String Standard Message String Standard Message String
16
Guest login denied. Guest '%s' is already logged in. Please try again later. GUI administration session ended H.323/H.225 Connect H.323/H.225 Setup H.323/H.245 Address H.323/H.245 End Session H.323/RAS Admission Confirm H.323/RAS Admission Reject H.323/RAS Admission Request H.323/RAS Bandwidth Reject H.323/RAS Disengage Confirm H.323/RAS Disengage Reject H.323/RAS Gatekeeper Reject H.323/RAS Location Confirm H.323/RAS Location Reject H.323/RAS Registration Reject H.323/RAS Unknown Message Response H.323/RAS Unregistration Reject HA packet processing error HA Peer Firewall Rebooted HA Peer Firewall Synchronized Hardware Failover settings were not upgraded. Header verification failed Heartbeat received from incompatible source HTTP management port has changed HTTP method detected; examining stream for host header
Info
557
---
Authentication User Activity Access VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP High Availability High Availability High Availability Firewall Event VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP Maintenance Maintenance Maintenance Maintenance
Info Debug Debug Debug Debug Debug Debug Debug Debug Debug Debug Debug Debug Debug Debug Debug Debug Info Info Info Info
998 634 633 635 636 625 624 626 627 628 641 629 630 631 632 640 642 162 668 157 743
-------------------------------------------
Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Simple Simple Simple Simple
VPN IKE User Activity High Maintenance Availability Firewall Event Maintenance Network Access TCP
---------
17
HTTPS management port Firewall Event has changed ICMP checksum error Network Access ICMP packet allowed Network Access ICMP packet dropped Network due to policy Access ICMP packet dropped no Network match Access ICMP packet from LAN Network allowed Access ICMP packet from LAN Network dropped Access Firewall If not already enabled, Hardware enabling NTP is recommended IGMP packet dropped, Multicast wrong checksum received on interface %s Multicast IGMP Leave group message Received on interface %s IGMP packet dropped, Multicast decoding error IGMP Packet Not Multicast handled. Packet type : %s IGMP querier Router Multicast detected on interface %s IGMP querier Router Multicast detected on VPN tunnel , SPI %S Multicast IGMP state table entry time out, deleting interface : %s for multicast address : %s Multicast IGMP state table entry time out, deleting VPN SPI :%s for Multicast address : %s IGMP V2 client joined Multicast multicast Group : %s IGMP V2 Membership Multicast report received from interface %s IGMP V3 client joined Multicast multicast Group : %s IGMP V3 Membership Multicast report received from interface %s IGMP V3 packet Multicast dropped, unsupported Record type : %s
--------------645
Simple Note String Standard Standard Policy Standard Policy Standard ICMP Service Standard ICMP Service Standard ICMP Service Simple
---
Notice
683
---
Standard Message String Standard Message String Standard Standard Message String Standard Message String Standard Message String Standard Message String
---
Info
682
---
-----
Notice Notice
686 687
-----
-----
Debug Debug
701 702
-----
---
Debug
692
---
---
Debug
693
---
-----
Info Debug
676 679
-----
Standard Message String Standard Message String Standard Message String Standard Message String Standard Message String
-----
Info Debug
677 678
-----
---
Notice
688
---
18
IGMP V3 record type : Multicast %s not Handled VPN IKE IKE Initiator drop: VPN tunnel end point does not match configured VPN Policy Bound to scope IKE Initiator: Accepting VPN IKE IPsec proposal (Phase 2) IKE Initiator: Accepting VPN IKE peer lifetime. (Phase 1) IKE Initiator: Aggressive VPN IKE Mode complete (Phase 1). IKE Initiator: IKE proposal VPN IKE does not match (Phase 1) IKE Initiator: Main Mode VPN IKE complete (Phase 1) IKE Initiator: Proposed VPN IKE IKE ID mismatch IKE Initiator: Remote VPN IKE party timeout Retransmitting IKE request. VPN IKE IKE Initiator: Start Aggressive Mode negotiation (Phase 1) IKE Initiator: Start Main VPN IKE Mode negotiation (Phase 1) IKE Initiator: Start Quick VPN IKE Mode (Phase 2). IKE Initiator: Using VPN IKE secondary gateway to negotiate IKE negotiation aborted VPN IKE due to timeout IKE negotiation complete. VPN IKE Adding IPsec SA. (Phase 2) VPN IKE IKE Responder drop: VPN tunnel end point does not match configured VPN Policy Bound to scope VPN Client IKE Responder: %s policy does not allow static IP for Virtual Adapter. IKE Responder: VPN IKE Accepting IPsec proposal (Phase 2) IKE Responder: VPN IKE Aggressive Mode complete (Phase 1)
--User Activity
Debug Info
689 544
-----
-------
Standard Note String Standard Destination Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String
---------
User Activity
Info
358
---
Standard Note String Standard Note String Standard Note String Standard Destination Standard Note String Standard Note String Standard
User Activity
Info
351
---
Info Info
346 543
0 ---
Info Info
403 89
-----
User Activity
Info
545
---
660
---
User Activity
Info
87
---
User Activity
Info
373
---
19
IKE Responder: AH authentication algorithm does not match IKE Responder: AH authentication key length does not match IKE Responder: AH authentication key rounds does not match IKE Responder: AH Perfect Forward Secrecy mismatch IKE Responder: Algorithms and/or keys do not match IKE Responder: Client Policy has no VPN Access Networks assigned. Check Configuration. IKE Responder: Default LAN gateway is not set but peer is proposing to use this SA as a default route IKE Responder: Default LAN gateway is set but peer is not proposing to use this SA as a default route IKE Responder: ESP authentication algorithm does not match IKE Responder: ESP authentication key length does not match IKE Responder: ESP authentication key rounds does not match IKE Responder: ESP encryption algorithm does not match IKE Responder: ESP encryption key length does not match IKE Responder: ESP encryption key rounds does not match IKE Responder: ESP Perfect Forward Secrecy mismatch IKE Responder: IKE Phase 1 exchange does not match
VPN IKE
User Activity
Warning
920
---
Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String
VPN IKE
User Activity
Warning
923
---
VPN IKE
User Activity
Warning
926
---
VPN IKE
User Activity
Warning
258
544
VPN IKE
User Activity
Warning
260
546
VPN IKE
965
---
VPN IKE
Attack
Error
516
553
VPN IKE
User Activity
Warning
253
539
VPN IKE
User Activity
Warning
922
---
Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String
VPN IKE
User Activity
Warning
925
---
VPN IKE
User Activity
Warning
928
---
VPN IKE
User Activity
Warning
921
---
VPN IKE
User Activity
Warning
924
---
VPN IKE
User Activity
Warning
927
---
VPN IKE
User Activity
Warning
259
545
VPN IKE
User Activity
Error
1036
---
20
IKE Responder: IKE VPN IKE proposal does not match (Phase 1) IKE Responder: IP VPN Client Address already exists in the DHCP relay table. Client traffic not allowed. IKE Responder: IP VPN IKE Compression algorithm does not match IKE Responder: IPsec VPN IKE proposal does not match (Phase 2) IKE Responder: IPsec VPN IKE protocol mismatch IKE Responder: Main VPN IKE Mode complete (Phase 1) IKE Responder: Mode VPN IKE %d - not transport mode. Xauth is required but not supported by peer. IKE Responder: Mode VPN IKE %d - not tunnel mode VPN IKE IKE Responder: No match for proposed remote network address VPN IKE IKE Responder: No matching Phase 1 ID found for proposed remote network VPN IKE IKE Responder: Peer's destination network does not match VPN policy's <b>Local Network</b> VPN IKE IKE Responder: Peer's local network does not match VPN policy's <b>Destination Network</b> IKE Responder: Phase 1 VPN IKE Authentication Method does not match IKE Responder: Phase 1 VPN IKE DH Group does not match IKE Responder: Phase 1 VPN IKE encryption algorithm does not match IKE Responder: Phase 1 VPN IKE encryption algorithm key length does not match IKE Responder: Phase 1 VPN IKE hash algorithm does not match
User Activity
Warning
402
---
659
---
User Activity
Warning
929
---
Standard Note String Standard Note String Standard Note String Standard Note String Standard Message Number
User Activity
Warning
88
523
-------
Warning Warning
249 252
535 538
User Activity
Warning
250
536
User Activity
Warning
935
---
User Activity
Warning
934
---
User Activity
Warning
913
---
Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String
User Activity
Warning
919
---
User Activity
Warning
914
---
User Activity
Warning
915
---
User Activity
Warning
916
---
21
IKE Responder: Phase 1 XAUTH required but policy has no user name IKE Responder: Phase 1 XAUTH required but policy has no user password IKE Responder: Proposed IKE ID mismatch IKE Responder: Proposed local network is 0.0.0.0 but SA has no LAN Default Gateway IKE Responder: Proposed remote network is 0.0.0.0 but not DHCP relay nor default route IKE Responder: Received Aggressive Mode request (Phase 1) IKE Responder: Received Main Mode request (Phase 1) IKE Responder: Received Quick Mode Request (Phase 2) IKE Responder: Remote party timeout Retransmitting IKE request. IKE Responder: Route table overrides VPN policy IKE Responder: Tunnel terminates inside firewall but proposed local network is not inside firewall IKE Responder: Tunnel terminates on DMZ but proposed local network is on LAN IKE Responder: Tunnel terminates on LAN but proposed local network is on DMZ IKE Responder: Tunnel terminates outside firewall but proposed local network is not NAT public address
VPN IKE
User Activity
Warning
917
---
VPN IKE
User Activity
Warning
918
---
VPN IKE
658
---
VPN IKE
User Activity
Warning
418
549
VPN IKE
User Activity
Warning
251
537
VPN IKE
User Activity
Info
356
---
Standard Note String Standard Note String Standard Note String Standard Note String
VPN IKE
User Activity
Info
355
---
VPN IKE
User Activity
Info
352
---
VPN IKE
User Activity
Info
931
---
VPN IKE
User Activity
Warning
936
---
VPN IKE
User Activity
Warning
255
541
VPN IKE
User Activity
Warning
256
542
VPN IKE
User Activity
Warning
257
543
VPN IKE
User Activity
Warning
254
540
22
IKE Responder: Tunnel terminates outside firewall but proposed remote network is not NAT public address IKE SA lifetime expired. IKEv2 Accept IKE SA Proposal IKEv2 Accept IPsec SA Proposal IKEv2 Authentication successful IKEv2 Decrypt packet failed IKEv2 Function sendto() failed to transmit packet. IKEv2 IKE attribute not found IKEv2 IKE proposal does not match IKEv2 Initiator: Negotiations failed. Extra payloads present. IKEv2 Initiator: Negotiations failed. Invalid input state. IKEv2 Initiator: Negotiations failed. Invalid output state. IKEv2 Initiator: Negotiations failed. Missing required payloads. IKEv2 Initiator: Proposed IKE ID mismatch IKEv2 Initiator: Received CREATE CHILD SA response IKEv2 Initiator: Received IKE AUTH response IKEv2 Initiator: Received IKE SA INT response IKEv2 Initiator: Remote party timeout Retransmitting IKEv2 request. IKEv2 Initiator: Send CREATE CHILD SA request IKEv2 Initiator: Send IKE AUTH request IKEv2 Initiator: Send IKE SA INIT request
VPN IKE
User Activity
Warning
345
548
VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE
User Activity User Activity User Activity User Activity User Activity User Activity User Activity User Activity User Activity
-------------------
Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String
VPN IKE
User Activity
Warning
956
---
VPN IKE
User Activity
Warning
957
---
VPN IKE
User Activity
Warning
955
---
Warning Info
980 975
-----
Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String
-------
VPN IKE
User Activity
Info
945
---
Info Info
940 938
-----
23
IKEv2 Invalid SPI size IKEv2 Invalid state IKEv2 IPsec attribute not found IKEv2 IPsec proposal does not match IKEv2 NAT device detected between negotiating peers IKEv2 negotiation complete IKEv2 No NAT device detected between negotiating peers IKEv2 Out of memory IKEv2 Payload processing error IKEv2 Payload validation failed. IKEv2 Peer is not responding. Negotiation aborted. IKEv2 Process Message queue failed IKEv2 Received delete IKE SA request IKEv2 Received delete IKE SA response IKEv2 Received delete IPsec SA request IKEv2 Received delete IPsec SA response IKEv2 Received notify error payload IKEv2 Received notify status payload IKEv2 Responder: Peer's destination network does not match VPN policy's <b>Local Network</b> IKEv2 Responder: Peer's local network does not match VPN policy's <b>Destination Network</b> IKEv2 Responder: Policy for remote IKE ID not found IKEv2 Responder: Received CREATE CHILD SA request
VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE
User Activity User Activity User Activity User Activity User Activity
-----------
Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String
Info Info
978 984
-----
---------
VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE
User Activity User Activity User Activity User Activity User Activity User Activity User Activity User Activity
-----------------
VPN IKE
User Activity
Info
952
---
VPN IKE
User Activity
Error
962
---
VPN IKE
User Activity
Info
946
---
24
IKEv2 Responder: Received IKE AUTH request IKEv2 Responder: Received IKE SA INIT request IKEv2 Responder: Send CREATE CHILD SA response IKEv2 Responder: Send IKE AUTH response IKEv2 Responder: Send IKE SA INIT response IKEv2 Send delete IKE SA request IKEv2 Send delete IKE SA response IKEv2 Send delete IPsec SA request IKEv2 Send delete IPsec SA response IKEv2 Unable to find IKE SA IKEv2 VPN Policy not found Illegal IPsec SPI Imported HA hardware ID did not match this firewall Imported VPN SA is invalid - disabled Inbound connection from RBL-listed SMTP server dropped Incoming call received for Remotely Triggered Dialout session Incompatible IPsec Security Association Incorrect authentication received for Remotely Triggered Dial-out Ini Killer attack dropped Interface %s Link Is Down Interface %s Link Is Up
VPN IKE
User Activity
Info
941
---
Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Destination Unused Standard Note String Standard
VPN IKE
User Activity
Info
939
---
VPN IKE
User Activity
Info
1012
---
VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IKE VPN IPsec
User Activity User Activity User Activity User Activity User Activity User Activity User Activity User Activity User Activity
Info Info Info Info Info Info Warning Warning Info Info Warning Notice
977 976 947 1013 949 1014 959 967 65 155 348 798
-------------------------
Info
817
---
Simple
Info Info
69 819
-----
Intrusion Attack Alert Detection Firewall Event System Error Error Firewall Event System Error Warning Info
Standard Simple Message String Simple Message String Simple Message String Simple Message String
Interface IP Assignment : Firewall Event Maintenance Binding and initializing %s Interface IP Assignment Firewall Event Maintenance changed: Shutting down %s
Info
567
---
25
Interface statistics report GMS Internet Access restricted to authorized users. Dropped packet received in the clear. Invalid Product Code Upgrade request received: %s Invalid VLAN packet dropped IP address conflict detected from Ethernet address %s IP Header checksum error IP spoof detected on packet to Central Gateway, packet dropped IP spoof dropped Wireless
Info Warning
805 532
-----
Error
704
---
Standard Message String Standard Note String Standard Message String Standard Standard Note Ethernet Network Standard Note Ethernet Network Standard Message String Standard Standard Note String Standard
Network Network
--Maintenance
Alert Warning
836 847
-----
TCP|UDP Attack
Notice Error
883 229
--533
IP type %s packet dropped IP Comp connection interrupt IP Comp packet dropped IP Comp
Attack LAN UDP | LAN TCP Debug TCP | UDP | ICMP Debug
502 ---------
IP Comp packet dropped; IP Comp waiting for pending IP Comp connection IPS Detection Alert: %s Intrusion Detection IPS Detection Alert: %s Intrusion Detection IPS Prevention Alert: %s Intrusion Detection IPS Prevention Alert: %s Intrusion Detection IPsec (AH) packet VPN IPsec dropped IPsec (AH) packet VPN IPsec dropped; waiting for pending IPsec connection IPsec (ESP) packet VPN IPsec dropped IPsec (ESP) packet VPN IPsec dropped; waiting for pending IPsec connection IPsec Authentication Failed IPsec connection interrupt IPsec Decryption Failed VPN IPsec Network Access VPN IPsec
26
Standard IDP Message String Standard Message String Standard IDP Message String Standard Message String Standard Note String Standard
Notice Debug
533 535
-----
67 43 68
508 --509
Network Access IPsec packet dropped; Network waiting for pending IPsec Access connection IPsec packet from an VPN IPsec illegal host IPsec packet from or to VPN IPsec an illegal host IPsec Replay Detected VPN IPsec IPsec SA lifetime expired. VPN IPsec IPsec Tunnel status changed ISDN Driver Firmware successfully updated Issuer match failed Java access denied L2TP Connect Initiated by the User L2TP Disconnect Initiated by the User L2TP enabled but not ready L2TP LCP Down L2TP LCP Up L2TP Max Retransmission Exceeded L2TP PPP Authentication Failed L2TP PPP Down L2TP PPP link down L2TP PPP Negotiation Started L2TP PPP Session Up L2TP Server: Access from L2TP VPN Client Privilege not enabled for RADIUS Users. L2TP Server : Deleting the L2TP active Session L2TP Server: Deleting the Tunnel L2TP Server: L2TP PPP Session Established. L2TP Server: L2TP Session Established. L2TP Server: L2TP Tunnel Established. L2TP Server : Retransmission Timeout, Deleting the Tunnel VPN
Notice Debug
40 42
-----
Standard Standard
247 70 180 349 427 493 278 19 216 214 500 209 213 203
Standard Destination Standard Destination Standard Note String Unused Simple Simple Simple Destination Standard Note Blocked Unused Unused Simple Unused Unused Simple
VPN Tunnel Status Firewall Event Maintenance VPN PKI Network Access L2TP Client L2TP Client Unused L2TP Client L2TP Client L2TP Client User Activity
Blocked Code Notice Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Info Info Info Info Info Info
L2TP Client L2TP Client L2TP Client L2TP Client L2TP Client L2TP Server
-------------
L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server
-------------
Standard Destination Standard Destination Unused Standard Destination Standard Destination Standard Destination
27
L2TP Server: User Name authentication Failure locally. L2TP Server: Keep alive Failure. Closing Tunnel L2TP Server: L2TP Remote terminated the PPP session L2TP Server: L2TP Session Disconnect from the Remote. L2TP Server: L2TP Tunnel Disconnect from the Remote. L2TP Server: Local Authentication Failure L2TP Server: Local Authentication Success. L2TP Server: No IP address available in the Local IP Pool L2TP Server: RADIUS/ LDAP Authentication Success L2TP Server: RADIUS/ LDAP reports Authentication Failure L2TP Server: RADIUS/ LDAP server not assigned IP address L2TP Server: Call Disconnect from Remote. L2TP Server: Tunnel Disconnect from Remote. L2TP Session Disconnect from Remote L2TP Session Established L2TP Session Negotiation Started L2TP Tunnel Disconnect from Remote L2TP Tunnel Established L2TP Tunnel Negotiation Started LAN Subnet configurations were not upgraded. Land attack dropped LDAP server does not allow CHAP
L2TP Server
Maintenance
Info
344
---
Maintenance Maintenance
Info Info
320 317
-----
L2TP Server
Maintenance
Info
316
---
Unused
L2TP Server
Maintenance
Info
315
---
Unused
-------
L2TP Server
Maintenance
Info
319
---
Standard Destination Standard Destination Standard Destination Standard Destination Standard Destination Simple Simple Simple Simple Simple Simple Simple
L2TP Server
Maintenance
Info
311
---
L2TP Server
Maintenance
Info
313
---
L2TP Server L2TP Server L2TP Client L2TP Client L2TP Client L2TP Client L2TP Client L2TP Client
-------------------
Alert Warning
27 758
505 ---
28
High Availability None Authentication Access Local user login denied - Authentication user already logged in Access Local user login denied Authentication due to bad credentials Access Authentication Locked-out user logins allowed - lockout period Access expired Locked-out user logins Authentication allowed by administrator Access Log (part None Log Cleared Firewall Logging Log Debug Firewall Event Log file from SonicWALL None Log full; deactivating Firewall SonicWALL Logging Log successfully sent via Firewall email Logging Login screen timed out Authentication Access Network MAC address collides with Static ARP Entry with Bound MAC address; packet dropped Machine %s removed Intrusion from FIN flood blacklist Detection Machine %s removed Intrusion from RST flood blacklist Detection Machine %s removed Intrusion from SYN flood blacklist Detection Malformed or unhandled Network IP packet dropped Access Maximum events per Firewall second threshold Logging exceeded
LDAP using nonadministrative account VPN client user will not be able to change passwords License exceeded: Connection dropped because too many IP addresses are in use on your LAN License of HA pair doesn't match: %s local range: Local user login allowed
RADIUS
1011
---
58
608
Standard
System Error Error --User Activity User Activity User Activity User Activity Debug Info Info Info Info
664 -----------
Simple Message String Unused Standard String Service Standard String Service Standard String Service Standard Note String Standard Note String Unused Simple Simple String Unused Unused Simple Standard String Service Standard Note Ethernet Network
----------601 -------
Debug Error --Debug System Error Error Maintenance User Activity --Info Info Notice
------554 ---
Simple Message String Simple Message String Simple Message String Standard Destination Simple
29
Maximum number of Firewall Event Bandwidth Managed rules exceeded upon upgrade to this version. Some Bandwidth settings ignored. Maximum sequential PPP Dial Up failed dial attempts (10) to a single dial-up number: %s Maximum syslog data per Firewall second threshold Logging exceeded MTU: None Multicast application %s Multicast not supported Multicast packet dropped, Multicast Invalid src IP received on interface : %s Multicast packet dropped, Multicast wrong MAC address received on interface : %s Multicast TCP packet Multicast dropped Multicast UDP packet Multicast dropped, no state entry Multicast UDP packet Multicast dropped, RTCP stateful failed Multicast UDP packet Multicast dropped, RTP stateful failed NAT could not remap Unused incoming packet NAT device may not VPN IPsec support IPsec AH passthrough NAT Discovery : No NAT/ VPN IKE NAPT device detected between IPsec Security gateways VPN IKE NAT Discovery : Local IPsec Security Gateway behind a NAT/NAPT Device NAT Discovery : Peer VPN IKE IPsec Security Gateway behind a NAT/NAPT Device VPN IKE NAT Discovery : Peer IPsec Security Gateway doesn't support VPN NAT Traversal
Maintenance
Notice
541
---
Unused
Attack
Error
591
566
655
---
Simple
-------
-------
Unused Standard Message String Standard Message String Standard Message String Standard Standard Standard
---
Alert
684
---
-------
-------
---
Warning
694
---
Standard
44 266
606 ---
Unused Simple
User Activity
Info
241
---
User Activity
Info
240
---
User Activity
Info
239
---
User Activity
Info
242
---
30
NAT translated packet Network exceeds size limit, packet dropped Net Spy attack dropped Intrusion Detection NetBIOS settings were Firewall Event not upgraded. Use Network>IP Helper to configure NetBIOS support NetBus attack dropped Intrusion Detection Network for interface %s Firewall Event overlaps with another interface. Network Modem Mode PPP Dial Up Disabled: re-enabling NAT Network Modem Mode PPP Dial Up Enabled: turning off NAT Network Monitor: Host Firewall Event %s is offline Network Monitor: Host Firewall Event %s is online New firmware available. Firewall Event New URL List loaded Security Services Newsgroup access Network allowed Access Newsgroup access Network denied Access No Certificate for VPN PKI No HOST tag found in HTTP request No ICMP redirect sent No new URL List available No response from ISP Disconnecting PPPoE. No response from PPTP server to call requests No response from PPTP server to control connection requests No response from server to Echo Requests, disconnecting PPTP Tunnel No valid DNS server specified for RBL lookups Non-config mode GUI administration session started Network Access Unused Security Services PPPoE PPTP PPTP
Debug
Debug
339
---
Standard
Attack Maintenance
Alert Info
74 740
513 ---
Standard Simple
Attack Maintenance
Alert Info
72 569
511 ---
Maintenance
Info
531
---
Simple Simple Message String Simple Message String Unused Simple Standard Note Blocked Standard Note Blocked Simple Destination Unused Unused Simple Simple Simple Simple
Blocked Sites Notice Blocked Sites Notice User Activity Debug Debug Maintenance Maintenance Maintenance Maintenance Alert Debug Debug Info Info Info Info
PPTP
Maintenance
Info
429
---
Simple
RBL
---
Error Info
800 997
-----
31
Not all configurations may have been completely upgraded Not enough memory to hold the CRL Obtained Relay IP Table from Remote Gateway OCSP Failed to Resolve Domain Name. OCSP Internal error handling received response. OCSP received response error. OCSP received response. OCSP Resolved Domain Name. OCSP send request message failed. OCSP sending request. OCSP unused/spare Outbound connection to RBL-listed SMTP server dropped Out-of-order command packet dropped Overriding Product Code Upgrade to: %s Packet destination not in VPN Access list Packet Dropped - IP TTL expired Packet dropped by WLAN guest check Packet dropped by WLAN SSL-VPN enforcement check Packet dropped by WLAN vpn traversal check Packet dropped. No firewall rule associated with VPN policy. Packet dropped; connection limit for this destination IP address has been reached Packet dropped; connection limit for this source IP address has been reached Payload processing failed
Info
612
---
Simple
---------
Simple Destination Standard Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Unused Standard
VPN PKI VPN PKI VPN PKI VPN PKI VPN PKI Unused RBL
User Activity User Activity User Activity User Activity User Activity -----
---------------
Network Debug Access Firewall Event --VPN IPsec Network Wireless Wireless Attack Debug TCP | UDP | ICMP TCP | UDP | ICMP TCP | UDP | ICMP
----572 -------
Standard Standard Message String Standard Destination Standard Note String Standard Destination Standard Destination Standard Destination Standard Note String Standard Note String
Wireless
Warning
495
---
VPN
739
---
647
5239
646
5238
VPN IKE
Debug
Error
616
32
PC Card inserted. Rebooting. PC Card removed. Rebooting. PC Card: No device detected Peer firewall rebooting (%s) Physical environment normal Ping of death dropped PKI Error: PKI Failure PKI Failure: CA certificates store exceeded. Cannot verify this Local Certificate PKI Failure: Cannot allocate memory PKI Failure: Certificate's ID does not match this SonicWALL PKI Failure: Duplicate local certificate PKI Failure: Duplicate local certificate name PKI Failure: Import failed PKI Failure: Improper file format. Please select PKCS#12 (*.p12) file PKI Failure: Incorrect admin password PKI Failure: Internal error PKI Failure: Loaded but could not verify certificate PKI Failure: Loaded the certificate but could not verify it's chain PKI Failure: No CA certificates yet loaded PKI Failure: Output buffer too small PKI Failure: public-private key mismatch PKI Failure: Reached the limit for local certificates, cant load any more PKI Failure: Temporary memory shortage, try again PKI Failure: The certificate chain has no root
Firewall Hardware Firewall Hardware Firewall Hardware High Availability Firewall Hardware Intrusion Detection VPN PKI VPN PKI VPN PKI
Simple Message String Simple Message String Simple Message String Simple Message String Simple Standard Unused Unused Simple
Maintenance Maintenance
Error Error
449 455
-----
Simple Simple
---------
---------
---------
VPN PKI
Maintenance
Error
461
---
Simple
VPN PKI
Maintenance
Error
464
---
Simple
33
PKI Failure: The VPN PKI certificate chain is circular PKI Failure: The certificate chain is incomplete PKI Failure: The certificate or a certificate in the chain has a bad signature PKI Failure: The certificate or a certificate in the chain has a validity period in the future PKI Failure: The certificate or a certificate in the chain has expired PKI Failure: The certificate or a certificate in the chain is corrupt Please connect interface %s to another network to function properly Please manually check all system configurations for correctness of Upgrade Port configured to receive IPsec protocol ONLY; drop packet received in the clear Possible FIN Flood on IF %s Possible FIN Flood on IF %s continues Possible FIN Flood on IF %s has ceased Possible port scan detected Possible RST Flood on IF %s Possible RST Flood on IF %s continues Possible RST Flood on IF %s has ceased Possible SYN flood attack detected Possible SYN flood detected on WAN IF %s switching to connectionproxy mode Possible SYN Flood on IF %s Possible SYN Flood on IF %s continues VPN PKI
Maintenance
Error
462
---
Simple
Maintenance
Error
463
---
Simple
VPN PKI
Maintenance
Error
468
---
Simple
VPN PKI
Maintenance
Error
466
---
Simple
VPN PKI
Maintenance
Error
465
---
Simple
VPN PKI
Maintenance
Error
467
---
Simple
Info
570
---
Info
613
---
Network Access
Warning
347
---
Standard Destination
Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection
Simple Message String Simple Message String Simple Message String Standard Note String Simple Message String Simple Message String Simple Message String Standard Simple Message String
Debug Debug
Alert Warning
860 866
-----
Possible SYN Flood on IF %s has ceased Power supply without redundancy PPP Dial-Up: Connect request canceled PPP Dial-Up: Connected at %s bps - starting PPP PPP Dial-Up: Connection disconnected as scheduled. PPP Dial-Up: Dial initiated by %s PPP Dial-Up: Dialed number did not answer PPP Dial-Up: Dialed number is busy PPP Dial-Up: Dialing not allowed by schedule. %s PPP Dial-Up: Dialing: %s PPP Dial-Up: Failed to get IP address PPP Dial-Up: Idle time limit exceeded disconnecting PPP Dial-Up: Initialization : %s PPP Dial-Up: Invalid DNS IP address returned from Dial-Up ISP; overriding using dial-up profile settings PPP Dial-Up: Link carrier lost PPP Dial-Up: Manual intervention needed. Check Primary Profile or Profile details PPP Dial-Up: Maximum connection time exceeded - disconnecting PPP Dial-Up: No dialtone detected - check phoneline connection PPP Dial-Up: No link carrier detected - check phone number PPP Dial-Up: No peer IP address from Dial-Up ISP, local and remote IPs will be the same PPP Dial-Up: PPP link down
Intrusion Detection Firewall Hardware PPP Dial Up PPP Dial Up PPP Dial Up
--5425 -------
PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up
Maintenance User Activity User Activity --User Activity User Activity User Activity
---------------
Standard Message String Simple Simple Standard Message String Simple Message String Unused Simple
Info Info
303 811
-----
Info Info
288 321
-----
Simple Simple
PPP Dial Up
User Activity
Info
327
---
Simple
PPP Dial Up
User Activity
Info
282
---
Simple
PPP Dial Up
User Activity
Info
283
---
Simple
PPP Dial Up
Maintenance
Info
481
---
Simple
PPP Dial Up
User Activity
Info
301
---
Simple
35
PPP Dial-Up: PPP link established PPP Dial-Up: PPP negotiation failed disconnecting PPP Dial-Up: Previous session was connected for %s PPP Dial-Up: Received new IP address PPP Dial-Up: Shutting down link PPP Dial-Up: Starting PPP PPP Dial-Up: Startup without Ethernet cable, will try to dial on outbound traffic PPP Dial-Up: The profile in use disabled VPN networking. PPP Dial-Up: Trying to failover but Alternate Profile is manual PPP Dial-Up: Trying to failover but Primary Profile is manual PPP Dial-Up: Unknown dialing failure PPP Dial-Up: User requested connect PPP Dial-Up: User requested disconnect PPP Dial-Up: VPN networking restored. PPP message: %s PPP: Authentication successful PPP: CHAP authentication failed check username / password PPP: MS-CHAP authentication failed check username / password PPP: PAP authentication failed - check username / password PPP: Starting CHAP authentication PPP: Starting MS-CHAP authentication
Info Info
300 296
-----
Simple Unused
PPP Dial Up
User Activity
Info
542
---
---------
PPP Dial Up
Maintenance
Info
330
---
Simple
WAN Failover
User Activity
Info
434
---
Simple
PPP Dial Up
User Activity
Info
322
---
Simple
PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP PPP PPP
User Activity User Activity User Activity Maintenance System Environment User Activity User Activity
---------------
PPP
User Activity
Info
292
---
Simple
PPP
User Activity
Info
290
---
Simple
PPP PPP
Info Info
294 293
-----
Simple Simple
36
PPP: Starting PAP authentication PPPoE terminated PPPoE CHAP authentication failed PPPoE Client: Previous session was connected for %s PPPoE discovery process complete PPPoE enabled but not ready PPPoE LCP link down PPPoE LCP link up PPPoE network connected PPPoE network disconnected PPPoE PAP authentication Failed PPPoE PAP authentication Failed. Please verify PPPoE username and password PPPoE PAP authentication success. PPPoE password changed by administrator PPPoE starting CHAP authentication PPPoE starting PAP authentication PPPoE user name changed by Administrator PPTP enabled but not ready PPTP CHAP authentication failed. Please verify PPTP username and password PPTP connect initiated by the User PPTP control connection Established PPTP control connection negotiation started PPTP decode failure PPTP disconnect initiated by the user PPTP LCP down PPTP LCP up PPTP Max Retransmission Exceeded
---------
Simple Simple Unused Simple Message String Simple Simple Simple Simple Simple Simple Unused Unused
Maintenance Maintenance
Info Info
-----------------
Maintenance Info Maintenance Info Maintenance Info Maintenance Maintenance Maintenance Info Info Info
PPPoE
Maintenance
---------------
-----------------
Standard Destination Simple Simple Standard Standard Destination Unused Unused Unused
37
Network Access PPTP PAP authentication PPTP failed PPTP PAP authentication PPTP failed. Please verify PPTP username and password PPTP PAP authentication PPTP success. PPTP PPP authentication PPTP failed PPTP PPP down PPTP PPTP PPP link down PPTP PPTP PPP link down PPTP PPTP PPP link finished PPTP PPTP PPP link up PPTP PPTP PPP negotiation PPTP started PPTP PPP session up PPTP PPTP PPTP server is not responding, check if the server is UP and running. PPTP server rejected PPTP control connection PPTP server rejected the PPTP call request PPTP session disconnect PPTP from Remote PPTP session PPTP established PPTP session negotiation PPTP started PPTP starting CHAP PPTP authentication PPTP starting PAP PPTP authentication PPTP tunnel disconnect PPTP from Remote Primary firewall has High transitioned to Active Availability Primary firewall has High transitioned to Idle Availability Primary firewall High preempting backup Availability Primary firewall rebooting High Availability itself as it transitioned from active to idle while preempt Primary missed High heartbeats from Backup Availability Primary received error High signal from Backup Availability
39 395 397
-------
Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance
Info Info Info Info Info Info Info Info Info Info
396 386 385 391 399 400 398 382 384 444
---------------------
Simple Unused Simple Unused Simple Simple Simple Simple Simple Simple
432 433 381 380 376 392 393 379 144 146 153 1058
Simple Simple Simple Simple Simple Simple Simple Simple Simple Simple Simple Simple
148 150
615 617
Simple Simple
38
Primary received heartbeat from wrong source Primary received reboot signal from Backup Primary WAN link down, Backup going Active Primary WAN link down, Primary going Idle Primary WAN link up, preempting Backup Priority attack dropped Probable port scan detected Probable TCP FIN scan detected Probable TCP NULL scan detected Probable TCP XMAS scan detected Probing failure on %s Probing succeeded on %s Problem loading the URL list; Appliance not registered. Problem loading the URL list; check Filter settings Problem loading the URL list; check your DNS server Problem loading the URL list; Flash write failure. Problem loading the URL list; Retrying later. Problem loading the URL list; Subscription expired. Problem loading the URL list; Try loading it again. Problem occurred during user group membership retrieval Problem sending log email; check log settings Protocol: Read-only mode GUI administration session started Real time clock battery failure Time values may be incorrect RealAudio decode failure
High Availability High Availability High Availability High Availability High Availability Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection Intrusion Detection WAN Failover WAN Failover Security Services Security Services Security Services Security Services Security Services Security Services
Maintenance
Info
160
---
Unused
System Error Error System Error Error Maintenance Maintenance Attack Attack Attack Attack Attack Info Info Alert Alert Alert Alert Alert
671 220 218 221 79 83 177 179 178 326 436 183
665 634 ----518 522 528 530 529 637 638 623
Simple Unused Unused Unused Standard Standard Note String Standard Note String Standard Note String Standard Note String Standard Message String Standard Message String Simple
10 11
602 603
Security System Error Error Services Authentication User Activity Warning Access Firewall System Error Warning Logging None --Debug Authentication User Activity Info Access Firewall Hardware Unused System Error Warning
185 1033
625 ---
Simple Standard Note String Simple Unused Standard Note String Simple
12 525 996
604 -----
539
644
Debug
Debug
50
39
---
Unused
Security Services Received AV Alert: Your Security SonicWALL Network Services Anti-Virus subscription has expired. %s Received AV Alert: Your Security SonicWALL Network Services Anti-Virus subscription will expire in 7 days. %s Received CFS Alert: Your Security SonicWALL content Services filtering subscription has expired. Received CFS Alert: Your Security SonicWALL content Services filtering subscription will expire in 7 days. Received DHCP offer DHCP Client packet has errors Security Received E-Mail filter alert: Your SonicWALL E- Services Mail filtering subscription has expired. Security Received E-Mail filter alert: Your SonicWALL E- Services Mail filtering subscription will expire in 7 days. Received fragmented Network packet or fragmentation needed Received IKE SA delete VPN IKE request Received IPS alert: Your Security SonicWALL Intrusion Services Prevention (IDP) subscription has expired. Received IPsec SA VPN IKE delete request Received ISAKMP packet VPN IKE destined to port %s Received LCP Echo PPPoE Reply
40
Received a path MTU ICMP message from router/gateway Received a path MTU ICMP message from router/gateway Received Application Firewall alert: Your SonicWALL Application Firewall (AF) subscription has expired. Received AV Alert: %s
Network
User Activity
Info
182
---
Network
User Activity
Info
188
---
Security Services
Maintenance
Warning
1034
8635
Maintenance Maintenance
Warning Warning
125 159
524 526
Maintenance
Warning
482
552
Maintenance
Warning
490
563
Simple
Maintenance
Warning
489
562
Simple
Maintenance Maintenance
Info Warning
588 492
--565
Maintenance
Warning
491
564
Simple
Debug
Debug
63
---
Standard
Info Warning
413 614
--571
User Activity
Info
-------
Received LCP Echo PPPoE Request Received notify. NO VPN IKE PROPOSAL CHOSEN Received notify: INVALID VPN IKE COOKIES Received notify: INVALID VPN IPsec ID INFO Received notify: INVALID VPN IKE PAYLOAD Received notify: INVALID VPN IKE SPI Received notify: ISAKMP VPN IKE AUTH FAILED Received notify: VPN IKE PAYLOAD MALFORMED Received notify: VPN IKE RESPONDER LIFETIME Received packet VPN IKE retransmission. Drop duplicate packet Received PPPoE active PPPoE discovery Offer Received PPPoE active PPPoE discovery session confirmation Received response DHCP Client packet for DHCP request has errors Received unencrypted VPN IKE packet in crypto active state Regulatory requirements PPP Dial Up prohibit %s from being redialed for 30 minutes remote range: None Remotely triggered dial- Authentication out session ended. Valid Access WAN bound data found. Normal dial-up sequence will commence Remotely triggered dial- Authentication Access out session started. Requesting authentication Removed host entry from Dynamic dynamic address object Address Objects Request for relay IP table DHCP Relay from central gateway Requesting CRL from VPN PKI
Maintenance User Activity User Activity User Activity User Activity User Activity User Activity User Activity User Activity User Activity
Info Warning Info Warning Error Info Warning Warning Info Warning
721 401 414 483 661 416 409 411 415 406
---------------------
Simple Standard Note String Standard Destination Standard Note String Standard Note String Standard Destination Standard Destination Standard Destination Standard Destination Standard Note String Simple Simple
Maintenance Maintenance
Info Info
593 594
-----
Maintenance
Info
589
---
Standard Destination Standard Note String Standard Message String Unused Simple
User Activity
Warning
605
---
Attack
Error
592
567
--User Activity
Debug Info
86 822
-----
User Activity
Info
818
---
Simple
Maintenance
Info
912
---
Maintenance
Info
230
---
User Activity
Info
269
---
Simple Destination
41
Requesting relay IP table DHCP Relay from remote gateway Restarting SonicWALL; dumping log to email Retransmitting DHCP discover Retransmitting DHCP request (Rebinding). Retransmitting DHCP request (Rebooting). Retransmitting DHCP request (Renewing). Retransmitting DHCP request (Requesting). Retransmitting DHCP request (Verifying). RIP Broadcasts for LAN Network %s are being broadcast over Dial Upconnection RIP disabled on DMZ interface RIP disabled on interface %s RIP disabled on WAN interface Ripper attack dropped RIPv1 enabled on DMZ interface RIPv1 enabled on interface %s RIPv1 enabled on WAN interface RIPv2 compatibility (broadcast) mode enabled on DMZ interface RIPv2 compatibility (broadcast) mode enabled on interface %s RIPv2 compatibility (broadcast) mode enabled on WAN interface RIPv2 enabled on DMZ interface RIPv2 enabled on interface %s RIPv2 enabled on WAN interface Router IGMP General query received on interface %s
Maintenance
Info
231
---
Standard
Firewall Event Maintenance DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client Rip Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance
-----------------
Unused Standard Destination Standard Destination Standard Destination Standard Destination Standard Destination Standard Destination Unused
------515 ---------
Unused Simple Message String Unused Standard Unused Simple Message String Unused Unused
Rip
Maintenance
Info
422
---
Rip
Maintenance
Info
555
---
---------
42
Router IGMP membership query received on interface %s RST flood blacklist on IF %s continues RST-flooding machine %s blacklisted Rule SA is disabled. Check VPN SA settings Sending DHCP discover. Sending DHCP request Sending DHCP request (Rebinding). Sending DHCP request (Rebooting). Sending DHCP request (Renewing). Sending DHCP request (Verifying). Sending DHCP request Sending LCP echo reply Sending LCP echo request Sending PPPoE Active Discovery Request Senna Spy attack dropped Sent relay IP Table to central gateway Settings Import: %s SIP register expiration exceeds configured Signaling inactivity time out SIP request SIP response SMTP authentication problem:%s SMTP POP-BeforeSMTP authentication failed SMTP server found on RBL blacklist Smurf amplification attack dropped SonicPoint Provision SonicPoint statistics report
Multicast
---
Debug
681
---
Standard Message String Simple Message String Simple Message String Unused Unused Standard Destination Standard Destination Standard Destination Standard Destination Standard Destination Standard Destination Standard Destination Simple Simple Simple Standard Standard Simple Message String Standard Note String
Intrusion Detection Intrusion Detection None VPN IKE DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client PPPoE PPPoE PPPoE Intrusion Detection DHCP Relay
Debug Debug --User Activity Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Maintenance Attack Maintenance
Warning Alert Debug Info Info Info Info Info Info Info Info Info Info Info Alert Info Info Warning
899 898 59 407 105 122 116 117 115 118 108 722 720 595 78 232 1049 645
----------------------------517 -------
VOIP VOIP Firewall Logging Firewall Logging RBL Intrusion Detection SonicPoint GMS
VOIP VOIP
Debug Debug
---------
Standard Note String Standard Note String Standard Message String Simple
--520 -----
SonicPoint Status SonicWALL activated SonicWALL initializing SonicWALL SSO agent returned domain name too long SonicWALL SSO agent returned user name too long Source IP address connection status: %s Source routed IP packet dropped Source: Spank attack multicast packet dropped SPI: SSL Control: Certificate chain not complete SSL Control: Certificate with invalid date SSL Control: Failed to decode Server Hello SSL Control: HTTPS via SSL2 SSL Control: Self-signed certificate SSL Control: Untrusted CA SSL Control: Weak cipher being used SSL Control: Website found in blacklist SSL Control: Website found in whitelist SSL-VPN enforcement Starting IKE negotiation
SonicPoint
SonicPoint
---------
Simple Destination Simple Simple Standard Note String Standard Note String Standard Message String Standard Unused Standard Unused Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Standard Note String Simple Destination Standard Note String Simple Simple GMS Status Standard Standard Simple Message String Simple
CIA
User Activity
Warning
992
---
Firewall Event --Intrusion Detection None Intrusion Detection None Network Access Network Access Network Access Network Access Network Access Network Access Network Access Network Access Network Access Wireless VPN IKE Debug --Attack
734 428 56 606 71 1006 1002 1007 1001 1003 1005 1004 999 1000 733 90
--Debug Blocked Sites Info Blocked Sites Info Blocked Sites Info Blocked Sites Info Blocked Sites Info Blocked Sites Info Blocked Sites Info Blocked Sites Info Blocked Sites Info Maintenance User Activity Maintenance Maintenance Attack Attack Info Info
Starting PPPoE discovery PPPoE Status GMS Intrusion Detection Sub seven attack Intrusion dropped Detection Success to reach High Interface %s probe Availability Successful authentication Authentication received for Remotely Access Triggered Dial-out SYN flood blacklist on IF Intrusion %s continues Detection SYN flood blacklisting Intrusion disabled by user Detection
44
Debug Debug
Warning Warning
868 863
-----
SYN flood blacklisting enabled by user SYN flood ceased or flooding machines blacklisted - connection proxy disabled SYN Flood Mode changed by user to: Always proxy WAN connections SYN Flood Mode changed by user to: Watch and proxy WAN connections when under attack SYN Flood Mode changed by user to: Watch and report possible SYN floods SYN unused/spare SYN unused/spare Synchronizing preferences to HA Peer Firewall SYN-Flooding machine %s blacklisted Syslog Server cannot be reached System clock manually updated TCP checksum error
Debug Debug
Warning Alert
862 861
-----
Standard Standard
Intrusion Detection
Debug
Warning
858
---
Standard
Intrusion Detection
Debug
Warning
857
---
Standard
Intrusion Detection
Debug
Warning
856
---
Standard
Unused Unused High Availability Intrusion Detection Network Firewall Logging Network Access Network
----Maintenance
-------
-----------
Simple Message String Standard Simple Note String Standard Standard Note String Standard Policy Standard Service Standard Note String Standard Standard Note String Standard Note String Standard Note String
TCP connection abort received; TCP connection dropped TCP connection dropped Network Access TCP connection from Network LAN denied Access TCP connection reject Network received; TCP connection dropped TCP FIN packet dropped Network TCP handshake violation Network detected; TCP Access connection dropped TCP packet received on a Network closing connection; TCP packet dropped TCP packet received on Network non-existent/closed connection; TCP packet dropped
36 173 712
-------
Debug ---
Debug Notice
181 760
-----
Debug
Debug
891
---
Debug
Debug
888
---
45
TCP packet received with invalid ACK number; TCP packet dropped TCP packet received with invalid header length; TCP packet dropped TCP packet received with invalid MSS option length; TCP packet dropped TCP packet received with invalid option length; TCP packet dropped TCP packet received with invalid SACK option length; TCP packet dropped TCP packet received with invalid SEQ number; TCP packet dropped TCP packet received with invalid source port; TCP packet dropped TCP packet received with invalid SYN Flood cookie; TCP packet dropped TCP packet received with invalid window scale option length; TCP packet dropped TCP packet received with invalid window scale option value; TCP packet dropped TCP packet received with non-permitted option; TCP packet dropped TCP packet received with SYN flag on an existing connection; TCP packet dropped TCP packet received without mandatory ACK flag; TCP packet dropped TCP packet received without mandatory SYN flag; TCP packet dropped TCP stateful inspection: Bad header; TCP packet dropped TCP stateful inspection: Invalid flag; TCP packet dropped TCP SYN received
Network
Debug
Debug
709
---
Network
Debug
Debug
887
---
Network
Debug
Debug
894
---
Network
Debug
Debug
895
---
Network
Debug
Debug
893
---
Network
Debug
Debug
708
---
Standard Note String Standard Note String Standard Note String Standard Note String
Network
Debug
Debug
896
---
Network
Debug
Info
897
---
Network
Debug
Debug
1030
---
Network
Debug
Debug
1031
---
Network
Debug
Debug
1029
---
Network
Debug
Info
892
---
Network
Debug
Debug
890
---
Network
Debug
Debug
889
---
Network
Debug
Debug
711
---
Network
Debug
Info
710
---
Unused
Intrusion Detection
46
Debug
Debug
869
---
Standard
TCP Syn/Fin packet Network dropped Access TCP Xmas Tree dropped Intrusion Detection The cache is full; %u Firewall Event open connections; some will be dropped The current WAN Firewall Event interface is not ready to route packets. The loaded content URL Security List has expired. Services The network connection WAN Failover in use is %s The preferences file is too Firewall Event large to be saved in available flash memory Thermal Red Firewall Hardware Thermal Red Timer Firewall Exceeded Hardware Thermal Yellow Firewall Hardware Time of day settings for Firewall Event firewall policies were not upgraded. Too many gratuitous Network ARPs detected Type: None UDP checksum error Network Access UDP packet dropped Network Access UDP packet from LAN Network dropped Access Unable to download IPS/ Unused GAV/Anti-Spyware Signature database. Firewall must first be restarted to free memory used by downloaded firmware. Unable to resolve Dynamic dynamic address object Address Objects Unable to send message PPP Dial Up to dial-up task Unknown IPsec SPI VPN IPsec Unknown protocol Network dropped Access Unknown reason VPN PKI User logged out
Attack Attack
Alert Alert
580 267 53
325
635
-------------
Maintenance
Info
880
---
Standard Destination Simple Message String Unused Standard Note String Simple Destination Standard String Service
System Error Error Attack Debug User Activity Error Notice Error Info
--507 -------
47
User logged out inactivity timer expired User logged out - max session time exceeded User logged out - user disconnect detected (heartbeat timer expired) User login denied insufficient access on LDAP server User login denied - invalid credentials on LDAP server User login denied - LDAP authentication failure User login denied - LDAP communication problem User login denied - LDAP directory mismatch User login denied - LDAP schema mismatch User login denied - LDAP server certificate not valid User login denied - LDAP server down or misconfigured User login denied - LDAP server name resolution failed User login denied - LDAP server timeout User login denied - not allowed by policy rule User login denied - not found locally User login denied password doesn't meet constraints User login denied password expired User login denied RADIUS authentication failure User login denied RADIUS communication problem User login denied RADIUS configuration error User login denied RADIUS server name resolution failed User login denied RADIUS server timeout
Authentication User Activity Access Authentication User Activity Access Authentication User Activity Access RADIUS User Activity
265 264 24
-------
Standard Note String Standard Note String Standard Note String Standard String Service Standard String Service Standard String Service Standard String Service Standard String Service Standard String Service Standard String Service Standard String Service Standard String Service Standard String Service Standard Note String Standard Note String Standard String Service Standard String Service Standard String Service Standard String Service Standard String Service Standard String Service Standard String Service
Warning
750
---
RADIUS
User Activity
Warning
749
---
User Activity User Activity User Activity User Activity User Activity User Activity
-------------
RADIUS
User Activity
Warning
753
---
RADIUS
User Activity
---------
Authentication User Activity Access Authentication User Activity Access Authentication 0 Access Authentication User Activity Access RADIUS User Activity
Warning Info
1035 243
-----
RADIUS
User Activity
Warning
744
---
RADIUS
User Activity
Info
245
---
RADIUS
User Activity
Warning
754
---
RADIUS
User Activity
Info
244
---
48
User login denied SonicWALL SSO agent communication problem User login denied SonicWALL SSO agent configuration error User login denied SonicWALL SSO agent name resolution failed User login denied SonicWALL SSO agent timeout User login denied - TLS or local certificate problem User login denied - User has no privileges for login from that location User login denied - User has no privileges for WLAN guest service User login denied due to bad credentials User login disabled from %s User login failed - Guest service limit reached User login failure rate exceeded - logins from user IP address denied Using LDAP without TLS highly insecure Virtual access point is disabled Virtual access point is enabled VLAN unused/spare VLAN unused/spare VLAN unused/spare VOIP %s endpoint added VOIP %s endpoint not added - configured 'public' endpoint limit reached VOIP %s endpoint removed VOIP call connected VOIP call disconnected
CIA
User Activity
Warning
990
---
Standard Service
CIA
User Activity
Warning
989
---
Standard Service
CIA
User Activity
Warning
991
---
Standard Service
CIA
User Activity
Warning
988
---
Standard Service
RADIUS
User Activity
Warning
756
---
Standard String Service Standard String Service Standard Destination Standard String Service Standard Message String Standard Note String Standard Destination Simple
Authentication User Activity Access Authentication User Activity Access Authentication Access Authentication Access Authentication Access Authentication Access RADIUS User Activity Attack User Activity Attack
Info
246
---
Info
486
---
--559 --561
1010
---
80211bmgmt Info 80211bmgmt Info ------VOIP VOIP Debug Debug Debug Debug Warning
---------------
Simple Destination Simple Destination Unused Unused Unused Simple Message String Simple Message String
------101
Simple Message String Standard Note String Standard Note String Simple
49
VPN Cleanup: Dynamic network settings change VPN client policy provisioning VPN disabled by administrator VPN disabled for active dial up VPN enabled by administrator VPN log debug VPN policy added VPN policy count received exceeds the limit; %s VPN Policy Deleted VPN Policy Modified VPN TCP FIN VPN TCP PSH VPN TCP SYN VPN zone administrator login allowed VPN zone remote user login allowed WAN Interface not setup Wan IP Changed WAN node exceeded: Connection dropped because too many IP addresses are in use on your LAN WAN not ready WAN zone administrator login allowed WAN zone remote user login allowed WARNING: Central gateway does not have a relay IP Address. DHCP message dropped. WARNING: DHCP lease relayed from central gateway conflicts with IP in Static devices list Web access request dropped Web management request allowed Web site access allowed
-----------------
Standard Standard Destination Simple Simple Simple Standard Message String Standard Note String Simple Message String Standard Note String Standard Note String Unused Unused Unused Standard String Service Standard String Service Simple Standard Standard
Authentication Maintenance Access Unused Maintenance Authentication Maintenance Access VPN IKE Debug VPN VPN ---
VPN VPN VPN VPN VPN Authentication Access Authentication Access Firewall Event Firewall Event Firewall Event
----VPN Stat VPN Stat VPN Stat User Activity User Activity
1051 1052 195 196 194 235 237 498 138 812
----------------636 ---
---------
DHCP Relay
Maintenance
Info
227
---
Standard Destination
Notice Notice
524 526 16
----703
50
Web site access denied WiFiSec enforcement disabled by administrator WiFiSec enforcement enabled by administrator Wireless MAC filter list disabled by administrator Wireless MAC filter list enabled by administrator WLAN client null probing WLAN disabled by administrator WLAN disabled by schedule WLAN drop traffic to deny network WLAN enabled by administrator WLAN enabled by schedule WLAN firmware image has been updated WLAN guest session timeout WLAN guest session timeout WLAN guest session timeout WLAN max concurrent users reached already WLAN not in AP mode, DHCP server will not provide lease to clients on WLAN WLAN pass traffic to access allow network WLAN radio frequency threat detected WLAN reboot
Network Access Authentication Access Authentication Access Authentication Access Authentication Access WLAN IDS Authentication Access Authentication Access Network Access Authentication Access Authentication Access Wireless Authentication Access Authentication Access Authentication Access Network Access Wireless
Blocked Sites Error Maintenance Maintenance Maintenance Maintenance WLAN IDs Maintenance Maintenance --Maintenance Maintenance Maintenance User Activity User Activity User Activity --Maintenance Info Info Info Info Warning Info Info Info Info Info Info Info Info Info Info Info
14 510 511 513 512 615 508 728 724 509 729 487 551 564 550 726 617
Standard Note Blocked Unused Unused Simple Simple Standard Destination Simple Simple Standard Note String Simple Simple Simple String Standard Note String Standard Note String Standard Note String Standard Note String Simple
Network Access RF Management Firewall Hardware WLAN recovery Wireless WLAN sequence number WLAN IDS out of order WLB fail back initiated by WAN Failover %s WLB failover in progress WAN Failover WLB resource failed WAN Failover WLB resource is now WAN Failover available WLB SPIll-over started, WAN Failover configured threshold exceeded WLB SPIll-over stopped WAN Failover
-----
Info Warning
725 879 517 519 547 435 584 586 585 581
System Error Alert System Error Alert System Error Alert System Error Alert Maintenance Warning
Simple String Simple Destination Standard Message String Standard Standard Standard Simple
Maintenance
Warning
582
51
---
Simple
WPA MIC Failure WPA RADIUS Server Timeout WWAN %s %s device detected WWAN Dial-up: %s.
80211bmgmt Warning 80211bmgmt Info System Environment User Activity User Activity Info Alert Alert
--------7643
WWAN Dial-up: data PPP Dial Up usage limit reached for the '%s' billing cycle. Disconnecting the WWAN session. WWAN: No SIM detected Firewall Hardware XAUTH failed with VPN VPN Client client, Authentication failure XAUTH failed with VPN VPN Client client, Cannot Contact RADIUS Server XAUTH succeeded with VPN Client VPN client
Simple Destination Simple Destination Simple Message String Simple Message String Simple Message String
--User Activity
Alert Error
1055 140
-----
User Activity
Info
141
---
User Activity
Info
139
---
52
arg
URL
Interface statistics report Interface statistics report Interface statistics report Interface statistics report Message category (legacy only)
change
Blocking code ICMP type and code Firewall status report Firewall status report Destination
dstname
Destination URL
dstname
URL
dyn
Firewall WAN IP Firewall status report SonicPoint statistics report SonicPoint statistics report
53
i id=firewall
Displays the GMS message interval in seconds Syntactic sugar for WebTrends (and GMS by habit) Displays the interface on which statistics are reported Displays the IPS category Displays the IPS priority Indicates the number of licenses for firewalls with limited modes Provides the message ID number Provides the MAC address Displays the event message (from spreadsheet) Displays a dynamically defined message string Displays a message using the predefined message string containing a %s and a dynamic string argument. Displays a message using the predefined string string containing a %s and a dynamic numeric argument. Displays a message using the predefined message string containing a %s and a dynamic string argument. Displays the event message (from spreadsheet) Indicates the number of times event occurs Displays the HTTP operation (GET, POST, etc.) of web site hit Displays the event priority level (0=emergency..7=debug) Indicates the IP protocol and detail information Displays the protocol information (rendered as proto/service) Displays the protocol information (rendered as proto/service) Displays the HTTP/HTTPS management port (rendered as hhh.sss) Displays the SonicPoint radio on which event occurred Displays the RAM utilization (not in use)
if
Message ID MAC address Static message Dynamically-defined message Static message with dynamic string
msg
msg
IPS message
msg n op
pri
Message priority
proto proto
proto
pt
radio
ramUtil
rcvd
Bytes received
Indicates the number of bytes received within connection Displays the HTTP result code (200, 403, etc.) of web site hit Displays the Access Rule number causing packet drop Displays the number of bytes sent within connection Provides the IPS signature ID Provides the AntiSpyware signature ID Indicates the device serial number Displays the antiSpyware category Displays the AntiSpyware priority Indicates the source IP address, and optionally, port, network interface, and resolved name. Displays the client (station) on which event occurred Reports the time of event Indicates the ICMP type Displays the unicast packets received Displays the unicast packets transmitted Reports the time since last local change in seconds Displays whether standby SA is in use (1 or 0) for GMS management Displays the user name (user is the tag used by WebTrends) Displays the VPN policy name of event
result
rule
Rule ID
sent
Bytes sent
IPS message Anti-Spyware message Firewall serial number Anti-Spyware message Anti-Spyware message Source
station
Time ICMP type and code Interface statistics report Interface statistics report Firewall status report
usesstandbysa
User
vpnpolicy
55
56