SonicWall SonicOS/X 7.0.

1
Log Events
Reference Guide
Contents 1
Introduction to SonicOS/X Log Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Logs > System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Log > Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Traffic Report Syslogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Access Rules Logging Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Index of Log Event Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Syslog Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Log > Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Index of Syslog Tag Field Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Configuration Auditing Syslog Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Syslog Group Category (gcat) Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Examples of Standard Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Examples of ArcSight Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Legacy Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Priority Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

SonicOS/X 7.0.1 Log Events Reference Guide

2
Contents
 1
Introduction to SonicOS/X Log Events
This reference guide lists and describes the SonicWall SonicOS and SonicOSX (SonicOS/X) log event messages for
the SonicOS/X 7.0.1 release on SonicWall NSsp, NSa, NSv, and TZ network security appliances. The Log Event
Message Index table lists all events by event ID number. The Syslog Tags table lists and describes all available
Syslog tags which contain additional information specific to the log event.
This section provides a basic overview of the MONITOR | Logs > System Logs and DEVICE | Log > Settings pages
and the Logging option in the Adding Rule dialog on the POLICY | Rules and Policies > Access Rules page in the
SonicOS web based management interface.
Topics:
• Logs > System Logs on page 3
• Log > Settings on page 4
• Traffic Report Syslogs on page 5
• Access Rules Logging Control on page 8

Logs > System Logs

The SonicWall security appliance maintains a log of events on the firewall for tracking potential security threats.
This log can be viewed by navigating to the MONITOR | Logs > System Logs page and it can be exported to a CSV
file, text file, or sent to an email address for convenience and archiving. The log is displayed in a table and can be
sorted by clicking on any of the column headings.
For more information about viewing, filtering and displaying event details on the System Logs page, refer to the
SonicOS/X 7 Monitor Logs administration guide, available on the SonicWall Technical Documentation portal at
https://www.sonicwall.com/support/technical-documentation.

SonicOS/X 7.0.1 Log Events Reference Guide

3
Introduction to SonicOS/X Log Events
MONITOR | Logs > System Logs Page

Log > Settings

The DEVICE | Log > Settings page allows you to categorize and customize the logging functions on your
SonicWall security appliance for troubleshooting and diagnostics. The page displays logging settings in a series
of columns and allows you to configure the logging and alert levels, edit attributes of categories, groups, and
events, and reset event counts. You can filter the entries to limit the data display to only those events of
interest. You can select storage options on appliances with built-in or flexible storage components, and you can
import and save logging templates.

SonicOS/X 7.0.1 Log Events Reference Guide

4
Introduction to SonicOS/X Log Events
For more information on configuring the DEVICE | Log > Settings page, refer to the SonicOS/X 7 Device Log
administration guide.

DEVICE | Log > Settings Page

Traffic Report Syslogs

The Traffic Report Syslog event messages, their ‘c’ values, Syslog IDs, and location in the table on the DEVICE |
Log > Settings page are listed in the Traffic Report Syslogs table.

Traffic Report Syslogs

Event Message Syslog ‘c’ Value Syslog ID Location in Log > Settings Comments
Syslog Website c=1024 97 Category: Log This means Traffic
Accessed Group: Syslog Reporting, including
bytes transferred.
Event: Syslog Website
Accessed Has URL data
Connection Closed c=1024 537 Category: Network Non-URL traffic
Group: Network Access
Event: Connection Closed
SSL VPN Traffic c=1024 1153 Category: SSL VPN Statistics reported by SSL
Group: General VPN
Event: SSL VPN Traffic

SonicOS/X 7.0.1 Log Events Reference Guide

5
Introduction to SonicOS/X Log Events
Traffic Report Syslogs
Event Message Syslog ‘c’ Value Syslog ID Location in Log > Settings Comments
DPI-SSL Inspection c=1024 1463 Category: Security Services Statistics reported by
Cleaned-up Group: DPI-SSL DPI-SSL
Event: DPI-SSL Inspection
Cleaned-up
Connection Opened c=262144 98 Category: Network This means Connection
Group: Network Access Opened (most probably
zero bytes transferred).
Event: Connection Opened
It is possible for some
packets to trigger a
Connection Opened, but
later be dropped due to
policy settings.

The Traffic Report Syslogs are generated only if those messages are enabled in the Log > Settings page with the
desired Frequency Filter Interval, normally 0, which means do not filter. They are always generated on
Connection Closed events.
The Connection Closed event is represented by two different messages, id=97 and id=537. The Syslog Website
Accessed (97) contains URL data while Connection Closed (537) does not.
On the Log > Settings page, expand the item in the Category column to display the group names and then
expand the group to display the events in that group. For example, expand Log, then expand Syslog to display
the Syslog Website Accessed event.

Events Displayed in Expanded Table

SonicOS/X 7.0.1 Log Events Reference Guide

6
Introduction to SonicOS/X Log Events
Click the Edit button in the row for the event to open the Edit Event dialog.

Edit Button

You can then view or enable/disable the Report Events via Syslog option and configure its Frequency Filter
Interval. A value of zero for the Frequency Filter Interval means to log every event (no filtering).

Edit Event Dialog

SonicOS/X 7.0.1 Log Events Reference Guide

7
Introduction to SonicOS/X Log Events
Access Rules Logging Control
In SonicOS, the Adding Rule dialog launched by clicking +Add on the POLICY | Rules and Policies > Access Rules
page provides the Logging toggle button. This option controls the policy logs – when the Logging option is
enabled, event messages are logged for that policy, otherwise no messages are logged for it.

NOTE: The Logging option is only available on firewalls running SonicOS (Classic mode), but not on
firewalls running SonicOSX (Policy mode).

Logging Option on Adding Rule > Logging Screen

The associated policy log events are listed in the Policy Logs Controlled by Enable Logging Option in Access Rules
table.

Policy Logs Controlled by Enable Logging Option in Access Rules

Syslog ID Event Message Packets Allowed or Dropped
526 Web Request Receiver Allowed
1235 Packet Allowed Allowed
36 TCP Packets Dropped Dropped
38 ICMP Packets Dropped Dropped
41 Unknown Protocol Dropped Dropped
173 LAN TCP Deny Dropped
174 LAN UDP Deny Dropped
175 LAN ICMP Deny Dropped
522 Malformed IP Packet Dropped
524 Web Request Drop Dropped
533 ESP Drop Dropped
534 AH Drop Dropped
652 IPcomp Packet Drop Dropped
1253 IPv6 Tunnel Dropped Dropped
1254 LAN ICMPv6 Deny Dropped

SonicOS/X 7.0.1 Log Events Reference Guide

8
Introduction to SonicOS/X Log Events
Policy Logs Controlled by Enable Logging Option in Access Rules
Syslog ID Event Message Packets Allowed or Dropped
1257 ICMPv6 Packets Dropped Dropped
1447 UDPv6 Packets Dropped Dropped

SonicOS/X 7.0.1 Log Events Reference Guide

9
Introduction to SonicOS/X Log Events
 2
Index of Log Event Messages
This section contains the Log Event Message Index, which is a list of log event messages for the SonicOS/X 7.0.1
firmware.
Each log event message described in the table provides the following log event details:
• Event ID—Displays the ID number of the log event message.
• SonicOS/X Category Name—Displays category names as shown in the DEVICE | Log > Settings page in
the Category column of the table. The MONITOR | Logs > System Logs page also has the Category
column, which can be displayed (if not already) by clicking Grid Settings at the top and selecting the
Category checkbox under General in the Column Selection screen of the Grid Settings dialog.
• SonicOS/X Group Name—Displays group names as shown in the DEVICE | Log > Settings page by
expanding a category in the Category column of the table. The MONITOR | Logs > System Logs page
displays the groups in the Group column, which can be displayed by clicking Grid Settings at the top and
selecting the Group checkbox under General in the Column Selection screen of the Grid Settings dialog.
• Syslog Legacy Category—Displays the Syslog category event type. This is the same category as Legacy
Categories on page 109.
• Priority Level—Displays the level of urgency of the log event message. The table shows the factory
default value of Event Priority for the event. The field is displayed as the Priority column found in DEVICE
| Log > Settings and in MONITOR | Logs > System Logs (if Priority column is enabled). For additional
information, see Priority Levels on page 110.
• SNMP Trap Type—Displays the SNMP Trap ID number of the log event message. In order for an SNMP
Trap to be generated for the event, the Send Events as Email Alerts checkbox needs to be enabled for
the event with the desired Frequency Filter Interval, normally 0, which means do not filter. Also, SNMP
settings must be configured.
To edit settings for an event, go to the DEVICE | Log > Settings page, expand the item in the Category
column to display the group names and then expand the group to display the events in that group. To
open the Edit Event dialog, click the Edit button in the row for the event.
The values in this column are defined in the SONICWALL-FIREWALL-TRAP-MIB released with each
firmware.
• Event Name—Displays a descriptive name for the log event, corresponding to the event row label in
DEVICE | Log > Settings (after expanding both Category and Group) and can be shown in the MONITOR
| Logs > System Logs page by enabling the Event column in the Grid Settings.
• Log Event Message—Displays the text of the log event message. Sometimes includes “%s”, which is
dynamically replaced by SonicOS/X with descriptive text in the actual log event message.

SonicOS/X 7.0.1 Log Events Reference Guide

10
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
4 System Status Maintenance ALERT 5201 Activate Network Security
Firewall Appliance activated
5 Log General Maintenance INFO 5601 Clear Log Log Cleared
6 Log E-mail Maintenance INFO 5602 E-mail Log Log successfully sent
via E-mail
10 Security General System Error ERROR 602 Setting Error Problem loading the
Services on Load URL List; check Filter
settings
12 Log E-mail System Error WARNING 604 E-mail Check Problem sending log
Error on Load E-mail; check log
settings
14 Security Content Filter Blocked Sites ERROR 701 Website Web site access
Services Blocked denied
16 Security Content Filter Blocked Sites NOTICE 703 Website Web site access
Services Accessed allowed
22 Security Attacks Attack ALERT 501 Ping of Death Ping of death
Services Blocked dropped
23 Security Attacks Attack ALERT 502 IP Spoof IP spoof dropped
Services Detected
24 Users Authentication User Activity INFO 4201 User User logged out -
Access Disconnect user disconnect
Detected detected
25 Firewall Flood Attack WARNING 503 Possible SYN Possible SYN flood
Settings Protection Flood attack detected
27 Security Attacks Attack ALERT 505 Land Attack Land attack dropped
Services
28 Network IP TCP | UDP | NOTICE 7001 Fragmented Fragmented packet
ICMP Packet dropped
29 Users Authentication User Activity INFO 4202 Successful Administrator login
Access Admin Login allowed
30 Users Authentication Attack ALERT 560 Wrong Admin Administrator login
Access Password denied due to bad
credentials
31 Users Authentication User Activity INFO 4204 Successful User User login from an
Access Login internal zone
allowed
32 Users Authentication User Activity INFO 4205 Wrong User User login denied
Access Password due to bad
credentials
33 Users Authentication User Activity INFO 4206 Unknown User User login denied
Access Login Attempt due to bad
credentials
34 Users Authentication User Activity INFO 4207 Login Timeout Pending login timed
Access out

SonicOS/X 7.0.1 Log Events Reference Guide

11
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
35 Users Authentication Attack ALERT 506 Admin Login Administrator login
Access Disabled denied from %s;
logins disabled from
this interface
36 Network TCP TCP NOTICE 7209 TCP Packets TCP connection
Dropped dropped
37 Network UDP UDP NOTICE 7210 UDP Packets UDP packet dropped
Dropped
38 Network ICMP ICMP NOTICE 7211 ICMP Packets ICMP packet
Dropped dropped due to
Policy
41 Network Network Access Debug NOTICE 7214 Unknown Unknown protocol
Protocol dropped
Dropped
43 VPN VPN IPsec Debug DEBUG 7216 IPsec Interrupt IPsec connection
Error interrupt
45 Network ARP Debug DEBUG 7002 ARP Failure ARP Timeout
46 Network Network Access Debug DEBUG 7217 Broadcast Broadcast packet
Packets dropped
Dropped
48 Network TCP Debug DEBUG 7218 Out of Order Out-of-order
Packets command packet
Dropped dropped
53 System Status System Error ERROR 607 Connection The cache is full; %s
Cache Full open connections;
some will be
dropped
58 Network Interfaces System Error ERROR 608 Too Many IP on License exceeded:
LAN Connection dropped
because too many IP
addresses are in use
on your LAN
61 VPN VPN IPsec System Error ERROR 609 Out of Memory Diagnostic Code E
63 Network ICMP Debug DEBUG 7003 ICMP Too Big Received
fragmented packet
or fragmentation
needed
65 VPN VPN IPsec User Activity INFO 9603 Illegal SPI Illegal IPsec SPI
67 VPN VPN IPsec Attack WARNING 508 IPsec IPsec Authentication
Authenticate Failed
Failure
69 VPN VPN IPsec User Activity INFO 9607 Incompatible Incompatible IPsec
SA Security Association
70 VPN VPN IPsec Attack WARNING 510 Illegal IPsec IPsec packet from or
Peer to an illegal host

SonicOS/X 7.0.1 Log Events Reference Guide

12
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
81 Security Attacks Attack ALERT 520 Smurf Attack Smurf Amplification
Services attack dropped
82 Security Attacks Attack ALERT 521 Port Scan Possible port scan
Services Possible detected
83 Security Attacks Attack ALERT 522 Port Scan Probable port scan
Services Probable detected
84 Network DNS Maintenance NOTICE 7004 Name Resolve Failed to resolve
Failed name
87 VPN VPN IKE User Activity INFO 9401 IPsec Proposal IKE Responder:
Accepted Accepting IPsec
proposal (Phase 2)
88 VPN VPN IKE User Activity WARNING 523 IPsec Proposal IKE Responder: IPsec
Rejected proposal does not
match (Phase 2)
89 VPN VPN IKE User Activity NOTICE 9403 IPsec SA Added IKE negotiation
complete. Adding
IPsec SA. (Phase 2)
93 System Restart System Error ERROR 611 Suspend Diagnostic Code A
Reboot
94 System Restart System Error ERROR 612 Deadlock Diagnostic Code B
Reboot
95 System Restart System Error ERROR 613 Low Memory Diagnostic Code C
Reboot
96 System NSM Maintenance INFO 6001 NSM Heartbeat Status
97 Log Syslog Connection INFO 7401 Syslog Website Web site hit
Traffic Accessed
98 Network Network Access Connection INFO 7402 Connection Connection Opened
Opened
99 Network DHCP Client Maintenance INFO 4801 DHCPC Retransmitting
Retransmit DHCP DISCOVER.
Discover
100 Network DHCP Client Maintenance INFO 4802 DHCPC Retransmitting
Retransmit DHCP Request
Request (Requesting).
101 Network DHCP Client Maintenance INFO 4803 DHCPC Retransmitting
Retransmit DHCP Request
Request Renew (Renewing).
102 Network DHCP Client Maintenance INFO 4804 DHCPC Retransmitting
Retransmit DHCP Request
Request Rebind (Rebinding).
103 Network DHCP Client Maintenance INFO 4805 DHCPC Retransmitting
Retransmit DHCP Request
Request (Rebooting).
Reboot

SonicOS/X 7.0.1 Log Events Reference Guide

13
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
104 Network DHCP Client Maintenance INFO 4806 DHCPC Retransmitting
Retransmit DHCP Request
Request Verify (Verifying).
105 Network DHCP Client Maintenance INFO 4807 DHCPC Sending DHCP
Discover DISCOVER.
106 Network DHCP Client Maintenance INFO 4808 DHCPC No DHCP Server not
Offer available. Did not
get any DHCP
OFFER.
107 Network DHCP Client Maintenance INFO 4809 DHCPC Offer Got DHCP OFFER.
Receive Selecting.
108 Network DHCP Client Maintenance INFO 4810 DHCPC Sending DHCP
Selecting Request.
109 Network DHCP Client Maintenance NOTICE 4811 DHCPC Request DHCP Client did not
Failed get DHCP ACK.
110 Network DHCP Client Maintenance INFO 4812 DHCPC Request DHCP Client got
NAK NACK.
111 Network DHCP Client Maintenance INFO 4813 DHCPC Request DHCP Client got ACK
ACK from server.
112 Network DHCP Client Maintenance INFO 4814 DHCPC Request DHCP Client is
Decline declining address
offered by the
server.
113 Network DHCP Client Maintenance INFO 4815 DHCPC Bound DHCP Client sending
Rebind Request and going
to REBIND state.
114 Network DHCP Client Maintenance INFO 4816 DHCPC Bound DHCP Client sending
Renew Request and going
to RENEW state.
115 Network DHCP Client Maintenance INFO 4817 DHCPC Request Sending DHCP
Renew Request (Renewing).
116 Network DHCP Client Maintenance INFO 4818 DHCPC Request Sending DHCP
Rebind Request (Rebinding).
117 Network DHCP Client Maintenance INFO 4819 DHCPC Request Sending DHCP
Reboot Request
(Rebooting).
118 Network DHCP Client Maintenance INFO 4820 DHCPC Request Sending DHCP
Verify Request (Verifying).
119 Network DHCP Client Maintenance NOTICE 4821 DHCPC Verify DHCP Client failed to
Initiation Failed verify and lease has
expired. Go to INIT
state.
121 Network DHCP Client Maintenance NOTICE 4823 DHCPC Get DHCP Client got a
New IP new IP address
lease.

SonicOS/X 7.0.1 Log Events Reference Guide

14
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
122 Network DHCP Client Maintenance INFO 4824 DHCPC Send Sending DHCP
Release RELEASE.
123 Security Anti-Virus Maintenance INFO 8605 AV Access Access attempt from
Services Without Agent host without
Anti-Virus agent
installed
124 Security Anti-Virus Maintenance INFO 8606 AV Agent Out Anti-Virus agent
Services of Date out-of-date on host
125 Security Anti-Virus Maintenance WARNING 524 AV Alert Received AV Alert:
Services Receive %s
127 Network PPPoE Maintenance INFO 7801 PPPoE Start Starting PPPoE
discovery
128 Network PPPoE Maintenance INFO 7802 PPPoE Link Up PPPoE LCP Link Up
129 Network PPPoE Maintenance INFO 7803 PPPoE Link PPPoE LCP Link
Down Down
130 Network PPPoE Maintenance INFO 7804 PPPoE Link PPPoE terminated
Finish
131 Network PPPoE Maintenance INFO 7805 PPPoE Network PPPoE Network
Up Connected
132 Network PPPoE Maintenance INFO 7806 PPPoE Network PPPoE Network
Down Disconnected
133 Network PPPoE Maintenance INFO 7807 PPPoE Discover PPPoE discovery
Complete process complete
134 Network PPPoE Maintenance INFO 7808 PPPoE CHAP PPPoE starting CHAP
Authentication Authentication
138 Network Interfaces System Error WARNING 636 WAN IP Change Wan IP Changed
139 VPN VPN Client User Activity INFO 9201 XAUTH Success XAUTH Succeeded
with VPN %s
140 VPN VPN Client User Activity WARNING 9202 XAUTH Failure XAUTH Failed with
VPN %s,
Authentication
failure
141 VPN VPN Client User Activity NOTICE 9203 XAUTH XAUTH Failed with
Timeout VPN client, Cannot
Contact %s Server
142 Log General Debug DEBUG 5206 Log Debug Log Debug
144 High State Maintenance ALERT 6201 HA Active Primary firewall has
Availability Primary transitioned to
Active
145 High State Maintenance ALERT 6202 HA Active Secondary firewall
Availability Secondary has transitioned to
Active

SonicOS/X 7.0.1 Log Events Reference Guide

15
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
146 High State System Error ALERT 6203 HA Standby Primary firewall has
Availability Primary transitioned to
Standby
147 High State Maintenance ALERT 6204 HA Standby Secondary firewall
Availability Secondary has transitioned to
Standby
148 High Synchronization System Error ERROR 615 HA Primary Primary missed
Availability Missed heartbeats from
Heartbeat Secondary
149 High Synchronization System Error ERROR 616 HA Secondary Secondary missed
Availability Missed heartbeats from
Heartbeat Primary
150 High State System Error ERROR 617 HA Primary Primary received
Availability Error Receive error signal from
Secondary
151 High State System Error ERROR 618 HA Secondary Secondary received
Availability Error Receive error signal from
Primary
153 High State System Error ERROR 620 HA Primary Primary firewall
Availability Preempt preempting
Secondary
157 High Synchronization Maintenance INFO 6214 HA Sync HA HA Peer Firewall
Availability Peer Synchronized
158 High Synchronization System Error ERROR 662 HA Sync Error Error synchronizing
Availability HA peer firewall (%s)
159 Security Anti-Virus Maintenance WARNING 526 AV Expire Received AV Alert:
Services message Your Network
Anti-Virus
subscription has
expired. %s
162 High Synchronization Maintenance INFO 6218 HA Packet Error HA packet
Availability processing error
164 System Restart System Error ERROR 621 HTTP Server Diagnostic Code F
Reboot
165 Security E-mail Filtering Attack ALERT 527 Allow E-mail Forbidden E-Mail
Services Attachment attachment disabled
168 Network PPPoE Maintenance INFO 7814 PPPoE Traffic Disconnecting PPPoE
Timeout due to traffic
Timeout
169 Network PPPoE Maintenance INFO 7815 PPPoE LCP No response from
Unack ISP Disconnecting
PPPoE.
170 High State System Error ERROR 622 Secondary Secondary going
Availability Active Preempt Active in preempt
mode after reboot

SonicOS/X 7.0.1 Log Events Reference Guide

16
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
171 VPN VPN IKE User Activity DEBUG 9407 IPsec Dead %s
Peer Detection
173 Network TCP LAN TCP NOTICE 7222 LAN TCP Deny TCP connection from
LAN denied
174 Network UDP LAN UDP | NOTICE 7223 LAN UDP Deny UDP packet from
LAN TCP LAN dropped
175 Network ICMP LAN ICMP | NOTICE 7224 LAN ICMP Deny ICMP packet from
LAN TCP LAN dropped
177 Security Attacks Attack ALERT 528 TCP FIN Scan Probable TCP FIN
Services scan detected
178 Security Attacks Attack ALERT 529 TCP Xmas Scan Probable TCP XMAS
Services scan detected
179 Security Attacks Attack ALERT 530 TCP Null Scan Probable TCP NULL
Services scan detected
181 Network TCP Debug DEBUG 7005 TCP FIN Drop TCP FIN packet
dropped
182 Network ICMP User Activity INFO 7006 Path MTU Received a path
Receive MTU ICMP message
from router/gateway
188 Network ICMP User Activity INFO 7007 Path MTU Received a path
ICMP MTU ICMP message
from router/gateway
191 High Synchronization System Error ERROR 629 HA Set Error Error setting the IP
Availability address of the
Secondary, please
manually set to
Secondary LAN IP
199 Users Authentication User Activity INFO 4209 Admin Login CLI administrator
Access From CLI login allowed
200 Users Authentication User Activity WARNING 4210 Admin CLI administrator
Access Password Error login denied due to
From CLI bad credentials
201 Network L2TP Client Maintenance INFO 6601 L2TP Tunnel L2TP Tunnel
Start Negotiation Started
202 Network L2TP Client Maintenance INFO 6602 L2TP Session L2TP Session
Start Negotiation Started
204 Network L2TP Client Maintenance INFO 6604 L2TP Tunnel L2TP Tunnel
Finish Established
205 Network L2TP Client Maintenance NOTICE 6605 L2TP Tunnel L2TP Tunnel
Disconnect Disconnect from
From Remote Remote
206 Network L2TP Client Maintenance INFO 6606 L2TP Session L2TP Session
Success Established

SonicOS/X 7.0.1 Log Events Reference Guide

17
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
207 Network L2TP Client Maintenance NOTICE 6607 L2TP Session L2TP Session
Disconnect Disconnect from
From Remote Remote
208 Network L2TP Client Maintenance INFO 6608 L2TP PPP Start L2TP PPP
Negotiation Started
210 Network L2TP Client Maintenance INFO 6610 L2TP PPP Up L2TP PPP Session Up
211 Network L2TP Client Maintenance NOTICE 6611 L2TP Net Down L2TP PPP Down
212 Network L2TP Client Maintenance NOTICE 6612 L2TP PPP L2TP PPP
Authenticate Authentication
Failed Failed
215 Network L2TP Client Maintenance INFO 6615 L2TP Traffic Disconnecting L2TP
Timeout Tunnel due to traffic
Timeout
217 Network L2TP Client Maintenance NOTICE 6617 L2TP PPP Down L2TP PPP link down
222 VPN DHCP Relay Maintenance INFO 5001 DHCPR Remote DHCP RELEASE
Release relayed to Central
Gateway
223 VPN DHCP Relay Maintenance INFO 5002 DHCPR Remote DHCP lease relayed
ACK to local device
224 VPN DHCP Relay Debug INFO 5003 DHCPR Central DHCP RELEASE
Release received from
remote device
225 VPN DHCP Relay Debug INFO 5004 DHCPR Central DHCP lease relayed
ACK to remote device
226 VPN DHCP Relay Maintenance INFO 5005 DHCPR IP DHCP lease to LAN
Conflict device conflicts with
remote device,
deleting remote IP
entry
227 VPN DHCP Relay Maintenance INFO 5006 DHCPR IP WARNING: DHCP
Conflict With lease relayed from
Static IP Central Gateway
conflicts with IP in
Static Devices list
228 VPN DHCP Relay Maintenance WARNING 5007 DHCPR IP Drop DHCP lease
dropped. Lease
from Central
Gateway conflicts
with Relay IP
229 VPN DHCP Relay Attack WARNING 533 DHCPR IP IP spoof detected on
Spoof packet to Central
Gateway, packet
dropped
230 VPN DHCP Relay Maintenance INFO 5009 DHCPR Get Request for Relay IP
Remote IP Table from Central
Table Gateway

SonicOS/X 7.0.1 Log Events Reference Guide

18
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
231 VPN DHCP Relay Maintenance INFO 5010 DHCPR Get Requesting Relay IP
Central IP Table Table from Remote
Gateway
232 VPN DHCP Relay Maintenance INFO 5011 DHCPR Send Sent Relay IP Table
Remote IP to Central Gateway
Table
233 VPN DHCP Relay Maintenance INFO 5012 DHCPR Receive Obtained Relay IP
Remote IP Table from Remote
Table Gateway
234 VPN DHCP Relay System Error WARNING 632 DHCPR Table Failed to synchronize
Request Relay IP Table
Timeout
235 Users Authentication User Activity INFO 4211 Admin VPN VPN zone
Access Login administrator login
allowed
236 Users Authentication User Activity INFO 4212 Admin WAN WAN zone
Access Login administrator login
allowed
237 Users Authentication User Activity INFO 4213 User VPN Login VPN zone remote
Access user login allowed
238 Users Authentication User Activity INFO 4214 User WAN WAN zone remote
Access Login user login allowed
239 VPN VPN IKE User Activity INFO 9409 VPN Peer NAT Discovery : Peer
Behind NAT IPsec Security
Device Gateway behind a
NAT/NAPT Device
240 VPN VPN IKE User Activity INFO 9410 VPN Local NAT Discovery :
Behind NAT Local IPsec Security
Device Gateway behind a
NAT/NAPT Device
241 VPN VPN IKE User Activity INFO 9411 VPN No NAT NAT Discovery : No
Device NAT/NAPT device
Detected detected between
IPsec Security
gateways
242 VPN VPN IKE User Activity NOTICE 9412 VPN Peer Does NAT Discovery : Peer
Not Support IPsec Security
NAT Gateway doesn't
support VPN NAT
Traversal
243 Users Radius User Activity INFO 8201 User Login User login denied -
Authentication Failed RADIUS
authentication
failure

SonicOS/X 7.0.1 Log Events Reference Guide

19
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
244 Users Radius User Activity WARNING 8202 User Login User login denied -
Authentication Timeout RADIUS server
Timeout
245 Users Radius User Activity WARNING 8203 User Login User login denied -
Authentication Error RADIUS
configuration error
246 Users Authentication User Activity INFO 8204 User Login User login denied -
Access From Wrong User has no
Location privileges for login
from that location
247 VPN VPN IPsec Maintenance INFO 9610 Illegal Packet IPsec packet from an
from IPsec Host illegal host
248 Security E-mail Filtering Attack ERROR 534 E-mail Forbidden E-Mail
Services Attachment attachment deleted
249 VPN VPN IKE User Activity WARNING 535 Bad Tunnel IKE Responder:
Mode Mode %s - not
tunnel mode
250 VPN VPN IKE User Activity WARNING 536 Phase 1 ID IKE Responder: No
Mismatch matching Phase 1 ID
found for proposed
remote network
251 VPN VPN IKE User Activity WARNING 537 Bad Remote IKE Responder:
Network Proposed remote
network is 0.0.0.0
but not DHCP relay
nor default route
252 VPN VPN IKE User Activity WARNING 538 No Remote IKE Responder: No
Network Match match for proposed
remote network
address
253 VPN VPN IKE User Activity WARNING 539 Default IKE Responder:
Gateway Not Default LAN gateway
Match Proposal is set but peer is not
proposing to use this
SA as a default route
254 VPN VPN IKE User Activity INFO 540 Tunnel IKE Responder:
Terminates Tunnel terminates
Outside outside firewall but
proposed local
network is not NAT
public address
255 VPN VPN IKE User Activity INFO 541 Tunnel IKE Responder:
Terminates Tunnel terminates
Inside inside firewall but
proposed local
network is not inside
firewall

SonicOS/X 7.0.1 Log Events Reference Guide

20
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
256 VPN VPN IKE User Activity INFO 542 Tunnel IKE Responder:
Terminates Tunnel terminates
DMZ on DMZ but
proposed local
network is on LAN
257 VPN VPN IKE User Activity INFO 543 Tunnel IKE Responder:
Terminates LAN Tunnel terminates
on LAN but
proposed local
network is on DMZ
258 VPN VPN IKE User Activity WARNING 544 AH PFS IKE Responder: AH
Mismatch Perfect Forward
Secrecy mismatch
259 VPN VPN IKE User Activity WARNING 545 ESP PFS IKE Responder: ESP
Mismatch Perfect Forward
Secrecy mismatch
260 VPN VPN IKE User Activity WARNING 546 Algorithm or IKE Responder:
Key Mismatch Algorithms and/or
keys do not match
261 Users Authentication User Activity INFO 4215 Admin Logout Administrator
Access logged out
262 Users Authentication User Activity INFO 4216 Admin Logout - Administrator
Access Timer Expire logged out -
inactivity timer
expired
263 Users Authentication User Activity INFO 4217 User Logout User logged out - %s
Access
264 Users Authentication User Activity INFO 4218 User Logout - User logged out -
Access Max Session max session time
exceeded
265 Users Authentication User Activity INFO 4219 User Logout - User logged out -
Access Timer Expire inactivity timer
expired
266 VPN VPN IPsec Maintenance INFO 9611 IPsec AH Does NAT device may not
Not Support support IPsec AH
NAT pass-through
267 Security Attacks Attack ALERT 547 TCP Xmas Tree TCP Xmas Tree
Services Attack dropped
269 VPN VPN PKI User Activity INFO 9801 CRL Request Requesting CRL from
270 VPN VPN PKI User Activity INFO 9802 CRL Download CRL loaded from
Success
271 VPN VPN PKI User Activity ALERT 9803 CRL Download Failed to get CRL
Failed from
272 VPN VPN PKI User Activity ERROR 9804 CRL Failed - No Not enough memory
Memory to hold the CRL

SonicOS/X 7.0.1 Log Events Reference Guide

21
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
273 VPN VPN PKI User Activity WARNING 9805 CRL Failed - Connection timed
Timeout out
274 VPN VPN PKI User Activity ERROR 9806 CRL Failed - No Cannot connect to
Connect the CRL server
275 VPN VPN PKI User Activity ERROR 9807 CRL Failed - No Unknown reason
Reason
276 VPN VPN PKI User Activity WARNING 9808 CRL Process Failed to Process CRL
Failed from
277 VPN VPN PKI User Activity WARNING 9809 CRL Bad Bad CRL format
Format
278 VPN VPN PKI User Activity WARNING 9810 CRL Wrong Issuer match failed
Issuer
279 VPN VPN PKI User Activity WARNING 9811 CRL Certificate Certificate on
Revoke Revoked list(CRL)
280 VPN VPN PKI User Activity WARNING 9812 No Certificate No Certificate for
289 Network PPP --- INFO 11401 PPP PPP: Authentication
Authenticate successful
Success
290 Network PPP --- NOTICE 11402 PPP PAP Failed PPP: PAP
Authentication
failed - check
username /
password
291 Network PPP --- NOTICE 11403 PPP CHAP PPP: CHAP
Failed authentication failed
- check username /
password
292 Network PPP --- NOTICE 11404 PPP MS-CHAP PPP: MS-CHAP
Failed authentication failed
- check username /
password
293 Network PPP --- INFO 11405 PPP MS-CHAP PPP: Starting
Start MS-CHAP
authentication
294 Network PPP --- INFO 11406 PPP CHAP Start PPP: Starting CHAP
authentication
295 Network PPP --- INFO 11407 PPP PAP Start PPP: Starting PAP
authentication
307 Network Failover and System Error WARNING 639 WAN Mode The network
Load Balancing connection in use is
%s
308 VPN L2TP Server Maintenance INFO 6801 L2TP Tunnel L2TP Server : L2TP
Establish Tunnel Established.
309 VPN L2TP Server Maintenance INFO 6802 L2TP Session L2TP Server : L2TP
Establish Session Established.

SonicOS/X 7.0.1 Log Events Reference Guide

22
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
311 VPN L2TP Server Maintenance INFO 6804 L2TP Radius L2TP Server:
Authentication RADIUS/LDAP
Failure reports
Authentication
Failure
312 VPN L2TP Server Maintenance INFO 6805 L2TP Local L2TP Server: Local
Authentication Authentication
Failure Failure
318 VPN L2TP Server Maintenance INFO 6811 L2TP Local L2TP Server: Local
Authentication Authentication
Success Success.
319 VPN L2TP Server Maintenance INFO 6812 L2TP Radius L2TP Server:
Authentication RADIUS/LDAP
Success Authentication
Success
326 Network Failover and System Error ALERT 637 Probe Failed Probing failure on
Load Balancing %s
328 Users Authentication Maintenance INFO 4220 Admin Name Administrator name
Access Change changed
329 Users Authentication Attack ERROR 561 User Login User login failure
Access Lockout rate exceeded -
logins from user IP
address denied
335 VPN L2TP Server Maintenance INFO 6815 L2TPS Tunnel L2TP Server: Tunnel
Disconnect Disconnect from
From Remote Remote.
336 VPN L2TP Server Maintenance INFO 6816 L2TPS Tunnel L2TP Server :
Delete Deleting the Tunnel
337 VPN L2TP Server Maintenance INFO 6817 L2TPS Session L2TP Server :
Delete Deleting the L2TP
active Session
338 VPN L2TP Server Maintenance INFO 6818 L2TPS L2TP Server :
Retransmission Retransmission
Timeout Timeout, Deleting
the Tunnel
339 Network NAT Debug DEBUG 7008 NAT Overwrite NAT translated
packet exceeds size
limit, packet
dropped
340 System Administration Maintenance INFO 5212 HTTP Port HTTP management
Change port has changed
341 System Administration Maintenance INFO 5213 HTTPS Port HTTPS management
Change port has changed

SonicOS/X 7.0.1 Log Events Reference Guide

23
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
344 VPN L2TP Server Maintenance INFO 6820 L2TPS L2TP Server : User
Authentication Name
Local Failure authentication
Failure locally.
346 VPN VPN IKE User Activity INFO 9427 Quick Mode IKE Initiator: Start
Started Quick Mode (Phase
2).
347 Network Network Access TCP | UDP | WARNING 7225 Drop Clear Port configured to
ICMP Packet receive IPsec
protocol ONLY; drop
packet received in
the clear
348 VPN VPN IPsec Maintenance WARNING 5214 VPN SA Import Imported VPN SA is
Invalid invalid - disabled
350 VPN VPN IKE User Activity INFO 9428 IKE SA Life IKE SA lifetime
Expired expired.
351 VPN VPN IKE User Activity INFO 9429 IKE Main Mode IKE Initiator: Start
Started Main Mode
negotiation (Phase
1)
352 VPN VPN IKE User Activity INFO 9430 IKE Quick IKE Responder:
Mode Request Received Quick
Received Mode Request
(Phase 2)
353 VPN VPN IKE User Activity INFO 9431 Initial Main IKE Initiator: Main
Mode Mode complete
Completed (Phase 1)
354 VPN VPN IKE User Activity INFO 9432 Initial IKE Initiator:
Aggressive Aggressive Mode
Mode complete (Phase 1).
Completed
355 VPN VPN IKE User Activity INFO 9433 Responder IKE Responder:
Main Mode Received Main
Request Mode Request
Received (Phase 1)
356 VPN VPN IKE User Activity INFO 9434 Responder IKE Responder:
Aggressive Received Aggressive
Mode Request Mode Request
Received (Phase 1)
357 VPN VPN IKE User Activity INFO 9435 Responder IKE Responder: Main
Main Mode Mode complete
Completed (Phase 1)
358 VPN VPN IKE User Activity INFO 9436 Aggressive IKE Initiator: Start
Mode Started Aggressive Mode
negotiation (Phase
1)

SonicOS/X 7.0.1 Log Events Reference Guide

24
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
360 Security Crypto Test Maintenance ERROR 4602 DES Test Failed Crypto DES test
Services failed
361 Security Crypto Test Maintenance ERROR 4603 DH Test Failed Crypto DH test failed
Services
362 Security Crypto Test Maintenance ERROR 4604 HMAC-MD5 Crypto Hmac-MD5
Services Test Failed test failed
363 Security Crypto Test Maintenance ERROR 4605 HMAC-SHA1 Crypto Hmac-Sha1
Services Test Failed test failed
364 Security Crypto Test Maintenance ERROR 4606 RSA Test Failed Crypto RSA test
Services failed
365 Security Crypto Test Maintenance ERROR 4607 SHA1 Test Crypto Sha1 test
Services Failed failed
366 Security Crypto Test Maintenance ERROR 4608 Hardware DES Crypto hardware
Services Test Failed DES test failed
367 Security Crypto Test Maintenance ERROR 4609 Hardware 3DES Crypto hardware
Services Test Failed 3DES test failed
368 Security Crypto Test Maintenance ERROR 4610 Hardware Crypto hardware
Services DES-SHA Test DES with SHA test
Failed failed
369 Security Crypto Test Maintenance ERROR 4611 Hardware Crypto Hardware
Services 3DES-SHA Test 3DES with SHA test
Failed failed
371 VPN VPN Client User Activity INFO 9204 Client Policy VPN Client Policy
Provisioned Provisioning
372 VPN VPN IKE User Activity INFO 9437 IKE Initiator: IKE Initiator:
Accept Accepting IPsec
Proposal proposal (Phase 2)
373 VPN VPN IKE User Activity INFO 9438 IKE Responder: IKE Responder:
Aggressive Aggressive Mode
Mode complete (Phase 1)
Complete
375 Network PPTP Maintenance INFO 8001 Start Control PPTP Control
Connection Connection
Negotiation Negotiation Started
376 Network PPTP Maintenance INFO 8002 Start Session PPTP Session
Negotiation Negotiation Started
378 Network PPTP Maintenance INFO 8004 PPTP Control PPTP Control
Establish Connection
Established
379 Network PPTP Maintenance NOTICE 8005 PPTP Remote PPTP Tunnel
Disconnect Disconnect from
Tunnel Remote
380 Network PPTP Maintenance INFO 8006 PPTP Session PPTP Session
Success Established

SonicOS/X 7.0.1 Log Events Reference Guide

25
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
381 Network PPTP Maintenance INFO 8007 PPTP Remote PPTP Session
Disconnect Disconnect from
Session Remote
382 Network PPTP Maintenance INFO 8008 PPP Start PPTP PPP
Negotiation Started
384 Network PPTP Maintenance INFO 8010 PPP Up PPTP PPP Session Up
385 Network PPTP Maintenance NOTICE 8011 PPP Down PPTP PPP Down
388 Network PPTP Maintenance INFO 8014 PPTP User PPTP Disconnect
Diconnect Initiated by the User
389 Network PPTP Maintenance INFO 8015 PPTP Traffic Disconnecting PPTP
Timeout Tunnel due to traffic
Timeout
390 Network PPTP Maintenance INFO 8016 PPTP User PPTP Connect
Connect Initiated by the User
392 Network PPTP Maintenance INFO 8018 PPTP CHAP PPTP starting CHAP
Authentication Authentication
393 Network PPTP Maintenance INFO 8019 PPTP PAP PPTP starting PAP
Authentication Authentication
396 Network PPTP Maintenance INFO 8022 PPTP PPTP PAP
Authentication Authentication
ACK success.
398 Network PPTP Maintenance INFO 8024 PPTP PPP Link PPTP PPP Link Up
Up
399 Network PPTP Maintenance INFO 8025 PPTP PPP Link PPTP PPP Link down
Down
400 Network PPTP Maintenance INFO 8026 PPTP PPP Link PPTP PPP Link
Finish Finished
401 VPN VPN IKE User Activity WARNING 9439 No Proposal Received notify.
Chosen NO_PROPOSAL_CHO
SEN
402 VPN VPN IKE User Activity WARNING 9440 Proposal IKE Responder: IKE
Rejected proposal does not
match (Phase 1)
403 VPN VPN IKE User Activity NOTICE 9441 Negotiation IKE negotiation
Aborted aborted due to
Timeout
404 VPN VPN IKE User Activity WARNING 9442 Decryption Failed payload
Failed: Key verification after
Mismatch decryption; possible
preshared key
mismatch
405 VPN VPN IKE User Activity WARNING 9443 Payload Failed payload
Validation validation
Failed

SonicOS/X 7.0.1 Log Events Reference Guide

26
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
406 VPN VPN IKE User Activity WARNING 9444 Duplicate Received packet
Packet retransmission. Drop
Dropped duplicate packet
408 Security Anti-Virus Maintenance INFO 8617 AV License Anti-Virus Licenses
Services Exceeded Exceeded
409 VPN VPN IKE User Activity WARNING 9446 Authentication Received notify:
Failed ISAKMP_AUTH_FAIL
ED
410 VPN VPN IKE User Activity WARNING 9447 Hash Failed Computed hash
does not match hash
received from peer;
preshared key
mismatch
411 VPN VPN IKE User Activity WARNING 9448 Notification on Received notify:
Malformed PAYLOAD_MALFOR
Payload MED
412 VPN VPN IKE User Activity NOTICE 9449 Receive IPsec Received IPsec SA
Delete Request delete request
413 VPN VPN IKE User Activity NOTICE 9450 Receive IKE Received IKE SA
Delete Request delete request
414 VPN VPN IKE User Activity NOTICE 9451 Invalid Cookies Received notify:
INVALID_COOKIES
415 VPN VPN IKE User Activity INFO 9452 Notification on Received notify:
Responder RESPONDER_LIFETI
Lifetime ME
416 VPN VPN IKE User Activity INFO 9453 Notification on Received notify:
Invalid SPI INVALID_SPI
427 VPN VPN IPsec VPN Tunnel INFO 801 IPsec Tunnel IPsec Tunnel status
Status Status Changed changed
428 Firewall Advanced Debug WARNING 6424 Drop Source Source routed IP
Settings Route Packet packet dropped
429 Network PPTP Maintenance INFO 8027 PPTP No response from
Disconnect server to Echo
Echo Request Requests,
disconnecting PPTP
Tunnel
430 Network PPTP Maintenance INFO 8028 PPTP No response from
Disconnect PPTP server to
Control control connection
Connection requests
Request
431 Network PPTP Maintenance INFO 8029 PPTP No response from
Disconnect PPTP server to call
Session requests
Request

SonicOS/X 7.0.1 Log Events Reference Guide

27
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
432 Network PPTP Maintenance INFO 8030 PPTP PPTP server rejected
Disconnect control connection
Control
Connection
Reject
433 Network PPTP Maintenance INFO 8031 PPTP PPTP server rejected
Disconnect the call request
Session Reject
434 Network Failover and User Activity INFO 10003 Manual PPP Dial-Up: Trying
Load Balancing Alternate to failover but
Profile Alternate Profile is
manual
435 Network Failover and System Error ALERT 652 WLB Failback WLB Failback
Load Balancing initiated by %s
436 Network Failover and System Error ALERT 638 WLB Probe Probing succeeded
Load Balancing Success on %s
437 Security E-mail Filtering Attack ERROR 550 E-mail E-Mail fragment
Services Fragment dropped
Dropped
438 Users Authentication User Activity INFO 4222 User Login Locked-out user
Access Lockout logins allowed -
Expired lockout period
expired
439 Users Authentication User Activity INFO 4223 User Login Locked-out user
Access Lockout Clear logins allowed by %s
440 Firewall Access Rules User Activity INFO 5801 Rule Added Access rule added
441 Firewall Access Rules User Activity INFO 5802 Rule Modified Access rule viewed
or modified
442 Firewall Access Rules User Activity INFO 5803 Rule Deleted Access rule deleted
444 Network PPTP Maintenance NOTICE 8032 PPTP Server PPTP Server is not
Down responding, check if
the server is UP and
running.
445 VPN VPN IKE User Activity INFO 9455 IKE Initiator: IKE Initiator:
Peer Lifetime Accepting peer
Accept lifetime. (Phase 1)
446 Firewall FTP Attack ERROR 551 FTP Passive FTP: PASV response
Settings Attack spoof attack
dropped
448 VPN VPN PKI Maintenance ERROR 9815 PKI Output PKI Failure: Output
Buffer Failure buffer too small
449 VPN VPN PKI Maintenance ERROR 9816 PKI Allocate PKI Failure: Cannot
Memory alloc memory
Failure

SonicOS/X 7.0.1 Log Events Reference Guide

28
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
450 VPN VPN PKI Maintenance ERROR 9817 PKI Certificate PKI Failure: Reached
Failure the limit for local
certs, cant load any
more
451 VPN VPN PKI Maintenance ERROR 9818 PKI Import PKI Failure: Import
Failure failed
452 VPN VPN PKI Maintenance WARNING 9819 PKI Bad PKI Failure: Incorrect
Password admin password
453 VPN VPN PKI Maintenance WARNING 9820 PKI CA PKI Failure: CA
Certificate certificates store
Failure exceeded. Cannot
verify this Local
Certificate
454 VPN VPN PKI Maintenance WARNING 9821 PKI Import File PKI Failure:
Format Failure Improper file
format. Please select
PKCS#12 (*.p12) file
455 VPN VPN PKI Maintenance WARNING 9822 PKI Certificate PKI Failure:
ID Failure Certificate's ID does
not match this
Network Security
Appliance
456 VPN VPN PKI Maintenance WARNING 9823 PKI Key PKI Failure:
Mismatch public-private key
mismatch
457 VPN VPN PKI Maintenance WARNING 9824 PKI Local PKI Failure:
Certificate Duplicate local
Name certificate name
Duplicate
458 VPN VPN PKI Maintenance WARNING 9825 PKI Local PKI Failure:
Certificate Duplicate local
Duplicate certificate
459 VPN VPN PKI Maintenance WARNING 9826 PKI No PKI Failure: No CA
Certificate certificates yet
loaded
460 VPN VPN PKI Maintenance ERROR 9827 PKI Internal PKI Failure: Internal
Error error
461 VPN VPN PKI Maintenance WARNING 9828 PKI No PKI Failure:
Resource Temporary memory
shortage, try again
462 VPN VPN PKI Maintenance WARNING 9829 PKI Certificate PKI Failure: The
Chain Circular certificate chain is
circular
463 VPN VPN PKI Maintenance WARNING 9830 PKI Certificate PKI Failure: The
Chain certificate chain is
Incomplete incomplete

SonicOS/X 7.0.1 Log Events Reference Guide

29
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
464 VPN VPN PKI Maintenance WARNING 9831 PKI Certificate PKI Failure: The
Chain No Root certificate chain has
no root
465 VPN VPN PKI Maintenance WARNING 9832 PKI Certificate PKI Failure:
Expire Certificate
expiration
466 VPN VPN PKI Maintenance WARNING 9833 PKI Certificate PKI Failure: The
Invalid certificate or a
certificate in the
chain has a validity
period in the future
467 VPN VPN PKI Maintenance WARNING 9834 PKI Certificate PKI Failure: The
Corrupt certificate or a
certificate in the
chain is corrupt
468 VPN VPN PKI Maintenance WARNING 9835 PKI Certificate PKI Failure: The
Bad Signature certificate or a
certificate in the
chain has a bad
signature
469 VPN VPN PKI Maintenance WARNING 9836 PKI Certificate PKI Failure: Loaded
Not Verified but could not verify
certificate
470 VPN VPN PKI Maintenance WARNING 9837 PKI Certificate PKI Warning: Loaded
Chain Not the certificate but
Verified could not verify its
chain
473 VPN DHCP Relay Debug INFO 5015 Remote: DHCP DHCP REQUEST
Request received from
remote device
474 VPN DHCP Relay Debug INFO 5016 Remote: DHCP DHCP DISCOVER
Discover received from
remote device
476 VPN DHCP Relay Debug INFO 5018 Server: DHCP DHCP OFFER
Offer received from server
477 VPN DHCP Relay Debug INFO 5019 Server: DHCP DHCP NACK received
Nack from server
482 Security Anti-Virus Maintenance WARNING 552 AV Expiration Received AV Alert:
Services Warning Your Network
Anti-Virus
subscription will
expire in 7 days. %s
483 VPN VPN IPsec User Activity WARNING 9613 Invalid ID Received notify:
INVALID_ID_INFO

SonicOS/X 7.0.1 Log Events Reference Guide

30
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
484 VPN DHCP Relay Maintenance WARNING 5023 DHCP Release DHCP lease
Drop dropped. Lease
from Central
Gateway conflicts
with Remote
Management IP
486 Users Authentication User Activity INFO 4224 WLAN User User login denied -
Access Login Deny User has no
privileges for guest
service
488 Wireless Wireless Access TCP | UDP | WARNING 10202 Guest Check Packet dropped by
ICMP guest check
491 Security E-mail Filtering Maintenance WARNING 564 E-mail Filtering Received E-Mail
Services Expiration Filter Alert: Your
Warning E-Mail Filtering
subscription will
expire in 7 days.
492 Security E-mail Filtering Maintenance WARNING 565 E-mail Filtering Received E-Mail
Services Expiration Filter Alert: Your
Message E-Mail Filtering
subscription has
expired.
493 Network Interfaces Maintenance INFO 5215 ISDN Update ISDN Driver
Firmware
successfully updated
494 VPN VPN Client System Error NOTICE 658 GVC License Global VPN Client
Exceed License Exceeded:
Connection denied.
496 Security General Maintenance WARNING 8623 DEA Registration Update
Services Registration Needed, Please
restore your existing
security service
subscriptions.
502 Network Interfaces Maintenance INFO 5217 WAN Not WAN not ready
Ready
505 VPN VPN Client System Error WARNING 660 Blocked Quick Blocked Quick Mode
Mode With for Client using
Default Key ID Default KeyId
506 Users Authentication Maintenance INFO 4225 VPN Disabled VPN disabled by
Access administrator
507 Users Authentication Maintenance INFO 4226 VPN Enabled VPN enabled by
Access administrator
508 Users Authentication Maintenance INFO 4227 WLAN Disabled WLAN disabled by
Access administrator
509 Users Authentication Maintenance INFO 4228 WLAN Enabled WLAN enabled by
Access administrator

SonicOS/X 7.0.1 Log Events Reference Guide

31
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
518 Wireless WLAN 802.11b INFO --- WLAN 802.11 802.11 Management
Management Management
520 Users Authentication User Activity INFO 4235 Admin Logout CLI administrator
Access From CLI logged out
521 System Status Maintenance INFO 5218 Initializing Network Security
Appliance initializing
522 Network IP Debug INFO 554 Malformed IP Malformed or
Packet unhandled IP packet
dropped
523 Network ICMP ICMP NOTICE 7227 No Match ICMP ICMP packet
Drop dropped no match
524 Network Network Access TCP NOTICE 7228 Web Request Web access Request
Drop dropped
526 Network Network Access User Activity NOTICE 7229 Web Request Web management
Receiver request allowed
527 Firewall FTP Attack ALERT 555 FTP Port FTP: PORT bounce
Settings Bounce Attack attack dropped.
528 Firewall FTP Attack ALERT 556 FTP Passive FTP: PASV response
Settings Bounce Attack bounce attack
dropped.
529 VPN VPN Client System Error NOTICE 643 GVC Not Global VPN Client
Authorized connection is not
allowed. Appliance
is not registered.
533 VPN VPN IPsec TCP | UDP | NOTICE 9614 ESP Drop IPsec (ESP) packet
ICMP dropped
534 VPN VPN IPsec TCP | UDP | NOTICE 9615 AH Drop IPsec (AH) packet
ICMP dropped
535 VPN VPN IPsec Debug DEBUG 9616 ESP Connection IPsec (ESP) packet
Drop dropped; waiting for
pending IPsec
connection
537 Network Network Access Connection INFO 7403 Connection Connection Closed
Traffic Closed
538 Firewall FTP Attack ALERT 557 FTP Data Port FTP: Data
Settings connection from
non default port
dropped
543 VPN VPN IKE User Activity INFO 9457 Negotiation on IKE Initiator: Using
Second GW secondary gateway
to negotiate

SonicOS/X 7.0.1 Log Events Reference Guide

32
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
544 VPN VPN IKE User Activity NOTICE 9458 Initiator: IKE Initiator drop:
Bound Scope VPN tunnel end
Mismatch point does not
match configured
VPN Policy Bound to
scope
545 VPN VPN IKE User Activity NOTICE 9459 Responder: IKE Responder drop:
Bound Scope VPN tunnel end
Mismatch point does not
match configured
VPN Policy Bound to
scope
546 Wireless WLAN IDS WLAN IDS ALERT 901 Rogue AP or Found Rogue or
MitM AP Found MitM Access Point
548 Wireless WLAN IDS WLAN IDS ALERT 903 WLAN Association Flood
Association from WLAN station
Flood
549 Users Authentication User Activity WARNING 4236 WLAN Guest User login failed -
Access Limit Guest service limit
reached
550 Users Authentication User Activity INFO 4237 WLAN Session User Session Quota
Access Timeout Expired
551 Users Authentication User Activity INFO 4238 WLAN Account Guest Account
Access Timeout Timeout
557 Users Authentication User Activity INFO 4239 WLAN Guest Guest login denied.
Access Already Login Guest '%s' is already
logged in. Please try
again later.
558 Users Authentication User Activity INFO 4240 WLAN Guest Guest account '%s'
Access Create created
559 Users Authentication User Activity INFO 4241 WLAN Guest Guest account '%s'
Access Delete deleted
560 Users Authentication User Activity INFO 4242 WLAN Guest Guest account '%s'
Access Disable disabled
561 Users Authentication User Activity INFO 4243 WLAN Guest Guest account '%s'
Access Re-enable re-enabled
562 Users Authentication User Activity INFO 4244 WLAN Guest Guest account '%s'
Access Prune pruned
564 Users Authentication User Activity INFO 4246 WLAN Idle Guest Idle Timeout
Access Timeout
565 Network Interfaces System Error ALERT 646 Multi-Interface Interface %s Link Is
Link Up Up
566 Network Interfaces System Error ALERT 647 Multi-Interface Interface %s Link Is
Link Down Down

SonicOS/X 7.0.1 Log Events Reference Guide

33
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
567 Network Interfaces Maintenance DEBUG 5222 Multi-Interface Interface IP
Shutdown Assignment
changed: Shutting
down %s
568 Network Interfaces Maintenance DEBUG 5223 Multi-Interface Interface IP
Bind Initiate Assignment : Binding
and initializing %s
569 Network Interfaces Maintenance WARNING 5224 Network Network for
Overlap interface %s
overlaps with
another interface.
570 Network Interfaces Maintenance INFO 5225 Invalid Please connect
Network interface %s to
another network to
function properly
573 System Settings System Error WARNING 649 Preferences The preferences file
Too Big is too large to be
saved in available
flash memory
574 System Settings System Error WARNING 650 Preferences All preference values
Defaulted have been set to
factory default
values
575 System Hardware System ERROR 101 Voltages Out of Voltages Out of
Environment Tolerance Tolerance
576 System Hardware System ALERT 102 Fan Failure Fan Failure
Environment
577 System Hardware System ALERT 103 Thermal Yellow Thermal Yellow
Environment
578 System Hardware System ALERT 104 Thermal Red Thermal Red
Environment
579 System Hardware System ALERT 105 Thermal Red Thermal Red Timer
Environment Timer Exceeded
Exceeded
580 Network TCP Attack ALERT 558 TCP SYN/FIN TCP SYN/FIN packet
Packet Drop dropped
581 Network Failover and Maintenance WARNING 10006 WLB Spill-Over WLB Spill-over
Load Balancing Start started, configured
threshold exceeded
582 Network Failover and Maintenance WARNING 10007 WLB Spill-Over WLB Spill-over
Load Balancing Stop stopped
583 Users Authentication Attack ERROR 559 User Login User login disabled
Access Disable from %s
584 Network Failover and System Error ALERT 651 WLB Failover WLB Failover in
Load Balancing progress

SonicOS/X 7.0.1 Log Events Reference Guide

34
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
585 Network Failover and System Error ALERT 653 WLB Resource WLB Resource is
Load Balancing Available now available
586 Network Failover and System Error ALERT 654 WLB Resource WLB Resource failed
Load Balancing Failed
587 VPN VPN IKE User Activity WARNING 9460 Header Header verification
Verification failed
Failed
588 Network DHCP Client Maintenance NOTICE 4826 Offer Error Received DHCP offer
packet has errors
589 Network DHCP Client Maintenance NOTICE 4827 Request Received response
Response Error packet for DHCP
request has errors
590 Network Network Access LAN UDP | NOTICE 7232 LAN IP Deny IP type %s packet
LAN TCP dropped
593 Network PPPoE Maintenance INFO 7817 Receive PAD Received PPPoE
Offer Active Discovery
Offer
594 Network PPPoE Maintenance INFO 7818 Receive PAD Received PPPoE
Conffirm Active Discovery
Session_confirmatio
n
595 Network PPPoE Maintenance INFO 7819 Sending PADR Sending PPPoE
Active Discovery
Request
596 Network PPTP Debug DEBUG 8034 Decode Failure PPTP decode failure
597 Network ICMP Debug INFO 7233 ICMP Allow ICMP packet allowed
598 Network ICMP Debug INFO 7234 LAN ICMP ICMP packet from
Allow LAN allowed
599 System Restart System Error ERROR 655 Stack Margin Diagnostic Code G
Reboot
600 System Restart System Error ERROR 656 Delete Reboot Diagnostic Code H
601 System Restart System Error ERROR 657 Delete Stack Diagnostic Code I
Reboot
602 Network DNS Debug INFO 7235 DNS Allow DNS packet allowed
603 VPN L2TP Server System Error ERROR 661 Problem Adding L2TP IP pool
Adding L2TP IP Address object
Pool Failed.
605 VPN VPN IKE User Activity WARNING 9461 Received Received
Unencrypted unencrypted packet
Packet in crypto active state
606 Security Attacks Attack ALERT 568 Spank Attack Spank attack
Services multicast packet
dropped

SonicOS/X 7.0.1 Log Events Reference Guide

35
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
607 VPN VPN IKE Debug | UDP INFO 9462 ISAKMP Packet Received ISAKMP
on Wrong Port packet destined to
port %s
608 Security IPS Attack ALERT 569 IPS Detection IPS Detection Alert:
Services Alert %s
609 Security IPS Attack ALERT 570 IPS Prevention IPS Prevention Alert:
Services Alert %s
610 Security Crypto Test Maintenance ERROR 4614 Hardware AES Crypto Hardware
Services Test Failed AES test failed
614 Security General Maintenance WARNING 571 IDP Expiration Received IPS Alert:
Services Message Your Intrusion
Prevention (IDP)
subscription has
expired.
615 Wireless WLAN IDS WLAN IDS WARNING 904 WLAN Probe WLAN client null
Check probing
616 VPN VPN IKE Debug ERROR 9463 Detail Error Log Payload processing
failed
617 Wireless WLAN Maintenance INFO 10207 WLAN Mode WLAN not in AP
Not With DHCP mode, DHCP server
will not provide
lease to clients on
WLAN
618 Network BOOTP Debug DEBUG 4401 Response to BOOTP server
Remote Device response relayed to
remote device
619 Network BOOTP Maintenance INFO 4402 Reply IP BOOTP Client IP
Conflict address on LAN
conflicts with
remote device IP,
deleting IP address
from remote table
620 Network BOOTP Maintenance INFO 4403 Response to BOOTP reply relayed
Local Device to local device
622 VoIP Call VoIP INFO 8801 Call Connect VoIP Call Connected
623 VoIP Call VoIP INFO 8802 Call Disconnect VoIP Call
Disconnected
624 VoIP H.323 VoIP DEBUG 8803 H.323/RAS H.323/RAS
Admission Admission Reject
Reject
625 VoIP H.323 VoIP DEBUG 8804 H.323/RAS H.323/RAS
Admission Admission Confirm
Confirm
626 VoIP H.323 VoIP DEBUG 8805 H.323/RAS H.323/RAS
Admission Admission Request
Request

SonicOS/X 7.0.1 Log Events Reference Guide

36
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
627 VoIP H.323 VoIP DEBUG 8806 H.323/RAS H.323/RAS
Bandwidth Bandwidth Reject
Reject
628 VoIP H.323 VoIP DEBUG 8807 H.323/RAS H.323/RAS
Disengage Disengage Confirm
Confirm
629 VoIP H.323 VoIP DEBUG 8808 H.323/RAS H.323/RAS
Gatekeeper Gatekeeper Reject
Reject
630 VoIP H.323 VoIP DEBUG 8809 H.323/RAS H.323/RAS Location
Location Confirm
Confirm
631 VoIP H.323 VoIP DEBUG 8810 H.323/RAS H.323/RAS Location
Location Reject Reject
632 VoIP H.323 VoIP DEBUG 8811 H.323/RAS H.323/RAS
Registration Registration Reject
Reject
633 VoIP H.323 VoIP DEBUG 8812 H.323/H.225 H.323/H.225 Setup
Setup
634 VoIP H.323 VoIP DEBUG 8813 H.323/H.225 H.323/H.225
Connect Connect
635 VoIP H.323 VoIP DEBUG 8814 H.323/H.245 H.323/H.245
Address Address
636 VoIP H.323 VoIP DEBUG 8815 H.323/H.245 H.323/H.245 End
End Session Session
637 VoIP SIP VoIP DEBUG 8816 Endpoint VoIP %s Endpoint
Added added
638 VoIP SIP VoIP DEBUG 8817 Endpoint VoIP %s Endpoint
Removed removed
639 VoIP SIP VoIP WARNING 8818 Endpoint Deny VoIP %s Endpoint
not added -
configured 'public'
endpoint limit
reached
640 VoIP H.323 VoIP DEBUG 8819 H.323/RAS H.323/RAS Unknown
Unknown Message Response
Message
Response
641 VoIP H.323 VoIP DEBUG 8820 H.323/RAS H.323/RAS
Disengage Disengage Reject
Reject
642 VoIP H.323 VoIP DEBUG 8821 H.323/RAS H.323/RAS
Unregistration Unregistration
Reject Reject
643 VoIP SIP VoIP DEBUG 8822 SIP Request SIP Request

SonicOS/X 7.0.1 Log Events Reference Guide

37
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
644 VoIP SIP VoIP DEBUG 8823 SIP Response SIP Response
645 VoIP SIP VoIP INFO 8824 SIP Register SIP Register
Expire expiration exceeds
configured Signaling
inactivity time out
646 Firewall Access Rules System Error WARNING 5238 Source IP Packet dropped;
Connection connection limit for
Limit this source IP
address has been
reached
647 Firewall Access Rules System Error WARNING 5239 Destination IP Packet dropped;
Connection connection limit for
Limit this destination IP
address has been
reached
648 VPN VPN IPsec Attack ERROR 572 Illegal Packet destination
Destination not in VPN Access
list
651 Network IPcomp Debug DEBUG 12401 IPcomp IPcomp connection
Interrupt Error interrupt
652 Network IPcomp TCP | UDP | NOTICE 12402 IPcomp Packet IPcomp packet
ICMP Drop dropped
653 Network IPcomp Debug DEBUG 12403 IPcomp Packet IPcomp packet
Drop, Waiting dropped; waiting for
pending IPcomp
connection
654 Log General System Error CRITICAL 5605 Maximum Maximum events
Events Rate per second
Exceeded threshold exceeded:
%s
655 Log Syslog System Error CRITICAL 5606 Maximum Maximum syslog
Syslog Data data per second
Rate Exceeded threshold exceeded:
%s
656 Log E-mail System Error WARNING 5607 POP-Before-SM SMTP
TP POP-Before-SMTP
Authentication authentication failed
Failed
657 Log Syslog Maintenance INFO 7009 Syslog Server Syslog Server cannot
Unreachable be reached
658 VPN VPN IKE System Error WARNING 9464 Responder: IKE IKE Responder:
ID mismatch Proposed IKE ID
mismatch

SonicOS/X 7.0.1 Log Events Reference Guide

38
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
659 VPN VPN Client System Error WARNING 9209 Responder: IKE Responder: IP
Duplicate Entry Address already
in Relay Table exists in the DHCP
relay table. Client
traffic not allowed.
660 VPN VPN Client System Error WARNING 9210 Responder: IKE Responder: %s
Static IP Not Policy does not allow
Allowed static IP for Virtual
Adapter.
661 VPN VPN IKE User Activity WARNING 9465 Invalid Payload Received notify:
INVALID_PAYLOAD
662 Wireless SonicPoint Attack ERROR 6434 Non SonicPoint Drop WLAN traffic
Traffic Drop from non-SonicPoint
devices
667 Wireless SonicPoint SonicPoint INFO 10401 SonicPoint SonicPoint Status
Status
668 High State Maintenance INFO 6227 HA Peer HA Peer Firewall
Availability Firewall Reboot Rebooted
669 High State System Error ERROR 663 Error Error Rebooting HA
Availability Rebooting HA Peer Firewall
Peer Firewall
670 High General System Error ERROR 664 HA License License of HA pair
Availability Error doesn't match: %s
671 High State System Error NOTICE 665 Reboot Signal Primary received
Availability From reboot signal from
Secondary Secondary
672 High State System Error NOTICE 666 Reboot Signal Secondary received
Availability From Primary reboot signal from
Primary
674 High Monitoring System Error INFO 6233 Probe Success Success to reach
Availability Interface %s probe
675 High Monitoring System Error NOTICE 6234 Probe Failed Failure to reach
Availability Interface %s probe
676 Firewall Multicast --- INFO 10601 IGMPv2 Client IGMP V2 client
Settings Joined joined multicast
Multicast Group : %s
Group
677 Firewall Multicast --- INFO 10602 IGMPv3 Client IGMP V3 client
Settings Joined joined multicast
Multicast Group : %s
Group
682 Firewall Multicast --- INFO 10607 IGMP Leave IGMP Leave group
Settings Group Message message Received
on interface %s

SonicOS/X 7.0.1 Log Events Reference Guide

39
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
683 Firewall Multicast --- NOTICE 10608 Wrong IGMP IGMP packet
Settings Checksum dropped, wrong
checksum received
on interface %s
690 Firewall Multicast --- NOTICE 10615 UDP Packet Multicast UDP
Settings Drop packet dropped, no
state entry
694 Firewall Multicast --- WARNING 10619 RTP Stateful Multicast UDP
Settings Failed packet dropped, RTP
stateful failed
701 Firewall Multicast --- DEBUG 10626 IGMP Router IGMP querier Router
Settings Detected detected on
interface %s
706 Network Network --- ALERT 14005 Host Down Network Monitor:
Monitor Host %s is offline
707 Network Network --- ALERT 14006 Host Up Network Monitor:
Monitor Host %s is online
708 Network TCP Debug DEBUG 7010 TCP Invalid SEQ TCP packet received
Number with invalid SEQ
number; TCP packet
dropped
709 Network TCP Debug DEBUG 7011 TCP Invalid ACK TCP packet received
Number with invalid ACK
number; TCP packet
dropped
712 Network TCP Debug DEBUG 7014 TCP TCP connection
Connection reject received; TCP
Reject connection dropped
713 Network TCP Debug DEBUG 7015 TCP TCP connection
Connection abort received; TCP
Abort connection dropped
714 Network Network Access Debug NOTICE 7236 EIGRP Packet EIGRP packet
Drop dropped
719 VPN VPN IPsec System Error WARNING 9006 Bad SA Count VPN policy count
received exceeds the
limit; %s
720 Network PPPoE Maintenance INFO 7820 Send LCP Echo Sending LCP Echo
Request Request
721 Network PPPoE Maintenance INFO 7821 Receive LCP Received LCP Echo
Echo Request Request
722 Network PPPoE Maintenance INFO 7822 Send LCP Echo Sending LCP Echo
Reply Reply
723 Network PPPoE Maintenance INFO 7823 Receive LCP Received LCP Echo
Echo Reply Reply

SonicOS/X 7.0.1 Log Events Reference Guide

40
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
724 Wireless Wireless Access --- WARNING 7237 Guest Services Guest Services drop
Deny Network traffic to deny
network
725 Wireless Wireless Access --- INFO 7238 Guest Services Guest Services pass
Allow Network traffic to access
allow network
726 Wireless Wireless Access --- WARNING 7239 WLAN Max WLAN max
User Reached concurrent users
reached already
727 Wireless SonicPoint SonicPoint INFO 10402 SonicPoint SonicPoint Provision
Provision
728 Users Authentication Maintenance INFO 4248 WLAN Disable WLAN disabled by
Access By Schedule schedule
729 Users Authentication Maintenance INFO 4249 WLAN Enabled WLAN enabled by
Access By Schedule schedule
732 Wireless WLAN TCP | UDP | WARNING 10210 WLAN SSL VPN Packet dropped by
ICMP Enforcement WLAN SSL VPN
Check Drop enforcement check
733 SSL VPN General Maintenance INFO 10211 SSL VPN SSL VPN
Enforcement enforcement
734 Firewall Access Rules --- WARNING --- Source Source IP address
Connection connection status:
Status %s
735 Firewall Access Rules --- WARNING --- Destination Destination IP
Connection address connection
Status status: %s
737 Log E-mail System Error WARNING --- SMTP SMTP
Authentication authentication
Failed problem:%s
738 Network PPPoE Maintenance INFO --- Session PPPoE Client:
Duration Previous session was
connected for %s
744 Users Radius User Activity WARNING 8205 RADIUS User login denied -
Authentication Communicatio RADIUS
n Problem communication
problem
745 Users Radius User Activity INFO 8206 LDAP User login denied -
Authentication Authentication LDAP authentication
Failure failure
746 Users Radius User Activity WARNING 8207 LDAP Server User login denied -
Authentication Timeout LDAP server Timeout
747 Users Radius User Activity WARNING 8208 LDAP Server User login denied -
Authentication Error LDAP server down or
misconfigured

SonicOS/X 7.0.1 Log Events Reference Guide

41
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
748 Users Radius User Activity WARNING 8209 LDAP User login denied -
Authentication Communicatio LDAP
n Problem communication
problem
749 Users Radius User Activity WARNING 8210 LDAP Server User login denied -
Authentication Invalid invalid credentials
Credential on LDAP server
750 Users Radius User Activity WARNING 8211 LDAP Server User login denied -
Authentication Insufficient insufficient access
Access on LDAP server
751 Users Radius User Activity WARNING 8212 LDAP Schema User login denied -
Authentication Mismatch LDAP schema
mismatch
752 Users Radius User Activity WARNING 8213 LDAP Server Allowed LDAP server
Authentication Certificate certificate with
With Wrong wrong host name
Name
753 Users Radius User Activity WARNING 8214 LDAP Server User login denied -
Authentication Name LDAP server name
Resolution resolution failed
Failed
754 Users Radius User Activity WARNING 8215 RADIUS Server User login denied -
Authentication Name RADIUS server name
Resolution resolution failed
Failed
755 Users Radius User Activity WARNING 8216 LDAP Server User login denied -
Authentication Certificate LDAP server
Invalid certificate not valid
756 Users Radius User Activity WARNING 8217 LDAP TLS or User login denied -
Authentication Local Error TLS or local
certificate problem
757 Users Radius User Activity WARNING 8218 LDAP Directory User login denied -
Authentication Mismatch LDAP directory
mismatch
758 Users Radius User Activity WARNING --- LDAP Server LDAP server does
Authentication Not Allowing not allow CHAP
CHAP
759 Users Authentication User Activity INFO --- User Already User login denied -
Access Logged-In user already logged
in
760 Network TCP --- NOTICE 7240 TCP Handshake TCP handshake
Violation violation detected;
Detected TCP connection
dropped

SonicOS/X 7.0.1 Log Events Reference Guide

42
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
766 Security General Maintenance WARNING 8628 Synchronize Failed to synchronize
Services License Failed license information
with Licensing
Server. %s
773 Network Dynamic DNS System Error ERROR 11801 DDNS Abuse DDNS Failure:
Provider %s
774 Network Dynamic DNS System Error ERROR 11802 DDNS Invalid DDNS Failure:
Provider %s
776 Network Dynamic DNS Maintenance INFO 11804 DDNS Update DDNS Update
Success success for domain
%s
777 Network Dynamic DNS System Error WARNING 11805 DDNS Warning DDNS Warning:
Provider %s
778 Network Dynamic DNS Maintenance INFO 11806 DDNS Taken DDNS association %s
Offline taken Offline locally
779 Network Dynamic DNS Maintenance INFO 11807 DDNS Added DDNS association %s
added
780 Network Dynamic DNS Maintenance INFO 11808 DDNS DDNS association
Association %s enabled
Enable
781 Network Dynamic DNS Maintenance INFO 11809 DDNS DDNS association
Association %s disabled
Disable
782 Network Dynamic DNS Maintenance INFO 11810 DDNS DDNS Association
Association %s put on line
On-line
783 Network Dynamic DNS Maintenance INFO 11811 Deleted All All DDNS
DDNS associations have
Association been deleted
785 Network Dynamic DNS Maintenance INFO 11813 Delete DDNS DDNS association %s
Association deleted
786 Network Dynamic DNS --- INFO --- DDNS Updating DDNS association %s
updated
789 Security IDP Attack ALERT 6435 IDP Detection IDP Detection Alert:
Services Alert %s
790 Security IDP Attack ALERT 6436 IDP Prevention IDP Prevention
Services Alert Alert: %s
791 Security DPI-SSL --- INFO --- DPI-SSL DPI-SSL: %s
Services
793 Firewall Application User Activity ALERT 13201 Application Application Firewall
Firewall Firewall Alert Alert: %s
794 Security Anti-Spyware Attack ALERT 6437 Anti-Spyware Anti-Spyware
Services Prevention Prevention Alert: %s
Alert

SonicOS/X 7.0.1 Log Events Reference Guide

43
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
795 Security Anti-Spyware Attack ALERT 6438 Anti-Spyware Anti-Spyware
Services Detection Alert Detection Alert: %s
796 Security Anti-Spyware Maintenance WARNING 8631 Anti-Spyware Anti-Spyware
Services Service Expired Service Expired
797 Security RBL Filter --- NOTICE 12001 Outbound Outbound
Services Connection connection to
Drop RBL-listed SMTP
server dropped
798 Security RBL Filter --- NOTICE 12002 Inbound Inbound connection
Services Connection from RBL-listed
Drop SMTP server
dropped
799 Security RBL Filter --- NOTICE 12003 SMTP Server SMTP server found
Services on RBL Blacklist on RBL blacklist
800 Security RBL Filter --- ERROR 12004 No Valid DNS No valid DNS server
Services Server on RBL specified for RBL
lookups
805 System NSM --- INFO 6002 Interface Interface statistics
Statistics report
Report
806 System NSM --- INFO 6003 SonicPoint SonicPoint statistics
Statistics report
Report
809 Security GAV Attack ALERT 8632 AV Gateway Gateway Anti-Virus
Services Alert Alert: %s
810 Security GAV Maintenance WARNING 8633 AV Gateway Gateway Anti-Virus
Services Service Expire Service expired
815 Network ARP --- WARNING 7022 Too Many Too many gratuitous
Gratuitous ARPs detected
ARPs Detected
817 Users Authentication User Activity INFO 4250 Remote Dialup Incoming call
Access Received received for
Remotely Triggered
Dial-out session
818 Users Authentication User Activity INFO 4251 Remote Dialup Remotely Triggered
Access Authentication Dial-out session
Request started. Requesting
authentication
819 Users Authentication User Activity INFO 4252 Remote Dialup Incorrect
Access Authentication authentication
Password Error received for
Remotely Triggered
Dial-out

SonicOS/X 7.0.1 Log Events Reference Guide

44
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
820 Users Authentication User Activity INFO 4253 Remote Dialup Successful
Access Authentication authentication
Password Valid received for
Remotely Triggered
Dial-out
821 Users Authentication User Activity INFO 4254 Remote Dialup Authentication
Access Authentication Timeout during
Password Remotely Triggered
Timeout Dial-out session
822 Users Authentication User Activity INFO 4255 Remote Dialup Remotely Triggered
Access Abort For Data Dial-out session
ended. Valid WAN
bound data found.
Normal dial-up
sequence will
commence
824 High General System Error ERROR 6236 License Expire Secondary shut
Availability to Shutdown down because
Secondary license is expired
825 High State System Error INFO 6237 Secondary Secondary active
Availability Active
826 High State --- ERROR 6238 HA Error %s
Availability
829 High State --- ALERT 6241 HA Alert %s
Availability
830 High State --- NOTICE 6242 HA Notice %s
Availability
832 Network DHCP Server --- INFO 5237 DHCP Scopes DHCP Scopes altered
Altered automatically due to
change in network
settings for interface
%s
833 Network DHCP Server System Error WARNING --- DHCP Lease DHCP lease file in
File Corrupt the storage is
corrupted; read
failed
834 Network DHCP Server System Error WARNING --- Failed to Write Failed to write DHCP
DHCP Leases to leases to storage
Storage
835 Network DHCP Server Maintenance INFO --- DHCP Leases DHCP leases written
Written to to storage
Storage
840 Network Advanced --- INFO 12201 RIP Info %s
Routing
841 Network Advanced --- NOTICE 12202 RIP Notice %s
Routing

SonicOS/X 7.0.1 Log Events Reference Guide

45
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
842 Network Advanced --- DEBUG 12203 RIP Debug %s
Routing
843 Network Advanced --- INFO --- OSPF Info %s
Routing
844 Network Advanced --- DEBUG --- OSPF Debug %s
Routing
845 Network Advanced --- INFO --- BGP Info %s
Routing
846 Network Advanced --- DEBUG --- BGP Debug %s
Routing
847 Network Interfaces Maintenance WARNING 7025 IP Address IP address conflict
Conflict detected from
Ethernet address %s
848 VPN VPN PKI User Activity INFO 9838 OCSP Send OCSP sending
Request request.
849 VPN VPN PKI User Activity ERROR 9839 OCSP Failed to OCSP send request
Send Request message failed.
850 VPN VPN PKI User Activity INFO 9840 OCSP Received OCSP received
Response response.
852 VPN VPN PKI User Activity INFO 9842 OCSP Resolved OCSP Resolved
Domain Name Domain Name.
853 VPN VPN PKI User Activity ERROR 9843 OCSP Failed to OCSP Failed to
Resolve Resolve Domain
Domain Name Name.
854 VPN VPN PKI User Activity ERROR 9844 OCSP Internal OCSP Internal error
Error handling received
response.
856 Firewall Flood Attack WARNING 6439 SYN Flood SYN Flood Mode
Settings Protection Watch Mode changed by user to:
Watch and report
possible SYN floods
857 Firewall Flood Attack WARNING 6440 SYN Flood SYN Flood Mode
Settings Protection Trigger Mode changed by user to:
Watch and proxy
WAN connections
when under attack
858 Firewall Flood Attack WARNING 6441 SYN Flood SYN Flood Mode
Settings Protection Proxy Mode changed by user to:
Always proxy WAN
connections
859 Firewall Flood Attack ALERT 6442 SYN Flood Possible SYN flood
Settings Protection Proxy Trigger detected on WAN IF
Mode %s - switching to
connection-proxy
mode

SonicOS/X 7.0.1 Log Events Reference Guide

46
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
860 Firewall Flood Attack ALERT 6443 SYN Flood Possible SYN Flood
Settings Protection Detected on IF %s
861 Firewall Flood Attack ALERT 6444 SYN Flood SYN flood ceased or
Settings Protection Proxy Mode flooding machines
Cancel blacklisted -
connection proxy
disabled
862 Firewall Flood Attack WARNING 6445 SYN Flood SYN Flood
Settings Protection Blacklist On blacklisting enabled
by user
863 Firewall Flood Attack WARNING 6446 SYN Flood SYN Flood
Settings Protection Blacklist Off blacklisting disabled
by user
864 Firewall Flood Attack ALERT 6447 SYN-Flooding SYN-Flooding
Settings Protection Machine machine %s
Blacklisted blacklisted
865 Firewall Flood Attack ALERT 6448 Machine Machine %s
Settings Protection removed from removed from SYN
SYN Flood flood blacklist
Blacklist
866 Firewall Flood Attack WARNING 6449 Possible SYN Possible SYN Flood
Settings Protection Flood on IF %s continues
Continues
867 Firewall Flood Attack ALERT 6450 Possible SYN Possible SYN Flood
Settings Protection Flood Ceased on IF %s has ceased
868 Firewall Flood Attack WARNING 6451 SYN Flood SYN Flood Blacklist
Settings Protection Blacklist on IF %s continues
Continues
869 Firewall Flood Attack DEBUG 6452 TCP SYN TCP SYN received
Settings Protection Receive
874 VPN VPN PKI User Activity NOTICE 9845 CRL Expire CRL has expired
875 VPN VPN PKI User Activity WARNING 9846 Failed to Find Failed to find
Certificate certificate
876 VPN VPN PKI User Activity WARNING 9847 CRL Missing CRL missing - Issuer
requires CRL
checking.
877 VPN VPN PKI User Activity WARNING 9848 CRL Validation CRL validation
Error failure for Root
Certificate
878 VPN VPN PKI User Activity WARNING 9849 Can't Validate Cannot Validate
Issuer Path Issuer Path
879 Wireless RF Monitoring --- WARNING --- WLAN Radio WLAN radio
Frequency frequency threat
Threat detected
Detected

SonicOS/X 7.0.1 Log Events Reference Guide

47
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
880 Network Dynamic Maintenance INFO --- Failed to Unable to resolve
Address Objects Resolve dynamic address
Dynamic object
Address Object
881 System Time --- NOTICE 5608 System Clock System clock
Manually manually updated
Updated
882 Network Network Access TCP DEBUG 7242 HTTP Drop HTTP method
detected; examining
stream for host
header
883 Firewall Checksum TCP|UDP NOTICE 7243 IP Checksum IP Header checksum
Settings Enforcement Error error; packet
dropped
884 Firewall Checksum TCP NOTICE 7244 TCP Checksum TCP checksum error;
Settings Enforcement Error packet dropped
885 Firewall Checksum UDP NOTICE 7245 UDP Checksum UDP checksum
Settings Enforcement Error error; packet
dropped
886 Firewall Checksum UDP NOTICE 7246 ICMP ICMP checksum
Settings Enforcement Checksum error; packet
Error dropped
887 Network TCP Debug DEBUG 7026 Invalid TCP TCP packet received
Header Length with invalid header
length; TCP packet
dropped
888 Network TCP Debug DEBUG 7027 TCP TCP packet received
Connection on
Does Not Exist non-existent/closed
connection; TCP
packet dropped
889 Network TCP Debug DEBUG 7028 TCP Without TCP packet received
Mandatory SYN without mandatory
Flag SYN flag; TCP packet
dropped
890 Network TCP Debug DEBUG 7029 TCP Without TCP packet received
Mandatory without mandatory
ACK Flag ACK flag; TCP packet
dropped
891 Network TCP Debug DEBUG 7030 TCP Packet on TCP packet received
Closing on a closing
Connection connection; TCP
packet dropped
892 Network TCP Debug INFO 7031 SYN Flag on TCP packet received
Existing with SYN flag on an
Connection existing connection;
TCP packet dropped

SonicOS/X 7.0.1 Log Events Reference Guide

48
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
893 Network TCP Debug DEBUG 7032 Invalid TCP TCP packet received
SACK Option with invalid SACK
Length option length; TCP
packet dropped
894 Network TCP Debug DEBUG 7033 Invalid TCP TCP packet received
MSS Option with invalid MSS
Length option length; TCP
packet dropped
895 Network TCP Debug DEBUG 7034 Invalid TCP TCP packet received
Option Length with invalid option
length; TCP packet
dropped
896 Network TCP Debug DEBUG 7035 Invalid TCP TCP packet received
Source Port with invalid source
port; TCP packet
dropped
897 Firewall Flood Attack INFO 7036 Invalid TCP SYN TCP packet received
Settings Protection Flood Cookie with invalid SYN
Flood cookie; TCP
packet dropped
898 Firewall Flood Attack ALERT 6453 RST-Flooding RST-Flooding
Settings Protection Machine machine %s
Blacklisted blacklisted
899 Firewall Flood Attack WARNING 6454 RST Flood RST Flood Blacklist
Settings Protection Blacklist on IF %s continues
Continues
900 Firewall Flood Attack ALERT 6455 Machine Machine %s
Settings Protection Removed From removed from RST
RST Flood flood blacklist
Blacklist
901 Firewall Flood Attack ALERT 6456 FIN-Flooding FIN-Flooding
Settings Protection Machine machine %s
Blacklisted blacklisted
902 Firewall Flood Attack WARNING 6457 FIN Flood FIN Flood Blacklist
Settings Protection Blacklist on IF %s continues
Continues
903 Firewall Flood Attack ALERT 6458 Machine Machine %s
Settings Protection Removed From removed from FIN
FIN Flood flood blacklist
Blacklist
904 Firewall Flood Attack ALERT 6459 Possible RST Possible RST Flood
Settings Protection Flood on IF %s
905 Firewall Flood Attack ALERT 6460 Possible FIN Possible FIN Flood
Settings Protection Flood on IF %s
906 Firewall Flood Attack ALERT 6461 Possible RST Possible RST Flood
Settings Protection Flood Ceased on IF %s has ceased

SonicOS/X 7.0.1 Log Events Reference Guide

49
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
907 Firewall Flood Attack ALERT 6462 Possible FIN Possible FIN Flood
Settings Protection Flood Ceased on IF %s has ceased
908 Firewall Flood Attack WARNING 6463 Possible RST Possible RST Flood
Settings Protection Flood on IF %s continues
Continues
909 Firewall Flood Attack WARNING 6464 Possible FIN Possible FIN Flood
Settings Protection Flood on IF %s continues
Continues
910 Network IP Debug NOTICE 7037 IP TTL Expire Packet Dropped - IP
TTL expired
911 Network Dynamic Maintenance INFO --- Added Host Added host entry to
Address Objects Entry dynamic address
object
912 Network Dynamic Maintenance INFO --- Removed Host Removed host entry
Address Objects Entry from dynamic
address object
913 VPN VPN IKE User Activity WARNING 9466 Responder: IKE Responder:
Authentication Phase 1
Method Authentication
Mismatch Method does not
match
914 VPN VPN IKE User Activity WARNING 9467 Responder: IKE Responder:
Encryption Phase 1 encryption
Algorithm algorithm does not
Mismatch match
915 VPN VPN IKE User Activity WARNING 9468 Responder: Key IKE Responder:
Length Phase 1 encryption
Mismatch algorithm keylength
does not match
916 VPN VPN IKE User Activity WARNING 9469 Responder: IKE Responder:
Hash Algorithm Phase 1 hash
Mismatch algorithm does not
match
917 VPN VPN IKE User Activity WARNING 9470 Responder: IKE Responder:
Policy Has no Phase 1 XAUTH
User Name required but Policy
has no user name
918 VPN VPN IKE User Activity WARNING 9471 Responder: IKE Responder:
Policy Has no Phase 1 XAUTH
Password required but Policy
has no user
password
919 VPN VPN IKE User Activity WARNING 9472 Responder: DH IKE Responder:
Group Phase 1 DH Group
Mismatch does not match

SonicOS/X 7.0.1 Log Events Reference Guide

50
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
920 VPN VPN IKE User Activity WARNING 9473 Responder: AH IKE Responder: AH
Authentication authentication
Algorithm algorithm does not
Mismatch match
921 VPN VPN IKE User Activity WARNING 9474 Responder: ESP IKE Responder: ESP
Encryption encryption
Algorithm algorithm does not
Mismatch match
922 VPN VPN IKE User Activity WARNING 9475 Responder: ESP IKE Responder: ESP
Authentication authentication
Algorithm algorithm does not
Mismatch match
923 VPN VPN IKE User Activity WARNING 9476 Responder: AH IKE Responder: AH
Authentication authentication key
Key Length length does not
Mismatch match
924 VPN VPN IKE User Activity WARNING 9477 Responder: ESP IKE Responder: ESP
Encryption Key encryption key
Length length does not
Mismatch match
925 VPN VPN IKE User Activity WARNING 9478 Responder: ESP IKE Responder: ESP
Authentication authentication key
Key Length length does not
Mismatch match
926 VPN VPN IKE User Activity WARNING 9479 Responder: AH IKE Responder: AH
Authentication authentication key
Key Rounds rounds does not
Mismatch match
927 VPN VPN IKE User Activity WARNING 9480 Responder: ESP IKE Responder: ESP
Encryption Key encryption key
Rounds rounds does not
Mismatch match
928 VPN VPN IKE User Activity WARNING 9481 Responder: ESP IKE Responder: ESP
Authentication authentication key
Key Rounds rounds does not
Mismatch match
930 VPN VPN IKE User Activity NOTICE 9483 Initiator: Peer IKE Initiator: Remote
Timeout - party Timeout -
Retransmitting Retransmitting IKE
Request.
931 VPN VPN IKE User Activity NOTICE 9484 Responder: IKE Responder:
Peer Timeout - Remote party
Retransmitting Timeout -
Retransmitting IKE
Request.

SonicOS/X 7.0.1 Log Events Reference Guide

51
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
932 VPN VPN IKE User Activity WARNING 9485 Responder: IKE Responder: IPsec
IPsec Protocol protocol mismatch
Mismatch
933 VPN VPN IKE User Activity WARNING 9486 Initiator: IKE Initiator:
Proposed IKE Proposed IKE ID
ID Mismatch mismatch
934 VPN VPN IKE User Activity WARNING 9487 Responder: IKE Responder:
Local Network Peer's local network
Mismatch does not match VPN
Peer's Policy's [Destination
Destination ]
Network
935 VPN VPN IKE User Activity WARNING 9488 Responder: IKE Responder:
Destination Peer's destination
Network network does not
Mismatch match VPN Policy's
Peer's Local [Local Network]
Network
936 VPN VPN IKE User Activity WARNING 9489 Responder: IKE Responder:
Route Table Route table
Overrides VPN overrides VPN Policy
Policy
937 VPN VPN IKE User Activity WARNING 9490 Initiator: IKE IKE Initiator: IKE
Proposal proposal does not
Mismatch match (Phase 1)
938 VPN VPN IKEv2 User Activity INFO 9491 Initiator: Send IKEv2 Initiator: Send
IKE_SA_INIT IKE_SA_INIT Request
Request
939 VPN VPN IKEv2 User Activity INFO 9492 Responder: IKEv2 Responder:
Received Received
IKE_SA_INIT IKE_SA_INIT Request
Request
940 VPN VPN IKEv2 User Activity INFO 9493 Initiator: Send IKEv2 Initiator: Send
IKE_AUTH IKE_AUTH Request
Request
941 VPN VPN IKEv2 User Activity INFO 9494 Responder: IKEv2 Responder:
Received Received IKE_AUTH
IKE_AUTH Request
Request
942 VPN VPN IKEv2 User Activity INFO 9495 Authentication IKEv2 Authentication
Successful successful
943 VPN VPN IKEv2 User Activity INFO 9496 Accept IKE SA IKEv2 Accept IKE SA
Proposal Proposal
944 VPN VPN IKEv2 User Activity INFO 9497 Accept IPsec SA IKEv2 Accept IPsec
Proposal SA Proposal

SonicOS/X 7.0.1 Log Events Reference Guide

52
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
945 VPN VPN IKEv2 User Activity INFO 9498 Initiator: Send IKEv2 Initiator: Send
CREATE_CHILD CREATE_CHILD_SA
_SA Request Request
946 VPN VPN IKEv2 User Activity INFO 9499 Responder: IKEv2 Responder:
Received Received
CREATE_CHILD CREATE_CHILD_SA
_SA Request Request
947 VPN VPN IKEv2 User Activity INFO 9500 Send Delete IKE IKEv2 Send delete
SA Request IKE SA Request
948 VPN VPN IKEv2 User Activity INFO 9501 Received IKEv2 Received
Delete IKE SA delete IKE SA
Request Request
949 VPN VPN IKEv2 User Activity INFO 9502 Send Delete IKEv2 Send delete
IPsec SA IPsec SA Request
Request
950 VPN VPN IKEv2 User Activity INFO 9503 Received IKEv2 Received
Delete IPsec SA delete IPsec SA
Request Request
951 VPN VPN IKEv2 User Activity INFO 9504 Responder: IKEv2 Responder:
Destination Peer's destination
Network network does not
Mismatch match VPN Policy's
Peer's Local [Local Network]
Network
952 VPN VPN IKEv2 User Activity INFO 9505 Responder: IKEv2 Responder:
Peer Local Peer's local network
Network does not match VPN
Mismatch Policy's [Destination
Peer's Network]
Destination
Network
953 VPN VPN IKEv2 User Activity WARNING 9506 Payload IKEv2 Payload
Processing processing error
Error
954 VPN VPN IKEv2 User Activity WARNING 9507 Initiator: Extra IKEv2 Initiator:
Payloads Negotiations failed.
Present Extra payloads
present.
955 VPN VPN IKEv2 User Activity WARNING 9508 Initiator: IKEv2 Initiator:
Missing Negotiations failed.
Required Missing required
Payloads payloads.
956 VPN VPN IKEv2 User Activity WARNING 9509 Initiator: IKEv2 Initiator:
Invalid Input Negotiations failed.
State Invalid input state.

SonicOS/X 7.0.1 Log Events Reference Guide

53
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
957 VPN VPN IKEv2 User Activity WARNING 9510 Initiator: IKEv2 Initiator:
Invalid Output Negotiations failed.
State Invalid output state.
958 VPN VPN IKEv2 User Activity WARNING 9511 Payload IKEv2 Payload
Validation validation failed.
Failed
959 VPN VPN IKEv2 User Activity WARNING 9512 Unable to Find IKEv2 Unable to find
IKE SA IKE SA
960 VPN VPN IKEv2 User Activity WARNING 9513 Decrypt Packet IKEv2 Decrypt
Failed packet failed
961 VPN VPN IKEv2 User Activity WARNING 9514 Out of Memory IKEv2 Out of
memory
962 VPN VPN IKEv2 User Activity NOTICE --- Responder: IKEv2 Responder:
Policy for Policy for remote IKE
Remote IKE ID ID not found
Not Found
963 VPN VPN IKEv2 User Activity WARNING 9515 Process IKEv2 Process
Message Message queue
Queue Failed failed
964 VPN VPN IKEv2 User Activity WARNING 9516 Invalid State IKEv2 Invalid state
965 VPN VPN IKE System Error WARNING --- IKE Responder: IKE Responder:
No VPN Access Client Policy has no
Networks VPN Access
Assigned Networks assigned.
Check Configuration.
966 VPN VPN IKEv2 User Activity WARNING 9517 Invalid SPI Size IKEv2 Invalid SPI size
967 VPN VPN IKEv2 User Activity WARNING 9518 VPN Policy Not IKEv2 VPN Policy not
Found found
968 VPN VPN IKEv2 User Activity WARNING 9519 IPsec Proposal IKEv2 IPsec proposal
Mismatch does not match
969 VPN VPN IKEv2 User Activity WARNING 9520 IPsec Attribute IKEv2 IPsec attribute
Not Found not found
970 VPN VPN IKEv2 User Activity WARNING 9521 IKE Attribute IKEv2 IKE attribute
Not Found not found
971 VPN VPN IKEv2 User Activity WARNING 9522 Peer Not IKEv2 Peer is not
Responding responding.
Negotiation aborted.
972 VPN VPN IKEv2 User Activity INFO 9523 Initiator: IKEv2 Initiator:
Retransmit Remote party
IKEv2 Request Timeout -
Due to Remote Retransmitting IKEv2
Party Timeout Request.

SonicOS/X 7.0.1 Log Events Reference Guide

54
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
973 VPN VPN IKEv2 User Activity INFO 9524 Initiator: IKEv2 Initiator:
Received Received
IKE_SA_INT IKE_SA_INT
Response response
974 VPN VPN IKEv2 User Activity INFO 9525 Initiator: IKEv2 Initiator:
Received Received IKE_AUTH
IKE_AUTH response
Response
975 VPN VPN IKEv2 User Activity INFO 9526 Initiator: IKEv2 Initiator:
Received Received
CREATE_CHILD CREATE_CHILD_SA
_SA Response response
976 VPN VPN IKEv2 User Activity INFO --- Responder: IKEv2 Responder:
Send Send IKE_SA_INIT
IKE_SA_INIT response
Response
977 VPN VPN IKEv2 User Activity INFO --- Responder: IKEv2 Responder:
Send IKE_AUTH Send IKE_AUTH
response response
978 VPN VPN IKEv2 User Activity INFO 9527 Negotiation IKEv2 negotiation
Completed complete
979 VPN VPN IKEv2 User Activity ERROR 9528 Failed to IKEv2 Function
Transmit sendto() failed to
Packet transmit packet.
980 VPN VPN IKEv2 User Activity WARNING 9529 Initiator: IKEv2 Initiator:
Proposed IKE Proposed IKE ID
ID Mismatch mismatch
981 VPN VPN IKEv2 User Activity WARNING 9530 IKE Proposal IKEv2 IKE proposal
Mismatch does not match
982 VPN VPN IKEv2 User Activity INFO 9531 Received Notify IKEv2 Received
Status Payload notify status payload
983 VPN VPN IKEv2 User Activity WARNING 9532 Received Notify IKEv2 Received
Error Payload notify error payload
984 VPN VPN IKEv2 User Activity INFO 9533 No NAT Device IKEv2 No NAT device
Detected detected between
negotiating peers
985 VPN VPN IKEv2 User Activity INFO 9534 NAT Device IKEv2 NAT device
Detected detected between
Between negotiating peers
Negotiating
Peers
986 Users Authentication User Activity INFO 4256 Not Allowed by User login denied -
Access Policy Rule not allowed by
Policy rule
987 Users Authentication User Activity INFO 4257 Not Found User login denied -
Access Locally not found locally

SonicOS/X 7.0.1 Log Events Reference Guide

55
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
988 Users SSO Agent User Activity WARNING 12601 Timeout User login denied -
Authentication SSO agent Timeout
989 Users SSO Agent User Activity WARNING 12602 Configuration User login denied -
Authentication Error SSO agent
configuration error
990 Users SSO Agent User Activity WARNING 12603 Communicatio User login denied -
Authentication n Problem SSO agent
communication
problem
991 Users SSO Agent User Activity WARNING 12604 Name User login denied -
Authentication Resolution SSO agent name
Failed resolution failed
992 Users SSO Agent User Activity WARNING 12605 User Name Too SSO agent returned
Authentication Long user name too long
993 Users SSO Agent User Activity WARNING 12606 Domain Name SSO agent returned
Authentication Too Long domain name too
long
994 Users Authentication User Activity INFO 4258 Configuration Configuration mode
Access Mode administration
Administration session started
Session Started
995 Users Authentication User Activity INFO 4259 Configuration Configuration mode
Access Mode administration
Administration session ended
Session Ended
996 Users Authentication User Activity INFO 4260 Read-only Read-only mode GUI
Access Mode GUI administration
Administration session started
Session Started
997 Users Authentication User Activity INFO 4261 Non-Config Non-config mode
Access Mode GUI GUI administration
Administration session started
Session Started
998 Users Authentication User Activity INFO 4262 GUI GUI administration
Access Administration session ended
Session End
999 Firewall SSL Control Blocked Sites INFO 7247 Website Found SSL Control: Website
Settings in Blacklist found in blacklist
1000 Firewall SSL Control Blocked Sites INFO 7248 Website Found SSL Control: Website
Settings in Whitelist found in whitelist
1001 Firewall SSL Control Blocked Sites INFO --- Weak SSL SSL Control: Weak
Settings Version SSL Version being
used
1002 Firewall SSL Control Blocked Sites INFO 7250 Certificate SSL Control:
Settings With Invalid Certificate with
Date invalid date

SonicOS/X 7.0.1 Log Events Reference Guide

56
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1003 Firewall SSL Control Blocked Sites INFO 7251 Self-Signed SSL Control:
Settings Certificate Self-signed
certificate
1004 Firewall SSL Control Blocked Sites INFO 7252 Weak Cipher SSL Control: Weak
Settings Being Used cipher being used
1005 Firewall SSL Control Blocked Sites INFO 7253 Untrusted CA SSL Control:
Settings Untrusted CA
1006 Firewall SSL Control Blocked Sites INFO 7254 Certificate SSL Control:
Settings Chain Certificate chain not
Incomplete complete
1008 Users Authentication User Activity INFO --- Logout User logged out -
Access Detected by logout detected by
SSO SSO
1009 Users Radius System Error ERROR 4263 Bind to LDAP Bind to LDAP server
Authentication Server Failed failed
1010 Users Radius System Error ALERT 4264 Using LDAP Using LDAP without
Authentication Without TLS TLS - highly insecure
1011 Users Radius System Error WARNING 4265 Non-Administr LDAP using
Authentication ative Attempt non-administrative
to Change account - VPN client
Password user will not be able
to change passwords
1012 VPN VPN IKEv2 User Activity INFO 9535 Responder: IKEv2 Responder:
Send Send
CREATE_CHILD CREATE_CHILD_SA
_SA Response response
1013 VPN VPN IKEv2 User Activity INFO 9536 Send Delete IKE IKEv2 Send delete
SA Response IKE SA response
1014 VPN VPN IKEv2 User Activity INFO 9537 Send Delete IKEv2 Send delete
IPsec SA IPsec SA response
Response
1015 VPN VPN IKEv2 User Activity INFO 9538 Received IKEv2 Received
Delete IKE SA delete IKE SA
Response response
1016 VPN VPN IKEv2 User Activity INFO 9539 Received IKEv2 Received
Delete IPsec SA delete IPsec SA
Response response
1017 WWAN General System INFO 5422 WWAN Device WWAN %s device
Modem Environment Detected detected
1018 Network PPP --- INFO 11408 PPP Message PPP message: %s
1026 WWAN General User Activity ALERT 7642 Data Usage WWAN: %s.
Modem Watermark
Reached

SonicOS/X 7.0.1 Log Events Reference Guide

57
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1027 WWAN General User Activity ALERT 7643 Data Usage WWAN: data usage
Modem Limit Reached limit reached for the
'%s' billing cycle.
Disconnecting the
session.
1029 Network TCP Debug DEBUG 7038 Non-Permitted TCP packet received
Option TCP with non-permitted
Packet option; TCP packet
dropped
1030 Network TCP Debug DEBUG 7039 Invalid TCP TCP packet received
Window Scale with invalid Window
Option Length Scale option length;
TCP packet dropped
1031 Network TCP Debug DEBUG 7040 Invalid TCP TCP packet received
Window Scale with invalid Window
Option Value Scale option value;
TCP packet dropped
1033 Users Authentication User Activity WARNING --- Group Problem occurred
Access Membership during user group
Retrieval Failed membership
retrieval
1035 Users Authentication User Activity INFO --- Password User login denied -
Access Expire password expired
1036 VPN VPN IKE User Activity WARNING --- Responder: IKE IKE Responder: IKE
Phase 1 Phase 1 exchange
Exchange does not match
Mismatch
1040 Network DHCP Server --- ALERT 5240 DHCP Server IP DHCP Server: IP
Conflict conflict detected
Detected
1041 Network DHCP Server --- NOTICE 5241 DHCP Server DHCP Server:
Received DHCP Received DHCP
Decline decline from client
1043 System Hardware --- ERROR 5425 Power Supply Power supply
Without without redundancy
Redundancy
1044 High State --- INFO --- Discover HA Discovered HA %s
Availability Firewall Firewall
1046 System Restart --- INFO --- Diagnostic Diagnostic
Auto-Restart Auto-restart
Canceled canceled
1047 System Restart --- INFO --- Diagnostic As per Diagnostic
Auto-Restart Auto-restart
configuration
Request, restarting
system

SonicOS/X 7.0.1 Log Events Reference Guide

58
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1048 Users Authentication --- INFO --- Password User login denied -
Access doesn't meet password doesn't
constraints meet constraints
1049 System Settings --- INFO --- System Setting System Setting
Imported Imported
1050 VPN VPN IPsec User Activity INFO --- VPN Policy VPN policy %s is
Added added
1051 VPN VPN IPsec User Activity INFO --- VPN Policy VPN policy %s is
Deleted deleted
1052 VPN VPN IPsec User Activity INFO --- VPN Policy VPN policy %s is
Modified modified
1055 WWAN General --- ALERT 5420 WWAN: No WWAN: No SIM
Modem SIM Detected detected
1058 High State --- INFO --- Primary Primary firewall
Availability Firewall Reboot rebooting itself as it
from Active to transitioned from
Standby Active to Standby
while Preempt
1059 High State --- INFO --- Secondary Secondary firewall
Availability Firewall Reboot rebooting itself as it
from Active to transitioned from
Standby Active to Standby
while Preempt
1060 Security Crypto Test --- ERROR --- DRNG KAT Test Crypto SHA1 based
Services Failed DRNG KAT test failed
1065 System Settings Maintenance INFO --- Remote Backup Successfully sent %s
Succeeded file to remote
backup server
1066 System Settings Maintenance ALERT --- Remote Backup Failed to send file to
Failed remote backup
server, Error: %s
1068 Network DHCP Server --- WARNING --- Multiple DHCP Multiple DHCP
Servers Servers are detected
Detected on network
1070 Network DNS --- INFO --- Invalid DNS Invalid DNS Server
Server will not be accepted
by the dynamic
client
1071 Network DHCP Server --- INFO --- DHCP Server DHCP Server sanity
Sanity Check check passed %s
Pass
1072 Network DHCP Server --- CRITICAL --- DHCP Server DHCP Server sanity
Sanity Check check failed %s
Failed
1073 Users SSO Agent User Activity WARNING --- Agent Error SSO agent returned
Authentication error

SonicOS/X 7.0.1 Log Events Reference Guide

59
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1074 Network L2TP Client --- INFO --- Tunnel L2TP Tunnel
Negotiation Negotiation %s
1075 Users SSO Agent User Activity ALERT --- Agent Down SSO agent is down
Authentication
1076 Users SSO Agent User Activity ALERT --- Agent Up SSO agent is up
Authentication
1077 Wireless SonicPoint/Soni --- INFO 13601 SonicPoint/Son %s Status
cWave icWave Status
1078 Wireless SonicPoint/Soni --- INFO 13602 SonicPoint/Son %s Provision
cWave icWave
Provision
1079 SSL VPN General --- INFO --- SSL VPN %s
1080 Users Authentication --- INFO --- Successful SSL SSL VPN zone
Access VPN User Login remote user login
allowed
1081 Firewall SSL Control Blocked Sites INFO --- Certificate SSL Control:
Settings Blocked Weak Certificate with
Digest Weak Digest
Signature Algorithm
1082 Anti-Spam Probe --- WARNING 13801 Entity %s is operational.
Operational
1083 Anti-Spam Probe --- WARNING 13802 Entity %s is unavailable.
Unreachable
1084 Anti-Spam General --- NOTICE 13803 Service Enable Anti-Spam service is
enabled by
administrator.
1085 Anti-Spam General --- NOTICE 13804 Service Disable Anti-Spam service is
disabled by
administrator.
1086 Anti-Spam General --- WARNING 13805 Service Your Anti-Spam
Subscription Service subscription
Expire has expired.
1087 Anti-Spam E-mail --- WARNING 13806 SMTP SMTP connection
Connection limit is reached.
Expire Connection is
dropped.
1088 Anti-Spam General --- WARNING 13807 Startup Failure Anti-Spam Startup
Failure - %s
1089 Anti-Spam General --- WARNING 13808 Teardown Anti-Spam Teardown
Failure Failure - %s
1090 Network DHCP Server --- NOTICE --- DHCP Message DHCP Server:
From Received DHCP
Untrusted message from
Relay Agent untrusted relay
agent

SonicOS/X 7.0.1 Log Events Reference Guide

60
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1091 Anti-Spam GRID --- NOTICE 13809 Outbound Outbound
Connection connection to
Drop GRID-listed SMTP
server dropped
1092 Anti-Spam GRID --- NOTICE 13810 Inbound Inbound connection
Connection from GRID-listed
Drop SMTP server
dropped
1093 Anti-Spam GRID --- NOTICE 13811 SMTP Server SMTP server found
Found on on Reject List
Reject List
1094 Anti-Spam GRID --- ERROR 13812 No Valid DNS No valid DNS server
Server specified for GRID
lookups
1095 Anti-Spam E-mail --- INFO 13813 Unprocessed Unprocessed E-mail
E-mail From received from MTA
MTA on Inbound SMTP
port
1097 VPN VPN PKI --- NOTICE --- SCEP Client SCEP Client: %s
1098 Network DNS --- ALERT 6465 DNS Rebind Possible DNS rebind
Attack attack detected
Detected
1099 Network DNS --- ALERT 6466 DNS Rebind DNS rebind attack
Attack Blocked blocked
1100 Network Network --- ALERT 14001 Policy Status is Network Monitor:
Monitor Up Policy %s status is
UP
1101 Network Network --- ALERT 14002 Policy Status is Network Monitor:
Monitor Down Policy %s status is
DOWN
1102 Network Network --- ALERT 14003 Policy Status is Network Monitor:
Monitor Unknown Policy %s status is
UNKNOWN
1103 Network Network --- ALERT 14004 Host Status is Network Monitor:
Monitor Unknown Host %s status is
UNKNOWN
1104 Network Network --- INFO --- Policy Added Network Monitor
Monitor Policy %s Added
1105 Network Network --- INFO --- Policy Deleted Network Monitor
Monitor Policy %s Deleted
1106 Network Network --- INFO --- Policy Modified Network Monitor
Monitor Policy %s Modified
1107 System Status System Error ALERT --- System Alert %s

SonicOS/X 7.0.1 Log Events Reference Guide

61
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1108 Anti-Spam E-mail --- NOTICE --- E-mail Message Message blocked by
Blocked Real-Time E-mail
Scanner
1109 VPN VPN PKI --- INFO --- CSR Generation CSR Generation: %s
1110 Network DHCP Server --- INFO --- Assigned IP Assigned IP address
Address %s
1111 Network DHCP Server --- INFO --- Released IP Released IP address
Address %s
1112 Firewall FTP --- DEBUG --- FTP Server Ftp server accepted
Settings Accepted the connection
Connection
1113 Firewall FTP --- DEBUG --- FTP Client Ftp client user name
Settings Username Sent was sent
1114 Firewall FTP --- DEBUG --- FTP Client User Ftp client user
Settings Login logged in
successfully
1115 Firewall FTP --- DEBUG --- FTP Client User Ftp client user
Settings Login Failed logged in failed
1116 Firewall FTP --- DEBUG --- FTP Client User Ftp client user
Settings Logout logged out
1117 Users Authentication User Activity WARNING --- SSO Probe User login denied -
Access Failed SSO probe failed
1118 Users Authentication User Activity INFO --- SMTP Server User login denied -
Access Not Configured Mail
Address(From/to) or
SMTP Server is not
configured
1119 Users Authentication User Activity INFO --- RADIUS User RADIUS user cannot
Access Cannot Use use One Time
One Time Password - no mail
Password address set for
equivalent local user
1120 Users Authentication User Activity WARNING --- TSA Timeout User login denied -
Access Terminal Services
agent Timeout
1121 Users Authentication User Activity WARNING --- TSA Name User login denied -
Access Resolution Terminal Services
Failed agent name
resolution failed
1122 Users Authentication User Activity WARNING --- No Name User login denied -
Access Received from No name received
TSA from Terminal
Services agent

SonicOS/X 7.0.1 Log Events Reference Guide

62
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1123 Users Authentication User Activity WARNING --- TSA User login denied -
Access Communicatio Terminal Services
n Problem agent
communication
problem
1124 Users Authentication User Activity INFO --- TSA User User logged out -
Access logout logout reported by
Terminal Services
agent
1125 High General User Activity INFO --- Dial Up Device High Availability has
Availability Unsupported in been enabled,
HA Dial-Up device(s) are
not supported in
High Availability
processing.
1126 High Monitoring User Activity ERROR --- Bad Monitoring The High Availability
Availability IP monitoring IP
configuration of
Interface %s is
incorrect.
1127 VPN VPN IKE User Activity WARNING --- IPsec Tunnel IKE Responder: ESP
Mode mode mismatch
Mismatch Local - Tunnel
Remote - Transport
1128 VPN VPN IKE User Activity WARNING --- IPsec Transport IKE Responder: ESP
Mode mode mismatch
Mismatch Local - Transport
Remote - Tunnel
1131 Anti-Spam Probe --- DEBUG --- Anti-Spam Probe Response
Probe Success - %s
Response
Success
1132 Anti-Spam Probe --- DEBUG --- Anti-Spam Probe Response
Probe Failure - %s
Response
Failure
1133 Network PPPoE --- INFO --- PPPoE %s
Overview
1134 Network PPTP Maintenance INFO --- PPTP Overview %s
1135 Network L2TP Client Maintenance INFO --- L2TP Overview %s
1138 Anti-Spam GRID --- DEBUG --- Anti-Spam Received
Unauth GRID unauthenticated
Response GRID response
1139 Anti-Spam GRID --- DEBUG --- Anti-Spam Invalid key or serial
Invalid Key in number used for
GRID Response GRID response

SonicOS/X 7.0.1 Log Events Reference Guide

63
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1140 Anti-Spam GRID --- DEBUG --- Anti-Spam Invalid key version
Invalid Key used for GRID
Version in GRID response
Response
1141 Anti-Spam GRID --- DEBUG --- Anti-Spam Host Host IP address not
Not GRID List in GRID List
1142 Anti-Spam General --- DEBUG --- Anti-Spam No No response
Response From received from DNS
DNS Server server
1143 Anti-Spam GRID --- DEBUG --- Anti-Spam Not Not blacklisted as
Blacklisted per configuration
1144 Anti-Spam GRID --- DEBUG --- Anti-Spam Default to not
Default Not blacklisted
Blacklisted
1145 Anti-Spam GRID --- DEBUG --- Anti-Spam Failed to insert entry
Insert Entry into GRID result IP
Failed cached table
1146 Anti-Spam General --- DEBUG --- Anti-Spam Resolved ES Cloud -
Resolved Cloud %s
Address
1147 Anti-Spam General --- DEBUG --- Anti-Spam Updated ES Cloud
Cloud Address Address - %s
Updated
1149 High Cluster --- WARNING --- VRRP Your Active/Active
Availability Expiration Clustering
Message subscription has
expired.
1150 Users SSO Agent User Activity ALERT --- Terminal Terminal Services
Authentication Services Agent agent is down
is Down
1151 Users SSO Agent User Activity ALERT --- Terminal Terminal Services
Authentication Services Agent agent is up
is Up
1152 High Cluster --- ERROR --- VRRP Cluster Active/Active
Availability No license Clustering license is
not activated on the
following cluster
units: %s
1153 SSL VPN General --- INFO --- SSL VPN %s
Session
1154 Security Application --- ALERT 15001 Application Application Control
Services Control Control Detection Alert: %s
Detection Alert

SonicOS/X 7.0.1 Log Events Reference Guide

64
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1155 Security Application --- ALERT 15002 Application Application Control
Services Control Control Prevention Alert: %s
Prevention
Alert
1156 Network DNS --- ERROR --- Syslog/NSM Name Resolution for
Name Syslog or NSM failed.
Resolution
Failure
1157 Users Authentication User Activity INFO --- User Account User account '%s'
Access Expired expired and disabled
1158 Users Authentication User Activity INFO --- User Account User account '%s'
Access Pruned expired and pruned
1159 Security General --- WARNING --- Visualization Received Alert: Your
Services Control Expire Visualization Control
Message subscription has
expired.
1160 System Settings Maintenance DEBUG --- Failed to Ping Attempt to contact
Remote Backup Remote backup
Server server for upload
approval failed
1161 System Settings Maintenance DEBUG --- Failed to Backup remote
Upload Remote server did not
Backup Server approve upload
Request
1169 WAN Local WXA --- INFO --- WXA Appliance WAN Acceleration
Acceleratio Appliance Found device %s found
n
1170 WAN Local WXA --- ALERT 16001 WXA Appliance WAN Acceleration
Acceleratio Appliance Operational device %s is
n operational
1171 WAN Local WXA --- ALERT 16002 WXA Appliance WAN Acceleration
Acceleratio Appliance Not device %s is no
n Operational longer operational
1172 WAN Local WXA --- ALERT 16003 WXA Appliance WAN Acceleration
Acceleratio Appliance Used device %s is being
n used
1173 WAN Local WXA --- ALERT 16004 WXA Appliance WAN Acceleration
Acceleratio Appliance Not Used device %s is no
n longer being used
1174 WAN Remote WXA --- WARNING 16005 WXA Appliance Remote WAN
Acceleratio Appliance Not Acceleration device
n Responding stopped responding
to probes

SonicOS/X 7.0.1 Log Events Reference Guide

65
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1175 WAN Remote WXA --- WARNING 16006 WXA Appliance Remote WAN
Acceleratio Appliance Responding Acceleration device
n started responding
to probes
1176 WAN Local WXA --- WARNING 16007 WAN Your WAN
Acceleratio Appliance Acceleration Acceleration Service
n Software subscription has
License Expired expired.
1177 Network DNS Debug NOTICE --- Malformed Malformed DNS
DNS Packet packet detected
1178 Users SSO Agent User Activity ALERT --- High SSO A high percentage of
Authentication Packet Count the system packet
buffers are held
waiting for SSO
1179 Users SSO Agent User Activity ALERT --- High SSO User A user has a very
Authentication Connection high number of
connections waiting
for SSO
1180 Firewall Flood --- ALERT --- DOS Protection DOS protection on
Settings Protection on WAN Begin WAN begins %s
1181 Firewall Flood --- WARNING --- DOS Protection DOS protection on
Settings Protection on WAN WAN %s
In-Progress
1182 Firewall Flood --- ALERT --- DOS Protection DOS protection on
Settings Protection on WAN WAN %s
Stopped
1183 VPN VPN IKE --- DEBUG --- Deleting IPsec Deleting IPsec SA.
SA (Phase 2)
1184 Network DHCP Server --- WARNING --- Invalid Scope Delete invalid scope
Deleted because port IP in
the range of this
DHCP scope.
1189 VPN VPN IKE --- WARNING --- Network IKE Responder:
Mismatched Peer's proposed
network does not
match VPN Policy's
Network
1190 Users Radius --- INFO --- LDAP Mirror Added new LDAP
Authentication Added mirror user group:
%s
1191 Users Radius --- INFO --- LDAP Mirror Deleted LDAP mirror
Authentication Deleted user group: %s
1192 Users Radius --- INFO --- LDAP Mirror Added a new
Authentication Added member to an LDAP
Member mirror user group

SonicOS/X 7.0.1 Log Events Reference Guide

66
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1193 Users Radius --- INFO --- LDAP Mirror Removed a member
Authentication Deleted from an LDAP mirror
Member user group
1194 High Monitoring --- NOTICE --- HA Monitor Monitoring probe
Availability Probe Interface out interface
Mismatched mismatch %s
1195 Security Botnet Filter --- WARNING --- Botnet Filter Received Alert: Your
Services Subscription Firewall Botnet Filter
Expired subscription has
expired.
1196 System Status Maintenance ALERT --- Firewall Limit Product maximum
Reached entries reached - %s
1197 Network NAT --- NOTICE --- Connection NAT Mapping
NAT Mapping
1198 Security Geo-IP Filter --- ALERT --- Geo IP Initiator Initiator from
Services Blocked country blocked: %s
1199 Security Geo-IP Filter --- ALERT --- Geo IP Responder from
Services Responder country blocked: %s
Blocked
1200 Security Botnet Filter --- ALERT --- Botnet Initiator Suspected Botnet
Services Blocked initiator blocked: %s
1201 Security Botnet Filter --- ALERT --- Botnet Suspected Botnet
Services Responder responder blocked:
Blocked %s
1202 Users Authentication User Activity INFO --- User Log Audit %s
Access Trail
1203 Users Authentication User Activity WARNING --- User Log Audit %s
Access Trail Warning
1204 Users Authentication User Activity ERROR --- User Log Audit %s
Access Trail Error
1205 High State System Error INFO --- HA Peer On HA peer firewall,
Availability MultiInterface Interface %s Link Is
Link Up Up
1206 High State System Error INFO --- HA Peer On HA peer firewall,
Availability MultiInterface Interface %s Link Is
Link Down Down
1207 High State Maintenance INFO --- HA Peer Link Peer firewall has
Availability Status Bad for reduced link status.
Failover In event of failover,
it will operate with
limited capability.

SonicOS/X 7.0.1 Log Events Reference Guide

67
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1208 High State Maintenance INFO --- HA Peer Link Peer firewall has
Availability Status Good for equivalent link
Failover status. In event of
failover, it will
operate with equal
capability.
1209 Network MAC-IP Attack ALERT --- MAC-IP MAC-IP Anti-spoof
Anti-Spoof Anti-Spoof check enforced for
Check Enforced hosts
For Hosts
1210 Network MAC-IP Attack ALERT --- MAC-IP MAC-IP Anti-spoof
Anti-Spoof Anti-Spoof cache not found for
Cache Not this router
Found For
Router
1211 Network MAC-IP Attack ALERT --- MAC-IP MAC-IP Anti-spoof
Anti-Spoof Anti-Spoof cache found, but it is
Cache Not not a router
Router
1212 Network MAC-IP Attack ALERT --- MAC-IP MAC-IP Anti-spoof
Anti-Spoof Anti-Spoof cache found, but it is
Cache blacklisted device
Blacklisted
Device
1213 Firewall Flood Attack ALERT --- UDP Flood Possible UDP flood
Settings Protection Detected attack detected
1214 Firewall Flood Attack ALERT --- ICMP Flood Possible ICMP flood
Settings Protection Detected attack detected
1215 VPN DHCP Relay Debug INFO --- Remote: DHCP DHCP INFORM
Inform received from
remote device
1216 VPN VPN IKE --- INFO --- IP Pool of VPN IP Pool of the VPN
Policy is Full Policy is Full
1217 VPN VPN IKE --- DEBUG --- IP Pool of VPN IP Pool of the VPN
Policy Not Policy is Not
Configured Configured
1218 VPN VPN IKE --- INFO --- Mobile IKE MOBIKE: Update
Update Peer Peer Gateway IP
Gateway IP
1219 VPN VPN IKE --- INFO --- IP Address IP Address is
Allocated For allocated for Client
Client
1220 System SNMP --- NOTICE --- Invalid SNMPv3 Invalid SNMP packet
Packet
1221 System SNMP --- NOTICE --- Invalid SNMPv3 Invalid SNMPv3
Engine ID engineID

SonicOS/X 7.0.1 Log Events Reference Guide

68
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1222 System SNMP --- NOTICE --- Invalid SNMPv3 Invalid SNMPv3 User
User
1223 System SNMP --- NOTICE --- Invalid SNMPv3 Invalid SNMPv3 Time
Time Window Window
1225 System SNMP --- DEBUG --- SNMP Packet SNMP Packet
Drop Dropped
1226 Network Network Access --- INFO --- HTTPS HTTPS Handshake:
Handshake %s
1227 Users Authentication User Activity WARNING --- Guest Traffic User Traffic Quota
Access Quota Exceeded
Exceeded
1229 Wireless Wireless Access TCP | UDP | WARNING --- Wireless Packet dropped by
ICMP Advance IDP wireless Advanced
IDP
1230 System Time --- NOTICE --- NTP Update Failed on updating
Failure time from NTP
server
1231 System Time --- NOTICE --- NTP Update Time update from
Successful NTP server was
successful
1232 System Time --- NOTICE --- NTP Request NTP Request sent
Sent
1233 Firewall Multicast Debug NOTICE --- Link-Local/Mult Unhandled link-local
Settings icast IPv6 or multicast IPv6
Packet packet dropped
1235 Network Network Access --- INFO --- Packet Allowed Packet allowed: %s
1236 Security RBL Filter --- DEBUG --- RBL Received Received Blacklisted
Services Blacklist Directive from - %s
Directive
1237 Security RBL Filter --- DEBUG --- RBL Not Not Blacklisted by
Services Blacklisted by domain - %s
Domain
1238 Security RBL Filter --- DEBUG --- RBL No No DNS response to
Services Response to domain - %s
Domain
1239 Security RBL Filter --- DEBUG --- RBL DNS RBL DNS server
Services Response With responded with
Error Reply error code - %s
Code
1240 VoIP Anomaly --- INFO --- Endpoint %s
Anomaly
Detected
1241 VoIP Anomaly --- INFO --- Endpoint %s
Anomaly
Lockout Started

SonicOS/X 7.0.1 Log Events Reference Guide

69
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1242 VoIP Anomaly --- INFO --- Endpoint %s
Anomaly
Lockout Ended
1243 Users Authentication User Activity INFO --- Sending OTP User login Failed - An
Access Failed error has occurred
while sending your
one-time password
1244 Users Radius --- WARNING --- LDAP Mirror Failed to add an
Authentication User Group LDAP mirror user
Add Failure group
1245 Users Radius --- WARNING --- LDAP Mirror Failed to add a
Authentication User Group member to an LDAP
Member Add mirror user group
Failure
1246 Users Radius --- WARNING --- LDAP User An LDAP user group
Authentication Group Nesting nesting is not being
Not Being mirrored
Mirrored
1252 VPN VPN IKE --- INFO --- IPv6 IPsec IPv6 VPN only
Tunnel Mode support IKEv2 mode
Mismatch
1253 Network IPv6 Tunneling --- NOTICE --- IPv6 Tunnel IPv6 Tunnel packet
Dropped dropped
1254 Network ICMP --- INFO --- LAN ICMPv6 ICMPv6 packet from
Deny LAN dropped
1255 Network ICMP --- INFO --- LAN ICMPv6 ICMPv6 packet from
Allow LAN allowed
1256 Network ICMP --- INFO --- ICMPv6 Allow ICMPv6 packet
allowed
1257 Network ICMP --- INFO --- ICMPv6 ICMPv6 packet
Packets dropped due to
Dropped policy
1259 Network DHCPv6 Server --- WARNING --- DHCPv6 Lease DHCPv6 lease file in
File Corrupt the storage is
corrupted; read
failed
1260 Network DHCPv6 Server --- WARNING --- Failed To Write Failed to write
DHCPv6 Leases DHCPv6 leases to
to Storage storage
1261 Network DHCPv6 Server --- INFO --- DHCPv6 Leases DHCPv6 leases
Written to written to storage
Storage
1263 System AppFlow Maintenance INFO --- AppFlow AppFlow Server
Server Event

SonicOS/X 7.0.1 Log Events Reference Guide

70
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1264 WAN Remote WXA --- WARNING --- WXA WLAN HTTP traffic
Acceleratio Appliance Configuration not being sent to
n WXA WebCache;
zone conflict
1265 Wireless SonicPoint --- WARNING --- SonicPoint SonicPoint
Association association request
Post Request to License Manager
Failed failed: %s
1266 Wireless SonicPoint --- INFO --- SonicPoint SonicPoint
Association association posted
Post Request successfully to
Success License Manager
1267 VPN VPN IPsec User Activity DEBUG --- Phase2 Dead %s
Peer Detection
1268 System Settings --- NOTICE --- Firmware Firmware Update
Update Failed Failed
1269 System Settings --- NOTICE --- Firmware Firmware Update
Update Succeeded %s
Succeeded
1270 Security Crypto Test Maintenance INFO --- DH Test Crypto DH test
Services Success success
1271 Security Crypto Test Maintenance INFO --- HMAC-MD5 Crypto Hmac-MD5
Services Test Success test success
1272 Security Crypto Test Maintenance INFO --- Hardware DES Crypto hardware
Services Test Success DES test success
1274 Security Crypto Test --- INFO --- DRNG KAT Test Crypto SHA1 based
Services Success DRNG KAT test
success
1275 Security Crypto Test Maintenance INFO --- HMAC-SHA1 Crypto Hmac-Sha1
Services Test Success test success
1276 Security Crypto Test Maintenance INFO --- Hardware 3DES Crypto hardware
Services Test Success 3DES test success
1277 Security Crypto Test Maintenance INFO --- DES Test Crypto DES test
Services Success success
1278 Security Crypto Test Maintenance ERROR --- AES CBC Test Crypto AES CBC test
Services Failed failed
1279 Security Crypto Test Maintenance INFO --- AES CBC Test Crypto AES CBC test
Services Success success
1280 Security Crypto Test Maintenance INFO --- DRBG Test Crypto DRBG test
Services Success success
1281 Security Crypto Test Maintenance ERROR --- DRBG Test Crypto DRBG test
Services Failed failed
1282 Security Crypto Test Maintenance INFO --- HMAC-SHA256 Crypto
Services Test Success Hmac-Sha256 test
success

SonicOS/X 7.0.1 Log Events Reference Guide

71
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1283 Security Crypto Test Maintenance ERROR --- HMAC-SHA256 Crypto
Services Test Failed Hmac-Sha256 test
failed
1284 Security Crypto Test Maintenance INFO --- RSA Test Crypto RSA test
Services Success success
1285 Security Crypto Test Maintenance INFO --- SHA1 Test Crypto Sha1 test
Services Success success
1286 Security Crypto Test Maintenance INFO --- SHA256 Test Crypto Sha256 test
Services Success success
1287 Security Crypto Test Maintenance ERROR --- SHA256 Test Crypto Sha256 test
Services Failed failed
1288 Security Crypto Test Maintenance INFO --- Hardware AES Crypto hardware
Services Test Success AES test success
1289 Security Crypto Test Maintenance INFO --- Hardware Crypto hardware
Services DES-SHA Test DES with SHA test
Success success
1290 Security Crypto Test Maintenance INFO --- Hardware Crypto hardware
Services 3DES-SHA Test 3DES with SHA test
Success success
1299 Security Crypto Test Maintenance ALERT --- Self Test Passed Ndpp SelfTest
Services write/read
encrypt/decrypt
successsfully
1300 Security Crypto Test Maintenance ALERT --- Self Test Failed Ndpp SelfTest
Services write/read
encrypt/decrypt
failure
1301 Network IP Debug ALERT --- IPv6 Packet Source or
Dropped With Destination IPv6
Reserved IP address is reserved
by RFC 4291. Packet
is dropped
1302 Network IP Debug ALERT --- IPv6 Packet Destination IPv6
Dropped With address is
Unspecified unspecified. Packet
Destination IP is dropped
1303 Network IP Debug ALERT --- IPv6 Packet Source IPv6 address
Dropped With is unspecified but
Unspecified this packet is not
Source IP Neighbor
Solicitation message
for DAD. Packet is
dropped
1304 Network Network Access Debug ALERT --- Packet Packet is dropped
Dropped Due due to NDPP rules.
to NDPP Rules

SonicOS/X 7.0.1 Log Events Reference Guide

72
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1305 VPN VPN IKE User Activity WARNING --- IKE Responder: IKE Responder : VPN
No VPN Policy Policy for IKE ID not
found for IKE ID found
1306 VPN VPN IKE User Activity WARNING --- IKE Responder: IKE Responder : VPN
No VPN Policy Policy for gateway
found for address not found
Gateway
1307 VPN VPN IKE User Activity WARNING --- IKE Initiator: IKE Initiator : VPN
No VPN Policy Policy for IKE ID not
found for IKE ID found
1308 VPN VPN IKE User Activity WARNING --- IKE Initiator: IKE Initiator : VPN
No VPN Policy Policy for gateway
found for address not found
Gateway
1309 High General --- WARNING --- HA Association HA association
Availability Posted Failed request to License
Manager failed: %s
1310 High General --- INFO --- HA Association HA association
Availability Posted Success posted successfully
to License Manager
1311 Network DHCP Server --- NOTICE --- DHCP DHCP Server:
Resources of Resources of this
this Pool Ran pool ran out. Client
Out Info: %s
1312 VPN VPN IKEv2 --- INFO --- IP Version of IKEv2: Peer's IP
Traffic Selector Version of Traffic
Mismatch Selector does not
match with ours
1313 Network NAT Policy --- INFO --- NAT Policy Add NAT policy added
1314 Network NAT Policy --- INFO --- NAT Policy NAT policy modified
Modify
1315 Network NAT Policy --- INFO --- NAT Policy NAT policy deleted
Delete
1316 Network ARP --- ALERT --- ARP Attack Possible ARP attack
Detected from MAC address
%s
1324 VPN VPN IKEv2 User Activity INFO --- Received Dead IKEv2 Received Dead
Peer Detection Peer Detection
Request Request
1325 VPN VPN IKEv2 User Activity INFO --- Received Dead IKEv2 Received Dead
Peer Detection Peer Detection
Response Response
1326 VPN VPN IKEv2 User Activity INFO --- Send Dead IKEv2 Send Dead
Peer Detection Peer Detection
Request Request

SonicOS/X 7.0.1 Log Events Reference Guide

73
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1327 VPN VPN IKEv2 User Activity INFO --- Send Dead IKEv2 Send Dead
Peer Detection Peer Detection
Response Response
1328 VPN VPN IKEv2 User Activity INFO --- Send Invalid SPI IKEv2 Send Invalid
Request SPI Request
1329 VPN VPN IKEv2 User Activity INFO --- Received IKEv2 Received
Invalid SPI Invalid SPI Request
Request
1330 VPN VPN IKEv2 User Activity INFO --- Send Invalid SPI IKEv2 Send Invalid
Response SPI Response
1331 VPN VPN IKEv2 User Activity INFO --- Received IKEv2 Received
Invalid SPI Invalid SPI Response
Response
1332 System Status Maintenance ALERT --- NDPP Mode NDPP mode is
Change changed to %s
1333 Users Authentication User Activity INFO --- Create a User %s
Access
1334 Users Authentication User Activity INFO --- Edit a User %s
Access
1335 Users Authentication User Activity INFO --- Delete a User %s
Access
1336 System Settings --- INFO --- Change Certification %s
Certification
1337 System Settings --- INFO --- User Password %s
Changed by
Administrators
1338 System Settings --- INFO --- User Change User %s password is
Password changed
1339 System Settings --- INFO --- Change Password rule %s is
Password Rule changed
1340 System Settings --- INFO --- Change User User Inactive
Inactive time timeout is changed
out to %s
1341 Users Authentication User Activity INFO --- Edit Customize %s
Access Login Pages
1342 Users Authentication User Activity INFO --- Edit user Update
Access lockout params administrator/user
lockout params - %s
1343 VPN VPN IPsec User Activity INFO --- VPN Policy VPN Policy %s
Enabled/Disabl
ed
1344 Network Interfaces System Error INFO --- Interface %s
Configure
1345 Security Crypto Test --- INFO --- SHA384 Test Crypto Sha384 test
Services Success success

SonicOS/X 7.0.1 Log Events Reference Guide

74
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1346 Security Crypto Test --- ERROR --- SHA384 Test Crypto Sha384 test
Services Failed failed
1347 Security Crypto Test --- INFO --- SHA512 Test Crypto Sha512 test
Services Success success
1348 Security Crypto Test --- ERROR --- SHA512 Test Crypto Sha512 test
Services Failed failed
1349 Security Crypto Test --- INFO --- Ikev1 Test Crypto Ikev1 test
Services Success success
1350 Security Crypto Test --- ERROR --- Ikev1 Test Crypto Ikev1 test
Services Failed failed
1351 Security Crypto Test --- INFO --- Ikev2 Test Crypto Ikev2 test
Services Success success
1352 Security Crypto Test --- ERROR --- Ikev2 Test Crypto Ikev2 test
Services Failed failed
1353 Security Crypto Test --- INFO --- SSH Test Crypto SSH test
Services Success success
1354 Security Crypto Test --- ERROR --- SSH Test Failed Crypto SSH test
Services failed
1355 Security Crypto Test --- INFO --- SNMP Test Crypto SNMP test
Services Success success
1356 Security Crypto Test --- ERROR --- SNMP Test Crypto SNMP test
Services Failed failed
1357 Security Crypto Test --- INFO --- TLS 1.0/1.1/1.2 Crypto TLS
Services Test Success 1.0/1.1/1.2 test
success
1358 Security Crypto Test --- ERROR --- TLS 1.0/1.1/1.2 Crypto TLS
Services Test Failed 1.0/1.1/1.2 test
failed
1359 Security Crypto Test --- INFO --- HMAC-SHA384 Crypto
Services Test Success Hmac-Sha384 test
success
1360 Security Crypto Test --- ERROR --- HMAC-SHA384 Crypto
Services Test Failed Hmac-Sha384 test
failed
1361 Security Crypto Test --- INFO --- HMAC-SHA512 Crypto
Services Test Success Hmac-Sha512 test
success
1362 Security Crypto Test --- ERROR --- HMAC-SHA512 Crypto
Services Test Failed Hmac-Sha512 test
failed
1363 Wireless WLAN 802.11b ALERT --- WLAN 802.11 Wireless Flood
Management Flood Attack
1364 VPN VPN PKI --- WARNING --- Cert Payload Cert Payload
processing processing failed
failed

SonicOS/X 7.0.1 Log Events Reference Guide

75
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1365 Security DPI-SSL --- NOTICE --- DPI-SSL DPI-SSL: %s
Services Memory Check
1366 Firewall Flood Attack ALERT --- TCP-Flooding TCP-Flooding
Settings Protection Machine machine %s
Blacklisted blacklisted
1367 Firewall Flood Attack WARNING --- TCP Flood TCP Flood Blacklist
Settings Protection Blacklist on IF %s continues
Continues
1368 Firewall Flood Attack ALERT --- Machine Machine %s
Settings Protection Removed From removed from TCP
TCP Flood flood blacklist
Blacklist
1369 Firewall Flood Attack ALERT --- Possible TCP Possible TCP Flood
Settings Protection Flood on IF %s
1370 Firewall Flood Attack ALERT --- Possible TCP Possible TCP Flood
Settings Protection Flood Ceased on IF %s has ceased
1371 Firewall Flood --- WARNING --- Possible TCP Possible TCP Flood
Settings Protection Flood on IF %s continues
Continues
1372 Users Radius --- WARNING --- LDAP Mirroring LDAP mirroring
Authentication Overflow overflow: too many
user groups
1373 Security Attacks Attack ALERT --- IPv6 fragment IPv6 fragment
Services size is less than dropped, invalid
minimum length (<1280 Bytes)
(<1280)
1374 Security Attacks Attack ALERT --- IP Reassembly : IGMP packet
Services Incomplete dropped, incomplete
IGMP fragment fragments
1375 Security Attacks Attack ALERT --- UDP UDP fragment
Services fragmented dropped, exceeds
datagram is too maximum IP
big (>65535) datagram size
(>65535)
1376 Security Attacks Attack ALERT --- Nestea/Teardro Nestea/Teardrop
Services p Attack attack dropped
1377 Anti-Spam General --- ALERT --- SHLO SHLO verification
verification failed with this client
failed IP - %s
1378 Anti-Spam General --- ALERT --- SHLO replay Possible replay
attack attack with this
client IP - %s
1379 WAN Local WXA --- WARNING --- WXA WXA association
Acceleratio Appliance association request to License
n request failed Manager failed: %s

SonicOS/X 7.0.1 Log Events Reference Guide

76
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1380 WAN Local WXA --- INFO --- WXA WXA association
Acceleratio Appliance association posted successfully
n succeeded to License Manager
1381 Security General --- WARNING 15003 Application Received
Services Control App-Control Alert:
Expiration Your Application
Message Control subscription
has expired.
1382 Log Configuration User Activity INFO 5609 Configuration Configuration
Auditing Change succeeded: %s
Succeeded
1383 Log Configuration User Activity INFO 5610 Configuration Configuration failed:
Auditing Change Failed %s
1384 Network TCP Debug DEBUG --- Invalid TCP TCP packet received
Timestamps with invalid
Option Length Timestamps option
length; TCP packet
dropped
1385 Network TCP Debug DEBUG --- TCP Sequence TCP packet received
Number with wrapped
Wrapped sequence number;
TCP packet dropped
1387 Security Attacks Attack ALERT --- TCP Null Flag TCP Null Flag
Services Attack dropped
1388 VPN VPN IPsec Attack DEBUG --- Vpn Decryption IPSec VPN
Failed Decryption Failed
1389 Security Client CF Maintenance INFO --- Client CF Access attempt from
Services Access Without host without Client
Agent CF agent installed
1390 Security Client CF Maintenance INFO --- Client CF Agent Client CF agent
Services Out of Date out-of-date on host
1391 Security General Attack DEBUG --- Raw Data Packet Data
Services
1392 System Restart Maintenance ALERT 5243 SonicOS up SonicOS up:%s
1393 System Restart Maintenance ALERT 5244 SonicOS down SonicOS down:%s
1394 WAN Local WXA --- ERROR --- Startup Failure WXA Startup Failure
Acceleratio Appliance - %s
n
1395 WAN Local WXA --- WARNING --- Get Failure WXA Get Failure - %s
Acceleratio Appliance
n
1396 WAN Local WXA --- NOTICE --- Parse Failure WXA Parse Failure -
Acceleratio Appliance %s
n

SonicOS/X 7.0.1 Log Events Reference Guide

77
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1397 WAN Local WXA --- NOTICE --- Register Failure WXA Register Failure
Acceleratio Appliance - %s
n
1398 WAN Local WXA --- NOTICE --- Unregister WXA Unregister
Acceleratio Appliance Failure Failure - %s
n
1399 WAN Local WXA --- NOTICE --- Probe Failure WXA Probe Failure -
Acceleratio Appliance %s
n
1400 WAN Local WXA --- ALERT --- Create Failure WXA Create Failure -
Acceleratio Appliance %s
n
1401 WAN Local WXA --- WARNING --- Set Failure WXA Set Failure - %s
Acceleratio Appliance
n
1402 WAN Local WXA --- ERROR --- Delete Failure WXA Delete Failure -
Acceleratio Appliance %s
n
1403 WAN Local WXA --- INFO --- Enable Service WXA Enable - %s
Acceleratio Appliance
n
1404 WAN Local WXA --- INFO --- Disable Service WXA Disable - %s
Acceleratio Appliance
n
1405 WAN Local WXA --- WARNING --- Request Failure WXA Request Failure
Acceleratio Appliance - %s
n
1406 Network DHCPv6 Client --- INFO --- General General DHCPv6
DHCPv6 Client Client Information
Info [%s]
1407 Network DHCPv6 Client --- DEBUG --- DHCPv6 Client DHCPv6 Client sent
Send Message message [%s]
1408 Network DHCPv6 Client --- DEBUG --- DHCPv6 Client DHCPv6 Client
Get Message received message
[%s]
1409 Network DHCPv6 Client --- DEBUG --- DHCPv6 Client DHCPv6 Client
DAD Duplicate Address
Detection [%s]
1410 Network DHCPv6 Client --- DEBUG --- DHCPv6 Client DHCPv6 Client
Timeout waiting reply
timeout [%s]
1411 Network DHCPv6 Client --- DEBUG --- DHCPv6 Client Router
Get RA Flags Advertisement flags
[%s]
1412 Network DHCPv6 Client --- INFO --- DHCPv6 Client DHCPv6 Client got a
Get New Lease new lease [%s]

SonicOS/X 7.0.1 Log Events Reference Guide

78
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1413 Network DHCPv6 Client --- INFO --- DHCPv6 Client DHCPv6 Client
Release Lease released lease [%s]
1414 Network DHCPv6 Server --- INFO --- DHCPv6 Server DHCPv6 Server
Assign Lease assigned lease %s
1415 Network DHCPv6 Server --- INFO --- DHCPv6 Server DHCPv6 Server
Release Lease released lease %s
1416 Network DHCPv6 Server --- INFO --- DHCPv6 Server DHCPv6 Server
Receive received DHCPv6
Decline Decline from client
%s
1417 Network DHCPv6 Server --- WARNING --- DHCPv6 Server DHCPv6 Server:
Resources of Resources of this
this Pool Ran pool ran out. Client
Out Info: %s
1418 Network DHCPv6 Server --- INFO --- Add DHCPv6 DHCPv6 Server: Add
Server Scope a new scope (%s)
1419 Network DHCPv6 Server --- INFO --- Delete DHCPv6 DHCPv6 Server:
Server Scope Delete scope (%s)
1420 Network DHCPv6 Server --- DEBUG --- DHCPv6 Server DHCPv6 Server
Get Message received message
(%s)
1421 Network DHCPv6 Server --- DEBUG --- DHCPv6 Server DHCPv6 Server sent
Send Message message (%s)
1422 Network Interfaces --- WARNING --- IPv6 Address IPv6 address conflict
Conflict detected from
Ethernet address %s
1423 Network Interfaces --- WARNING --- Exceed Max Dropped NDP
NDP Size message:%s
1424 Security DPI-SSL --- ALERT 14601 DPI-SSL DPI-SSL Connection:
Services Connection %s
Check
1426 Wireless SonicPoint/Soni --- WARNING 13603 SonicPoint/Son %s unexpected
cWave icWave reboot. Please check
Unexpected whether input
Reboot power is adequate
and ethernet
connection is
secured.
(SonicWave/SonicPo
int AC/NDR requires
802.3at PoE+)
1428 SSL VPN General --- DEBUG --- Not in use %s

SonicOS/X 7.0.1 Log Events Reference Guide

79
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1429 Network IP Debug ALERT --- IPv6 Packet Source or
Dropped With Destination IPv6
Site Local IP address is site-local
unicast address.
Packet is dropped
1430 Network IP Debug INFO --- IPv6 Packet IPv6 Packet with
with Ext extension header
Header received
1431 Network ICMP --- INFO --- ICMPv6 ICMPv6 packet
Packets received
Received
1432 System Settings --- INFO --- Configuration Configuration
Change changed: %s
1433 Network ICMP --- NOTICE --- NDP Packets %s
Dropped
1434 Network Interfaces --- NOTICE --- Group-port Interface %s up
Link Up
1435 Network Interfaces --- ERROR --- Group-port Interface %s down
Link Down
1436 Network NAT Debug DEBUG --- NAT Policy Packet dropped by
Dropped NAT Policy, reason:
Packets %s
1437 Network Default Address --- WARNING --- Delete Default %s
Objects AO Failed
1438 VPN VPN PKI --- INFO --- CA Cert Added CA Certificate %s
Added.
1439 VPN VPN PKI --- NOTICE --- Local Cert Local Certificate %s
Added Added.
1440 VPN VPN PKI --- NOTICE --- CA Cert CA Certificate %s
Deleted Deleted.
1441 VPN VPN PKI --- NOTICE --- Local Cert Local Certificate %s
Deleted Deleted.
1442 System Hardware System ALERT --- USB Over USB Over Current
Environment Current
1443 Firewall Flood Debug WARNING --- Control Plane Control Plane Flood
Settings Protection Flood Protection
Protection Threshold Exceeded:
Threshold %s
Exceeded
1444 High State Maintenance ERROR --- HA Reboot Reboot occured
Availability (Reason :%s)
1445 WAN Local WXA --- WARNING --- Connection WXA Warning - %s
Acceleratio Appliance Exceed
n

SonicOS/X 7.0.1 Log Events Reference Guide

80
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1446 Network DHCP Server --- NOTICE --- Mask 31-Bit Delete invalid scope
Scope Deleted with mask of 31 bits
[%s]
1447 Network UDP UDP NOTICE --- UDPv6 Packets UDPv6 packet
Dropped dropped
1448 Firewall Checksum UDP NOTICE --- UDPv6 UDPv6 checksum
Settings Enforcement Checksum error; packet
Error dropped
1449 Firewall Checksum UDP NOTICE --- ICMPv6 ICMPv6 checksum
Settings Enforcement Checksum error; packet
Error dropped
1450 Firewall Flood Attack ALERT --- UDPv6 Flood Possible UDPv6
Settings Protection Detected flood attack
detected
1451 Firewall Flood Attack ALERT --- ICMPv6 Flood Possible ICMPv6
Settings Protection Detected flood attack
detected
1452 Firewall Flood Attack ALERT --- Half Open TCP Too many half-open
Settings Protection Connection TCP connections
Threshold
Exceeded
1453 Network Switch Network Debug INFO --- Extended %s
Switch Add
1454 Network Switch Network Debug INFO --- Extended %s
Switch Remove
1455 Network Switch Network Debug INFO --- Extended Extended Switch
Switch Port Port Status Change :
Speed Change %s
1456 Network Switch Network Debug INFO --- Extended Extended Switch
Switch Port Port Status Change :
Duplex Mode %s
Change
1457 Network Switch Network Debug INFO --- Extended Extended Switch
Switch Port Port Status Change :
Link Status %s
Change
1458 Network ICMP --- NOTICE --- NDP Packets %s
Received
1459 Security GAV Maintenance NOTICE --- Capture ATP Gateway Anti-Virus
Services File Transfer Status: %s
Attempt
1460 Security GAV Maintenance NOTICE --- Capture ATP Gateway Anti-Virus
Services File Transfer Status: %s
Result
1461 Security Content Filter --- NOTICE --- CFS Notice CFS Notice: %s
Services

SonicOS/X 7.0.1 Log Events Reference Guide

81
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1462 Security GAV --- NOTICE --- AV Gateway Gateway Anti-Virus
Services Inform Inform: %s
1463 Security DPI-SSL Connection INFO --- DPI-SSL DPI-SSL Inspection
Services Traffic Inspection Cleaned-up
Cleaned-up
1471 Security Attacks Attack ALERT --- External IDS External IDS: %s
Services
1472 Log General System Error INFO --- Logs at 75% of Total current log
maximum entries is at 75% of
maximum
1473 Firewall Advanced Debug INFO --- Drop Source IP Source IP is a subnet
Settings Subnet broadcast address
Broadcast
1474 Security Geo-IP Filter --- ALERT --- Custom Geo IP Initiator from
Services Initiator country blocked: %s,
Blocked Source: Custom List
1475 Security Geo-IP Filter --- ALERT --- Custom Geo IP Responder from
Services Responder country blocked: %s,
Blocked Source: Custom List
1476 Security Botnet Filter --- ALERT --- Custom Botnet Suspected Botnet
Services Initiator initiator blocked: %s,
Blocked Source: Custom List
1477 Security Botnet Filter --- ALERT --- Custom Botnet Suspected Botnet
Services Responder responder blocked:
Blocked %s, Source: Custom
List
1478 System Vendor Name Debug INFO --- Vendor Vendor database
Resolution Database downloaded
Download successfully
Success
1479 System Vendor Name Debug INFO --- Vendor Vendor database
Resolution Database download failed
Download
Failed
1480 Network DNS Maintenance INFO --- DNS Resolve Success in DNS
Success resolve
1481 Network DNS Proxy Maintenance INFO --- DNS Proxy Send DNS proxy
Packet Send query
1482 Network DNS Proxy Maintenance INFO --- DNS Proxy Receive DNS proxy
Packet reply
Received
1483 Network DNS Proxy Maintenance INFO --- DNS Proxy DNS respond
Request Acked directly by firewall
by Cache
1484 Network DNS Proxy Maintenance INFO --- DNS Proxy Add Add DNS cache
Cache

SonicOS/X 7.0.1 Log Events Reference Guide

82
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1485 Network DNS Proxy Maintenance INFO --- DNS Proxy Remove DNS cache
Delete Cache
1486 Network DNS Proxy Maintenance NOTICE --- DNS Proxy Drop DNS query
Request Packet packet
Drop
1487 Network DNS Proxy Maintenance NOTICE --- DNS Proxy Drop DNS response
Response packet
Packet Drop
1490 Network Network Access User Activity NOTICE --- HTTP HTTP connection
redirected redirected
1491 Network Network Access User Activity NOTICE --- HTTPS HTTPS connection
redirected redirected
1492 Security Crypto Test Maintenance INFO --- ECDSA Test Crypto ECDSA test
Services Success success
1493 Security Crypto Test Maintenance ERROR --- ECDSA Test Crypto ECDSA test
Services Failed failed
1494 System Settings --- INFO --- System Setting System Setting
Exported Exported
1495 System Status Maintenance INFO --- Firewall was Firewall was
Rebooted by rebooted by setting
Setting Import import at %s
1496 System Status Maintenance INFO --- Firewall was Firewall was
Rebooted by rebooted by %s
Firmware
1497 Network Network Access --- DEBUG --- Packet Packet Dissection
Dissection Check -- %s
Check
1506 Wireless WLAN 802.11b INFO --- BandOver BandOver event
Management Event
1507 Network IPv6 MAC-IP Attack ALERT --- IPv6 MAC-IP IPv6 MAC-IP
Anti-Spoof Anti-Spoof Anti-spoof check
Check Enforced enforced for hosts
For Hosts
1508 Network IPv6 MAC-IP Attack ALERT --- IPv6 MAC-IP IPv6 MAC-IP
Anti-Spoof Anti-Spoof Anti-spoof cache not
Cache Not found for this router
Found For
Router
1509 Network IPv6 MAC-IP Attack ALERT --- IPv6 MAC-IP IPv6 MAC-IP
Anti-Spoof Anti-Spoof Anti-spoof cache
Cache Not found, but it is not a
Router router

SonicOS/X 7.0.1 Log Events Reference Guide

83
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1510 Network IPv6 MAC-IP Attack ALERT --- IPv6 MAC-IP IPv6 MAC-IP
Anti-Spoof Anti-Spoof Anti-spoof cache
Cache found, but it is
Blacklisted blacklisted device
Device
1511 System Cloud Backup --- INFO --- Automatic %s
Cloud Backup
Successful
1512 System Cloud Backup --- INFO --- Automatic %s
Cloud Backup
Failed
1513 System Cloud Backup --- INFO --- Manual Cloud %s
Backup
Successful
1514 System Cloud Backup --- INFO --- Manual Cloud %s
Backup Failed
1515 System Cloud Backup --- INFO --- Delete Cloud %s
Backup
Successful
1516 System Cloud Backup --- INFO --- Delete Cloud %s
Backup Failed
1517 Users Authentication User Activity INFO --- User Name User name invalid
Access Invalid Symbol symbol: %s
1518 Security Botnet Filter --- ALERT --- Botnet Initiator Suspected Botnet
Services Blocked By initiator blocked: %s,
Dynamic List Source: Dynamic List
1519 Security Botnet Filter --- ALERT --- Botnet Suspected Botnet
Services Responder responder blocked:
Blocked By %s, Source: Dynamic
Dynamic List List
1520 System Settings Maintenance INFO --- E-mail SFR Successfully sent SFR
Success file by E-mail
1521 System Settings Maintenance INFO --- E-mail SFR Failed to send SFR
Failed file by E-mail, %s
1522 Wireless SonicPoint/Soni --- INFO --- SonicPoint %s 3G/4G/LTE
cWave 3G/4G/LTE WWAN Status
WWAN Status
1523 VPN VPN PKI --- INFO --- Invalid Invalid certificate is
Certificate imported: %s
Imported
1524 Wireless SonicPoint/Soni --- ALERT --- SonicWave POE %s POE Warning
cWave warning
1525 Wireless SonicPoint/Soni --- WARNING --- SonicWave SonicWave %s
cWave License Expired

SonicOS/X 7.0.1 Log Events Reference Guide

84
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1526 Wireless SonicPoint/Soni --- WARNING --- SonicWave SonicWave %s
cWave License Invalid
1527 Security Crypto Test Maintenance ERROR --- AES GCM Test Crypto AES GCM test
Services Failed failed
1528 Security Crypto Test Maintenance INFO --- AES GCM Test Crypto AES GCM test
Services Success success
1529 Log AWS System Error DEBUG --- AWS Log Failed export of logs
export Failed to AWS: %s
1530 Log AWS System Error DEBUG --- AWS Log Logs successfully
export Success exported to AWS: %s
1531 Log AWS System Error DEBUG --- AWS AWS AddressObject
AddressObject Synchronization: %s
synchronizatio
n
1532 Security DPI-SSH Users ALERT --- DPI-SSH PF DPI SSH Port
Services User Forward Alert: %s
1533 Security DPI-SSH --- INFO --- DPI-SSH DPI-SSH: %s
Services
1534 Security DPI-SSH --- ALERT --- DPI-SSH DPI-SSH Connection:
Services Connection %s
Check
1535 Network DNS Maintenance NOTICE --- Receive DNS Truncated flag is set
Reply With
Truncated Flag
Set
1536 Network DNS Maintenance INFO --- DNS Query Send DNS query
Over TCP Send over TCP
1537 Network DNS Maintenance INFO --- DNS Response Receive DNS
Over TCP response over TCP
Receive
1538 Network DNS Maintenance INFO --- DNS Response DNS response over
Over TCP TCP Timeout
Timeout
1542 Security Crypto Test Maintenance INFO --- DSA Test Crypto DSA test
Services Success success
1543 Security Crypto Test Maintenance ERROR --- DSA Test Failed Crypto DSA test
Services failed
1544 System Storage Module --- WARNING --- Storage %s
Module
Association
Posted Failed
1545 System Storage Module --- INFO --- Storage %s
Module
Association
Posted Success

SonicOS/X 7.0.1 Log Events Reference Guide

85
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1547 VPN VPN IPsec TCP | UDP | INFO --- Fragmented Fragmented IPsec
ICMP IPsec packet DF packet DF bit set
bit set dropped dropped
1549 Network DNS Security Maintenance NOTICE --- Drop DNS Drop DNS Sinkhole
Sinkhole Forged IP Packets
Forged IP
Packets
1550 Network DNS Security Maintenance NOTICE --- Drop Hit DNS Drop Hit DNS
Sinkhole Sinkhole Malicious
Malicious Database Packets
Database
Packets
1551 Wireless WLAN 802.11b INFO --- RSSI Event RSSI event
Management
1552 Users Tacacs User Activity INFO --- User Login User login denied -
Authentication Failed TACACS+
authentication
failure
1553 Users Tacacs User Activity WARNING --- User Login User login denied -
Authentication Timeout TACACS+ server
Timeout
1554 Users Tacacs User Activity WARNING --- User Login User login denied -
Authentication Error TACACS+
configuration error
1555 Users Tacacs User Activity WARNING --- TACACS+ User login denied -
Authentication Communicatio TACACS+
n Problem communication
problem
1556 Users Tacacs User Activity WARNING --- TACACS+ User login denied -
Authentication Server Name TACACS+ server
Resolution name resolution
Failed failed
1557 Users Authentication User Activity INFO --- TACACS+ User TACACS+ user
Access Cannot Use cannot use One Time
One Time Password - no mail
Password address set for
equivalent local user
1558 Log General Debug ERROR --- Log DB Deleted Log DB Deleted due
to data corruption
1559 Security Next-Gen Maintenance INFO --- Next-Gen AV Access attempt from
Services Anti-Virus Access Without host without
Agent Next-Gen Anti-Virus
agent installed
1560 Security Next-Gen Maintenance INFO --- Next-Gen AV Next-Gen Anti-Virus
Services Anti-Virus Agent Out of agent out-of-date on
Date host

SonicOS/X 7.0.1 Log Events Reference Guide

86
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1561 Security Next-Gen Maintenance WARNING --- Next-Gen AV Received Next-Gen
Services Anti-Virus Expire message AV Alert: Your
Network Next-Gen
Anti-Virus
subscription has
expired. %s
1562 Security Next-Gen Maintenance WARNING --- Next-Gen AV Received Next-Gen
Services Anti-Virus Expiration AV Alert: Your
Warning Network Next-Gen
Anti-Virus
subscription will
expire in 7 days. %s
1563 Security DPI-SSL Maintenance INFO --- SSLE Access Access attempt from
Services Enforcement Without Agent host without DPI-SSL
Enforcement agent
installed
1564 Security DPI-SSL Maintenance WARNING --- SSLE Expire Received DPI-SSL
Services Enforcement Message Enforcement Alert:
Your Network
DPI-SSL Enforcement
subscription has
expired. %s
1565 System Settings Maintenance INFO --- FTP Transfer Successfully sent
Success Flow Report file by
FTP
1566 System Settings Maintenance INFO --- FTP Transfer Failed to send Flow
Failed Report file by FTP,
%s
1567 System Settings Maintenance INFO --- E-mail Transfer Successfully sent
Success Flow Report file by
E-mail
1568 System Settings Maintenance INFO --- E-mail Transfer Failed to send Flow
Failed Report file by E-mail,
%s
1569 Network SFP --- INFO --- Multi-Interface %s
SFP Event
1570 Users Authentication Attack ERROR --- User Account %s.
Access Lockout
1571 Users Authentication Attack ERROR --- User Account User %s account is
Access Unlocked unlocked.
1572 Users Authentication Attack ERROR --- User is User login failed
Access currently because the user is
locked out currently locked out.

SonicOS/X 7.0.1 Log Events Reference Guide

87
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1573 Firewall Advanced Debug INFO --- Drop All IPv6 IPv6 packet dropped
Settings Traffic due to IPv6 traffic
processing is
disabled on this
firewall
1574 Firewall Application --- NOTICE --- Filename Filename: %s
Control Logging
1575 Security DPI-SSL --- WARNING --- DPI-SSL Default DPI-SSL Exclusions:
Services Exclusions Couldn't get
DefaultExclusion
definitions from the
cloud
1576 Firewall Advanced Debug INFO --- Drop Record Record routed IP
Settings Route Packet packet dropped
1577 Object Dynamic Maintenance INFO --- Dynamic Added Dynamic
External External External Address
Address Object Address Group Group %s
Added
1578 Object Dynamic Maintenance INFO --- Dynamic Deleted Dynamic
External External External Address
Address Object Address Group Group %s
Deleted
1579 Object Dynamic Maintenance INFO --- Dynamic Edited Dynamic
External External External Address
Address Object Address Group Group %s
Edited
1580 Object Dynamic Maintenance INFO --- Dynamic New file Download
External External for Dynamic External
Address Object Address Group Address Group %s
Download New successful
File Success
1581 Object Dynamic Maintenance INFO --- Dynamic Download for
External External Dynamic External
Address Object Address Group Address Group %s
Download File successful
Success
1582 Object Dynamic Maintenance ALERT --- Dynamic Download Dynamic
External External External Address
Address Object Address Group Group %s failed
Download
Failed
1583 Object Dynamic Maintenance INFO --- Dynamic Flush Dynamic
External External External Address
Address Object Address Group Group %s successful
Flush OK

SonicOS/X 7.0.1 Log Events Reference Guide

88
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1584 Object Dynamic Maintenance INFO --- Dynamic Flush Dynamic
External External External Address
Address Object Address Group Group %s failed
Flush Failed
1585 Users Authentication User Activity INFO --- User Login User login denied -
Access Denied %s
1586 SD-WAN Path Selection --- DEBUG 18001 Path Available SD-WAN PSP: %s
Profiles
1587 SD-WAN Path Selection --- DEBUG 18002 All Paths SD-WAN PSP: %s
Profiles Removed
1588 SD-WAN Path Selection --- DEBUG 18003 Path Added SD-WAN PSP: %s
Profiles
1589 SD-WAN Path Selection --- DEBUG 18004 Path Removed SD-WAN PSP: %s
Profiles
1590 Firewall Advanced Debug INFO --- Internal VLAN %s
Settings Configuration
1591 Network Advanced --- INFO --- NSM Info %s
Routing
1592 Network Advanced --- DEBUG --- NSM Debug %s
Routing
1593 Network DNS Security Maintenance NOTICE --- DNS Tunnel Find DNS tunnel
Attack attack - %s
1594 Network DNS Security Maintenance NOTICE --- Drop DNS Drop DNS Packets
Packets Via Via Suspicious DNS
Suspicious DNS Tunnel - %s
Tunnel
1595 Wireless SonicPoint/Soni --- WARNING --- SonicWave BLE SonicWave %s
cWave warning
1596 Wireless SonicPoint/Soni --- INFO --- SonicWave BLE SonicWave %s
cWave Info
1597 Network POE --- INFO --- POE Overview %s
1598 Wireless WLAN 802.11b INFO --- AutoChannel AutoChannel event
Management Event
1599 Security Content Filter User Activity INFO --- CFS Policy CFS policy added
Services Added
1600 Security Content Filter User Activity INFO --- CFS Policy CFS policy modified
Services Modified
1601 Security Content Filter User Activity INFO --- CFS Policy CFS policy deleted
Services Deleted
1602 System API --- INFO --- Authentication API Auth: %s
1603 System API --- DEBUG --- Fetch Resource API Fetch Resource:
%s
1604 System API --- DEBUG --- Configuration API Configuration:
Change %s

SonicOS/X 7.0.1 Log Events Reference Guide

89
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1605 Log FTP Maintenance INFO --- Send Log to Log successfully sent
FTP via FTP
1606 Log FTP System Error WARNING --- FTP Check Problem sending log
Error on Load via FTP; check FTP
settings
1607 Log FTP System Error WARNING --- FTP Transfer FTP transfer failed :
Failed %s
1608 SD-WAN Performance --- DEBUG 18005 Probe Added Performance Probe
Probes added : %s
1609 SD-WAN Performance --- DEBUG 18006 Probe Deleted Performance Probe
Probes deleted : %s
1610 SD-WAN Performance --- DEBUG 18007 Probe Modified Performance Probe
Probes modified : %s
1611 SD-WAN Performance --- DEBUG 18008 Performance Performance Class
Class Objects Class Object Object added : %s
Added
1612 SD-WAN Performance --- DEBUG 18009 Performance Performance Class
Class Objects Class Object Object deleted : %s
Deleted
1613 SD-WAN Performance --- DEBUG 18010 Performance Performance Class
Class Objects Class Object Object modified : %s
Modified
1615 SD-WAN Path Selection --- DEBUG 18011 PSP Added SD-WAN Path
Profiles Selection Profile
added : %s
1616 SD-WAN Path Selection --- DEBUG 18012 PSP Modified SD-WAN Path
Profiles Selection Profile
modified : %s
1617 SD-WAN Path Selection --- DEBUG 18013 PSP Deleted SD-WAN Path
Profiles Selection Profile
deleted : %s
1618 SD-WAN SD-WAN Route --- DEBUG 18014 Route Added SD-WAN Route
added : %s
1619 SD-WAN SD-WAN Route --- DEBUG 18015 Route Modified SD-WAN Route
modified : %s
1620 SD-WAN SD-WAN Route --- DEBUG 18016 Route Deleted SD-WAN Route
deleted : %s
1621 SD-WAN SD-WAN --- DEBUG 18017 SD-WAN Group SD-WAN Group
Groups Added added %s
1622 SD-WAN SD-WAN --- DEBUG 18018 SD-WAN Group SD-WAN Group
Groups Modified modified %s
1623 SD-WAN SD-WAN --- DEBUG 18019 SD-WAN Group SD-WAN Group
Groups Deleted deleted %s

SonicOS/X 7.0.1 Log Events Reference Guide

90
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1624 SD-WAN SD-WAN --- DEBUG 18020 SD-WAN SD-WAN Group
Groups Interface Member added %s
Added to
Group
1625 SD-WAN SD-WAN --- DEBUG 18021 SD-WAN SD-WAN Group
Groups Interface Member deleted %s
Deleted from
Group
1626 SD-WAN SD-WAN --- DEBUG 18022 SD-WAN Group SD-WAN Group
Groups Member Member modified
Modified %s
1627 Users Authentication User Activity INFO --- User Account User account '%s'
Access Expired due to expired and disabled
inactivity due to inactivity
1628 Network TCP Debug DEBUG --- TCP SYN Packet TCP SYN packet
With Data received with data;
TCP packet dropped
1629 Network TCP Debug DEBUG --- TCP Urgent Flag TCP packet received
or Pointer with Urgent flag or
pointer; TCP packet
dropped
1630 Log E-mail Maintenance INFO --- Email Audit Audit Records from
Records Network Security
Appliance
1631 Security GAV Maintenance NOTICE --- Capture ATP Gateway Anti-Virus
Services Sandbox Status: %s
Verdict
1632 Multi-Insta Instance Status --- NOTICE --- Service %s
nce Stopped
1633 Multi-Insta Instance Status --- INFO --- Service Started %s
nce
1634 Multi-Insta Instance Status --- NOTICE --- Service Deleted %s
nce
1635 Multi-Insta Instance Status --- ERROR --- Service Failed %s
nce
1636 System Settings --- INFO --- Port Port Unreachable
Unreachable received from
Received remote sender
1637 System Settings --- INFO --- Port Port Unreachable
Unreachable from remote sender
Ignored ignored
1638 Wireless SonicPoint/Soni --- INFO --- SonicWave %s
cWave RRM Info
1639 System Cloud Platform --- DEBUG --- Cloud Platform %s
API

SonicOS/X 7.0.1 Log Events Reference Guide

91
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1640 Unified Policy Action NGPE INFO --- Policy Matched Policy Matched %s
Policy
Engine
1641 Unified Policy Action NGPE INFO --- Report Connection Opened
Policy Connection reporting %s
Engine Opened
1642 Unified Policy Action NGPE INFO --- Report Connection Closed
Policy Connection reporting %s
Engine Closed
1643 Multi-Insta Instance Status --- NOTICE --- Service Added %s
nce
1644 Multi-Insta Instance Status --- NOTICE --- Service Edited %s
nce
1645 Security Endpoint Maintenance INFO --- Endpoint Endpoint Security:
Services Security Security Access Access attempt from
Without Agent host without %s
agent installed.
1646 Security Endpoint Maintenance WARNING --- Endpoint Endpoint Security:
Services Security Security %s subscription of
Service Expire your network has
Message expired.
1647 Security Endpoint Maintenance WARNING --- Endpoint Endpoint Security:
Services Security Security %s subscription of
Expiration your network will
Warning expire in 7 days.
1649 Network Switch Network --- INFO --- SonicWall %s
Switch
1650 Users Authentication System Error ALERT --- Recommend Using an old NSM
Access NSM upgrade which compromises
the security of some
functionality on this
firewall. An upgrade
of NSM is
recommended.
1651 Users Authentication System Error ALERT --- NSM NSM wants to use an
Access encryption encryption method
type unknown which this firewall
does not support:
%s

SonicOS/X 7.0.1 Log Events Reference Guide

92
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1652 Users Authentication System Error ALERT --- Recommend Using an old
Access management SonicWall firewall
platform management
upgrade platform which
compromises the
security of some
functionality on this
firewall. An upgrade
of the platform is
recommended.
1653 Users Authentication System Error ALERT --- Management The SonicWall
Access platform firewall
encryption management
type unknown platform wants to
use an encryption
method which this
firewall does not
support: %s
1654 Firewall Application User Activity DEBUG --- Custom Match Custom Match
Firewall Applied applied %s
1655 Users Authentication Attack ERROR --- User is now User login failed,
Access locked out user is now locked
out.
1656 WWAN General User Activity INFO --- WWAN WWAN - Attached
Modem Attached %s
1657 WWAN General User Activity INFO --- WWAN WWAN - Detached
Modem Detached %s
1658 Security Content Filter --- WARNING --- CFS Warning CFS Warning: %s
Services
1659 Security Content Filter --- INFO --- CFS Info CFS Info: %s
Services
1660 Security GAV Attack NOTICE --- Capture ATP Gateway Anti-Virus:
Services Block Until %s
Verdict
1661 Network Advanced --- INFO --- RIPng Info %s
Routing
1662 Network Advanced --- NOTICE --- RIPng Notice %s
Routing
1663 Network Advanced --- DEBUG --- RIPng Debug %s
Routing
1664 Network Advanced --- INFO --- OSPFv3 Info %s
Routing
1665 Network Advanced --- NOTICE --- OSPFv3 Notice %s
Routing
1666 Network Advanced --- DEBUG --- OSPFv3 Debug %s
Routing

SonicOS/X 7.0.1 Log Events Reference Guide

93
Index of Log Event Messages
Log Event Message Index
Event SonicOS/X SonicOS/X Syslog Legacy Priority SNMP Event Name Log Event Message
ID Category Group Name Category Level Trap
Name Type
1667 Network Advanced --- NOTICE --- NSM Notice %s
Routing
1668 Network Advanced --- NOTICE --- OSPF Notice %s
Routing
1669 Network Advanced --- NOTICE --- BGP Notice %s
Routing
1670 Security GAV Maintenance NOTICE --- Capture ATP Gateway Anti-Virus
Services Sandbox Status: %s
Pending
Response
1671 Network Network Access --- ALERT --- Extended %s
Switch
Unreachable
1672 Users Authentication User Activity WARNING --- CLI Limit Admin CLI limit
Access Denied From administrator login
WAN denied from WAN
1673 SSL VPN General --- DEBUG --- SSL VPN Debug %s
1674 Log Configuration User Activity INFO --- Chassis settings Chassis: %s
Auditing change
1675 Security GAV --- INFO --- Capture CSa failover %s
Services Security
Failover

SonicOS/X 7.0.1 Log Events Reference Guide

94
Index of Log Event Messages
 3
Syslog Events
This section provides information about using the detailed logs created from Syslog events. Syslog settings are
configured in the DEVICE | Log > Syslog page in SonicOS/X.
Topics:
• Log > Syslog on page 95
• Index of Syslog Tag Field Descriptions on page 96
• Configuration Auditing Syslog Tags on page 104
• Syslog Group Category (gcat) Values on page 105
• Examples of Standard Syslog Messages on page 106
• Examples of ArcSight Syslog Messages on page 107
• Legacy Categories on page 109
• Priority Levels on page 110

Log > Syslog

In addition to the standard event log, the SonicWall security appliance can send a detailed log to an external
Syslog server. The detailed log captures all log activity and includes every connection source and destination IP
address, IP service, and number of bytes transferred. Syslog analyzers such as SonicWall Analytics, SonicWall
Next Generation Analyzer or a product from another vendor such as Graylog, Solarwinds, or Fastvue can be used
to sort, analyze, and graph the Syslog data.
The DEVICE | Log > Syslog page provides two screens: Syslog Settings and Syslog Servers. For more information
on configuring settings and servers on the DEVICE | Log > Syslog page, refer to the SonicOS/X 7 Device Log
administration guide.

SonicOS/X 7.0.1 Log Events Reference Guide

95
Syslog Events
DEVICE | Log > Syslog > Syslog Settings Screen

DEVICE | Log > Syslog > Syslog Servers Screen

Index of Syslog Tag Field Descriptions

This section provides an alphabetical listing of Syslog tags and the associated field description. For more
information about the “pri” Syslog Tag, see Priority Levels on page 110. The value here is taken from the
“Priority Level” column of the Index of Log Event Messages on page 10. For more information about the “c”
Syslog Tag, see Legacy Categories on page 109.

Syslog Tags

Tag Tags for Arc-Sight Field Description

<ddd> Syslog message prefix The beginning of each Syslog message
has a string of the form <ddd> where
ddd is a decimal number indicating
facility and priority of the message
af_polid Application Filter Displays the Application Filter Policy ID
af_policy Application Filter Displays the Application Policy name

SonicOS/X 7.0.1 Log Events Reference Guide

96
Syslog Events
Tag Tags for Arc-Sight Field Description
af_type Application Filter Displays the Application Policy type
such as:
• SMTP Client Request
• HTTP Client Request
• HTTP Server Response
• FTP Client Request
• FTP Client Upload File
• FTP Client Download File
• POP3 Client Request
• POP3 Server Response
• FTP Data Transfer
• IPS Content
• App Control Content
• Custom Policy Type
• CFS
af_service Application Filter Displays the Application Policy service
name
af_action Application Filter Displays the Application Policy action
such as:
• HTTP Block Page
• HTTP Redirect
• Bandwidth Management
• Disable E-Mail Attachment
• FTP Notification Reply
• Reset/Drop
• Block SMTP E-Mail
• Bypass DPI
• CFS Block Page
• Packet Monitor
af_object Application policy object Displays the custom Application Policy
name object name
ai Active Interface via GMS Displays the Active WAN Interface.
heartbeat Normally it is Primary WAN, but in a
failover, it displays the value of the
failover default outbound WAN
interface, if there is more than one
WAN. When there is only one WAN
Interface, it is always Primary WAN
regardless of the link state
app app Numeric application ID Indicates the application for the
applied Syslog. Only displays when
Flow Reporting is enabled
appcat appcat Application Control Display the application category when
Application Control is enabled
appid appid Application ID Display the application ID when
Application Control is enabled

SonicOS/X 7.0.1 Log Events Reference Guide

97
Syslog Events
Tag Tags for Arc-Sight Field Description
appName Non-Signature Indicates the non-signature
Application Name Application Name that matches the
Application ID “app” or “f” of the
Syslog; Only displays when Flow
Reporting is enabled
arg arg URL Used to render a URL: arg represents
the URL path name part
bcastRx bcastRx Interface statistics report Displays the broadcast packets
received
bcastTx bcastTx Interface statistics report Displays the broadcast packets
transmitted
bid bid Numeric Blade ID Indicates the blade that originated the
event and applies only to products
with blade architecture
bytesRx bytesRx Interface statistics report Displays the bytes received
bytesTx bytesTX Interface statistics report Displays the bytes transmitted
c cat Message category (legacy Indicates the legacy category number
only) (Note: SonicOS/X does not currently
send new category information)
category category Blocking code description Applicable only when CFS is enabled,
indicates the category of the blocked
content such as “Gambling”. This
works in conjunction with “code” for
the blocking code.
catid Rule category Indicates the category ID of the rule
cdur cn3Label Connection Duration Displays the connection duration in
milliseconds (ms) and only applies to
m=537 “Connection Closed” Syslog
change SWGMSchangeUrl Configuration change Displays the basename of the firewall
webpage web page that performed the last
configuration change
code reason Blocking code Indicates the CFS block code
conns Firewall status report via Indicates the number of connections
GMS heartbeat in use
contentObject Application Filter Indicates rule name
cs4 Interface Statistics Display interface statistics
deviceOutboundInterface Interface Indicates interface on which the
packet leaves the device
deviceInboundInterface Interface Indicates interface on which the
packet leaves the device

SonicOS/X 7.0.1 Log Events Reference Guide

98
Syslog Events
Tag Tags for Arc-Sight Field Description
dpi Numeric code Indicates that a flow underwent
inspection by Deep Packet Inspection.
The dpi tag only applies to Connection
Closed Syslog events with the message
ID defined as either:
• m=537 if the flow has no URL
information, or if CFS was not
enabled
• m=97 if CFS was enabled and
flow information includes URL
Possible values for dpi are:
• 1 = DPI inspection occurred
• 0 = no DPI inspection
dpt Port Display destination port
dnpt NAT’ed Port Display NAT’ed destination port
dst dst Destination Destination IP address, and optionally,
port, network interface, and resolved
name
dstMac dmac Destination MAC Address Destination MAC Address
dstV6 dst Destination Destination IPv6 address, and
optionally, port, network interface,
and resolved name
dstname request URL Displays the URL of accessed Websites
and hosts
dstname dstname Notes Indicates additional information such
as description of forbidden/deleted
email attachments
dstZone cs4Label (destination) Destination zone name Displays destination zone
dur cs6label Numeric, session duration Displays the connection duration in
in seconds seconds; pertains to the activity time
of an authenticated user session (such
as logout messages)
dyn Firewall status report via Displays the HA and dialup connection
GMS heartbeat state (rendered as “h.d” where “h” is
“n” (not enabled), “b” (backup), or “p”
(primary) and “d” is “1” (enabled) or
“0” (disabled))
f flowType Numeric flow type Indicates the flow type when Flow
Reporting is disabled
fileid URL or MD5 File identification or name, which may
(long URLs may be be in MD5 format or a URL. For
truncated) example, Capture ATP uses this tag to
indicate a file inspected by GAV or
CloudAV.

SonicOS/X 7.0.1 Log Events Reference Guide

99
Syslog Events
Tag Tags for Arc-Sight Field Description
filetxstatus Capture ATP: File Result of file transmission as reported
transmission status by Capture ATP. Possible values are:
100 : CONFIRMED
200 : TOO BIG
210 : PENDING
211 : GOOD
212 : BAD
213 : REQUEST SENT
214 : UNKNOWN
220 : CLOUDAV
230 : GAV
260 : SERVER COMMAND
270 : EXCESSIVE PACKET LOSS
280 : OUT OF MEMORY
300 : AWAITING CONFIRM
310 : CANT CONFIRM
400 : LOW MEMORY
410 : Files Per Hour EXCEEDED
420 : TOO MANY CONCURRENT
fw Firewall WAN IP Indicates the WAN IP Address
fw_action Firewall Action The explicit action performed on
network traffic (packets) encountered
by the firewall based on built-in or
user-configured policies that may
allow or drop packets. For events that
are not associated with specific
packets, the value “Not Applicable” or
“NA” is used. Possible values are:
• forward - packet is forwarded
due to a matching policy or rule
set
• drop - packet is dropped due to
a matching policy or rule set
• mgmt - packet is a
management packet,
management policy will be
applied
• NA - not associated with a
packet, firewall action is Not
Applicable
fwlan Firewall status report via Indicates the LAN zone IP address
GS heartbeat
gcat gcat Group category Display event group category when
using Enhanced Syslog
goodRxBytes goodRxBytes SonicPoint statistics Indicates the well-formed bytes
report received
goodTxBytes goodTxBytes SonicPoint statistics Indicates the well-formed bytes
report transmitted

SonicOS/X 7.0.1 Log Events Reference Guide

100
Syslog Events
Tag Tags for Arc-Sight Field Description
i Firewall status report via Displays the GMS message interval in
GMS heartbeat seconds
icmpCode cn2 ICMP type and code Indicates the ICMP code
id=firewall WebTrends prefix Syntactic sugar for WebTrends (and
GMS by habit)
if if Interface statistics report Displays the interface on which
statistics are reported
ipscat ipscat IPS message Displays the IPS category
ipspri ipspri IPS message Displays the IPS priority
lic Firewall status report via Indicates the number of licenses for
GMS heartbeat firewalls with limited modes
m Message ID Provides the message ID number
mailFrom Email sender Originator of the email
msg msg Message Displays the message which is
composed of either or both a
predefined message and a dynamic
message containing a string %s or
numeric %d argument
n cnt Message count Indicates the number of times event
occurs
natDst cs2Label NAT destination IP Displays the NAT’ed destination IP
address
natDstV6 cs2Label NAT destination IPv6 Displays the NAT’ed destination IPv6
address
natSrc cs1Label NAT source IP Displays the NAT’ed source IP address
natSrcV6 cs1Label NAT source IPv6 Displays the NAT’ed source IPv6
address
note cs6 Additional Information Additional information that is
application-dependent
npcs cs5 URL Applicable only when Network Packet
Capture System (NPCS Solera) is
enabled, displays URL of an NPCS
object
op requestMethod HTTP OP code Displays the value assigned by
SonicOS/X Content Filtering based on
its parsing of an HTTP packet’s Method
token for the Request message.
Supported values are:
• 0 = NO OPERATION
• 1 = HTTP GET
• 2 = HTTP POST
• 3 = HTTP HEAD
where GET/POST/HEAD are standard
HTTP Methods and NO OPERATION is
used by SonicOS/X to indicate that
none of the other defined values
apply.

SonicOS/X 7.0.1 Log Events Reference Guide

101
Syslog Events
Tag Tags for Arc-Sight Field Description
packetdatId Raw Data used in Security Used in m=1391 (Raw Data) to indicate
packetdatNum Services Syslogs, disabled that Raw Data is available and
by default transmission had been enabled. When
packetdatEnc
enabled, Raw Data information is
provided to SonicWall GMS when
generating Security Service Syslogs:
m=14, 16, 608, 609, 761, 789, 790,
793, 794, 795, 809, 1154, 1155
pri Message priority Displays the event priority level
(0=emergency, 7=debug)
Refer to Priority Levels on page 110
proto proto Protocol and service Displays the protocol information
(rendered as “proto=[protocol]” or
just “[proto]/[service]”)
pt Firewall status report via Displays the HTTP/HTTPS
GMS heartbeat management port (rendered as
“hhh.sss”)
radio radio SonicPoint statistics Displays the SonicWave/SonicPoint
report radio on which event occurred
rcptTo recipient Indicates the email recipient
rcvd in Bytes received Indicates the number of bytes
received within connection
referer referer HTTP Referrer URI When HTTP content is detected, this
value distinguishes the referrer from
the requested URL for website access
result outcome HTTP Result code Displays the HTTP result code (200,
403, etc.) of Website hit
rpkt cn1Label Packet received Display the number of packet received
rule cs1 Rule ID Used to identify a policy or a rule
associated with an event
sent out Bytes sent Displays the number of bytes sent
within connection

SonicOS/X 7.0.1 Log Events Reference Guide

102
Syslog Events
Tag Tags for Arc-Sight Field Description
sess cs5Label Pre-defined string Applies to Syslogs with an associated
indicating session type user session being tracked by the
UTM. Determined by the
Authentication mechanism and can be
one of:
• None - the starting session type
when user authentication is
still pending or just started
• Web - identified as a Web
browser session
• Portal - SSL-VPN portal login
• l2tpc - L2TP client session
• vpnc - VPN client session
• sslvpnc - SSL-VPN client session
• Auto - Auto-logged in session,
for example Single Sign On
(SSO)
• Other - none of the known
types
• CLI - indicates a CLI session
sid sid IPS or Anti-Spyware Provides either IPS or Anti-Spyware
message signature ID
sn Firewall serial number Indicates the device serial number
spkt cn2Label Packet sent Display the number of packets sent
spt Port Displays source port
spycat spycat Anti-Spyware message Displays the Anti-Spyware category
spypri spypri Anti-Spyware message Displays the Anti-Spyware priority
snpt NAT source port Display NAT’ed source port
src src Source Indicates the source IP address, and
optionally, port, network interface,
and resolved name
srcMac smac Source MAC Address Source MAC Address
srcZone cs3Label (source) Source zone name Displays source zone
station station SonicPoint statistics Displays the client (station) on which
report event occurred
time Time Reports the time of event
type cn1 ICMP type and code Indicates the ICMP type
ucastRx ucastRx Interface statistics report Displays the unicast packets received
ucastTx ucastTx Interface statistics report Displays the unicast packets
transmitted
unsynched Firewall status report via Reports the time since last local
GMS heartbeat change in seconds
usestandbysa Firewall status report via Displays whether standby SA is in use
GMS heartbeat (“1” or “0”) for GMS management
usr (or user) susr User Displays the user name (“user” is the
tag used by WebTrends)

SonicOS/X 7.0.1 Log Events Reference Guide

103
Syslog Events
Tag Tags for Arc-Sight Field Description
uuid uuid Universally Unique A universally unique identifier (UUID)
Identifier is a 128-bit label that is unique within
the SonicOS/X product platforms used
to tag information objects. The
SonicOS/X format uses the
hyphenated hexadecimal notation
compliant with Rec. ITU-T X.667 |
ISO/IEC 9834-8 and technically
compatible with RFC 4122. Example
SonicOS/X usage is:
uuid=“b63c4f43-8bd4-2063-0700-c0e
ae488cfd2”
vpnpolicy cs2 (source) Source VPN policy name Displays the source VPN policy name
of event
vpnpolicyDst cs3 (destination) Destination VPN policy Displays the destination VPN policy
name name of event

Configuration Auditing Syslog Tags

Configuration auditing is a feature that automatically records any configuration changes that an administrator
attempts from one of the available user interfaces, including web management (via HTTP and HTTPS), command
line (via console or SSH), or SonicWall Network Security Manager (NSM). A configuration auditing records table
on MONITOR | Logs > Auditing Logs records all attempted configuration changes, both successful and failed.
Syslog events are also generated for configuration auditing. The following table identifies and defines the
Configuration Auditing Syslog tags.

Configuration Auditing Syslog Tags

Tag Description
auditId Configuration Audit ID is used to identify a Configuration Auditing entry.
tranxId Configuration Audit Transaction ID is used to determine entries pertaining to the same
transaction or batch.
userMode Configuration Audit User Mode distinguishes privileges bestowed to a user.
auditTime Configuration Audit Timestamp indicates the time when a configuration was changed.
auditPath Configuration Audit Path describes the logical location of the configuration setting.
grpName Configuration Audit Group Name labels a group of data usually associated with a table.
Scalar data have no group.
grpIndex Configuration Audit Group Index identifies an instance of a data group.
oldValue Configuration Audit Old Value is the previous value of an object.
newValue Configuration Audit New Value is the new value of an object.

SonicOS/X 7.0.1 Log Events Reference Guide

104
Syslog Events
Syslog Group Category (gcat) Values
The following table defines the gcat values used in SonicOS/X Syslog events.

Syslog gcat Values

gcat Number Value
1 System
2 Log
3 Security Services
4 Users
5 Firewall Settings
6 Network
7 VPN
8 High Availability
9 3G/4G, Modem, and Module
10 Firewall
11 Wireless
12 VoIP
13 SSL VPN
14 Anti-Spam
15 WAN Acceleration
16 SD-WAN
17 Multi-Tenancy

For example, gcat=3 means “Security Services” category, and gcat=6 means “Network” category in the following
examples:

Intrusion Prevention (IPS) example:

Feb 26 22:53:50 10.8.139.192 FEB 26 2019 06:53:50 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|608|IPS Detection Alert|9|cat=32 gcat=3 src=180.97.33.107 spt=8
deviceInboundInterface=X1 dst=36.50.1.220 dpt=1 deviceOutboundInterface=X0 msg="IPS
Detection Alert: ICMP Echo Reply, SID: 316, Priority: low" msg="IPS Detection Alert:
ICMP Echo Reply" sid=316 ipscat="ICMP Echo Reply" ipspri=3 cnt=6 fw_action="NA"

IP Spoof Detection example:

Feb 26 22:53:52 10.8.139.192 FEB 26 2019 06:53:52 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|23|IP Spoof Detected|9|cat=32 gcat=3 smac=00:50:56:9f:88:86
src=10.8.138.215 spt=68 deviceInboundInterface=MGMT cs3Label=Unknown
dmac=ff:ff:ff:ff:ff:ff dst=255.255.255.255 dpt=67 deviceOutboundInterface=X0
cs4Label=LAN proto=udp/67 in=328 cnt=4 fw_action="drop"

IPv6 / ICMPv6 example:

Feb 26 22:54:05 10.8.139.192 FEB 26 2019 06:54:05 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|1430|IPv6 Packet with Ext Header|4|cat=512 gcat=6
smac=00:1c:57:66:00:00 srcV6=fe80::1 deviceInboundInterface=X1
dmac=33:33:00:00:00:01 dstV6=ff02::1 proto=0 in=76 cs6="Extention header: 0"
cnt=1401 fw_action="NA"

SonicOS/X 7.0.1 Log Events Reference Guide

105
Syslog Events
Examples of Standard Syslog Messages
The following examples show the content of the Syslog packet. This type of message can be viewed on the
Syslog server or in any packet analyzer application. Note that this is the Default Syslog Format.

Connection Closed (with dpi tag) examples:

Feb 26 22:47:37 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26 06:47:37"
fw=10.8.139.192 pri=6 c=1024 m=537 msg="Connection Closed" app=9 n=2200
src=36.50.1.220:49196:X0 dst=216.58.195.67:80:X1 dstMac=00:1c:57:66:00:00
proto=tcp/http sent=152 spkt=3 dpi=0 cdur=40183 rule="9 (LAN->WAN)" fw_action="NA"
Jan 31 09:07:48 10.8.96.203 id=firewall sn=004010292F25 time="2019-01-30 18:17:17"
fw=10.8.96.203 pri=6 c=1024 m=537 msg="Connection Closed" app=9 n=1792
src=192.168.203.56:65440:X0 dst=10.8.96.159:80:X1 srcMac=00:50:56:a1:3e:5d
dstMac=00:0c:29:5b:4f:04 proto=tcp/1 sent=186 rcvd=94 spkt=4 rpkt=2 dpi=1 cdur=4983
rule="5 (LAN->WAN)" fw_action="NA"
Jan 31 09:07:48 10.8.96.203 id=firewall sn=004010292F25 time="2019-01-30 18:17:17"
fw=10.8.96.203 pri=6 c=1024 m=97 app=48 n=3 src=192.168.203.56:65439:X0
dst=10.8.96.159:80:X1 srcMac=00:50:56:a1:3e:5d dstMac=00:0c:29:5b:4f:04 proto=tcp/1
op=1 sent=1347 rcvd=2443 dpi=1 dstname=10.8.96.159 arg=/ code=64 Category="Not
Rated" note="Policy: CFS Default Policy, Info: 6148 " rule="5 (LAN->WAN)"
fw_action="NA"

Content Filtering (CFS) examples:

Feb 26 22:50:44 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:50:44" fw=10.8.139.192 pri=6 c=1024 m=97 app=48 n=19 src=36.50.1.220:49312:X0
dst=10.8.8.200:80:X1 srcMac=00:50:56:b4:54:f5 dstMac=00:1c:57:66:00:00
proto=tcp/http op=1 sent=4775 rcvd=173391 dpi=0 dstname=10.8.8.200 arg=/ code=64
Category="Not Rated" note="Policy: CFS Default Policy, Info: 6148 " rule="9
(LAN->WAN)" fw_action="NA"
Feb 26 22:49:51 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:49:51" fw=10.8.139.192 pri=3 c=4 m=14 msg="Web site access denied" app=9 n=1
src=36.50.1.220:49281:X0 dst=209.59.212.85:80:X1 srcMac=00:50:56:b4:54:f5
dstMac=18:b1:69:89:bf:80 proto=tcp/http dstname=www.gamble.com arg=/ code=11
Category="Gambling" rule="9 (LAN->WAN)" fw_action="drop"
Feb 26 22:50:50 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:50:49" fw=10.8.139.192 pri=6 c=1024 m=97 app=48 n=20 src=36.50.1.220:49315:X0
dst=10.8.8.200:80:X1 srcMac=00:50:56:b4:54:f5 dstMac=00:1c:57:66:00:00
proto=tcp/http op=1 sent=643 rcvd=4546 dpi=0 dstname=10.8.8.200
arg=/virus/klez.h.bin code=64 Category="Not Rated" note="Policy: CFS Default Policy,
Info: 6148 Referer: http://10.8.8.200/virus.htm"
referer="http://10.8.8.200/virus.htm" rule="9 (LAN->WAN)" fw_action="NA"
Feb 26 22:49:41 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:49:41" fw=10.8.139.192 pri=6 c=1024 m=97 app=48 n=18 src=36.50.1.220:49239:X0
dst=124.108.103.103:80:X1 srcMac=00:50:56:b4:54:f5 dstMac=00:1c:57:66:00:00
proto=tcp/http op=1 sent=626 rcvd=890 dpi=0 dstname=www.yahoo.com arg=/ code=29
Category="Search Engines and Portals" note="Policy: CFS Default Policy, Info: 6148 "
rule="9 (LAN->WAN)" fw_action="NA"

Capture ATP (Sandbox) example:

Feb 26 22:50:44 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:50:44" fw=10.8.139.192 pri=6 c=1 m=1460 msg="Gateway Anti-Virus Status: GAV
Detection. File forwarding to Sandbox truncated for:
http://10.8.8.200/virus/klez.h.bin, filename: klez.h.bin."
fileid="10.8.8.200/virus/klez.h.bin" filetxstatus=230 dstname=10.8.8.200

SonicOS/X 7.0.1 Log Events Reference Guide

106
Syslog Events
arg=/virus/klez.h.bin n=1 src=10.8.8.200:80:X1 dst=36.50.1.220:49312:X0
proto=tcp/http fw_action="NA"

Gateway Anti-Virus (GAV) example:

Feb 26 22:50:44 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:50:44" fw=10.8.139.192 pri=1 c=32 m=809 msg="Gateway Anti-Virus Alert:
Injected.AZ (Trojan) blocked." n=1 src=10.8.8.200:80:X1 dst=36.50.1.220:49312:X0
fw_action="NA"

Intrusion Prevention (IPS) example:

Feb 26 22:48:49 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:48:49" fw=10.8.139.192 pri=1 c=32 m=608 msg="IPS Detection Alert: ICMP Echo
Reply" sid=316 ipscat="ICMP Echo Reply" ipspri=3 n=1 src=180.97.33.107:8:X1
dst=36.50.1.220:1:X0 fw_action="NA"

Detected scan attack examples:

Feb 26 22:49:44 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:49:44" fw=10.8.139.192 pri=1 c=32 m=82 msg="Possible port scan detected" n=1
src=69.147.88.7:443:X1 dst=10.8.139.192:31894:X1 srcMac=00:1c:57:66:00:00
dstMac=18:b1:69:89:bf:81 proto=tcp/https note="TCP scanned port list, 42338, 28852,
6467, 55193, 47039" fw_action="NA"
Feb 26 22:49:45 10.8.139.192 id=firewall sn=18B16989BF80 time="2019-02-26
06:49:45" fw=10.8.139.192 pri=1 c=32 m=177 msg="Probable TCP FIN scan detected" n=1
src=69.147.88.7:443:X1 dst=10.8.139.192:11269:X1 srcMac=00:1c:57:66:00:00
dstMac=18:b1:69:89:bf:81 proto=tcp/https note="TCP scanned port list, 42338, 28852,
6467, 55193, 47039, 31894, 45687, 2228, 62490, 11269" fw_action="NA"

Examples of ArcSight Syslog Messages

The following examples show the content of the Syslog packet. This type of message can be viewed on the
Syslog server or any packet analyzer application.

Content Filtering (CFS) examples:

Feb 26 22:53:28 10.8.139.192 WAN)" app=48 requestMethod=1
request=10.8.8.200/virus/Macro.Word97.Melissa.c reason=64 Category-"Not Rated"
cs6="Policy: CFS Default Policy, Info: 6148 Referer: http://10.8.8.200/virus.htm"
cnt=21 fw_action="NA" dpi=0 referer="http://10.8.8.200/virus.htm"
Feb 26 22:53:39 10.8.139.192 WAN)" app=48 requestMethod=1
request=ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedc
ertstl.cab?c4091b107fb9006c reason=27 Category-"Information Technology/Computers"
cs6="Policy: CFS Default Policy, Info: 6148 " cnt=22 fw_action="NA" dpi=0

Intrusion Prevention (IPS) example:

Feb 26 22:53:50 10.8.139.192 FEB 26 2019 06:53:50 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|608|IPS Detection Alert|9|cat=32 gcat=3 src=180.97.33.107 spt=8
deviceInboundInterface=X1 dst=36.50.1.220 dpt=1 deviceOutboundInterface=X0 msg="IPS
Detection Alert: ICMP Echo Reply, SID: 316, Priority: low" msg="IPS Detection Alert:
ICMP Echo Reply" sid=316 ipscat="ICMP Echo Reply" ipspri=3 cnt=6 fw_action="NA"

SonicOS/X 7.0.1 Log Events Reference Guide

107
Syslog Events
IP Spoof Detection example:
Feb 26 22:53:52 10.8.139.192 FEB 26 2019 06:53:52 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|23|IP Spoof Detected|9|cat=32 gcat=3 smac=00:50:56:9f:88:86
src=10.8.138.215 spt=68 deviceInboundInterface=MGMT cs3Label=Unknown
dmac=ff:ff:ff:ff:ff:ff dst=255.255.255.255 dpt=67 deviceOutboundInterface=X0
cs4Label=LAN proto=udp/67 in=328 cnt=4 fw_action="drop"

IPv6 / ICMPv6 examples:

Feb 26 22:54:05 10.8.139.192 FEB 26 2019 06:54:05 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|1430|IPv6 Packet with Ext Header|4|cat=512 gcat=6
smac=00:1c:57:66:00:00 srcV6=fe80::1 deviceInboundInterface=X1
dmac=33:33:00:00:00:01 dstV6=ff02::1 proto=0 in=76 cs6="Extention header: 0"
cnt=1401 fw_action="NA"
Feb 26 22:54:05 10.8.139.192 FEB 26 2019 06:54:05 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|1431|ICMPv6 Packets Received|4|cat=0 gcat=6 smac=00:1c:57:66:00:00
srcV6=fe80::1 deviceInboundInterface=X1 dmac=33:33:00:00:00:01 dstV6=ff02::1
proto=ipv6-icmp cn1=130 cn2=0 in=76 cs6="ICMPv6" cnt=1559 fw_action="NA"

Anti-Spyware Detection example:

Feb 26 22:54:59 10.8.139.192 FEB 26 2019 06:54:58 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|795|Anti-Spyware Detection Alert|9|cat=32 gcat=3 src=10.8.8.200
spt=80 deviceInboundInterface=X1 dst=36.50.1.220 dpt=49451
deviceOutboundInterface=X0 msg="Anti-Spyware Detection Alert: Search_Miracle
Download x.cab (Adware), SID: 2648, Danger Level: low" msg="Anti-Spyware Detection
Alert: Search_Miracle Download x.cab (Adware)" sid=2648 spycat="Search_Miracle
Download x.cab (Adware)" spypri=3 cnt=1 fw_action="NA"

Gateway Anti-Virus (GAV) example:

Feb 26 22:55:08 10.8.139.192 FEB 26 2019 06:55:08 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|809|AV Gateway Alert|9|cat=32 gcat=3 src=10.8.8.200 spt=80
deviceInboundInterface=X1 dst=36.50.1.220 dpt=49451 deviceOutboundInterface=X0
msg="Gateway Anti-Virus Alert: Injected.AZ (Trojan) blocked." cnt=4 fw_action="NA"

Capture ATP File Transfer examples:

Feb 26 22:55:41 10.8.139.192 FEB 26 2019 06:55:41 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|1460|Capture ATP File Transfer Result|4|cat=1 gcat=3 src=10.8.8.200
spt=80 deviceInboundInterface=X1 dst=36.50.1.220 dpt=49388
deviceOutboundInterface=X0 proto=tcp/http in=1500
request=10.8.8.200/spyware/3gargs.exe.bin msg="Gateway Anti-Virus Status: File sent
to Sandbox, but could not confirm receipt due to highly delayed acks. Time-wait
timer expired waiting for receipt confirmation:
http://10.8.8.200/spyware/3gargs.exe.bin, filename: 3gargs.exe.bin." cnt=4
fw_action="NA" fileid="64ab24d0e8b375cfba1cbcfe0ac614db" filetxstatus=310
Feb 26 22:55:48 10.8.139.192 FEB 26 2019 06:55:47 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|1460|Capture ATP File Transfer Result|4|cat=1 gcat=3 src=10.8.8.200
spt=80 deviceInboundInterface=X1 dst=36.50.1.220 dpt=49465
deviceOutboundInterface=X0 proto=tcp/http in=1500
request=10.8.8.200/spyware/3gargs.exe.bin msg="Gateway Anti-Virus Status:
GAV_BLOCK_REASON_SPYWARE. File forwarding to Sandbox truncated for:
http://10.8.8.200/spyware/3gargs.exe.bin, filename: 3gargs.exe.bin." cnt=5
fw_action="NA" fileid="10.8.8.200/spyware/3gargs.exe.bin" filetxstatus=230

SonicOS/X 7.0.1 Log Events Reference Guide

108
Syslog Events
Connection Opened/Closed (with dpi tag) examples:
Feb 26 22:53:14 10.8.139.192 FEB 26 2019 06:53:14 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|98|Connection Opened|4|cat=262144 gcat=6 src=36.50.1.220 spt=49385
deviceInboundInterface=X0 cs1Label=10.8.139.192 snpt=56339 dst=216.58.194.195
dpt=443 deviceOutboundInterface=X1 cs2Label=216.58.194.195 dnpt=443 proto=tcp/https
out=52 cnt=2764 fw_action="NA" dpi=0
Feb 26 22:53:16 10.8.139.192 FEB 26 2019 06:53:16 18B16989BF80 CEF:0|SonicWall|NSa
3650|6.5.4.1-25n|537|Connection Closed|4|cat=1024 gcat=6 src=10.8.139.192 spt=49153
deviceInboundInterface=X1 cs1Label=10.8.139.192 snpt=12830 dmac=00:1c:57:66:00:00
dst=10.190.202.200 dpt=53 deviceOutboundInterface=X1 cs2Label=10.190.202.200 dnpt=53
proto=udp/dns out=346 in=574 cn2Label=5 cn1Label=5 cn3Label=35750 app=2 cnt=2720
fw_action="NA" dpi=0

Legacy Categories
This section can be used as a reference for understanding different categories and their descriptions. The
following table describes the Legacy categories shared in all SonicOS/X releases.

Legacy Category Values

ID (used in Syslog) Name Description
0 Event is not Legacy Category, not backward compatible.
1 System Maintenance Logs general system activity, such as system activations.
2 System Errors Logs problems with DNS or Email.
4 Blocked Web Sites Logs Web sites or news groups blocked by the Content
Filter List or by customized filtering.
8 Blocked Java Etc Logs Java, ActiveX, and Cookies blocked by the SonicWall
security appliance.
16 User Activity Logs successful and unsuccessful log in attempts.
32 Attacks Logs messages showing Denial of Service attacks, such as
SYN Flood, Ping of Death, and IP Spoofing.
64 Dropped TCP Logs blocked incoming TCP connections.
128 Dropped UDP Logs blocked incoming UDP packets.
256 Dropped ICMP Logs blocked incoming ICMP packets.
512 Network Debug Logs NetBIOS broadcasts, ARP resolution problems, and
NAT resolution problems. Also, detailed messages for VPN
connections are displayed to assist the network
administrator with troubleshooting problems with active
VPN tunnels. Network Debug information is intended for
experienced network administrators.
1024 Syslog Only - For Traffic Used for Syslog only to report HTTP connections opened
Reporting and closed, and bytes transferred.
2048 Dropped LAN TCP Used for Syslog only to report that the TCP packet is
dropped due to LAN management policy.
4096 Dropped LAN UDP Used for Syslog only to report that the UDP packet is
dropped due to LAN management policy.
8192 Dropped LAN ICMP Used for Syslog only to report that the ICMP packet is
dropped due to LAN management policy.
32768 Modem Debug Logs Modem Debug activity.

SonicOS/X 7.0.1 Log Events Reference Guide

109
Syslog Events
Legacy Category Values
ID (used in Syslog) Name Description
65536 VPN Tunnel Status Logs status information on VPN tunnels.
131072 802.11 Management Logs WLAN IEEE 802.11 connections.
262144 Syslog Only - For Traffic Used for Syslog only to report that the Network Traffic is
Reporting logged when connection is open.
524288 System Environment Logs system environment activity.
1048576 Expanded - VOIP Activity Used for Syslog only to log VoIP H.323-RAS, H.323/H.225,
and H.323/H.245 activity.
2097152 Expanded - WLAN IDS Used for Syslog only to log WLAN IDS activity.
Activity
4194304 Expanded - SonicPoint Used for Syslog only to log SonicPoint activity.
Activity

Priority Levels
The following table displays the Priority Number and Priority Name for Syslog tags. The value here corresponds
to the Priority Level column of the Log Event Message Index table, or the pri tag in the Syslog Tags table. For
example, a tag with “pri=0” means Emergency Priority.

Priority Level

Priority Number Priority Name

0 Emergency
1 Alert
2 Critical
3 Error
4 Warning
5 Notice
6 Info
7 Debug

SonicOS/X 7.0.1 Log Events Reference Guide

110
Syslog Events
 4
SonicWall Support
Technical support is available to customers who have purchased SonicWall products with a valid maintenance
contract.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.
The Support Portal enables you to:
• View knowledge base articles and technical documentation
• View and participate in the Community forum discussions at
https://community.sonicwall.com/technology-and-support
• View video tutorials
• Access MySonicWall
• Learn about SonicWall professional services
• Review SonicWall Support services and warranty information
• Register for training and certification
• Request technical support or customer service
To contact SonicWall Support, visit https://www.sonicwall.com/support/contact-support.

SonicOS/X 7.0.1 Log Events Reference Guide

111
SonicWall Support
About This Document
Legend
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.

SonicOS/X Log Events Reference Guide

Updated - August 2021
Software Version - 7.0.1
232-005379-00 Rev A

Copyright © 2021 SonicWall Inc. All rights reserved.

SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other
trademarks and registered trademarks are property of their respective owners
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or
implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall
products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT,
SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY
WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT,
INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF
SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no
representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to
make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any
commitment to update the information contained in this document.
For more information, visit https://www.sonicwall.com/legal.

End User Product Agreement

To view the SonicWall End User Product Agreement, go to https://www.sonicwall.com/legal/end-user-product-agreements.

Open Source Code

SonicWall is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable
per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money
order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:
General Public License Source Code Request
SonicWall Inc. Attn: Jennifer Anderson
1033 McCarthy Blvd
Milpitas, CA 95035

SonicOS/X 7.0.1 Log Events Reference Guide

112
SonicWall Support