Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	5
Example	AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA failed.
Explanation	An AAA request was rejected. The following are the common reasons: · No response was received from the server. · The username or password was incorrect. · The service type that the user applied for was incorrect.
Recommended action	1. Verify that the device is correctly connected to the server. 2. Enter the correct username and password. 3. Verify that the server settings are the same as the settings on the device. 4. If the problem persists, contact H3C Support.

AAA_LAUNCH

Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	6
Example	AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched.
Explanation	An AAA request was received.
Recommended action	No action is required.

AAA_SUCCESS

Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA succeeded.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	6
Example	AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA succeeded.
Explanation	An AAA request was accepted.
Recommended action	No action is required.

ACL messages

This section contains ACL messages.

ACL_ACCELERATE_NO_RES

Message text	Failed to accelerate [STRING] ACL [UINT32]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NO_RES: Failed to accelerate IPv6 ACL 2001. The resources are insufficient.
Explanation	Hardware resources were insufficient for accelerating an ACL.
Recommended action	Delete some rules or disabled ACL acceleration for other ACLs to release hardware resources.

ACL_ACCELERATE_NONCONTIGUOUSMASK

Message text	Failed to accelerate ACL [UINT32]. ACL acceleration supports only contiguous wildcard masks.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NONCONTIGUOUSMASK: Failed to accelerate ACL 2001. ACL acceleration supports only contiguous wildcard masks.
Explanation	ACL acceleration failed because rules containing noncontiguous wildcard masks exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_NOT_SUPPORT

Message text	Failed to accelerate [STRING] ACL [UINT32]. The operation is not supported.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 ACL 2001. The operation is not supported.
Explanation	ACL acceleration failed because the system does not support ACL acceleration.
Recommended action	No action is required.

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP

Message text	Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support the rules that contain the hop-by-hop keywords.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support the rules that contain the hop-by-hop keywords.
Explanation	ACL acceleration failed for the IPv6 ACL because rules containing the hop-by-hop keyword exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG

Message text	Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support specifying multiple TCP flags in one rule.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support specifying multiple TCP flags in one rule.
Explanation	ACL acceleration failed for the IPv6 ACL because rules containing multiple TCP flags exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_UNK_ERR

Message text	Failed to accelerate [STRING] ACL [UINT32].
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 ACL 2001.
Explanation	ACL acceleration failed because of an unknown error.
Recommended action	No action is required.

ACL_IPV6_STATIS_INFO

Message text	IPv6 ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: ACL number. $2: ID and content of an IPv6 ACL rule. $3: Number of packets that matched the rule.
Severity level	6
Example	ACL/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).
Explanation	The number of packets matching the IPv6 ACL rule changed.
Recommended action	No action is required.

ACL_NO_MEM

Message text	Failed to configure [STRING] ACL [UINT] due to lack of memory.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	3
Example	ACL/3/ACL_NO_MEM: Failed to configure ACL 2001 due to lack of memory.
Explanation	Configuring the ACL failed because memory is insufficient.
Recommended action	Use the display memory-threshold command to check the memory usage.

ACL_STATIS_INFO

Message text	ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: ACL number. $2: ID and content of an IPv4 ACL rule. $3: Number of packets that matched the rule.
Severity level	6
Example	ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	The number of packets matching the IPv4 ACL rule changed.
Recommended action	No action is required.

ANCP messages

This section contains ANCP messages.

ANCP_INVALID_PACKET

Message text	-NeighborName=[STRING]-State=[STRING]-MessageType=[STRING]; The [STRING] value [STRING] is wrong, and the value [STRING] is expected.
Variable fields	$1: ANCP neighbor name. $2: Neighbor state. $3: Message type. $4: Field. $5: Wrong value of the field. $6: Expected value of the field.
Severity level	6
Example	ANCP/6/ANCP_INVALID_PACKET: -NeighborName=Dslam-State=SYNSENT-MessageType=SYNACK; The Sender Instance value 0 is wrong, and the value 1 is expected.
Explanation	The system received an adjacency message that had a field with a wrong value.
Recommended action	No action is required.

APMGR messages

This section contains access point management messages.

APMGR_AC_MEM_ALERT

Message text	The memory utilization has reached the threshold.
Variable fields	N/A
Severity level	4
Example	APMGR/4/APMGR_AC_MEM_ALERT: The memory utilization has reached the threshold.
Explanation	The AP failed to come online because the memory utilization exceeded the limit.
Recommended action	Stop creating manual APs and prevent APs from coming online.

APMGR_ADD_AP_FAIL

Message text	AP [STRING] failed to come online using serial ID [STRING]: MAC address [STRING] is being used by AP [STRING].
Variable fields	$1: AP name. $2: Serial ID. $3: MAC address. $4: AP name.
Severity level	4
Example	APMGR/4/ APMGR_ADD_AP_FAIL: AP ap1 failed to come online using serial ID 01247ef96: MAC address 0023-7961-5201 is being used by AP ap2.
Explanation	The AP failed to come online because a manual AP that has the same MAC address already exists on the AC.
Recommended action	Delete either the manual AP that has the MAC address or the serial ID.

APMGR_ADDBAC_INFO

Message text	Add BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	APMGR/6/APMGR_ADDBAC_INFO: Add BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was connected to the master AC.
Recommended action	No action is required.

APMGR_AP_OFFLINE

Message text	AP [STRING] went offline. State changed to Idle.
Variable fields	$1: AP name.
Severity level	6
Example	APMGR/6/APMGR_AP_OFFLINE: AP ap1 went offline. State changed to Idle.
Explanation	The AP went offline. The state of the AP changed to Idle.
Recommended action	If the AP went offline abnormally, check the debugging information to locate the issue and resolve it.

APMGR_AP_ONLINE

Message text	AP [STRING] went online. State changed to Run.
Variable fields	$1: AP name.
Severity level	6
Example	APMGR/6/APMGR_AP_ONLINE: AP ap1 went online. State changed to Run.
Explanation	The AP came online. The state of the AP changed to Run.
Recommended action	No action is required.

APMGR_CWC_IMG_DOWNLOAD_COMPLETE

Message text	System software image file [STRING] downloading through the CAPWAP tunnel to AC [STRING] completed.
Variable fields	$1: Image file name. $2: AC IP address.
Severity level	6
Example	APMGR/6/APMGR_CWC_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel to AC 192.168.10.1 completed.
Explanation	The AP downloaded the image file from the AC successfully.
Recommended action	No action is required.

APMGR_CWC_IMG_DOWNLOAD_START

Message text	Started to download the system software image file [STRING] through the CAPWAP tunnel to AC [STRING].
Variable fields	$1: Image file name. $2: AC IP address.
Severity level	6
Example	APMGR/6/APMGR_CWC_IMG_DOWNLOAD_START: Started to download the system software image file 5800.ipe through the CAPWAP tunnel to AC 192.168.10.1.
Explanation	The AP started to download the image file from the AC.
Recommended action	Make sure the AP is correctly connected to the AC.

APMGR_CWC_IMG_NO_ENOUGH_SPACE

Message text	Insufficient flash memory space for downloading system software image file [STRING].
Variable fields	$1: Image file name.
Severity level	6
Example	APMGR/6/APMGR_CWC_IMG_NO_ENOUGH_SPACE: Insufficient flash memory space for downloading system software image file 5800.ipe.
Explanation	The AP failed to download the image file from the AC because of insufficient flash memory.
Recommended action	Delete files not in use from the AP.

APMGR_CWC_LOCAL_AC_DOWN

Message text	CAPWAP tunnel to Central AC [STRING] went down. Reason: [STRING].
Variable fields	$1: IP address of the central AC. $2: Reason: · Added local AC IP address. · Deleted local AC IP address. · Local AC interface used for CAPWAP tunnel went down. · Local AC config changed. · N/A
Severity level	4
Example	APMGR/4/APMGR_CWC_LOCAL_AC_DOWN: CAPWAP tunnel to Central AC 2.2.2.1 went down. Reason: Added local AC IP address.
Explanation	The CAPWAP tunnel between the central AC and the local AC was terminated for a specific reason.
Recommended action	To resolve the issue: 1. Examine the network connection between the central AC and the local AC. 2. Verify that the central AC is correctly configured. 3. Verify that the local AC is correctly configured. 4. If the issue persists, contact H3C Support.

APMGR_CWC_LOCAL_AC_UP

Message text	CAPWAP tunnel to Central AC [STRING] went up.
Variable fields	$1: IP address of the central AC.
Severity level	6
Example	APMGR/6/APMGR_CWC_LOCAL_AC_UP: CAPWAP tunnel to Central AC 2.2.2.1 went up.
Explanation	The central AC has established a CAPWAP tunnel with the local AC.
Recommended action	No action is required.

APMGR_CWC_REBOOT

Message text	AP in state [STRING] is rebooting. Reason: [STRING]
Variable fields	$1: AP state. $2: Reason: · AP was reset. · Image was downloaded successfully. · AP stayed in idle state for a long time.
Severity level	6
Example	APMGR/6/APMGR_CWC_REBOOT: AP in State Run is rebooting. Reason: AP was reset.
Explanation	The AP rebooted for a specific reason.
Recommended action	No action is required.

APMGR_CWC_RUN_DOWNLOAD_COMPLETE

Message text	File [STRING] successfully downloaded through the CAPWAP tunnel to AC [STRING].
Variable fields	$1: File name. $2: AC IP address.
Severity level	6
Example	APMGR/6/APMGR_CWC_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel to AC 192.168.10.1.
Explanation	The AP downloaded the file from the AC successfully.
Recommended action	No action is required.

APMGR_CWC_RUN_DOWNLOAD_START

Message text	Started to download the file [STRING] through the CAPWAP tunnel to AC [STRING].
Variable fields	$1: File name. $2: AC IP address.
Severity level	6
Example	APMGR/6/APMGR_CWC_RUN_DOWNLOAD_START: Started to download the file ac.cfg through the CAPWAP tunnel to AC 192.168.10.1.
Explanation	The AP started to download the file from the AC.
Recommended action	Make sure the AP is correctly connected to the AC.

APMGR_CWC_RUN_NO_ENOUGH_SPACE

Message text	Insufficient flash memory space for downloading file [STRING].
Variable fields	$1: File name.
Severity level	6
Example	APMGR/6/APMGR_CWC_RUN_NO_ENOUGH_SPACE: Insufficient flash memory space for downloading file ac.cfg.
Explanation	The AP failed to download the file from the AC because of insufficient flash memory.
Recommended action	Delete files not in use from the AP.

APMGR_CWC_TUNNEL_DOWN

Message text	CAPWAP tunnel to AC [STRING] went down. Reason: [STRING].
Variable fields	$1: AC IP address. $2: Reason: · Added AP IP address. · Deleted AP IP address. · AP interface used for CAPWAP tunnel went down. · AP config changed. · AP was reset. · Number of echo retransmission attempts exceeded the limit. · Full retransmission queue. · Data channel timer expired. · Backup AC IP address changed. · Backup tunnel changed to master tunnel. · Failed to change backup tunnel to master tunnel. · Backup method changed. · N/A.
Severity level	6
Example	APMGR/6/APMGR_CWC_TUNNEL_DOWN: CAPWAP tunnel to AC 192.168.10.1 went down. Reason: AP was reset.
Explanation	The CAPWAP tunnel between the AP and the AC was terminated for a specific reason.
Recommended action	Examine the network connection between the AP and the AC.

APMGR_CWC_TUNNEL_UP

Message text	[STRING] CAPWAP tunnel to AC [STRING] went up.
Variable fields	$1: Tunnel type: · Master. · Backup. $2: AC IP address.
Severity level	6
Example	APMGR/6/APMGR_CWC_TUNNEL_UP: Master CAPWAP tunnel to AC 192.168.10.1 went up.
Explanation	The AP was connected to the AC successfully and entered Run state.
Recommended action	No action is required.

APMGR_CWS_IMG_DOWNLOAD_COMPLETE

Message text	System software image file [STRING] downloading through the CAPWAP tunnel for AP [STRING] completed.
Variable fields	$1: Image file name. $2: AP name.
Severity level	6
Example	APMGR/6/APMGR_ CWS_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel for AP ap2 completed.
Explanation	The AP downloaded the image file from the AC successfully.
Recommended action	No action is required.

APMGR_CWS_IMG_DOWNLOAD_START

Message text	AP [STRING] started to download the system software image file [STRING].
Variable fields	$1: AP name. $2: Image file name.
Severity level	6
Example	APMGR/6/APMGR_CWS_IMG_DOWNLOAD_START: AP ap1 started to download the system software image file 5800.ipe.
Explanation	The AP started to download the image file from the AC.
Recommended action	No action is required.

APMGR_CWS_LOCAL_AC_DOWN

Message text	CAPWAP tunnel to local AC [STRING] went down. Reason: [STRING].
Variable fields	$1: IP address of the local AC. $2: Reason: · Neighbor dead timer expired. · Local AC was deleted. · Serial number changed. · Processed join request in Run state. · Failed to retransmit message. · N/A
Severity level	4
Example	APMGR/4/APMGR_CWS_LOCAL_AC_DOWN: CAPWAP tunnel to local AC 1.1.1.1 went down. Reason: Serial number changed.
Explanation	The CAPWAP tunnel between the central AC and the local AC was terminated for a specific reason.
Recommended action	To resolve the issue: 1. Examine the network connection between the central AC and the local AC. 2. Verify that the central AC is correctly configured. 3. Verify that the local AC is correctly configured. 4. If the issue persists, contact H3C Support.

APMGR_CWS_LOCAL_AC_UP

Message text	CAPWAP tunnel to local AC [STRING] went up.
Variable fields	$1: IP address of the local AC.
Severity level	6
Example	APMGR/6/APMGR_CWS_LOCAL_AC_UP: CAPWAP tunnel to local AC 1.1.1.1 went up.
Explanation	The central AC has established a CAPWAP tunnel with the local AC.
Recommended action	No action is required.

APMGR_CWS_RUN_DOWNLOAD_COMPLETE

Message text	File [STRING] successfully downloaded through the CAPWAP tunnel for AP [STRING].
Variable fields	$1: File name. $2: AP name.
Severity level	6
Example	APMGR/6/APMGR_CWS_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel for AP ap2.
Explanation	The AP downloaded the file from the AC successfully.
Recommended action	No action is required.

APMGR_CWS_RUN_DOWNLOAD_START

Message text	AP [STRING] started to download the file [STRING].
Variable fields	$1: AP name. $2: File name.
Severity level	6
Example	APMGR/6/APMGR_CWS_RUN_DOWNLOAD_START: AP ap1 started to download the file ac.cfg.
Explanation	The AP started to download the file from the AC.
Recommended action	No action is required.

APMGR_CWS_TUNNEL_DOWN

Message text	CAPWAP tunnel to AP [STRING] went down. Reason: [STRING].
Variable fields	$1: AP name. $2: Reason: · Neighbor dead timer expired. · AP was reset. · AP was deleted. · Serial number changed. · Processed join request in Run state. · Failed to retransmit message. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Tunnel switched. · N/A.
Severity level	6
Example	APMGR/6/APMGR_CWS_TUNNEL_DOWN: CAPWAP tunnel to AP ap1 went down. Reason: AP was reset.
Explanation	The AP went offline for a specific reason.
Recommended action	To resolve the issue: 1. Examine the network connection between the AP and the AC. 2. Verify that the AP is correctly configured. 3. Verify that the AC is correctly configured. 4. If the issue persists, contact H3C Support.

APMGR_CWS_TUNNEL_UP

Message text	[STRING] CAPWAP tunnel to AP [STRING] went up.
Variable fields	$1: Tunnel type: · Master. · Backup. $2: AP name.
Severity level	6
Example	APMGR/6/APMGR_CWS_TUNNEL_UP: Backup CAPWAP tunnel to AP ap1 went up.
Explanation	The AP came online and entered Run state.
Recommended action	No action is required.

APMGR_DELBAC_INFO

Message text	Delete BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	APMGR/6/APMGR_DELBAC_INFO: Delete BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was disconnected from the master AC.
Recommended action	No action is required.

APMGR_LOCAL_AC_OFFLINE

Message text	Local AC [STRING] went offline. State changed to Idle.
Variable fields	$1: Name of the local AC.
Severity level	6
Example	APMGR/6/APMGR_LOCAL_AC_OFFLINE: Local AC ac1 went offline. State changed to Idle.
Explanation	The local AC went offline. The state of the local AC changed to Idle.
Recommended action	1. If the local AC went offline abnormally, check the debugging information to locate the issue and resolve it. 2. If the issue persists, contact H3C Support.

APMGR_LOCAL_AC_ONLINE

Message text	Local AC [STRING] went online. State changed to Run.
Variable fields	$1: Name of the local AC.
Severity level	6
Example	APMGR/6/APMGR_LOCAL_AC_ONLINE: Local AC ac1 went online. State changed to Run.
Explanation	The local AC came online. The state of the local AC changed to Run.
Recommended action	No action is required.

ARP messages

This section contains ARP messages.

ARP_ACTIVE_ACK_NO_REPLY

Message text	No ARP reply from IP [STRING] was received on interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface GigabitEthernet1/0/1.
Explanation	The ARP active acknowledgement feature did not receive an ARP reply after it sent an ARP request to the sender IP of an ARP message. This message indicates the risk of attacks.
Recommended action	1. Verify that the learned ARP entries on the device are consistent with the existing legal devices. When gateways and servers are on the network, check the ARP entries for these devices first. 2. If the ARP entries are correct and the attack continues, contact H3C Support.

ARP_ACTIVE_ACK_NOREQUESTED_REPLY

Message text	Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device.
Variable fields	$1: Interface name. $2: IP address.
Severity level	6
Example	ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface GigabitEthernet1/0/1 received from IP 192.168.10.1 an ARP reply that was not requested by the device.
Explanation	The ARP active acknowledgement feature received an unsolicited ARP reply from a sender IP. This message indicates the risk of attacks.
Recommended action	No action is required. The device discards the ARP reply automatically.

ARP_BINDRULETOHW_FAILED

Message text	Failed to download binding rule to hardware on the interface [STRING], SrcIP [IPADDR], SrcMAC [MAC], VLAN [UINT16], Gateway MAC [MAC].
Variable fields	$1: Interface name. $2: Source IP address. $3: Source MAC address. $4: VLAN ID. $5: Gateway MAC address.
Severity level	5
Example	ARP/5/ARP_BINDRULETOHW_FAILED: Failed to download binding rule to hardware on the interface GigabitEthernet1/0/1, SrcIP 1.1.1.132, SrcMAC 0015-E944-A947, VLAN 1, Gateway MAC 00A1-B812-1108.
Explanation	The system failed to set a binding rule to the hardware on an interface. The message is sent in any of the following situations: · The resources are not sufficient for the operation. · The memory is not sufficient for the operation. · A hardware error occurs.
Recommended action	To resolve the problem: 1. Execute the display qos-acl resource command to check if the ACL resources for the operation are sufficient. ¡ If yes, proceed to step 2. ¡ If no, delete unnecessary configuration to release ACL resources. If no configuration can be deleted, proceed to step 2. 2. Execute the display memory command to check if the memory for the operation is sufficient. ¡ If yes, proceed to step 3. ¡ If no, delete unnecessary configuration to release memory. If no configuration can be deleted, proceed to step 3. 3. Delete the configuration and perform the operation again.

ARP_DETECTION_LOG

Message text	Detected an ARP attack on interface [STRING]: IP [STRING], MAC [STRING], VLAN [STRING]. [UINT32] packet(s) dropped.
Variable fields	$1: Interface name. $2: IP address. $3: MAC address. $4: VLAN ID. $5: Number of dropped packets.
Severity level	5
Example	ARP/5/ARP_INSPECTION: -MDC=1; Detected an ARP attack on interface GigabitEthernet1/0/1: IP 1.1.1.1, MAC 1-1-1, VLAN 100. 2 packet(s) dropped.
Explanation	An ARP attack was detected on an interface and attack packets were dropped.
Recommended action	Check the source of the ARP attack.

ARP_DUPLICATE_IPADDR_DETECT

Message text	Detected an IP address conflict. The device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] and the device with MAC address [STRING] connected to interface [STRING] in VSI [STRING] were using the same IP address [IPADDR].
Variable fields	$1: MAC address. $2: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.) $3: VSI name. $4: MAC address. $5: Interface name. (The interface can be a tunnel interface, Layer 3 interface, or Ethernet service instance.) $6: VSI name. $7: Conflicting IP address.
Severity level	4
Example	ARP/4/ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address 00-00-01 connected to interface GigabitEthernet1/0/1 service-instance 1000 in VSI vpna and the device with MAC address 00-00-02 connected to interface tunnel 10 in VSI vpna were using the same IP address 192.168.1.1.
Explanation	This message is sent when an interface receives an ARP message in which the sender information conflicts with an existing ARP entry. The sender IP address is the same as the IP address in the entry, but the MAC addresses are different.
Recommended action	Change the IP address on either of the two devices.

ARP_DYNAMIC

Message text	The maximum number of dynamic ARP entries for the device reached.
Variable fields	N/A
Severity level	6
Example	ARP/6/ARP_DYNAMIC: The maximum number of dynamic ARP entries for the device reached.
Explanation	The maximum number of dynamic ARP entries for the device was reached.
Recommended action	No action is required.

ARP_DYNAMIC_IF

Message text	The maximum number of dynamic ARP entries for interface [STRING] reached.
Variable fields	$1: Interface name.
Severity level	6
Example	ARP/6/ARP_DYNAMIC_IF: The maximum number of dynamic ARP entries for interface GigabitEthernet1/0/1 reached.
Explanation	The maximum number of dynamic ARP entries for the specified interface was reached.
Recommended action	No action is required.

ARP_DYNAMIC_SLOT

Message text	Pattern 1: The maximum number of dynamic ARP entries for slot [INT32] reached. Pattern 2: The maximum number of dynamic ARP entries for chassis [INT32] slot [INT32] reached.
Variable fields	Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number.
Severity level	6
Example	ARP/6/ARP_DYNAMIC_SLOT: The maximum number of dynamic ARP entries for slot 2 reached.
Explanation	Pattern 1: The maximum number of dynamic ARP entries for the slot was reached. Pattern 2: The maximum number of dynamic ARP entries for the slot on the chassis was reached.
Recommended action	No action is required.

ARP_ENTRY_CONFLICT

Message text	The software entry for [STRING] on [STRING] and the hardware entry did not have the same [STRING].
Variable fields	$1: IP address. $2: VPN instance name. If the ARP entry belongs to the public network, this field displays the public network. $3: Inconsistent items: · MAC address. · output interface. · output port. · outermost layer VLAN ID. · second outermost layer VLAN ID. · VSI index. · link ID.
Severity level	6
Example	ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.1 on the VPN a and the hardware entry did not have the same MAC address, output port, VSI index, and link ID. ARP/6/ARP_ENTRY_CONFLICT: The software entry for 1.1.1.2 on the public network and the hardware entry did not have the same MAC address, output port, VSI index, and link ID.
Explanation	The software entry for the specified IP address is not the same as the hardware entry. For example, they do not have the same output interface.
Recommended action	No action is required. ARP automatically refreshes the hardware entries.

ARP_ENTRY_ENOUGHRESOURCE

Message text	Issued the software entry to the driver for IPv4 address [STRING] on VPN instance [STRING]. Issued the software entry to the driver for IPv4 address [STRING] on the public network.
Variable fields	$1: IPv4 address. $2: VPN instance name. If the ARP entry belongs to the public network, this field is not displayed.
Severity level	6
Example	ARP/6/ARP_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv4 address 10.1.1.1 on VPN instance vpn_1. ARP/6/ARP_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv4 address 10.1.1.2 on the public network.
Explanation	After ARP entry consistency check is enabled by using the arp consistency-check enable command, a log is output when ARP successfully refreshes hardware entries according to software entries.
Recommended action	No action is required.

ARP_ENTRY_INCONSISTENT

Message text	Inconsistent software and hardware ARP entries for IPv4 address [STRING] on VPN instance [STRING]. Inconsistent parameters: [STRING]. Inconsistent software and hardware ARP entries for IPv4 address [STRING] on the public network. Inconsistent parameters: [STRING].
Variable fields	$1: IPv4 address. $2: VPN instance name. If the ARP entry belongs to the public network, this field is not displayed. $3: Inconsistent items: · MAC address. · output interface. · output port. · outermost layer VLAN ID. · second outermost layer VLAN ID. · VSI index. · link ID.
Severity level	6
Example	ARP/6/ARP_ENTRY_INCONSISTENT: Inconsistent software and hardware ARP entries for IPv4 address 10.1.1.1 on VPN instance vpn_1. Inconsistent parameters: MAC address, output port, VSI index, and link ID. ARP/6/ARP_ENTRY_INCONSISTENT: Inconsistent software and hardware ARP entries for IPv4 address 10.1.1.2 on the public network. Inconsistent parameters: MAC address, output port, VSI index, and link ID.
Explanation	After ARP entry consistency check is enabled by using the arp consistency-check enable command, a log is output when the device detects an inconsistency between software and hardware entries (for example, inconsistent output interface).
Recommended action	No action is required. ARP automatically refreshes the hardware entries.

ARP_ENTRY_NORESOURCE

Message text	Not enough hardware resources to issue the software entry to the driver for IPv4 address [STRING] on VPN instance [STRING]. Not enough hardware resources to issue the software entry to the driver for IPv4 address [STRING] on the public network.
Variable fields	$1: IPv4 address. $2: VPN instance name. If the ARP entry belongs to the public network, this field is not displayed.
Severity level	6
Example	ARP/6/ARP_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv4 address 10.1.1.1 on VPN instance vpn_1. ARP/6/ARP_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv4 address 10.1.1.2 on the public network.
Explanation	After ARP entry consistency check is enabled by using the arp consistency-check enable command, a log is output when the device does not have sufficient hardware resources to deploy software entries to the driver.
Recommended action	No action is required. ARP automatically refreshes the hardware entries.

ARP_HOST_IP_CONFLICT

Message text	The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IP address as the host connected to interface [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: Interface name.
Severity level	4
Example	ARP/4/ARP_HOST_IP_CONFLICT: The host 1.1.1.1 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IP address as the host connected to interface GigabitEthernet1/0/2.
Explanation	The sender IP address in a received ARP message conflicted with the IP address of a host connected to another interface.
Recommended action	Check whether the hosts that send the ARP messages are legitimate. Disconnect the illegal host from the network.

ARP_LOCALPROXY_ENABLE_FAILED

Message text	Failed to enable local proxy ARP on interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	ARP/4/ARP_LOCALPROXY_ENABLE_FAILED: -MDC=1-Slot=2; Failed to enable local proxy ARP on interface VSI-interface 1.
Explanation	This message is sent when the device fails to enable local proxy ARP on an interface in a slot. If the interface resides on the MPU, the slot number is 0.
Recommended action	1. Verify that the card supports local proxy ARP. 2. Verify that sufficient hardware resources are available.

ARP_PKTQUE_ALERT

Message text	The current size of the ARP_PKT queue has reached [UINT32]. Please check the network environment.
Variable fields	$1: ARP packet queue size.
Severity level	6
Example	ARP/6/ARP_PKTQUE_ALERT: The current size of ARP_PKT queue has reached 4096. Please check the network environment.
Explanation	The system outputs a log every 60 seconds when the size of ARP packet queue exceeds 4 KB.
Recommended action	Verify the sources of illegitimate packets.

ARP_RATE_EXCEEDED

Message text	The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds.
Variable fields	$1: ARP packet rate. $2: ARP limit rate. $3: Interface name. $4: Interval time.
Severity level	4
Example	ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface GigabitEthernet1/0/1 in the last 10 seconds.
Explanation	An interface received ARP messages at a higher rate than the rate limit.
Recommended action	Verify that the hosts at the sender IP addresses are legitimate.

ARP_RATELIMIT_NOTSUPPORT

Message text	Pattern 1: ARP packet rate limit is not support on slot [INT32]. Pattern 2: ARP packet rate limit is not support on chassis [INT32] slot [INT32].
Variable fields	Pattern 1: $1: Slot number. Pattern 2: $1: Chassis number. $2: Slot number.
Severity level	6
Example	ARP/6/ARP_RATELIMIT_NOTSUPPORT: ARP packet rate limit is not support on slot 2.
Explanation	Pattern 1: ARP packet rate limit is not supported on the slot. Pattern 2: ARP packet rate limit is not supported on the slot of the chassis was reached.
Recommended action	Verify that the host at the sender IP address is legitimate.

ARP_SENDER_IP_INVALID

Message text	Sender IP [STRING] was not on the same network as the receiving interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface GigabitEthernet1/0/1.
Explanation	The sender IP of a received ARP message was not on the same network as the receiving interface.
Recommended action	Verify that the host at the sender IP address is legitimate.

ARP_SENDER_MAC_INVALID

Message text	Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING].
Variable fields	$1: MAC address. $2: MAC address. $3: Interface name.
Severity level	6
Example	ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface GigabitEthernet1/0/1.
Explanation	An interface received an ARP message. The sender MAC address in the message body was not identical to the source MAC address in the Ethernet header.
Recommended action	Verify that the host at the sender MAC address is legitimate.

ARP_SENDER_SMACCONFLICT

Message text	Packet was discarded because its sender MAC address was the MAC address of the receiving interface. Interface: [STRING], sender IP: [STRING], target IP: [STRING].
Variable fields	$1: Interface name. $2: Sender IP address. $3: Target IP address.
Severity level	6
Example	ARP/6/ ARP_SENDER_SMACCONFLICT: Packet discarded for the sender MAC address is the same as the receiving interface. Interface: GigabitEthernet1/0/1 sender IP: 1.1.2.2 target IP: 1.1.2.1,
Explanation	The sender MAC address of a received ARP packet conflicts with the MAC address of the device.
Recommended action	No action is required.

ARP_SENDER_SMACCONFLICT_VSI

Message text	Packet was discarded because its sender MAC address was the MAC address of the receiving interface. Interface: [STRING], sender IP: [STRING], target IP: [STRING],VSI index: [UINT32], link ID: [UINT32].
Variable fields	$1: Interface name. $2: Sender IP address. $3: Target IP address. $4: VSI index. $5: Link ID.
Severity level	6
Example	ARP/6/ ARP_SENDER_SMACCONFLICT_VSI: Packet discarded for the sender MAC address is the same as the receiving interface. Interface: VSI3 sender IP: 1.1.2.2 target IP: 1.1.2.1, VSI Index: 2, Link ID: 0
Explanation	The sender MAC address of a received ARP packet conflicts with the MAC address of the device. The receiving interface is a VSI interface.
Recommended action	No action is required.

ARP_SRC_MAC_FOUND_ATTACK

Message text	An attack from MAC [STRING] was detected on interface [STRING].
Variable fields	$1: MAC address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface GigabitEthernet1/0/1.
Explanation	The source MAC-based ARP attack detection feature received more ARP packets from the same MAC address within 5 seconds than the specified threshold. This message indicates the risk of attacks.
Recommended action	Verify that the host at the source MAC address is legitimate.

ARP_SUP_ENABLE_FAILED

Message text	Failed to enable ARP flood suppression on VSI [STRING].
Variable fields	$1: VSI name.
Severity level	4
Example	ARP/4/ARP_SUP_ENABLE_FAILED: -MDC=1; Failed to enable ARP flood suppression on VSI vpna.
Explanation	This message is sent when the system failed to enable ARP flood suppression for a VSI. The minimum interval between two log messages is 2 seconds. To make the system send the message successfully, wait for a minimum of 2 seconds before you enable ARP flood suppression for another VSI.
Recommended action	1. Verify that the device supports ARP flood suppression. 2. Verify that the hardware resources are sufficient.

ARP_TARGET_IP_INVALID

Message text	Target IP [STRING] was not the IP of the receiving interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface GigabitEthernet1/0/1.
Explanation	The target IP address of a received ARP message was not the IP address of the receiving interface.
Recommended action	Verify that the host at the sender IP address is legitimate.

ARP_THRESHOLD_REACHED

Message text	The alarm threshold for dynamic ARP entry learning was reached on interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	ARP/4/ARP_THRESHOLD_REACHED: The alarm threshold for dynamic ARP entry learning was reached on interface GigabitEthernet1/0/1.
Explanation	This message is sent when the alarm threshold for dynamic ARP learning was reached on GigabitEthernet 1/0/1.
Recommended action	Verify that the number of learned dynamic ARP entries matches the actual number of devices in the network and no ARP attack sources exist in the network.

ARP_USER_DUPLICATE_IPADDR_DETECT

Message text	Detected a user IP address conflict. New user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] and old user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] were using the same IP address [IPADDR].
Variable fields	$1: MAC address of a new user. $2: Outer VLAN to which the new user belongs. $3: Inner VLAN to which the new user belongs. $4: Name of the interface connecting to the new user. $5: MAC address of an old user. $6: Outer VLAN to which the old user belongs. $7: Inner VLAN to which the old user belongs. $8: Name of the interface connecting to the old user. $9: IP address.
Severity level	6
Example	ARP/6/ARP_USER_DUPLICATE_IPADDR_DETECT: Detected a user IP address conflict. New user (MAC 0010-2100-01e1, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 and old user (MAC 0120-1e00-0102, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 were using the same IP address 192.168.1.1.
Explanation	ARP detected a user IP address conflict. The IP address of a new user is the same as the IP address of an old user.
Recommended action	Verify that all users have different IP addresses.

ARP_USER_MOVE_DETECT

Message text	Detected a user (IP address [IPADDR], MAC address [STRING]) moved to another interface. Before user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. After user move: interface [STRING], SVLAN [STRING], CVLAN [STRING].
Variable fields	$1: IP address of the user. $2: MAC address of the user. $3: Interface name before the migration. $4: Outer VLAN to which the user belongs before the migration. $5: Inner VLAN to which the user belongs before the migration. $6: Interface name after the migration. $7: Outer VLAN to which the user belongs after the migration. $8: Inner VLAN to which the user belongs after the migration.
Severity level	6
Example	ARP/6/ARP_USER_MOVE_DETECT: Detected a user (IP address 192.168.1.1, MAC address 0010-2100-01e1) moved to another interface. Before user move: interface GigabitEthernet1/0/1, SVLAN 100, CVLAN 10. After user move: interface GigabitEthernet1/0/2, SVLAN 100, CVLAN 10.
Explanation	ARP detected a user accesses the network through another port.
Recommended action	Use the display arp user-move record command to verify that the migration is legitimate.

DUPIFIP

Message text	Duplicate address [STRING] on interface [STRING], sourced from [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: MAC Address.
Severity level	6
Example	ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947.
Explanation	ARP detected a duplicate address. The sender IP in the received ARP packet was being used by the receiving interface.
Recommended action	Modify the IP address configuration.

DUPIP

Message text	IP address [STRING] conflicted with global or imported IP address, sourced from [STRING].
Variable fields	$1: IP address. $2: MAC Address.
Severity level	6
Example	ARP/6/DUPIP: IP address 30.1.1.1 conflicted with global or imported IP address, sourced from 0000-0000-0001.
Explanation	The sender IP address of the received ARP packet conflicted with the global or imported IP address.
Recommended action	Modify the IP address configuration.

DUPVRRPIP

Message text	IP address [STRING] conflicted with VRRP virtual IP address on interface [STRING], sourced from [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: MAC address.
Severity level	6
Example	ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicted with VRRP virtual IP address on interface GigabitEthernet1/0/1, sourced from 0015-E944-A947.
Explanation	The sender IP address of the received ARP packet conflicted with the VRRP virtual IP address.
Recommended action	Modify the IP address configuration.

ATK messages

This section contains attack detection and prevention messages.

ATK_ICMP_ADDRMASK_REQ

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ: IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP address mask request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_REQ_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW: IcmpType(1058)=17; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_REQ_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW_SZ: IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_REQ_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ_SZ: IcmpType(1058)=17; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP address mask request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL: IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP address mask reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW: IcmpType(1058)=18; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW_SZ: IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL_SZ: IcmpType(1058)=18; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP address mask reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ: IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Destination port number. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ_RAW: IcmpType(1058)=8; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP echo request is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1004)=[UINT16]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Destination port number. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ_RAW_SZ: IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DstPort(1004)=22; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP echo request is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ_SZ: IcmpType(1058)=8; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL: IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL_RAW: IcmpType(1058)=0; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL_RAW_SZ: IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL_SZ: IcmpType(1058)=0; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ: IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP information request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ_RAW: IcmpType(1058)=15; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP information request is received.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ_RAW_SZ: IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP information request is received.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ_SZ: IcmpType(1058)=15; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP information request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL: IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP information reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL_RAW: IcmpType(1058)=16; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP information reply is received.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL_RAW_SZ: IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP information reply is received.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL_SZ: IcmpType(1058)=16; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP information reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_LARGE

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_LARGE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when large ICMP packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_LARGE_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_LARGE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_LARGE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_LARGE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_LARGE_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_LARGE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when large ICMP packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM: IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM_RAW: IcmpType(1058)=12; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM_RAW_SZ: IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM_SZ: IcmpType(1058)=12; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.
Recommended action	No action is required.

ATK_ICMP_REDIRECT

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT: IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP redirect logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_REDIRECT_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT_RAW: IcmpType(1058)=5; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.
Recommended action	No action is required.

ATK_ICMP_REDIRECT_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT_RAW_SZ: IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.
Recommended action	No action is required.

ATK_ICMP_REDIRECT_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT_SZ: IcmpType(1058)=5; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP redirect logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_SMURF

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides.
Recommended action	No action is required.

ATK_ICMP_SMURF_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time a request is received.
Recommended action	No action is required.

ATK_ICMP_SMURF_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time a request is received.
Recommended action	No action is required.

ATK_ICMP_SMURF_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH: IcmpType(1058)=4; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP source quench logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH_RAW: IcmpType(1058)=4; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH_RAW_SZ: IcmpType(1058)=4; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH_SZ: IcmpType(1058)=4; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP source quench logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED: IcmpType(1058)=11; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED_RAW: IcmpType(1058)=11; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED_RAW_SZ: IcmpType(1058)=11; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED_SZ: IcmpType(1058)=11; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_TRACEROUTE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for ICMP time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_TRACEROUTE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_TRACEROUTE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_TRACEROUTE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for ICMP time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ: IcmpType(1058)=13; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP timestamp logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ_RAW: IcmpType(1058)=13; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ_RAW_SZ: IcmpType(1058)=13; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ_SZ: IcmpType(1058)=13; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP timestamp logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL: IcmpType(1058)=14; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP timestamp reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL_RAW: IcmpType(1058)=14; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL_RAW_SZ: IcmpType(1058)=14; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL_SZ: IcmpType(1058)=14; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP timestamp reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TYPE

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE: IcmpType(1058)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMP packets.
Recommended action	No action is required.

ATK_ICMP_TYPE_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE_RAW: IcmpType(1058)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_TYPE_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE_RAW_SZ: IcmpType(1058)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_TYPE_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE_SZ: IcmpType(1058)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMP packets.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE: IcmpType(1058)=3; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE_RAW

Message text	IcmpType(1058)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE_RAW: IcmpType(1058)=3; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE_RAW_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE_RAW_SZ: IcmpType(1058)=3; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE_SZ

Message text	IcmpType(1058)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE_SZ: IcmpType(1058)=3; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011091319; EndTime_c(1012)=20131011091819; AtkTimes(1050)=2.
Explanation	This message is sent when ICMP destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH: Icmpv6Type(1059)=133; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH_RAW

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH_RAW: Icmpv6Type(1059)=133; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH_RAW_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH_RAW_SZ: Icmpv6Type(1059)=133; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH_SZ: Icmpv6Type(1059)=133; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ: Icmpv6Type(1059)=128; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ_RAW

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ_RAW: Icmpv6Type(1059)=128; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ_RAW_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ_RAW_SZ: Icmpv6Type(1059)=128; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ_SZ: Icmpv6Type(1059)=128; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL: Icmpv6Type(1059)=129; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL_RAW

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL_RAW: Icmpv6Type(1059)=129; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL_RAW_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL_RAW_SZ: Icmpv6Type(1059)=129; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL_SZ: Icmpv6Type(1059)=129; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMPV6_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1007)=2002::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMPV6_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMPV6_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1007)=2002::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY: Icmpv6Type(1059)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 multicast listener query logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY_RAW

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY_RAW: Icmpv6Type(1059)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY_RAW_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY_RAW_SZ: Icmpv6Type(1059)=130; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY_SZ: Icmpv6Type(1059)=130; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 multicast listener query logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION: Icmpv6Type(1059)=132; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 multicast listener done logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION_RAW

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION_RAW: Icmpv6Type(1059)=132; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION_RAW_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION_RAW_SZ: Icmpv6Type(1059)=132; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION_SZ: Icmpv6Type(1059)=132; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 multicast listener done logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT: Icmpv6Type(1059)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 multicast listener report logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT_RAW

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT_RAW: Icmpv6Type(1059)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT_RAW_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT_RAW_SZ: Icmpv6Type(1059)=131; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT_SZ: Icmpv6Type(1059)=131; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 multicast listener report logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_LARGE

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_LARGE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when large ICMPv6 packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_LARGE_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMPV6_LARGE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received.
Recommended action	No action is required.

ATK_ICMPV6_LARGE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMPV6_LARGE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received.
Recommended action	No action is required.

ATK_ICMPV6_LARGE_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_LARGE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when large ICMPv6 packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG: Icmpv6Type(1059)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 packet too big logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG_RAW

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG_RAW: Icmpv6Type(1059)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG_RAW_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG_RAW_SZ: Icmpv6Type(1059)=136; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG_SZ: Icmpv6Type(1059)=136; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 packet too big logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM: Icmpv6Type(1059)=135; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM_RAW

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM_RAW: Icmpv6Type(1059)=135; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM_RAW_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM_RAW_SZ: Icmpv6Type(1059)=135; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM_SZ: Icmpv6Type(1059)=135; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED: Icmpv6Type(1059)=134; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED_RAW

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED_RAW: Icmpv6Type(1059)=134; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED_RAW_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED_RAW_SZ: Icmpv6Type(1059)=134; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED_SZ: Icmpv6Type(1059)=134; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when ICMPv6 time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_TRACEROUTE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_TRACEROUTE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_TRACEROUTE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_TRACEROUTE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMPV6_TYPE

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE: Icmpv6Type(1059)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMPv6 packets.
Recommended action	No action is required.

ATK_ICMPV6_TYPE _RAW_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE_RAW_SZ: Icmpv6Type(1059)=38; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TYPE_RAW

Message text	Icmpv6Type(1059)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE_RAW: Icmpv6Type(1059)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TYPE_SZ

Message text	Icmpv6Type(1059)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE_SZ: Icmpv6Type(1059)=38; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=5600::12; DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011100935; EndTime_c(1012)=20131011101435; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMPv6 packets.
Recommended action	No action is required.

ATK_IP_OPTION

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IP_OPTION: IPOptValue(1057)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with a user-defined IP option.
Recommended action	No action is required.

ATK_IP_OPTION_RAW

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IP_OPTION_RAW: IPOptValue(1057)=38; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received.
Recommended action	No action is required.

ATK_IP_OPTION_RAW_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IP_OPTION_RAW_SZ: IPOptValue(1057)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received.
Recommended action	No action is required.

ATK_IP_OPTION_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IP_OPTION_SZ: IPOptValue(1057)=38; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with a user-defined IP option.
Recommended action	No action is required.

ATK_IP4_ACK_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_ACK_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_ACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_ACK_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_DIS_PORTSCAN

Message text	RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; TcpFlag(1074)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Protocol name. $3: TCP packet type. (This field is available only for TCP packets.) $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DIS_PORTSCAN: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=TCP; TcpFlag(1074)=[SYN]; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_DIS_PORTSCAN_SZ

Message text	SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Protocol name. $3: Destination IP address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DIS_PORTSCAN_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_DNS_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DNS_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_DNS_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DNS_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_FIN_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_FIN_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_FIN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_FIN_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_FRAGMENT

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_FRAGMENT: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP4_FRAGMENT_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_FRAGMENT_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging.
Explanation	This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_FRAGMENT_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_FRAGMENT_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging.
Explanation	This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_FRAGMENT_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_FRAGMENT_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP4_HTTP_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_HTTP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_HTTP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_HTTP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging.
Explanation	This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging.
Explanation	This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address.
Recommended action	No action is required.

ATK_IP4_IPSWEEP

Message text	RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IPSWEEP: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009060657.
Explanation	This message is sent when an IPv4 sweep attack is detected.
Recommended action	No action is required.

ATK_IP4_IPSWEEP_SZ

Message text	SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IPSWEEP_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009060657.
Explanation	This message is sent when an IPv4 sweep attack is detected.
Recommended action	No action is required.

ATK_IP4_PORTSCAN

Message text	RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; DstIPAddr(1007)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Destination IP address. $7: Actions against the attack. $8: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_PORTSCAN: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; DstIPAddr(1007)=6.1.1.5; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_PORTSCAN_SZ

Message text	SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; DstIPAddr(1007)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Protocol name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Name of the receiving VPN instance. $6: Destination IP address. $7: Actions against the attack. $8: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_PORTSCAN_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; DstIPAddr(1007)=6.1.1.5; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_RST_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_RST_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_RST_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_RST_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYN_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYN_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYN_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYNACK_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYNACK_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYNACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYNACK_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP4_TCP_LAND

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets whose source IP address is the same as the destination IP address.
Recommended action	No action is required.

ATK_IP4_TCP_LAND_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the IPv4 land attack. The attack uses IPv4 TCP packets whose source IP address is the same as the destination IP address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_LAND_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the IPv4 land attack. The attack uses IPv4 TCP packets whose source IP address is the same as the destination IP address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_LAND_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets whose source IP address is the same as the destination IP address.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=4.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=4.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=5.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=5.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP4_TEARDROP

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 overlapping fragments.
Recommended action	No action is required.

ATK_IP4_TEARDROP_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received. If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received.
Recommended action	No action is required.

ATK_IP4_TEARDROP_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received. If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received.
Recommended action	No action is required.

ATK_IP4_TEARDROP_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for IPv4 overlapping fragments.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TINY_FRAGMENT: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=6.
Explanation	This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TINY_FRAGMENT_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging.
Explanation	This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TINY_FRAGMENT_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging.
Explanation	This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TINY_FRAGMENT_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=TCP; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=6.
Explanation	This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header.
Recommended action	No action is required.

ATK_IP4_UDP_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_UDP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPAddr(1007)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPAddr(1007)=6.1.1.5; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=11.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=11.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131011074913; EndTime_c(1012)=20131011075413; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IP6_ACK_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_ACK_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_ACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_ACK_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_DIS_PORTSCAN

Message text	RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Protocol name. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DIS_PORTSCAN: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=UDP; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009100928.
Explanation	This message is sent when an IPv6 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_DIS_PORTSCAN_SZ

Message text	SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Protocol name. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DIS_PORTSCAN_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009100928.
Explanation	This message is sent when an IPv6 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_DNS_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DNS_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_DNS_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DNS_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_FIN_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_FIN_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_FIN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_FIN_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_FRAGMENT

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_FRAGMENT: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP6_FRAGMENT_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_FRAGMENT_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging.
Explanation	This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_FRAGMENT_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_FRAGMENT_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging.
Explanation	This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_FRAGMENT_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_FRAGMENT_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP6_HTTP_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_HTTP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_HTTP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_HTTP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging.
Explanation	This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging.
Explanation	This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=1::1; RcvVPNInstance(1041)=--; Protocol(1001)=IPv6-ICMP; Action(1049)=logging; BeginTime_c(1011)=20131011103335; EndTime_c(1012)=20131011103835; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_IPSWEEP

Message text	RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IPSWEEP: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=UDP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100639.
Explanation	This message is sent when an IPv6 sweep attack is detected.
Recommended action	No action is required.

ATK_IP6_IPSWEEP_SZ

Message text	SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IPSWEEP_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100639.
Explanation	This message is sent when an IPv6 sweep attack is detected.
Recommended action	No action is required.

ATK_IP6_PORTSCAN

Message text	RcvIfName(1023)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Destination IPv6 address. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_PORTSCAN: RcvIfName(1023)=Ethernet0/0/2; Protocol(1001)=UDP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; DstIPv6Addr(1037)=2::2; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100455.
Explanation	This message is sent when an IPv6 port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_PORTSCAN_SZ

Message text	SrcZoneName(1025)=[STRING]; Protocol(1001)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Protocol name. $3: Source IPv6 address. $4: Name of the receiving VPN instance. $5: Destination IPv6 address. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_PORTSCAN_SZ: SrcZoneName(1025)=Trust; Protocol(1001)=TCP; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; DstIPv6Addr(1037)=2::2; Action(1049)=logging,block-source; BeginTime_c(1011)=20131009100455.
Explanation	This message is sent when an IPv6 port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_RST_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_RST_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_RST_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_RST_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYN_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYN_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYN_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYNACK_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYNACK_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYNACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYNACK_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.f

ATK_IP6_TCP_INVALIDFLAGS_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP6_TCP_LAND

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_TCP_LAND_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the IPv6 land attack. The attack uses IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_LAND_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the IPv6 land attack. The attack uses IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_LAND_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=2000::1; DstIPv6Addr(1037)=2003::200; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP6_UDP_FLOOD

Message text	RcvIfName(1023)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FLOOD: RcvIfName(1023)=Ethernet0/0/2; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_UDP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING]; DstIPv6Addr(1037)=[IPADDR]; DstPort(1008)=[UINT16]; RcvVPNInstance(1041)=[STRING]; UpperLimit(1048)=[UINT32]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FLOOD_SZ: SrcZoneName(1025)=Trust; DstIPv6Addr(1037)=2::2; DstPort(1008)=22; RcvVPNInstance(1041)=--; UpperLimit(1048)=10; Action(1049)=logging; BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK_SZ: SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011072002; EndTime_c(1012)=20131011072502; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with more than two IP options.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL_RAW

Message text	RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL_RAW: RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	This message is for packets that each has more than two IP options. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL_RAW_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL_RAW_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	This message is for packets that each has more than two IP options. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL_SZ

Message text	SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL_SZ: SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011072002; EndTime_c(1012)=20131011072502; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with more than two IP options.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)= [UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE: IPOptValue(1057)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 131.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE_RAW

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE_RAW: IPOptValue(1057)=131; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE_RAW_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE_RAW_SZ: IPOptValue(1057)=131; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)= [UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE_SZ: IPOptValue(1057)=131; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 131.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE: IPOptValue(1057)=7; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 7.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE_RAW

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE_RAW: IPOptValue(1057)=7; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE_RAW_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE_RAW_SZ: IPOptValue(1057)=7; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE_SZ: IPOptValue(1057)=7; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 7.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT: IPOptValue(1057)=148; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 148.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT_RAW

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT_RAW: IPOptValue(1057)=148; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT_RAW_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT_RAW_SZ: IPOptValue(1057)=148; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT_SZ: IPOptValue(1057)=148; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 148.
Recommended action	No action is required.

ATK_IPOPT_SECURITY

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY: IPOptValue(1057)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131009091022; EndTime_c(1012)=20131009091522; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for packets with IP option 130.
Recommended action	No action is required.

ATK_IPOPT_SECURITY_RAW

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY_RAW: IPOptValue(1057)=130; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received.
Recommended action	No action is required.

ATK_IPOPT_SECURITY_RAW_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY_RAW_SZ: IPOptValue(1057)=130; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received.
Recommended action	No action is required.

ATK_IPOPT_SECURITY_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY_SZ: IPOptValue(1057)=130; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131009091022; EndTime_c(1012)=20131009091522; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for packets with IP option 130.
Recommended action	No action is required.

ATK_IPOPT_STREAMID

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID: IPOptValue(1057)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 136.
Recommended action	No action is required.

ATK_IPOPT_STREAMID_RAW

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID_RAW: IPOptValue(1057)=136; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received.
Recommended action	No action is required.

ATK_IPOPT_STREAMID_RAW_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID_RAW_SZ: IPOptValue(1057)=136; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received.
Recommended action	No action is required.

ATK_IPOPT_STREAMID_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID_SZ: IPOptValue(1057)=136; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 136.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE: IPOptValue(1057)=137; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 137.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE_RAW

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE_RAW: IPOptValue(1057)=137; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE_RAW_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE_RAW_SZ: IPOptValue(1057)=137; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE_SZ: IPOptValue(1057)=137; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 137.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP: IPOptValue(1057)=68; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 68.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP_RAW

Message text	IPOptValue(1057)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP_RAW: IPOptValue(1057)=68; RcvIfName(1023)=Ethernet0/0/2; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP_RAW_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP_RAW_SZ: IPOptValue(1057)=68; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP_SZ

Message text	IPOptValue(1057)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; DstIPAddr(1007)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Protocol(1001)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP_SZ: IPOptValue(1057)=68; SrcZoneName(1025)=Trust; SrcIPAddr(1003)=9.1.1.1; DSLiteTunnelPeer(1040)=--; DstIPAddr(1007)=6.1.1.1; RcvVPNInstance(1041)=--; Protocol(1001)=RAWIP; Action(1049)=logging; BeginTime_c(1011)=20131011063123; EndTime_c(1012)=20131011063623; AtkTimes(1050)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 68.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER

Message text	IPv6ExtHeader(1060)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IPv6 extension header value. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER: IPv6ExtHeader(1060)=43; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER_RAW

Message text	IPv6ExtHeader(1060)=[UINT32]; RcvIfName(1023)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IPv6 extension header value. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER_RAW: IPv6ExtHeader(1060)=43; RcvIfName(1023)=Ethernet0/0/2; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER_RAW_SZ

Message text	IPv6ExtHeader(1060)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING].
Variable fields	$1: IPv6 extension header value. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER_RAW_SZ: IPv6ExtHeader(1060)=43; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging.
Explanation	If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER_SZ

Message text	IPv6ExtHeader(1060)=[UINT32]; SrcZoneName(1025)=[STRING]; SrcIPv6Addr(1036)=[IPADDR]; DstIPv6Addr(1037)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Action(1049)=[STRING]; BeginTime_c(1011)=[STRING]; EndTime_c(1012)=[STRING]; AtkTimes(1050)=[UINT32].
Variable fields	$1: IPv6 extension header value. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER_SZ: IPv6ExtHeader(1060)=43; SrcZoneName(1025)=Trust; SrcIPv6Addr(1036)=1::1; DstIPv6Addr(1037)=2::11; RcvVPNInstance(1041)=--; Action(1049)=logging; BeginTime_c(1011)=20131009103631; EndTime_c(1012)=20131009104131; AtkTimes(1050)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header.
Recommended action	No action is required.

BFD messages

This section contains BFD messages.

BFD_CHANGE_FSM

Message text	Sess[STRING], Ver, Sta: [STRING]->[STRING], Diag: [STRING]
Variable fields	$1: Source address, destination address, interface, and message type of the BFD session. $2: Name of FSM before changing. $3: Name of FSM after changing. $4: Diagnostic information: · 0 (No Diagnostic)—The BFD session is in up state. · 1 (Control Detection Time Expired)—A control packet mode BFD session goes down, because local detection times out. · 2 (Echo Function Failed)—An echo packet mode BFD session goes down, because local detection times out or the source IP address of echo packets is deleted. · 3 (Neighbor Signaled Session Down)—The remote end notifies the local end of BFD session down. · 7 (Administratively Down)—The local system prevents a BFD session from being established.
Severity level	5
Example	BFD/5/BFD_CHANGE_FSM:Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface:Vlan204, SessType:Ctrl, LinkType:INET], Ver.1, Sta: INIT->UP, Diag: 0 (No Diagnostic).
Explanation	The FSM of the BFD session has been changed. This informational message appears when a BFD session comes up or goes down. Unexpected session loss might indicate high error or packet loss rates in the network.
Recommended action	Check for incorrect BFD configuration or network congestion.

BFD_EXCEED_UPPER_LIMIT

Message text	The total number of BFD sessions [ULONG] exceeded the upper limit. Can’t create a new session.
Variable fields	$1: Total number of BFD sessions.
Severity level	5
Example	BFD/5/BFD_ EXCEED _UPPER_LIMIT: The total number of BFD sessions 2001 exceeded the upper limit.
Explanation	The total number of BFD sessions has exceeded the upper limit.
Recommended action	Check the BFD session configuration.

BFD_REACHED_UPPER_LIMIT

Message text	The total number of BFD sessions [ULONG] reached the upper limit. Can’t create a new session.
Variable fields	$1: Total number of BFD sessions.
Severity level	5
Example	BFD/5/BFD_REACHED_UPPER_LIMIT: The total number of BFD session 100 reached upper limit.
Explanation	The total number of BFD sessions has reached the upper limit.
Recommended action	Check the BFD session configuration.

BGP messages

This section contains BGP messages.

BGP_EXCEED_ROUTE_LIMIT

Message text	BGP.[STRING]: The number of routes from peer [STRING] ([STRING]) exceeds the limit [UINT32].
Variable fields	$1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Address family of the BGP peer. $4: Maximum number of routes.
Severity level	4
Example	BGP/4/BGP_EXCEED_ROUTE_LIMIT: BGP.vpn1: The number of routes from peer 1.1.1.1 (IPv4-UNC) exceeds the limit 100.
Explanation	The number of routes received from a peer exceeded the maximum number of routes that can be received from the peer.
Recommended action	Determine whether it is caused by attacks: · If yes, configure the device to defend against the attacks. · If not, increase the maximum number of routes.

BGP_REACHED_THRESHOLD

Message text	BGP.[STRING]: The ratio of the number of routes received from peer [STRING] ([STRING]) to the number of allowed routes [UINT32] has reached the threshold ([UINT32]%).
Variable fields	$1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Address family of the BGP peer. $4: Maximum number of routes can be received from the BGP peer. $5: Percentage of received routes to the maximum allowed routes.
Severity level	5
Example	BGP/5/BGP_REACHED_THRESHOLD: BGP.vpn1: The ratio of the number of routes received from peer 1.1.1.1 (IPv4-UNC) to the number of allowed routes 100 has reached the threshold (60%).
Explanation	The percentage of received routes to the maximum allowed routes reached the threshold.
Recommended action	Determine whether it is caused by attacks: · If yes, configure the device to defend against the attacks. · If not, increase the threshold value or the maximum number of routes that can be received from the peer.

BGP_LOG_ROUTE_FLAP

Message text	BGP.[STRING]: The route [STRING] [STRING]/[UINT32] learned from peer [STRING] ([STRING]) flapped.
Variable fields	$1: VPN instance name. This field is blank for the public network. $2: RD of the BGP route. This field is blank for a route without an RD. $3: BGP route prefix. $4: Mask of the BGP route prefix. $5: IP address of the BGP peer. $6: Address family of the BGP peer.
Severity level	4
Example	BGP/4/BGP_LOG_ROUTE_FLAP: BGP.vpn1: The route 15.1.1.1/24 learned from peer 1.1.1.1 (IPv4-UNC) flapped.
Explanation	The route learned from a BGP peer flapped.
Recommended action	If a large number of routes flap, determine the route flapping cause and develop a solution.

BGP_MEM_ALERT

Message text	BGP process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm, stop and start.
Severity level	5
Example	BGP/5/BGP_MEM_ALERT: BGP process received system memory alert start event.
Explanation	BGP received a memory alarm.
Recommended action	If BGP received a system memory alert start event, check the system memory and try to free some memory by adjusting modules that occupied too much memory.

BGP_PEER_LICENSE_REACHED

Message text	Number of peers in Established state reached the license limit.
Variable fields	N/A
Severity level	5
Example	BGP/5/BGP_PEER_LICENSE_REACHED: Number of peers in Established state reached the license limit.
Explanation	The number of peers in Established state reached the license limit.
Recommended action	Determine whether a new license is required.

BGP_ROUTE_LICENSE_REACHED

Message text	Number of [STRING] routes reached the license limit.
Variable fields	$1: BGP address family: · IPv4-UNC public—IPv4 unicast routes for the public network. · IPv6-UNC public—IPv6 unicast routes for the public network. · IPv4 private—IPv4 unicast routes, VPNv4 routes, and nested VPN routes for the private network. · IPv6 private—IPv6 unicast routes and VPNv6 routes for the private network.
Severity level	5
Example	BGP/5/BGP_ROUTE_LICENSE_REACHED: Number of IPv4-UNC public routes reached the license limit.
Explanation	The number of routes in the specified address family reached the license limit.
Recommended action	Determine whether a new license is required. After the number of routes in the specified family falls below the license limit or the license limit increases, you must manually restore the discarded routes.

BGP_STATE_CHANGED

Message text	· Text 1: BGP.[STRING]: [STRING] state has changed from [STRING] to [STRING]. · Text 2: BGP.[STRING]: [STRING] state has changed from [STRING] to [STRING] for [STRING].
Variable fields	In text 1: $1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Name of FSM before the state change. $4: Name of FSM after the state change. In text 2: $1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Name of FSM before the state change. $4: Name of FSM after the state change. $5: Reason for the state change.
Severity level	5
Example	BGP/5/BGP_STATE_CHANGED: BGP.vpn1:192.99.0.2 state has changed from OPENCONFIRM to ESTABLISHED.
Explanation	The FSM of a BGP peer has changed. This informational message appears when a BGP peer comes up or goes down.
Recommended action	If a peer goes down unexpectedly, determine whether an error or packet loss occurs.

BGP_STATE_CHANGED_REASON

Message text	BGP.[STRING]: [STRING] state has changed from [STRING] to [STRING]. (Reason: [STRING], error code: [STRING], local interface: [STRING])
Variable fields	$1: VPN instance name. This field does not display anything for the public network. $2: IP address of the BGP peer. $3: Original BGP peer state. $4: New BGP peer state. $5: Reason why the BGP peer goes down. $6: Error code or sub error code in the sent or received notification. This field does not display anything if the BGP peer goes down because of TCP connection failures. $7: Physical interface used to connect to the BGP peer. This field is displayed only when a directly connected BGP peer goes down because of interface connectivity failures.
Severity level	5
Example	BGP/5/BGP_STATE_CHANGED_REASON: BGP.vpn1: 192.99.0.2 state has changed from ESTABLISHED to IDLE. (Reason: Directly connected physical interface was down, error code: Send Notificationcode 6/0, local interface: Ethernet1/0/0)
Explanation	The state of the BGP peer changed from Established to another state.
Recommended action	Determine whether network errors or packet loss occurs based on the displayed reason.

BLS messages

This section contains blacklist messages.

BLS_ENTRY_ADD

Message text	SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; TTL(1051)=[STRING]; Reason(1052)=[STRING].
Variable fields	$1: Blacklisted IP address. $2: Peer address of the DS-Lite tunnel. $3: VPN instance name. $4: TTL of a blacklist entry. $5: Reason why the blacklist entry was added.
Severity level	5
Example	BLS/5/BLS_ENTRY_ADD: SrcIPAddr(1003)=1.1.1.6; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=; TTL(1051)=; Reason(1052)=Configuration. BLS/5/BLS_ENTRY_ADD: SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; TTL(1051)=10; Reason(1052)=Scan behavior detected.
Explanation	A blacklist entry was added. The message is sent when a blacklist entry is manually configured or dynamically created according to the scanning result.
Recommended action	No action is required.

BLS_ENTRY_DEL

Message text	SrcIPAddr(1003)=[IPADDR]; DSLiteTunnelPeer(1040)=[STRING]; RcvVPNInstance(1041)=[STRING]; Reason(1052)=[STRING].
Variable fields	$1: Blacklisted IP address. $2: Peer address of the DS-Lite tunnel. $3: VPN instance name. $4: Reason why the blacklist entry was deleted.
Severity level	5
Example	BLS/5/BLS_ENTRY_DEL: SrcIPAddr(1003)=1.1.1.3; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=; Reason(1052)=Configuration. BLS/5/BLS_ENTRY_DEL: SrcIPAddr(1003)=9.1.1.5; DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=vpn1; Reason(1052)=Aging.
Explanation	A blacklist entry was deleted. The message is sent when a blacklist entry is manually deleted or dynamically deleted due to the aging.
Recommended action	No action is required.

BLS_IPV6_ENTRY_ADD

Message text	SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; TTL(1051)=[STRING]; Reason(1052)=[STRING].
Variable fields	$1: Blacklisted IPv6 address. $2: VPN instance name. $3: TTL of a blacklist entry. $4: Reason why the blacklist entry was added.
Severity level	5
Example	BLS/5/BLS_IPV6_ENTRY_ADD: SrcIPv6Addr(1036)=2::2; RcvVPNInstance(1041)=; TTL(1051)=; Reason(1052)=Configuration. BLS/5/BLS_IPV6_ENTRY_ADD: SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1041)=--; TTL(1051)=10; Reason(1052)=Scan behavior detected.
Explanation	A blacklist entry was added. The message is sent when a blacklist entry is manually configured or dynamically created according to the scanning result.
Recommended action	No action is required.

BLS_IPV6_ENTRY_DEL

Message text	SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1041)=[STRING]; Reason(1052)=[STRING].
Variable fields	$1: Blacklisted IPv6 address. $2: VPN instance name. $3: Reason why the blacklist entry was deleted.
Severity level	5
Example	BLS/5/BLS_IPV6_ENTRY_DEL: SrcIPv6Addr(1036)=2::2; RcvVPNInstance(1041)=; Reason(1052)=Configuration.
Explanation	A blacklist entry was deleted. The message is sent when a blacklist entry is manually deleted or dynamically deleted due to the aging.
Recommended action	No action is required.

CFD messages

This section contains CFD messages.

CFD_CROSS_CCM

Message text	MEP [UINT16] in SI [INT32] received a cross-connect CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING].
Variable fields	$1: Service instance ID. $2: Local MEP ID. $3: Source MAC address. $4: Sequence number. $5: Remote MEP ID. $6: MD ID. If no MD ID is available, "without ID" is displayed. $7: MA ID.
Severity level	6
Example	CFD/6/CFD_CROSS_CCM: MEP 13 in SI 10 received a cross-connect CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 78, RMEP is 12, MD ID is without ID, MA ID is 0.
Explanation	A MEP received a cross-connect CCM containing a different MA ID or MD ID.
Recommended action	Check the configurations of MEPs on both ends. Make sure the MEPs have consistent configurations, including MD, MA, and level.

CFD_ERROR_CCM

Message text	MEP [UINT16] in SI [INT32] received an error CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING].
Variable fields	$1: Service instance ID. $2: Local MEP ID. $3: Source MAC address. $4: Sequence number. $5: Remote MEP ID. $6: MD ID. If no MD ID is available, "without ID" is displayed. $7: MA ID.
Severity level	6
Example	CFD/6/CFD_ERROR_CCM: MEP 2 in SI 7 received an error CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 21, RMEP is 2, MD ID is 7, MA ID is 1.
Explanation	A MEP received an error CCM containing an unexpected MEP ID or lifetime.
Recommended action	Check the CCM configuration. Make sure the CCM intervals are consistent on both ends, and the remote MEP ID is included in the MEP list of the local end.

CFD_LOST_CCM

Message text	MEP [UINT16] in SI [INT32] failed to receive CCMs from RMEP [UINT16].
Variable fields	$1: Local MEP ID. $2: Service instance ID. $3: Remote MEP ID.
Severity level	6
Example	CFD/6/CFD_LOST_CCM: MEP 1 in SI 7 failed to receive CCMs from RMEP 2.
Explanation	A MEP failed to receive CCMs within 3.5 sending intervals because the link is faulty or the remote MEP does not send CCM within 3.5 sending intervals.
Recommended action	Check the link status and the configuration of the remote MEP. If the link is down or faulty (becomes unidirectional, for example), restore the link. If the remote MEP is configured with the same service instance, make sure the CCM sending intervals are consistent on both ends.

CFD_RECEIVE_CCM

Message text	MEP [UINT16] in SI [INT32] received CCMs from RMEP [UINT16]
Variable fields	$1: Local MEP ID. $2: Service instance ID. $3: Remote MEP ID.
Severity level	6
Example	CFD/6/CFD_RECEIVE_CCM: MEP 1 in SI 7 received CCMs from RMEP 2.
Explanation	A MEP received CCMs from a remote MEP.
Recommended action	No action is required.

CFGMAN messages

This section contains configuration management messages.

CFGMAN_ARCHIVE_SCP_FAIL

Message text	Archive configuration to SCP server failed: IP = [STRING], Directory = [STRING], Username = [STRING]
Variable fields	$1: IP address of the SCP server. $2: Directory that saves the configuration archives on the SCP server. $3: Username for logging in to the SCP server.
Severity level	5
Example	CFGMAN/5/CFGMAN_ARCHIVE_SCP_FAIL: Archive configuration to SCP server failed: IP = 192.168.21.21, Directory = /test/, Username = admin
Explanation	The device failed to archive the running configuration to an SCP server.
Recommended action	No action is required.

CFGMAN_CFGCHANGED

Message text	-EventIndex=[INT32]-CommandSource=[INT32]-ConfigSource=[INT32]-ConfigDestination=[INT32]; Configuration changed.
Variable fields	$1: Event index in the range of 1 to 2147483647. $2: Configuration change source: ¡ cli—The configuration change came from the CLI. ¡ snmp—The configuration change came from SNMP or was a configuration database change detected by SNMP. ¡ other—The configuration change came from other sources. $3: Source configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective. $4: Destination configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective.
Severity level	5
Example	CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[6]-CommandSource=[snmp]-ConfigSource=[startup]-ConfigDestination=[running]; Configuration changed.
Explanation	The running configuration changed in the past 10 minutes.
Recommended action	No action is required.

CFGMAN_EXIT_FROM_CONFIGURE

Message text	Line=[STRING], IP address=[STRING], user=[STRING]; Exit from the system view or a feature view to the user view.
Variable fields	$1: User line name. If the system failed to obtain the user line name, this field displays two asterisks (). $2: IP address of the user. If the system failed to obtain the IP address, this field displays two asterisks (). $3: Username. If the system failed to obtain the username, this field displays two asterisks (**).
Severity level	5
Example	CFGMAN/5/CFGMAN_EXIT_FROM_CONFIGURE: Line=con0, IP address=, user=; Exit from the system view or a feature view to the user view.
Explanation	The user exited from system view or a feature view to user view.
Recommended action	No action is required.

CFGMAN_OPTCOMPLETION

Message text	-OperateType=[INT32]-OperateTime=[INT32]-OperateState=[INT32]-OperateEndTime=[INT32]; Operation completed.
Variable fields	$1: Operation type: ¡ running2startup—Saves the running configuration to the next-startup configuration file. ¡ startup2running—Loads the configuration in the next-startup configuration file. ¡ running2net—Saves the running configuration to a host on the network. ¡ net2running—Transfers a configuration file from a host on the network and loads the configuration. ¡ net2startup—Transfers a configuration file from a host on the network and specifies the file as the next-startup configuration file. ¡ startup2net—Copies the next-startup configuration file to a host on the network. $2: Operation start time. $3: Operation status: ¡ InProcess—Operation is in progress. ¡ success—Operation succeeded. ¡ InvalidOperation—Invalid operation. ¡ InvalidProtocol—Invalid protocol. ¡ InvalidSource—Invalid source file name. ¡ InvalidDestination—Invalid destination file name. ¡ InvalidServer—Invalid server address. ¡ DeviceBusy—The device is busy. ¡ InvalidDevice—Invalid device address. ¡ DeviceError—An error occurred on the device. ¡ DeviceNotWritable—The storage medium on the device is write protected. ¡ DeviceFull—The device does not have enough free storage space for the file. ¡ FileOpenError—Failed to open the file. ¡ FileTransferError—Failed to transfer the file. ¡ ChecksumError—File checksum error. ¡ LowMemory—The memory space is not sufficient. ¡ AuthFailed—User authentication failed. ¡ TransferTimeout—Transfer timed out. ¡ UnknownError—An unknown error occurred. ¡ invalidConfig—Invalid configuration. $4: Operation end time.
Severity level	5
Example	CFGMAN/5/CFGMAN_OPTCOMPLETION: -OperateType=[running2startup]-OperateTime=[248]-OperateState=[success]-OperateEndTime=[959983]; Operation completed.
Explanation	The device is performing or has completed an operation.
Recommended action	If the operation is not successful, locate and resolve the issue.

CONNLMT messages

This section contains connection limit messages.

CONNLMT_IPV4_OVERLOAD

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV4_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeds upper threshold;
Explanation	The number of concurrent connections exceeded the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV4_RECOVER

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV4_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Reduces below lower threshold;
Explanation	The number of concurrent connections dropped to the lower threshold from the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV6_OVERLOAD

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV6_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeds upper threshold;
Explanation	The number of concurrent connections exceeded the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV6_RECOVER

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV6_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=2001::1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Reduces below lower threshold;
Explanation	The number of concurrent connections dropped to the lower threshold from the upper threshold.
Recommended action	No action is required.

DEV messages

This section contains device management messages.

AUTOSWITCH_FAULT

Message text	[STRING] automatically switches between active and standby, and a fault occurs during the switching.
Variable fields	$1: Chassis number.
Severity level	1
Example	DEV/1/ AUTO_SWITCH_FAULT: Chassis 1 automatically switches between active and standby, and a fault occurs during the switching, please contact technical support.
Explanation	A fault occurred during an automatic active/standby switchover process on a device.
Recommended action	1. Execute the display diagnostic-information command to collect and save diagnostic information. 2. Reboot the device manually to clear the fault. 3. Execute the display device command to display the device status. If the device status is not Normal, contact technical support.

AUTOSWITCH_FAULT

Message text	The device automatically switches between active and standby, and a fault occurs during the switching.
Variable fields	N/A
Severity level	1
Example	DEV/1/ AUTO_SWITCH_FAULT: The device automatically switches between active and standby, and a fault occurs during the switching, please contact technical support.
Explanation	A fault occurred during an automatic active/standby switchover process on the device.
Recommended action	1. Execute the display diagnostic-information command to collect and save diagnostic information. 2. Reboot the device manually to clear the fault. 3. Execute the display device command to display the device status. If the device status is not Normal, contact technical support.

AUTOSWITCH_FAULT_REBOOT

Message text	[STRING] automatically switches between active and standby, and a fault occurs during the switching, the device will immediately restart [STRING] to restore the fault.
Variable fields	$1: Chassis number. $2: Chassis number and slot number, or slot number.
Severity level	1
Example	DEV/1/AUTO_SWITCH_FAULT_REBOOT: Chassis 1 automatically switches between active and standby, and a fault occurs during the switching, the device will immediately restart chassis 1 slot 0 to restore the fault.
Explanation	A fault occurred during an automatic active/standby switchover process on a device. The device will restart the faulty card immediately to clear the fault.
Recommended action	Execute the display device command to display the card status after the card is rebooted. If the card status is not Normal, contact technical support.

AUTOSWITCH_FAULT_REBOOT

Message text	The device automatically switches between active and standby, and a fault occurs during the switching, the device will immediately restart [STRING] to restore the fault.
Variable fields	$1: Slot number.
Severity level	1
Example	DEV/1/AUTO_SWITCH_FAULT_REBOOT: The device automatically switches between active and standby, and a fault occurs during the switching, the device will immediately restart slot 0 to restore the fault.
Explanation	A fault occurred during an automatic active/standby switchover process on the device. The device will restart the faulty card immediately to clear the fault.
Recommended action	Execute the display device command to display the card status after the card is rebooted. If the card status is not Normal, contact technical support.

BOARD_INSERTED

Message text	Board was inserted on [STRING], type is unknown.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	DEV/5/BOARD_INSERTED: Board was inserted on slot 1, type is unknown.
Explanation	A card of an unknown type was installed on the device. The device outputs this log message before a newly installed card starts up.
Recommended action	No action is required.

BOARD_REBOOT

Message text	Board is rebooting on [STRING].
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	DEV/5/BOARD_REBOOT: Board is rebooting on slot 1.
Explanation	A card was manually or automatically rebooted.
Recommended action	If an unexpected automatic reboot occurred, perform the following tasks: 1. Execute the display version command after the slot starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact HP Support.

BOARD_REMOVED

Message text	Board was removed from [STRING], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Card type.
Severity level	3
Example	DEV/3/BOARD_REMOVED: Board was removed from slot 1, type is LSQ1FV48SA.
Explanation	An LPU or a standby MPU was removed from a member device, causing the device to leave the IRF fabric.
Recommended action	If the LPU or MPU was not manually removed, perform the following tasks: 1. Verify that the card is securely seated. 2. Replace the card if the message persists. 3. Reboot the device to make it join the IRF fabric. 4. If the problem persists, contact HP Support.

BOARD_RUNNING_FAULT

Message text	[STRING] is detected to be faulty.
Variable fields	$1: Chassis number and slot number, or slot number.
Severity level	1
Example	DEV/1/ BOARD_FAULT_REBOOT: Chassis 1 slot 0 is detected to be faulty, please contact technical support.
Explanation	A card was detected faulty.
Recommended action	1. Execute the display diagnostic-information command to collect and save diagnostic information. 2. Reboot the card manually to clear the fault. 3. Execute the display device command to display the card status. If the card status is not Normal, contact technical support.

BOARD_RUNNING_FAULT_REBOOT

Message text	[STRING] is detected to be faulty, the device will immediately restart [STRING] to recover from the fault.
Variable fields	$1: Chassis number and slot number, or slot number. $2: Chassis number and slot number, or slot number.
Severity level	1
Example	DEV/1/ BOARD_RUNNING_FAULT_REBOOT: Chassis 1 slot 0 is detected to be faulty, the device will immediately restart chassis 1 slot 0 to recover from the fault.
Explanation	A card was detected faulty. The device will restart the card immediately to clear the fault.
Recommended action	If the issue persists after the card restarts, contact technical support.

BOARD_STATE_FAULT

Message text	Board state changed to Fault on [STRING], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Card type.
Severity level	2
Example	DEV/2/BOARD_STATE_FAULT: Board state changed to Fault on slot 1, type is LSQ1FV48SA.
Explanation	The card was starting up (initializing or loading software) or was not operating correctly.
Recommended action	· If the card was newly installed, wait for the card to start up. The required startup time varies by card model and software version and is typically less than 10 minutes. · If the card was not newly installed, contact HP Support.

BOARD_STATE_NORMAL

Message text	Board state changed to Normal on [STRING], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Card type.
Severity level	5
Example	DEV/5/BOARD_STATE_NORMAL: Board state changed to Normal on slot 1, type is LSQ1FV48SA.
Explanation	A newly installed LPU or standby MPU completed initialization.
Recommended action	No action is required.

BOARD_STATE_STARTING

Message text	Board state changed to Starting on [STRING], type is unknown.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	DEV/5/BOARD_STATE_STARTING: Board state changed to Starting on slot 1, type is unknown.
Explanation	A card was starting up (initializing or loading software).
Recommended action	1. Verify that the card model is compatible with the device model. 2. Verify that the startup software images, the device software version, and the hardware are compatible. 3. If the problem persists, contact HP Support.

CFCARD_INSERTED

Message text	CF card was inserted in [STRING] CF card slot [INT32].
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	4
Example	DEV/4/CFCARD_INSERTED: CF card was inserted in slot 1 CF card slot 1.
Explanation	A CF card was installed.
Recommended action	No action is required.

CFCARD_REMOVED

Message text	CF card was removed from [STRING] CF card slot [INT32].
Variable fields	$1: Chassis number and slot number or slot number. $2: CF card slot number.
Severity level	3
Example	DEV/3/CFCARD_REMOVED: CF card was removed from slot 1 CF card slot 1.
Explanation	A CF card was removed.
Recommended action	If the CF card was not manually removed, perform the following tasks: 1. Verify that the card is securely seated. 2. Replace the card if the message persists. 3. If the problem persists, contact HP Support.

CHASSIS_REBOOT

Message text	Chassis [INT32] is rebooting now.
Variable fields	$1: Chassis number.
Severity level	5
Example	DEV/5/CHASSIS_REBOOT: Chassis 1 is rebooting now.
Explanation	The chassis was manually or automatically rebooted.
Recommended action	If an unexpected automatic reboot occurs, perform the following tasks: 1. Execute the display version command after the chassis starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact HP Support.

DEV_CLOCK_CHANGE

Message text	-User=[STRING]-IPAddr=[IPADDR]; System clock changed from [STRING] to [STRING].
Variable fields	$1: Username of the login user. $2: IP address of the login user. $3: Old time. $4: New time.
Severity level	5
Example	DEV/5/DEV_CLOCK_CHANGE: -User=admin-IPAddr=192.168.1.2; System clock changed from 15:49:52 01/02/2013 to 15:50:00 01/02/2013.
Explanation	The system time changed.
Recommended action	No action is required.

DEV_FAULT_TOOLONG

Message text	Card in [STRING] is still in Fault state for [INT32] minutes.
Variable fields	$1: Chassis number and slot number or slot number. $2: Time duration during which the card stayed in Fault state.
Severity level	4
Example	DEV/4/DEV_FAULT_TOOLONG: Card in slot 1 is still in Fault state for 60 minutes.
Explanation	A card stayed in Fault state for a long period of time.
Recommended action	1. Reboot the card. 2. If the problem persists, contact HP Support.

DYINGGASP

Message text	Power failure or manual power-off occurred.
Variable fields	N/A
Severity level	0
Example	DYINGGASP/0/DYINGGASP: Power failure or manual power-off occurred.
Explanation	The device detected an abrupt loss of power.
Recommended action	1. Verify that the power source is supplying power correctly. 2. Verify that the power cord is connected firmly. 3. Check the installed power modules. If one or more power modules have problems, replace the power modules. 4. If the problem persists, contact HP Support.

FAN_ABSENT

Message text	Pattern 1: Fan [INT32] is absent. Pattern 2: Chassis [INT32] fan [INT32] is absent.
Variable fields	Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number.
Severity level	3
Example	DEV/3/FAN_ABSENT: Fan 2 is absent.
Explanation	A fan tray was not in place.
Recommended action	1. Check the fan tray slot: ¡ If the fan tray slot is empty, the temperature might have increased and the system recommends that you install a fan tray. ¡ If a fan tray is present, verify that the fan tray is securely seated. 2. Replace the fan tray if the message persists. 3. If the problem persists, contact HP Support.

FAN_DIRECTION_NOT_PREFERRED

Message text	Fan [INT32] airflow direction is not preferred on [STRING], please check it.
Variable fields	$1: Fan tray number. $2: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/FAN_DIRECTION_NOT_PREFERRED: Fan 1 airflow direction is not preferred on slot 1, please check it.
Explanation	The airflow direction of the fan tray is different from the airflow direction setting.
Recommended action	1. Verify that the airflow direction setting is correct. 2. Verify that the fan tray model provides the same airflow direction as the configured setting. 3. If the problem persists, contact HP Support.

FAN_FAILED

Message text	Pattern 1: Fan [INT32] failed. Pattern 2: Chassis [INT32] fan [INT32] failed.
Variable fields	Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number.
Severity level	2
Example	DEV/2/FAN_FAILED: Fan 2 failed.
Explanation	The fan tray stopped because of an exception.
Recommended action	Replace the fan tray.

FAN_RECOVERED

Message text	Pattern 1: Fan [INT32] recovered. Pattern 2: Chassis [INT32] fan [INT32] recovered.
Variable fields	Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number.
Severity level	5
Example	DEV/5/FAN_RECOVERED: Fan 2 recovered.
Explanation	The fan tray started to operate correctly after it was installed.
Recommended action	No action is required.

MAD_DETECT

Message text	Multi-active devices detected, please fix it.
Variable fields	N/A
Severity level	1
Example	DEV/1/MAD_DETECT: Multi-active devices detected, please fix it.
Explanation	Multiple member devices were found active.
Recommended action	1. Use the display irf command to view which member devices have left the original IRF fabric. 2. Use the display irf link command to locate the IRF link with problems. 3. Fix the IRF link in DOWN state.

POWER_ABSENT

Message text	Pattern 1: Power [INT32] is absent. Pattern 2: Chassis [INT32] power [INT32] is absent.
Variable fields	Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number.
Severity level	3
Example	DEV/3/POWER_ABSENT: Power 1 is absent.
Explanation	A power supply was removed.
Recommended action	1. Check the power supply slot. ¡ If the power supply slot is empty, install a power supply. ¡ If a power supply is present, verify that the power supply is securely seated. 2. If the problem persists, replace the power supply. 3. If the problem persists, contact HP Support.

POWER_FAILED

Message text	Pattern 1: Power [INT32] failed. Pattern 2: Chassis [INT32] power [INT32] failed.
Variable fields	Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number.
Severity level	2
Example	DEV/2/POWER_FAILED: Power 1 failed.
Explanation	A power supply failed.
Recommended action	Replace the power supply.

POWER_MONITOR_ABSENT

Message text	Pattern 1: Power monitor unit [INT32] is absent. Pattern 2: Chassis [INT32] power monitor unit [INT32] is absent.
Variable fields	Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number.
Severity level	3
Example	DEV/3/POWER_MONITOR_ABSENT: Power monitor unit 1 is absent.
Explanation	A power monitoring module was removed.
Recommended action	1. Check the power monitoring module slot. ¡ If the power monitoring module slot is empty, install a power monitoring module. ¡ If a power monitoring module is present, verify that the power monitoring module is securely seated. 2. If the problem persists, replace the power monitoring module. 3. If the problem persists, contact HP Support.

POWER_MONITOR_FAILED

Message text	Pattern 1: Power monitor unit [INT32] failed. Pattern 2: Chassis [INT32] power monitor unit [INT32] failed.
Variable fields	Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number.
Severity level	2
Example	DEV/2/POWER_MONITOR_FAILED: Power monitor unit 1 failed.
Explanation	A power monitoring module failed.
Recommended action	Replace the power monitoring module.

POWER_MONITOR_RECOVERED

Message text	Pattern 1: Power monitor unit [INT32] recovered. Pattern 2: Chassis [INT32] power monitor unit [INT32] recovered.
Variable fields	Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number.
Severity level	5
Example	DEV/5/POWER_MONITOR_RECOVERED: Power monitor unit 1 recovered.
Explanation	The power monitoring module started to operate correctly after it was installed.
Recommended action	No action is required.

POWER_RECOVERED

Message text	Pattern 1: Power [INT32] recovered. Pattern 2: Chassis [INT32] power [INT32] recovered.
Variable fields	Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number.
Severity level	5
Example	DEV/5/POWER_RECOVERED: Power 1 recovered.
Explanation	The power supply started to operate correctly after it was installed.
Recommended action	No action is required.

RPS_ABSENT

Message text	Pattern 1: RPS [INT32] is absent. Pattern 2: Chassis [INT32] RPS [INT32] is absent.
Variable fields	Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number.
Severity level	3
Example	DEV/3/RPS_ABSENT: RPS 1 is absent.
Explanation	An RPS was removed.
Recommended action	1. Check the RPS slot. ¡ If the RPS slot is empty, install an RPS. ¡ If an RPS is present, verify that the RPS is securely seated. 2. If the problem persists, replace the RPS. 3. If the problem persists, contact HP Support.

RPS_FAILED

Message text	Pattern 1: RPS [INT32] failed. Pattern 2: Chassis [INT32] RPS [INT32] failed.
Variable fields	Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number.
Severity level	2
Example	DEV/2/RPS_FAILED: RPS 2 failed.
Explanation	An RPS failed or is not providing power.
Recommended action	1. Verify that the power cable is firmly connected. 2. If the problem persists, remove the RPS and then install it again. 3. If the problem persists, replace the RPS.

RPS_NORMAL

Message text	Pattern 1: RPS [INT32] is normal. Pattern 2: Chassis [INT32] RPS [INT32] is normal.
Variable fields	Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number.
Severity level	5
Example	DEV/5/RPS_NORMAL: RPS 1 is normal.
Explanation	The RPS started to operate correctly after it was installed.
Recommended action	No action is required.

SUBCARD_FAULT

Message text	Subcard state changed to Fault on [STRING] subslot [INT32], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type.
Severity level	2
Example	DEV/2/SUBCARD_FAULT: Subcard state changed to Fault on slot 1 subslot 1, type is MIM-1ATM-OC3SML.
Explanation	The subcard failed, or its status changed to Fault after it was rebooted.
Recommended action	Track the status of the subcard. · If the status of the subcard changes to Normal later, no action is required. · If the status is always Fault, replace the subcard.

SUBCARD_INSERTED

Message text	Subcard was inserted in [STRING] subslot [INT32], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type.
Severity level	4
Example	DEV/4/SUBCARD_INSERTED: Subcard was inserted in slot 1 subslot 1, type is MIM-1ATM-OC3SML.
Explanation	A subcard was installed.
Recommended action	No action is required.

SUBCARD_REBOOT

Message text	Subcard is rebooting on [STRING] subslot [INT32].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number.
Severity level	5
Example	DEV/5/SUBCARD_REBOOT: Subcard is rebooting on slot 1 subslot 1.
Explanation	The subcard was manually or automatically rebooted.
Recommended action	· If the subcard operates correctly after it starts up, no action is required. · If you want to know the reboot reason or the subcard keeps rebooting, contact HP Support.

SUBCARD_REMOVED

Message text	Subcard was removed from [STRING] subslot [INT32], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type.
Severity level	3
Example	DEV/3/SUBCARD_REMOVED: Subcard was removed from slot 1 subslot 1, type is MIM-1ATM-OC3SML.
Explanation	A subcard was removed.
Recommended action	If the subcard was not manually removed, perform the following tasks: 1. Verify that the subcard is securely seated. 2. Replace the subcard if the message persists. 3. If the problem persists, contact HP Support.

SYSTEM_REBOOT

Message text	System is rebooting now.
Variable fields	N/A
Severity level	5
Example	DEV/5/SYSTEM_REBOOT: System is rebooting now.
Explanation	The system was manually or automatically rebooted.
Recommended action	If an unexpected automatic reboot occurred, perform the following tasks: 1. Execute the display version command after the system starts up. 2. Check the Last reboot reason field for the reboot reason. 3. If an exception caused the reboot, contact HP Support.

TEMPERATURE_ALARM

Message text	Pattern 1: Temperature is greater than the high-temperature alarming threshold on sensor [STRING] [USHOT]. Pattern 2: Temperature is greater than the high-temperature alarming threshold on [STRING] sensor [STRING] [USHOT]. Pattern 3: Temperature is greater than the high-temperature alarming threshold on [STRING] [STRING] sensor [STRING] [USHOT].
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number.
Severity level	4
Example	DEV/4/TEMPERATURE_ALARM: Temperature is greater than the high-temperature alarming threshold on slot 1 sensor inflow 1.
Explanation	A sensor's temperature exceeded the high-temperature alarming threshold. The ambient temperature was too high or the fan tray was not operating correctly.
Recommended action	1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

TEMPERATURE_LOW

Message text	Pattern 1: Temperature is less than the low-temperature threshold on sensor [STRING] [INT32]. Pattern 2: Temperature is less than the low-temperature threshold on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature is less than the low-temperature threshold on [STRING] [STRING] sensor [STRING] [INT32].
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number.
Severity level	4
Example	DEV/4/TEMPERATURE_LOW: Temperature is less than the low-temperature threshold on slot 1 sensor inflow 1.
Explanation	A sensor's temperature fell below the low-temperature threshold.
Recommended action	Adjust the ambient temperature higher.

TEMPERATURE_NORMAL

Message text	Pattern 1: Temperature changed to normal on sensor [STRING] [INT32]. Pattern 2: Temperature changed to normal on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature changed to normal on [STRING] [STRING] sensor [STRING] [INT32].
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number.
Severity level	5
Example	DEV/5/TEMPERATURE_NORMAL: Temperature changed to normal on slot 1 sensor inflow 1.
Explanation	A sensor's temperature was normal (between the low-temperature threshold and the high-temperature warning threshold).
Recommended action	No action is required.

TEMPERATURE_SHUTDOWN

Message text	Pattern 1: Temperature is greater than the high-temperature shutdown threshold on sensor [STRING] [INT32]. The slot will be powered off automatically. Pattern 2: Temperature is greater than the high-temperature shutdown threshold on [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. Pattern 3: Temperature is greater than the high-temperature shutdown threshold on [STRING] [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically.
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number.
Severity level	2
Example	DEV/2/TEMPERATURE_SHUTDOWN: Temperature is greater than the high-temperature shutdown threshold on slot 1 sensor inflow 1. The slot will be powered off automatically.
Explanation	A sensor's temperature exceeded the high-temperature shutdown threshold. The ambient temperature was too high or the fan tray was not operating correctly.
Recommended action	1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

TEMPERATURE_WARNING

Message text	Pattern 1: Temperature is greater than the high-temperature warning threshold on sensor [STRING] [INT32]. Pattern 2: Temperature is greater than the high-temperature warning threshold on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature is greater than the high-temperature warning threshold on [STRING] [STRING] sensor [STRING] [INT32].
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number.
Severity level	4
Example	DEV/4/TEMPERATURE_WARNING: Temperature is greater than the high-temperature warning threshold on slot 1 sensor inflow 1.
Explanation	A sensor's temperature exceeded the high-temperature warning threshold. The ambient temperature was too high or the fan tray was not operating correctly.
Recommended action	1. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 2. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

VCHK_VERSION_INCOMPATIBLE

Message text	Software version of [STRING] is incompatible with that of the MPU.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/ VCHK_VERSION_INCOMPATIBLE: Software version of slot 1 is incompatible with that of the MPU.
Explanation	A PEX that was starting up detected that its software version is incompatible with the parent device's software version.
Recommended action	Specify a set of startup software images for the PEX. Make sure the images are compatible with the parent device's software images.

DHCP

This section contains DHCP messages.

DHCP_NOTSUPPORTED

Message text	Failed to apply filtering rules for DHCP packets because some rules are not supported.
Variable fields	N/A
Severity level	3
Example	DHCP/3/DHCP_NOTSUPPORTED: Failed to apply filtering rules for DHCP packets because some rules are not supported.
Explanation	The system failed to apply filtering rules for DHCP packets because some rules are not supported on the device.
Recommended action	No action is required.

DHCP_NORESOURCES

Message text	Failed to apply filtering rules for DHCP packets because hardware resources are insufficient.
Variable fields	N/A
Severity level	3
Example	DHCP/3/DHCP_NORESOURCES: Failed to apply filtering rules for DHCP packets because hardware resources are insufficient.
Explanation	The system failed to apply filtering rules for DHCP packets because the hardware resources are insufficient.
Recommended action	Release hardware resources and then apply the rules again.

DHCPR

This section contains DHCP relay agent messages.

DHCPR_SERVERCHANGE

Message text	Switched to the server at [IPADDR] (VPN name: [STRING]) because the current server did not respond. Switched to the DHCP server at [IPADDR] (Public network) because the current DHCP server did not respond.
Variable fields	$1: IP address of the DHCP server. $2: VPN information of the DHCP server. $3: IP address of the DHCP server on the public network.
Severity level	3
Example	DHCPR/3/DHCPR_SERVERCHANGE: -MDC=1; Switched to the server at 2.2.2.2 ( VPN name: 1 ) because the current server did not respond.
Explanation	The DHCP relay agent did not receive any responses from the current DHCP server and switched to another DHCP server in the specified VPN or on the public network for IP address acquisition.
Recommended action	No action is required.

DHCPR_SWITCHMASTER

Message text	Switched to the master DHCP server at [IPADDR].
Variable fields	$1: IP address of the master DHCP server.
Severity level	3
Example	DHCPR/3/DHCPR_SWITCHMASTER: -MDC=1; Switched to the master DHCP server at 2.2.2.2.
Explanation	After a switchback delay time, the DHCP relay agent switched from a backup DHCP server back to the master DHCP server for IP address acquisition.
Recommended action	No action is required.

DHCPS messages

This section contains DHCP server messages.

DHCPS_ALLOCATE_IP

Message text	DHCP server received a DHCP client's request packet on interface [STRING], and allocated an IP address [IPADDR](lease [UINT32] seconds) for the DHCP client(MAC [MAC]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCP server is configured. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client. $5: Name of the address pool to which the assigned IPv4 address belongs.
Severity level	5
Example	DHCPS/5/DHCPS_ALLOCATE_IP: DHCP server received a DHCP client’s request packet on interface Ethernet0/2, and allocated an IP address 1.0.0.91(lease 86400 seconds) for the DHCP client(MAC 0000-0000-905a) from p1 pool.
Explanation	The DHCP server assigned an IPv4 address with a lease to a DHCP client.
Recommended action	No action is required.

DHCPS_CONFLICT_IP

Message text	A conflict IP [IPADDR] from [STRING] pool was detected by DHCP server on interface [STRING].
Variable fields	$1: IPv4 address that is in conflict. $2: Name of the address pool to which the conflicting IPv4 address belongs. $3: Name of the interface on which DHCP server is configured.
Severity level	5
Example	DHCPS/5/DHCPS_CONFLICT_IP: A conflict IP 100.1.1.1 from p1 pool was detected by DHCP server on interface Ethernet0/2.
Explanation	The DHCP server deleted a conflicting IPv4 address from an address pool.
Recommended action	No action is required.

DHCPS_EXTEND_IP

Message text	DHCP server received a DHCP client's request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IP [IPADDR], MAC [MAC]).
Variable fields	$1: Name of the interface on which DHCP server is configured. $2: Name of the address pool to which the client's IPv4 address belongs. $3: IPv4 address of the DHCP client. $4: MAC address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_EXTEND_IP: DHCP server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IP 1.0.0.91, MAC 0000-0000-905a).
Explanation	The DHCP server extended the lease for a DHCP client.
Recommended action	No action is required.

DHCPS_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPS/4/DHCPS_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCP server failed to back up DHCP bindings to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPS_RECLAIM_IP

Message text	DHCP server reclaimed a [STRING] pool’s lease(IP [IPADDR], lease [UINT32] seconds), which is allocated for the DHCP client (MAC [MAC]).
Variable fields	$1: Name of the address pool to which the assigned IPv4 address belongs. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_RECLAIM_IP: DHCP server reclaimed a p1 pool’s lease(IP 1.0.0.91, lease 86400 seconds), which is allocated for the DHCP client (MAC 0000-0000-905a).
Explanation	The DHCP server reclaimed the IPv4 address assigned to a DHCP client.
Recommended action	No action is required.

DHCPS_VERIFY_CLASS

Message text	Illegal DHCP client-PacketType=[STRING]-ClientAddress=[MAC];
Variable fields	$1: Type of the packet. $2: Hardware address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_VERIFY_CLASS: Illegal DHCP client-PacketType= DHCPDISCOVER-ClientAddress=0000-5e01-0104;
Explanation	The DHCP server verified that the DHCP client was not on the user class whitelist.
Recommended action	Check the validity of the DHCP client.

DHCPS6 messages

This section contains DHCPv6 server messages.

DHCPS6_ALLOCATE_ADDRESS

Message text	DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 address [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 address belongs.
Severity level	5
Example	DHCPS6/5/DHCPS6_ALLOCATE_ADDRESS: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 address 2000::3(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool.
Explanation	The DHCPv6 server assigned an IPv6 address with a lease to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_ALLOCATE_PREFIX

Message text	DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 prefix [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 prefix belongs.
Severity level	5
Example	DHCPS6/5/DHCPS6_ALLOCATE_PREFIX: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 prefix 2000::(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool.
Explanation	The DHCPv6 server assigned an IPv6 prefix with a lease to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_CONFLICT_ADDRESS

Message text	A conflict IPv6 address [IPADDR] from [STRING] pool was detected by DHCPv6 server on interface [STRING].
Variable fields	$1: IPv6 address that is in conflict. $2: Name of the address pool to which the conflicting IPv6 address belongs. $3: Name of the interface on which DHCPv6 server is configured.
Severity level	5
Example	DHCPS6/5/DHCPS6_CONFLICT_ADDRESS: A conflict IPv6 address 33::1 from p1 pool was detected by DHCPv6 server on interface Ethernet0/2.
Explanation	The DHCPv6 server deleted a conflicting IPv6 address from an address pool.
Recommended action	No action is required.

DHCPS6_EXTEND_ADDRESS

Message text	DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 address [IPADDR], DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 address belongs. $3: IPv6 address of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_EXTEND_ADDRESS: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 address 2000::3, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server extended the address lease for a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_EXTEND_PREFIX

Message text	DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 prefix [IPADDR], DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 prefix belongs. $3: IPv6 prefix of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_EXTEND_PREFIX: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 prefix 2000::, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server extended the prefix lease for a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPS6/4/DHCPS6_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCPv6 server failed to back up DHCPv6 bindings to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPS6_RECLAIM_ADDRESS

Message text	DHCPv6 server reclaimed a [STRING] pool's lease(IPv6 address [IPADDR], lease [UINT32] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the address pool to which the assigned IPv6 address belongs. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_RECLAIM_ADDRESS: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 address 2000::3, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server reclaimed the IPv6 address assigned to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_RECLAIM_PREFIX

Message text	DHCPv6 server reclaimed a [STRING] pool’s lease(IPv6 prefix [IPADDR], lease [INTEGER] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the address pool to which the assigned IPv6 prefix belongs. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_RECLAIM_PREFIX: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 prefix 2000::, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server reclaimed the IPv6 prefix assigned to a DHCPv6 client.
Recommended action	No action is required.

DHCPSP4

This section contains DHCP snooping messages.

DHCPSP4_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPSP4/4/DHCPSP4_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCP snooping device failed to back up DHCP snooping entries to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPSP6

This section contains DHCPv6 snooping messages.

DHCPSP6_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPSP6/4/DHCPSP6_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCPv6 snooping device failed to back up DHCPv6 snooping entries to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DIAG messages

This section contains diagnostic messages.

CPU_MINOR_RECOVERY

Message text	CPU usage recovered to normal state.
Variable fields	N/A
Severity level	5
Example	DIAG/5/CPU_MINOR_THRESHOLD: CPU usage recovered to normal state.
Explanation	The CPU usage decreased below the recovery threshold. The minor alarm was removed and the CPU usage status changed from minor alarm state to recovered state.
Recommended action	No action is required.

CPU_MINOR_THRESHOLD

Message text	CPU usage is in minor alarm state.
Variable fields	N/A
Severity level	4
Example	DIAG/4/CPU_MINOR_THRESHOLD: CPU usage is in minor alarm state.
Explanation	The CPU usage increased above the minor alarm threshold and entered minor alarm state. The device sends this message periodically until the CPU usage increases above the severe threshold or the minor alarm is removed.
Recommended action	Operate according to prompt information and use CPU resource reasonably.

CPU_SEVERE_RECOVERY

Message text	CPU usage severe alarm removed.
Variable fields	N/A
Severity level	5
Example	DIAG/5/CPU_RECOVERY: CPU usage severe alarm removed.
Explanation	The CPU usage decreased to or below the minor alarm threshold and the severe alarm was removed.
Recommended action	No action is required.

CPU_SEVERE_THRESHOLD

Message text	CPU usage severe alarm removed.
Variable fields	N/A
Severity level	3
Example	DIAG/3/CPU_THRESHOLD: CPU usage is in severe alarm state.
Explanation	The CPU usage increased above the severe alarm threshold and entered severe alarm state. The device sends this message periodically until the severe alarm is removed.
Recommended action	Use the display current-configuration \| include "monitor cpu-usage" command to view the alarm thresholds. Use the monitor cpu-usage command to adjust the alarm thresholds as required.

MEM_ALERT

Message text	system memory info: total used free shared buffers cached Mem: [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] -/+ buffers/cache: [ULONG] [ULONG] Swap: [ULONG] [ULONG] [ULONG] Lowmem: [ULONG] [ULONG] [ULONG]
Variable fields	· Mem—Memory information of the whole system: ¡ $1: Total size of allocatable physical memory. The system physical memory contains allocatable physical memory and unallocatable physical memory. Unallocatable physical memory is mainly used for kernel code storage, kernel management, and running of basic functions. Allocatable physical memory is used for such tasks as running service modules and storing files. The size of unallocatable physical memory is automatically calculated based on the system operation requirements. The size of allocatable physical memory is the total physical memory size minus the unallocatable physical memory size. ¡ $2: Size of the physical memory used by the system. ¡ $3: Size of free physical memory of the system. ¡ $4: Total size of physical memory shared by processes. ¡ $5: Size of physical memory used for buffers. ¡ $6: Size of physical memory used for caches. · -/+ buffers/cache—Memory usage information of applications: ¡ $7: -/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the size of physical memory used by applications. ¡ $8: -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the size of physical memory available for applications. · Swap—Swap memory usage information: ¡ $9: Total size of swap memory. ¡ $10: Size of used swap memory. ¡ $11: Size of free swap memory. · Lowmem—Low memory usage information: ¡ $12: Total size of low memory. ¡ $13: Size of used low memory. ¡ $14: Size of free low memory.
Severity level	4
Example	DIAG/4/MEM_ALERT: system memory info: total used free shared buffers cached Mem: 1784424 920896 863528 0 0 35400 -/+ buffers/cache: 885496 898928 Swap: 0 0 0 Lowmem: 735848 637896 97952
Explanation	A memory alarm was generated, displaying memory usage information. The system generates this message when the used memory is greater than or equal to the minor, severe, or critical threshold of memory usage.
Recommended action	You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes, or replace the device with a higher-performance device.

MEM_BELOW_THRESHOLD

Message text	Memory usage has dropped below [STRING] threshold.
Variable fields	$1: Memory usage threshold name: minor, severe, or critical.
Severity level	1
Example	DIAG/1/MEM_BELOW_THRESHOLD: Memory usage has dropped below critical threshold.
Explanation	A memory alarm was removed. The message is sent when the system free memory is greater than a memory alarm recovery threshold.
Recommended action	No action is required.

MEM_EXCEED_THRESHOLD

Message text	Memory [STRING] threshold has been exceeded.
Variable fields	$1: Memory usage threshold name: minor, severe, or critical.
Severity level	1
Example	DIAG/1/MEM_EXCEED_THRESHOLD: Memory minor threshold has been exceeded.
Explanation	A memory alarm was notified. When the used memory size is greater than or equal to the minor, severe, or critical threshold of memory usage, the system generates this message and notifies services modules to perform auto repair, such as releasing memory and stopping requesting memory.
Recommended action	You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes or replace the device with a higher-performance device.

DLDP messages

This section contains DLDP messages.

DLDP_AUTHENTICATION_FAILED

Message text	The DLDP packet failed the authentication because of unmatched [STRING] field.
Variable fields	$1: Authentication field. · AUTHENTICATION PASSWORD—Authentication password mismatch. · AUTHENTICATION TYPE—Authentication type mismatch. · INTERVAL—Advertisement interval mismatch.
Severity level	5
Example	DLDP/5/DLDP_AUTHENTICATION_FAILED: The DLDP packet failed the authentication because of unmatched INTERVAL field.
Explanation	The packet authentication failed. Possible reasons include unmatched authentication type, unmatched authentication password, and unmatched advertisement interval.
Recommended action	Check the DLDP authentication type, authentication password, and advertisement interval are consistent with peer end.

DLDP_LINK_BIDIRECTIONAL

Message text	DLDP detected a bidirectional link on interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	DLDP/6/DLDP_LINK_BIDIRECTIONAL: DLDP detected a bidirectional link on interface Ethernet1/1.
Explanation	DLDP detected a bidirectional link on an interface.
Recommended action	No action is required.

DLDP_LINK_SHUTMODECHG

Message text	DLDP automatically [STRING] interface [STRING] because the port shutdown mode was changed [STRING].
Variable fields	$1: Action according to the port shutdown mode: ¡ blocked. ¡ brought up. $2: Interface name. $3: Shutdown mode change: ¡ from manual to auto. ¡ from manual to hybrid. ¡ from hybrid to auto. ¡ from hybrid to manual.
Severity level	5
Example	DLDP/5/DLDP_LINK_SHUTMODECHG: DLDP automatically blocked interface Ethernet1/1 because the port shutdown mode was changed from manual to auto.
Explanation	The interface was shut down or brought up because the shutdown mode changed.
Recommended action	No action is required.

DLDP_LINK_UNIDIRECTIONAL

Message text	DLDP detected a unidirectional link on interface [STRING]. [STRING].
Variable fields	$1: Interface name. $2: Action according to the port shutdown mode: · DLDP automatically blocked the interface. · Please manually shut down the interface. · DLDP automatically shut down the interface. Please manually bring up the interface.
Severity level	3
Example	DLDP/3/DLDP_LINK_UNIDIRECTIONAL: DLDP detected a unidirectional link on interface Ethernet1/1. DLDP automatically blocked the interface.
Explanation	DLDP detected a unidirectional link on an interface.
Recommended action	Check for incorrect cable connection, cable falloff, or other problems.

DLDP_NEIGHBOR_AGED

Message text	A neighbor on interface [STRING] was deleted because the neighbor was aged. The neighbor's system MAC is [MAC], and the port index is [UINT16].
Variable fields	$1: Interface name. $2: MAC address. $3: Port index.
Severity level	5
Example	DLDP/5/DLDP_NEIGHBOR_AGED: A neighbor on interface Ethernet1/1 was deleted because the neighbor was aged. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.
Explanation	The interface deleted an aged neighbor.
Recommended action	No action is required.

DLDP_NEIGHBOR_CONFIRMED

Message text	A neighbor was confirmed on interface [STRING]. The neighbor's system MAC is [MAC], and the port index is [UINT16].
Variable fields	$1: Interface name. $2: MAC address. $3: Port index.
Severity level	6
Example	DLDP/6/DLDP_NEIGHBOR_CONFIRMED: A neighbor was confirmed on interface Ethernet1/1. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.
Explanation	The interface detected a confirmed neighbor.
Recommended action	No action is required.

DLDP_NEIGHBOR_DELETED

Message text	A neighbor on interface [STRING] was deleted because a [STRING] packet arrived. The neighbor's system MAC is [MAC], and the port index is [UINT16].
Variable fields	$1: Interface name. $2: Packet type, DISABLE or LINKDOWN. $3: MAC address. $4: Port index.
Severity level	5
Example	DLDP/5/DLDP_NEIGHBOR_DELETED: A neighbor on interface Ethernet1/1 was deleted because a DISABLE packet arrived. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.
Explanation	The interface deleted a confirmed neighbor because it received a DISABLE or LINKDOWN packet.
Recommended action	No action is required.

DRVPLAT messages

This section contains DRVPLAT messages.

DrvDebug

Message text	Chip [UINT32] temperature([UINT32]) in slot [UINT32] is too high and the board will be shutdown.
Variable fields	$1: Chip ID. $2: Temperature value. $3: Slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Chip 0 temperature(54) in slot 3 is too high and the board will be shutdown.
Explanation	The temperature of a chip on the specified card has exceeded the upper temperature threshold. The card will be shut down.
Recommended action	1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support.

Message text	hotspot [UINT32] in slot [UINT32] temperature([UINT32]) is too high, please check it.
Variable fields	$1: Hotspot ID. $2: Slot number. $3: Temperature value.
Severity level	4
Example	DRVPLAT/4/DrvDebug: hotspot 1 in slot 2 temperature(90) is too high, please check it.
Explanation	The temperature of the specified card has exceeded the upper temperature threshold. A check is required.
Recommended action	1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support.

Message text	hotspot [UINT32] in slot [UINT32] temperature([UINT32]) is too high and the board will be shutdown.
Variable fields	$1: Hotspot ID. $2: Slot number. $3: Temperature value.
Severity level	4
Example	DRVPLAT/4/DrvDebug: hotspot 1 in slot 2 temperature(90) is too high and the board will be shutdown.
Explanation	The temperature of the specified card has exceeded the upper temperature threshold. The card will be shut down.
Recommended action	1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support.

Message text	Warning: cpu temperature([UINT32]) in slot [UINT32] is too high, please check it.
Variable fields	$1: Temperature value. $2: Slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Warning: cpu temperature(90) in slot 2 is too high, please check it.
Explanation	The CPU temperature of the specified card has exceeded the upper temperature threshold. A check is required.
Recommended action	1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support.

Message text	Warning:Chip [UINT32] temperature([UINT32]) in slot [UINT32] is too high, please check it.
Variable fields	$1: Chip ID. $2: Temperature value. $3: Slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Warning:Chip 0 temperature(90) in slot 2 is too high, please check it.
Explanation	The temperature of a chip on the specified card has exceeded the upper temperature threshold. A check is required.
Recommended action	1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support.

Message text	FPGA [UINT32] temperature([UINT32]) in slot [UINT32] is too high and the board will be shutdown.
Variable fields	$1: FPGA chip ID. $2: Temperature value. $3: Slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: FPGA 0 temperature(90) in slot 2 is too high and the board will be shutdown.
Explanation	The temperature of an FPGA chip on the card has exceeded the upper temperature threshold. The card will be shut down.
Recommended action	1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support.

Message text	SubCard cpu CN7809 temperature([UINT32]) in slot [UINT32] is too high and the board will be shutdown.
Variable fields	$1: Temperature value. $2: Slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: SubCard cpu CN7809 temperature(90) in slot 2 is too high and the board will be shutdown.
Explanation	The temperature of the subcard CPU on the specified card has exceeded the upper temperature threshold. The card will be shut down.
Recommended action	1. Check the fan tray status. Resolve the fan tray issue if any. 2. If it is not a fan tray issue, contact technical support.

Message text	Power Error, there is no input in Power [UINT32].
Variable fields	$1: Power supply ID.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Power Error, there is no input in Power 1.
Explanation	The specified power supply does not have power input.
Recommended action	Check the power supply status. If the power supply is abnormal, replace it or contact technical support.

Message text	Warning: Only one power exist!
Variable fields	N/A
Severity level	4
Example	DRVPLAT/4/DrvDebug: Warning: Only one power exist!
Explanation	The device has only one power supply present.
Recommended action	· Check the status of the other power supplies. If they are abnormal, replace them. · Install more power supplies.

Message text	Warning: Only one power [UINT32] exist !
Variable fields	$1: Power supply ID.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Warning: Only one power [UINT32] exist !
Explanation	Only one power supply slot on the device has a power supply present.
Recommended action	· Check the status of the power supplies in the other power supply slots. If they are abnormal, replace them. · Install power supplies in the other power supply slots.

Message text	Warning: Power [UINT32] differs from power [UINT32] in types!
Variable fields	$1: Power supply ID_1. $2: Power supply ID_2.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Warning: Power 1 differs from power 2 in types!
Explanation	The two specified power supplies are different in type.
Recommended action	Use power supplies of the same type.

Message text	Warning: power [UINT32] voltage is [UINT32], please check!
Variable fields	$1: Power supply ID. $2: Voltage.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Warning: power 1 voltage is 220, please check!
Explanation	The voltage of the specified power supply is not in the acceptable range.
Recommended action	Check the power supply status. If the power supply is abnormal, replace it or contact technical support.

Message text	Warning: Chassis [UINT32] Fan [UINT32] is absent!
Variable fields	$1: Chassis ID $2: Fan tray ID.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Warning: Chassis 1 Fan 1 is absent!
Explanation	The specified fan tray is in absent state.
Recommended action	Check the fan tray status. If the fan tray is abnormal, replace it or contact technical support..

Message text	Frame [HEX] power [HEX] state error!
Variable fields	$1: Chassis ID. $2: Power supply ID.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Frame 0x01 power 0x01 state error!
Explanation	The specified power supply is in error state.
Recommended action	1. Replace the power supply. 2. If the issue persists, contact technical support.

Message text	Frame [HEX] fan [HEX] state error!
Variable fields	$1: Chassis ID. $2: Fan tray ID.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Frame 0x01 fan 0x01 state error!
Explanation	The specified fan tray is in error state.
Recommended action	1. Replace the fan tray. 2. If the issue persists, contact technical support.

Message text	Frame [UINT32] fan command sending failed!
Variable fields	$1: Chassis ID.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Frame 1 fan command sending failed!
Explanation	On the specified chassis, fan tray commands failed to be issued.
Recommended action	· Check the fan tray status. Resolve the fan tray issue if any. · Contact technical support.

Message text	Frame [UINT32] fan [UINT32] state: [HEX], write reg[HEX]:[HEX], reg[HEX]:[HEX] read reg[HEX]:[HEX], reg[HEX]:[HEX], reg[HEX]:[HEX]
Variable fields	$1: Chassis ID. $2: Fan tray ID. $3: State. $4: Write register ID. $5: Value written to the register. $6: Write register ID. $7: Value written to the register. $8: Read register ID. $9: Value read from the register. $10: Read register ID. $11: Value read from the register. $12: Read register ID. $13: Value read from the register.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Frame 1 fan 2 state:0x0, write reg0x30:0x12, reg0x31:0x12 read reg0x32:0x12, reg0x33:0x12, reg0x34:0x12
Explanation	The system has written data to and read data from the registers of the fan tray.
Recommended action	No action is required.

Message text	Frame [UINT32] fan [UINT32] receive data [HEX] error!
Variable fields	$1: Chassis ID. $2: Fan tray ID. $3: Data value.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Frame 1 fan 1 receive data 0x30 error!
Explanation	The fan tray received error data.
Recommended action	· Check the fan tray status. Resolve the fan tray issue if any. · Contact technical support.

Message text	Please check your fabric boards, at least one of them must be normal!
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: Please check your fabric boards, at least one of them must be normal!
Explanation	You are required to check the fabric modules and ensure that a minimum one of fabric modules is normal.
Recommended action	Check the fabric module status.

Message text	In chassis [UINT32],the specified fabric-board [UINT32] does not work.
Variable fields	$1: Chassis ID. $2: Fabric module ID.
Severity level	2
Example	DRVPLAT/2/DrvDebug: In chassis 1,the specified fabric-board 10 does not work.
Explanation	The specified fabric module is faulty.
Recommended action	Replace the fabric module or contact technical support.

Message text	In chassis [UINT32],the specified fabric-board [UINT32] resume work.
Variable fields	$1: Chassis ID. $2: Fabric module ID.
Severity level	2
Example	DRVPLAT/2/DrvDebug: In chassis 1,the specified fabric-board 10 resume work.
Explanation	The specified fabric module resumed work.
Recommended action	No action is required.

Message text	Warning: In chassis [UINT32] slot [UINT32],all interconnected ports from chip [UINT32] to chip [UINT32] are fault,please check.
Variable fields	$1: Chassis ID. $2: Slot number. $3: Chip ID_1. $4: Chip ID_2.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning: In chassis 1 slot 2,all interconnected ports from chip 0 to chip 1 are fault,please check.
Explanation	All interconnected ports between the two specified chips on the card are faulty.
Recommended action	Contact technical support.

Message text	Warning: In chassis [UINT32],all interconnected ports from slot [UINT32] to slot [UINT32] are fault,please check.
Variable fields	$1: Chassis ID. $2: Slot number_1. $3: Slot number_2.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning: In chassis 1,all interconnected ports from slot 2 to slot 3 are fault,please check.
Explanation	All interconnected ports between the two specified cards are faulty.
Recommended action	Contact technical support.

Message text	On chip [UINT32] in chassis [UINT32] slot [UINT32], at least two internal ports are down. Please check the internal ports.The down ports are sfi[UINT32]
Variable fields	$1: Chip ID. $2: Chassis ID. $3: Slot number. $4: Port number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: On chip 2 in chassis 1 slot 2, at least two internal ports are down. Please check the internal ports.The down ports are sfi35
Explanation	SFI interfaces on the chip were shut down.
Recommended action	Contact technical support.

Message text	In chassis [UINT32],from chip [UINT32] in slot [UINT32] to chip [UINT32] in slot [UINT32], the packet flow is dropped.
Variable fields	$1: Chassis ID. $2: Chip ID_1. $3: Slot number_1. $4: Chip ID_2. $5: Slot number_2.
Severity level	2
Example	DRVPLAT/2/DrvDebug: In chassis 1, from chip 0 in slot 1 to chip 0 in slot 2, the packet flow is dropped.
Explanation	Packet loss occurred from the source chip to the destination chip.
Recommended action	Contact technical support.

Message text	Fabric S in chassis [UINT32] slot [UINT32] can't start because Fabric B is inserted before, please reboot the system.
Variable fields	$1: Chassis ID. $2: Slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Fabric S in chassis 1 slot 10 can't start because Fabric B is inserted before, please reboot the system.
Explanation	Type S and Type B fabric modules are installed on the same device. The system must be rebooted.
Recommended action	Reboot the device.

Message text	Fabric A in chassis [UINT32] slot [UINT32] can't start because Fabric B is inserted before, please reboot the system.
Variable fields	$1: Chassis ID. $2: Slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Fabric A in chassis 1 slot 10 can't start because Fabric B is inserted before, please reboot the system.
Explanation	Type A and Type B fabric modules are installed on the same device. The system must be rebooted.
Recommended action	Reboot the device.

Message text	Fabric B in chassis [UINT32] slot [UINT32] can't start because Fabric S is inserted before, please reboot the system.
Variable fields	$1: Chassis ID. $2: Slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Fabric B in chassis 1 slot 10 can't start because Fabric S is inserted before, please reboot the system.
Explanation	Type B and Type S fabric modules are installed on the same device. The system must be rebooted.
Recommended action	Reboot the device.

Message text	Fabric B in chassis [UINT32] slot [UINT32] can't start because Fabric A is inserted before, please reboot the system.
Variable fields	$1: Chassis ID. $2: Slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Fabric B in chassis 1 slot 10 can't start because Fabric A is inserted before, please reboot the system.
Explanation	Type B and Type A fabric modules are installed on the same device. The system must be rebooted.
Recommended action	Reboot the device.

Message text	The port [UINT32] does not support the Enhance HigMode, please check.
Variable fields	$1: Port number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: The port 17 does not support the Enhance HigMode, please check.
Explanation	The specified port does not support Enhance HigMode.
Recommended action	Contact technical support.

Message text	Power [UINT32] Remove.
Variable fields	$1: Power supply ID.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Power 2 Remove.
Explanation	The specified power supply was removed.
Recommended action	No action is required.

Message text	The power of this device is not enough.
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: The power of this device is not enough.
Explanation	Power is not sufficient for the device.
Recommended action	Install more power supplies on the device.

Message text	Fan Fault! Chassis [UINT32] Frame [UINT32] fan [UINT32] speed < 500(R.P.M).
Variable fields	$1: Chassis ID. $2: Fan tray ID. $3: Fan ID.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Fan Fault! Chassis 1 Frame 1 fan 2 speed < 500(R.P.M).
Explanation	A fan is the specified fan tray is faulty.
Recommended action	Replace the fan tray.

Message text	Fan Adjusting failed! Chassis [UINT32] Frame [UINT32] fan [UINT32] speed is [UINT32](R.P.M), is too low!
Variable fields	$1: Chassis ID. $2: Fan tray ID. $3: Fan ID. $4: Fan speed.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Fan Adjusting failed! Chassis 1 Frame 2 fan 3 speed is 1800(R.P.M), is too low!
Explanation	Fan speed adjustment failed. The speed of a fan on a specified fan tray is over low.
Recommended action	1. Replace the fan tray. 2. If the issue persists, contact technical support.

Message text	Fan Adjusting failed! Chassis [UINT32] Frame [UINT32] fan [UINT32] speed is [UINT32](R.P.M), is too high!
Variable fields	$1: Chassis ID. $2: Fan tray ID. $3: Fan ID. $4: Fan speed.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Fan Adjusting failed! Chassis 1 Frame 2 fan 3 speed is 10000(R.P.M), is too high!
Explanation	Fan speed adjustment failed. The speed of a fan on a specified fan tray is too high.
Recommended action	1. Replace the fan tray. 2. If the issue persists, contact technical support.

Message text	All fabric boards are absent! Reboot all lpu boards.
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: All fabric boards are absent! Reboot all lpu boards.
Explanation	No fabric modules were present. All LPUs will be rebooted.
Recommended action	Check the installation status of the fabric modules. If they are installed correctly, contact technical support.

Message text	Warning:Fans stop running in chassis [UINT32], please check it right now, otherwize all lpu boards will be powered down after [UINT32] minutes.
Variable fields	$1: Chassis ID. $2: Length of time.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning:Fans stop running in chassis 1, please check it right now, otherwize all lpu boards will be powered off after 5 minutes.
Explanation	Fan trays stop rotating on the specified chassis. All LPUs will be powered off after the specified length of time.
Recommended action	· Check the fan tray status and identify the cause of the issue. · Replace the fan trays.

Message text	There is maybe some wrong with the ADM1029 temperature chip!
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: There is maybe some wrong with the ADM1029 temperature chip!
Explanation	The ADM1029 temperature sensor chip is faulty.
Recommended action	Contact technical support.

Message text	There is maybe some wrong with the LM75 temperature chip!
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: There is maybe some wrong with the LM75 temperature chip!
Explanation	The LM75 temperature sensor chip is faulty.
Recommended action	Contact technical support.

Message text	The Temperature is beyond the shutdown temperature limit, The POE Power is SHUT DOWN!
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: The Temperature is beyond the shutdown temperature limit, The POE Power is SHUT DOWN!
Explanation	The temperature had exceeded the PoE shutdown temperature threshold. PoE was shut down.
Recommended action	1. Check the card temperature and fan tray status. Replace fan trays with high-speed ones or install filler panels in unused slots. 2. If the issue persists, contact technical support.

Message text	The Temperature is below the turn on temperature limit, The POE Power is TURN ON!
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: The Temperature is below the turn on temperature limit, The POE Power is TURN ON!
Explanation	The temperature had dropped below the PoE turn-on temperature threshold. PoE was turned on.
Recommended action	Make sure the ambient temperature of the device is in the acceptable range. For more information, see the installation guide for the device.

Message text	Warning: Slot [UINT32] temperature too high, power off it, please check it right now, otherwize all lpu boards will be powered down after [UINT32] minutes.
Variable fields	$1: Slot number. $2: Length of time.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning: Slot 2 temperature too high, power off it, please check it right now, otherwize all lpu boards will be powered off after 5 minutes.
Explanation	The temperature of the specified card is too high. All LPUs will be powered off after the specified length of time.
Recommended action	Check the fan tray status and determine whether a fan tray issue has occurred. If it is not a fan tray issue, replace the fan trays with high-speed ones and install filler panels in empty slots or contact technical support.

Message text	Warning: Power off all lpu boards, please check it right now.
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning: Power off all lpu boards, please check it right now.
Explanation	All LPUs were powered off.
Recommended action	Check the power supply status and identify the reason causing the issue, or contact technical support.

Message text	All lpu boards were powered down because Fans stopped running.
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: All lpu boards were powered down because Fans stopped running.
Explanation	Fan trays stopped operation and all LPUs were powered off.
Recommended action	1. Check the fan tray status. If the fan trays are abnormal, replace the fan trays. 2. If the issue persists, contact technical support.

Message text	Warning: Not enough power to power on board chassis [UINT32] slot [UINT32]. Board power is [UINT32], system available power is [UINT32].
Variable fields	$1: Chassis ID. $2: Slot number. $3: Power supply ID_1 $4: Power supply ID_2.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning: Not enough power to power on board chassis 1 slot 2. Board power is 3, system available power is 4.
Explanation	Power is insufficient.
Recommended action	Install more power supplies.

Message text	Warning: Try to supply power to slot [UINT32] fail!
Variable fields	$1: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning: Try to supply power to slot 2 fail!
Explanation	Failed to supply power to the specified card.
Recommended action	Identify the reason causing the issue and contact technical support.

Message text	Warning: the device bearing power is over charge ! Do not supply power to slot [UINT32] !
Variable fields	$1: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning: the device bearing power is over charge ! Do not supply power to slot 2!
Explanation	The power is insufficient. The device stops power supply to the specified card.
Recommended action	Check the power supplies to identify the reason causing the issue, and contact technical support.

Message text	Do not support this kind of hardware device!
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: Do not support this kind of hardware device!
Explanation	A hardware device not supported by the device was installed.
Recommended action	Replace the hardware device with one compatible with the device.

Message text	This device does not support this kind of board!
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: This device does not support this kind of board!
Explanation	A card not supported by the device was inserted.
Recommended action	Replace the card with one supported by the device.

Message text	Warning: Board on chassis [UINT32] slot [UINT32] is not compatible with master board. Board type and function is [UINT32].
Variable fields	$1: Chassis ID. $2: Slot number. $3: Card ID.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning: Board on chassis 2 slot 2 is not compatible with master board. Board type and function is 28.
Explanation	The specified card is not compatible with the MPU.
Recommended action	Replace the card with one that is compatible with the MPU or replace the MPU.

Message text	Warning: Standby board on chassis [UINT32] slot [UINT32] is not compatible with master board, Standby board type is [UINT32].
Variable fields	$1: Chassis ID. $2: Slot number. $3: Card type.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning: Standby board on chassis 1 slot 1 is not compatible with master board, Standby board type is 30.
Explanation	The specified standby MPU is not compatible with the active MPU.
Recommended action	Use active/standby MPUs compatible with each other.

Message text	Warning: The LPU board on chassis [UINT32] slot [UINT32] is not compatible with MPU board, its board type is [UINT32].
Variable fields	$1: Chassis ID. $2: Slot number. $3: Card type.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Warning: The LPU board on chassis 1 slot 2 is not compatible with MPU board, its board type is 30.
Explanation	The specified LPU is not compatible with the MPU.
Recommended action	Replace the LPU with one compatible with the MPU, or replace the MPU.

Message text	Standby board software version differs from master board . Please download the same version!
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: Standby board software version differs from master board . Please download the same version!
Explanation	The active and standby MPUs run different software versions.
Recommended action	Install the same software version for the active and standby MPUs.

Message text	Reboot Standby board for different version!
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: Reboot Standby board for different version!
Explanation	The active and standby MPUs are of different versions. You are required to reboot the standby MPU.
Recommended action	Reboot the standby MPU.

Message text	Standby board type differs from master board . Warning: Standby board and master board must be same!!!
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: Standby board type differs from master board . Warning: Standby board and master board must be same!!!
Explanation	The active and standby MPUs are of different models. You must use MPUs of same models.
Recommended action	Use MPUs of the same model.

Message text	WARNING: Ucast IPC packets were blocked between slot [UINT32] and slot [UINT32].
Variable fields	$1: Physical slot number. $2: Physical slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Ucast IPC packets were blocked between slot 1 and slot 2.
Explanation	Unicast IPC packets were blocked between the two specified LPUs.
Recommended action	Contact technical support.

Message text	WARNING: Ucast IPC packets from slot [UINT32] to slot [UINT32] were blocked.
Variable fields	$1: Source physical slot number. $2: Destination physical slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Ucast IPC packets from slot 1 to slot 2 were blocked
Explanation	Unicast IPC packets from the source LPU to the destination LPU were blocked.
Recommended action	Contact technical support.

Message text	WARNING: Bcast IPC packets from chassis [UINT32] slot [UINT32] to chassis [UINT32] slot [UINT32] were blocked.
Variable fields	$1: Source chassis ID. $2: Source physical slot number. $3: Destination chassis ID. $4: Destination physical slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Bcast IPC packets from chassis 1 slot 2 to chassis 2 slot 4 were blocked
Explanation	Broadcast IPC packets from the source LPU to the destination LPU were blocked.
Recommended action	Contact technical support.

Message text	WARNING: Bcast IPC packets were blocked between slot [UINT32] and slot [UINT32]
Variable fields	$1: Physical slot number. $2: Physical slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Bcast IPC packets were blocked between slot 1 and slot 2
Explanation	Broadcast IPC packets were blocked between the two specified LPUs.
Recommended action	Contact technical support.

Message text	WARNING: Bcast IPC packets from slot [UINT32] to slot [UINT32] were blocked.
Variable fields	$1: Source physical slot number. $2: Destination physical slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Bcast IPC packets from slot 1 to slot 2 were blocked
Explanation	Broadcast IPC packets from the source LPU to the destination LPU were blocked.
Recommended action	Contact technical support.

Message text	WARNING: Slot [UINT32]: heartbeat with master board timed out
Variable fields	$1: Physical slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Slot 1: heartbeat with master board timed out
Explanation	The specified card failed to receive heartbeat packets from the MPU within the timeout period.
Recommended action	Contact technical support.

Message text	WARNING: Heartbeat with slot [UINT32] timed out
Variable fields	$1: Physical slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Heartbeat with slot 1 timed out
Explanation	The MPU failed to receive the heartbeat packets from the specified card within the timeout period.
Recommended action	Contact technical support.

Message text	WARNING: A minimum of three heartbeat timeouts occurred to slot [UINT32]. The slot will be isolated. Please replace it.
Variable fields	$1: Physical slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: A minimum of three heartbeat timeouts occurred to slot 1. The slot will be isolated. Please replace it
Explanation	The MPU failed to receive heartbeat packets from the specified card after three or more heartbeat timeout periods expired. The card will be isolated.
Recommended action	Replace the card or contact technical support.

Message text	WARNING: Heartbeat with slot [UINT32] timed out. The card in the slot will reboot automatically
Variable fields	$1: Physical slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Heartbeat with slot 1 timed out. The card in the slot will reboot automatically
Explanation	The MPU failed to receive heartbeat packets from the specified card within the timeout period. The card will reboot automatically.
Recommended action	Reboot the card and determine whether the issue is resolved. If the issue persists, contact technical support.

Message text	WARNING: Detected persistent FCS error condition on inner port ([UINT32], [UINT32]).
Variable fields	$1: Chip ID. $2: Port number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Detected persistent FCS error condition on inner port (0, 96).
Explanation	FCS errors were detected continuously on the specified port of the device.
Recommended action	Contact technical support.

Message text	WARNING: Inner port ([UINT32], [UINT32]) was down.
Variable fields	$1: Chip ID. $2: Port number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Inner port (0, 96) was down.
Explanation	The specified inner port of the device went down.
Recommended action	Contact technical support.

Message text	WARNING: Link flappings occurred on inner port ([UINT32], [UINT32]).
Variable fields	$1: Chip ID. $2: Port number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Link flappings occurred on inner port (1, 2).
Explanation	The specified internal port came up and went down frequently.
Recommended action	Contact technical support.

Message text	Task: CPU [UINT32] is occupied by process [STRING] for more than 15 seconds.
Variable fields	$1: CPU ID. $2: Process ID.
Severity level	4
Example	DRVPLAT/4/DrvDebug: Task: CPU 2 is occupied by process ifmgr for more than 15 seconds.
Explanation	The CPU was occupied by the specified process for a long time.
Recommended action	Contact technical support.

Message text	WARNING: Slot [UINT32] is isolated already. Maybe caused by the hardware failure, please remove and check it
Variable fields	$1: Slot number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Slot 1 is isolated already. Maybe caused by the hardware failure, please remove and check it
Explanation	The specified card might have a hardware fault and has been isolated.
Recommended action	Replace the card.

Message text	WARNING: Chip [UINT32] IPT CRC [UINT32], please check.
Variable fields	$1: Chip ID. $2: IPT CRC error count.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Chip 1 IPT CRC 15, please check
Explanation	The specified chip has IPT CRC errors. A check is required.
Recommended action	Contact technical support.

Message text	WARNING: CPU Port has no packet input and output, please check
Variable fields	N/A
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: CPU Port has no packet input and output, please check
Explanation	The CPU port failed to send or receive packets correctly.
Recommended action	Contact technical support.

Message text	WARNING: CPU Port has no packet output, please check
Variable fields	N/A
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: CPU Port has no packet output, please check
Explanation	The CPU port failed to send packets correctly.
Recommended action	Contact technical support.

Message text	WARNING: CPU Port has no packet input, please check
Variable fields	N/A
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: CPU Port has no packet input, please check
Explanation	The CPU port failed to receive packets correctly.
Recommended action	Contact technical support.

Message text	WARNING: Slot [UINT32] Chip [UINT32] has timeout in scanning channel,please check!
Variable fields	$1: Global slot number. $2: Chip ID.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Slot 8 Chip 1 has timeout in scanning channel,please check!
Explanation	An issue has occurred on the inner channels on the specified card.
Recommended action	Contact technical support.

Message text	WARNING: Chassis [UINT32] Slot [UINT32] Chip [UINT32] has timeout in scanning channel,please check!
Variable fields	$1: Chassis ID. $2: Global slot number. $3: Chip ID.
Severity level	4
Example	DRVPLAT/4/DrvDebug: WARNING: Chassis 1 Slot 3 Chip 0 has timeout in scanning channel,please check!
Explanation	An issue has occurred on the inner channels on the specified card.
Recommended action	Contact technical support.

Message text	The max-ecmp-num configuration should be the same on devices in one IRF.
Variable fields	N/A
Severity level	4
Example	DRVPLAT/4/DrvDebug: The max-ecmp-num configuration should be the same on devices in one IRF.
Explanation	The devices in the IRF fabric support different maximum numbers of ECMP routes.
Recommended action	Configure the same maximum number of ECMP routes for the devices in the IRF fabric.

Message text	The Systemworking mode configuration should be the same on devices in one IRF.
Variable fields	N/A
Severity level	4
Example	DRVPLAT/4/DrvDebug: The Systemworking mode configuration should be the same on devices in one IRF.
Explanation	The devices in the IRF fabric do not operate in the same system working mode.
Recommended action	Specify the same system working mode for the devices in the IRF fabric.

Message text	The device does not support board in chassis [UINT32] slot [UINT32] ,type is unknown([HEX]), Please check.
Variable fields	$1: Chassis ID. $2: Slot ID. $3: Card type.
Severity level	4
Example	DRVPLAT/4/DrvDebug: The device does not support board in chassis 1 slot 2 ,type is unknown(0x18), Please check.
Explanation	The card type in the specified slot is not supported by the device.
Recommended action	Replace the card with one supported by the device.

Message text	The port [STRING] has been changed to inactive status, please check.
Variable fields	$1: Port type and number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: The port Ten-GigabitEthernet1/3/0/1 has been changed to inactive status, please check.
Explanation	The specified port became inactive.
Recommended action	Check the IRF configuration and port status and identify the reason causing the issue. If the issue cannot be resolved, contact technical support.

Message text	The port [STRING] has been changed to active status.
Variable fields	$1: Port type and number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: The port Ten-GigabitEthernet1/3/0/1 has been changed to active status.
Explanation	The specified port became active.
Recommended action	No action is required.

Message text	The port [STRING] can't receive irf pkt and has been changed to inactive status, please check.
Variable fields	$1: Port type and number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: The port Ten-GigabitEthernet1/3/0/1 can't receive irf pkt and has been changed to inactive status, please check.
Explanation	The specified port failed to receive IRF packets and became inactive.
Recommended action	Check the IRF configuration and port status and identify the reason causing the issue. If the issue cannot be resolved, contact technical support.

Message text	The port [STRING] can't receive irf pkt, please check.
Variable fields	$1: Port type and number.
Severity level	4
Example	DRVPLAT/4/DrvDebug: The port Ten-GigabitEthernet1/3/0/1 can’t receive irf pkt, please check.
Explanation	The specified port failed to receive IRF packets.
Recommended action	Check the IRF configuration and port status and identify the reason causing the issue. If the issue cannot be resolved, contact technical support.

Message text	At least one fabric module slot is empty. Make sure a blank filler module has been installed in each empty slot so the switch can work correctly.
Variable fields	N/A
Severity level	4
Example	DRVPLAT/4/DrvDebug: At least one fabric module slot is empty. Make sure a blank filler module has been installed in each empty slot so the switch can work correctly.
Explanation	A minimum of one fabric module slot is empty. You are required to install a filler panel in each fabric module slot.
Recommended action	Install a filler panel in each empty fabric module slot.

Message text	All fabric boards are absent! Reboot all lpu boards.
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: All fabric boards are absent! Reboot all lpu boards.
Explanation	No fabric modules are present. All LPUs will be rebooted.
Recommended action	Verify the installation of the fabric modules. If they are installed correctly, contact technical support.

Message text	Loopback exists on the interface [UINT32] [STRING].
Variable fields	$1: Interface index. $2: Interface type and number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Loopback exists on the interface 3 Ten-GigabitEthernet3/0/1.
Explanation	A loopback is present on the specified interface.
Recommended action	Check the port status and identify the reason causing the loopback. If the issue cannot be resolved, contact technical support.

Message text	This device do not support LSQ1IAGSC0 on chassis [UINT32] slot [UINT32]!
Variable fields	$1: Chassis ID $2: Slot number
Severity level	2
Example	DRVPLAT/2/DrvDebug: This device do not support LSQ1IAGSC0 on chassis 1 slot 10!
Explanation	The device does not support the LSQ1IAGSC0 card.
Recommended action	Replace the LSQ1IAGSC0 card with one compatible with the device.

Message text	WARNING: FCS error occurred on [UINT32].
Variable fields	$1: Port number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: FCS error occurred on 1/3/0/10.
Explanation	An FCS error occurred on the specified IRF port.
Recommended action	Check the IRF link status. If the IRF link status is normal, contact technical support.

Message text	Interface [UINT32] is isolated, it's will be cancelled after a down/up.
Variable fields	$1: Port number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Interface 1/3/0/10 is isolated, it's will be cancelled after a down/up.
Explanation	FCS errors occurred on the specified IRF port. The port will be isolated.
Recommended action	Locate the reason causing the FCS errors and resolve the issue.

Message text	WARNING: [UINT32] went down.
Variable fields	$1: Port number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: 1/3/0/10 went down.
Explanation	The specified IRF port went down.
Recommended action	Check the IRF link status.

Message text	WARNING: Chip [UINT32] Port [UINT32] has no packet input and output, please check.
Variable fields	$1: Chip ID. $2: Port number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Chip 1 Port 2 has no packet input and output, please check.
Explanation	The specified IPC port failed to send or receive packets.
Recommended action	Contact technical support.

Message text	WARNING: Ucast IPC packets from slot [UINT32] to slot [UINT32] were occasionally dropped.
Variable fields	$1: Slot number. $2: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Ucast IPC packets from slot 1 to slot 2 were occasionally dropped.
Explanation	Minor IPC unicast packet loss occurred from the source card to the destination card.
Recommended action	Contact technical support.

Message text	WARNING: Heavy Ucast IPC packet drops occurred in the direction from slot [UINT32] to slot [UINT32].
Variable fields	$1: Slot number. $2: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Heavy Ucast IPC packet drops occurred in the direction from slot 1 to slot 2.
Explanation	Severe IPC unicast packet loss occurred from the source card to the destination card.
Recommended action	Contact technical support.

Message text	WARNING: Bcast IPC packets from slot [UINT32] to slot [UINT32] were occasionally dropped.
Variable fields	$1: Slot number. $2: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Bcast IPC packets from slot 1 to slot 2 were occasionally dropped.
Explanation	Minor IPC broadcast packet loss occurred from the source card to the destination card.
Recommended action	Contact technical support.

Message text	WARNING: Heavy Bcast IPC packet drops occurred in the direction from slot [UINT32] to slot [UINT32].
Variable fields	$1: Slot number. $2: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Heavy Bcast IPC packet drops occurred in the direction from slot 1 to slot 2.
Explanation	Severe IPC broadcast packet loss occurred from the source card to the destination card.
Recommended action	Contact technical support.

Message text	Forwarding Fault: Slot [UINT32] Chip [UINT32] to Slot [UINT32] chip [UINT32]
Variable fields	$1: Slot number. $2: Chip ID. $3: Slot number. $4: Chip ID.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Forwarding Fault: Slot 1 Chip 2 to Slot 3 chip 4
Explanation	Forwarding failure occurred from the source chip to the destination chip.
Recommended action	Contact technical support.

Message text	Forwarding Warning: Slot [UINT32] Chip [UINT32] to Slot [UINT32] chip [UINT32]
Variable fields	$1: Slot number. $2: Chip ID. $3: Slot number. $4: Chip ID.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Forwarding Warning: Slot 1 Chip 2 to Slot 3 chip 4
Explanation	Packet loss occurred from the source chip to the destination chip.
Recommended action	Contact technical support.

Message text	Interface [STRING] has MMU error. MMU: [UINT32], please check.
Variable fields	$1: Port number. $2: MMU cell count when the error occurs.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Interface 1/0/0/23 has MMU error. MMU:150, please check.
Explanation	An MMU error occurred on the specified interface.
Recommended action	Check the device for hardware issues. If a software issue occurred, reboot the card to recover the services.

Message text	MMU error analysis failed, MMU interrupt disabled
Variable fields	N/A
Severity level	2
Example	DRVPLAT/2/DrvDebug: MMU error analysis failed, MMU interrupt disabled
Explanation	MMU error analysis failed, and MMU interrupt was disabled.
Recommended action	Contact technical support.

Message text	WARNING: Ucast IPC packets from chassis [UINT32] slot [UINT32] to chassis [UINT32] slot [UINT32] were blocked.
Variable fields	$1: Chassis ID. $2: Slot number. $3: Chassis ID. $4: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Ucast IPC packets from chassis 1 slot 2 to chassis 3 slot 4 were blocked.
Explanation	Unicast IPC packets were blocked from the source card to the destination card.
Recommended action	Contact technical support.

Message text	WARNING: Ucast IPC packets were blocked between chassis [UINT32] slot [UINT32] and chassis [UINT32] slot [UINT32].
Variable fields	$1: Chassis ID. $2: Slot number. $3: Chassis ID. $4: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Ucast IPC packets were blocked between chassis 1 slot 2 and chassis 3 slot 4.
Explanation	Unicast IPC packets were blocked between the two specified cards.
Recommended action	Contact technical support.

Message text	WARNING: Bcast IPC packets were blocked between chassis [UINT32] slot [UINT32] and chassis [UINT32] slot [UINT32].
Variable fields	$1: Chassis ID. $2: Slot number. $3: Chassis ID. $4: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Bcast IPC packets were blocked between chassis 1 slot 2 and chassis 3 slot 4.
Explanation	Broadcast IPC packets were blocked between the two specified cards.
Recommended action	Contact technical support.

Message text	WARNING: Heartbeat with chassis [UINT32] slot [UINT32] timed out.
Variable fields	$1: Chassis ID. $2: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Heartbeat with chassis %1 slot %2 timed out.
Explanation	The MPU failed to receive a heartbeat message from the specified card within the timeout period.
Recommended action	Contact technical support.

Message text	WARNING: Heartbeat with chassis [UINT32] slot [UINT32] timed out. The card in the slot will reboot automatically.
Variable fields	$1: Chassis ID. $2: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Heartbeat with chassis 1 slot 2 timed out. The card in the slot will reboot automatically.
Explanation	The MPU failed to receive a heartbeat message from the specified card within the timeout period. The card will reboot automatically.
Recommended action	Identify the cause of the issue. If the issue persists after the card reboots, contact technical support.

Message text	WARNING: A minimum of three heartbeat timeouts occurred to chassis [UINT32] slot [UINT32]. The slot will be isolated. Please replace it.
Variable fields	$1: Chassis ID. $2: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: A minimum of three heartbeat timeouts occurred to chassis 1 slot 2. The slot will be isolated. Please replace it.
Explanation	The MPU failed to receive a heartbeat message from the specified card after three or more heartbeat timeout periods expired. The card will be isolated. You are required to replace the card.
Recommended action	Replace the card.

Message text	WARNING: Chassis [UINT32] slot [UINT32] is isolated already. Maybe caused by the hardware failure, please remove and check it.
Variable fields	$1: Chassis ID. $2: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: WARNING: Chassis 1 slot 2 is isolated already. Maybe caused by the hardware failure, please remove and check it.
Explanation	The specified card was isolated, possibly because a hardware failure had occurred.
Recommended action	Replace the card.

Message text	Forwarding Fault: Chassis [UINT32] Slot [UINT32] Chip [UINT32] to Chassis [UINT32] Slot [UINT32]chip [UINT32]
Variable fields	$1: Chassis ID. $2: Slot number. $3: Chip ID. $4: Chassis ID. $5: Slot number. $6: Chip ID.
Severity level	2
Example	DRVPLAT/2/DrvDebug: Forwarding Fault: Chassis 1 Slot 2 Chip 0 to Chassis 2 Slot 1 chip 0
Explanation	Traffic forwarding from the source chip to the destination chip failed.
Recommended action	Identify whether an exception or packet loss has occurred on the forwarding path. If no exception or packet loss has occurred, contact technical support.

Message text	The spring-clips on the switching fabric module in slot [UINT16] are not closed. Please close the spring-clips.
Variable fields	$1: Slot number.
Severity level	2
Example	DRVPLAT/2/DrvDebug: The spring-clips on the switching fabric module in slot 1 are not closed. Please close the spring-clips.
Explanation	The spring clips on the specified fabric module are not closed.
Recommended action	Close the spring clips.

Message text	The spring-clips on the switching fabric module in slot [UINT16] of chassis [UINT32] are not closed. Please close the spring-clips.
Variable fields	$1: Slot number. $2: Chassis ID.
Severity level	2
Example	DRVPLAT/2/DrvDebug: The spring-clips on the switching fabric module in slot 1 of chassis 2 are not closed. Please close the spring-clips.
Explanation	The spring clips on the specified fabric module are not closed.
Recommended action	Close the spring clips.

Message text	(In standalone mode.) Warning: The card in slot [INT32] has a high power consumption and therefore a high cooling requirement. To continue to provide fan tray redundancy, substitute high speed fan trays. (In IRF mode.) Warning: The card in chassis [INT32] slot [INT32] has a high power consumption and therefore a high cooling requirement. To continue to provide fan tray redundancy, substitute high speed fan trays.
Variable fields	$1: Slot number. (In standalone mode.) $1: IRF member device ID. (In IRF mode.) $2: Slot number. (In IRF mode.)
Severity level	2
Example	DRVPLAT/2/DrvDebug: (In standalone mode.) Warning: The card in slot 9 has a high power consumption and therefore a high cooling requirement. To continue to provide fan tray redundancy, substitute high speed fan trays.
Explanation	A high-power card was installed on the device. To ensure adequate cooling for the device, you are required to replace all fan trays with high-speed ones.
Recommended action	Replace all fan trays on the device with high-speed ones.

EDEV messages

This section contains messages for extended-device management.

ALARM_IN_REMOVED

Message text	Alarm removed on the alarm-in port [UNIT].
Variable fields	$1: Number of the alarm input port.
Severity level	5
Example	EDEV/5/ALARM_IN_REMOVED: Alarm removed on the alarm-in port 1.
Explanation	The external alarm received from the alarm input port was removed.
Recommended action	No action is required.

ALARM_IN_REPORTED

Message text	Alarm reported on the alarm-in port [UNIT].
Variable fields	$1: Number of the alarm input port.
Severity level	5
Example	EDEV/5/EDEV_ALARM_IN_REPORTED: Alarm reported on the alarm-in port 1.
Explanation	The alarm input port received an external alarm.
Recommended action	Verify that the device connected to the alarm input port is operating correctly.

EDEV_BOOTROM_UPDATE_FAILED

Message text	Failed to execute the bootrom update command.
Variable fields	None
Severity level	5
Example	EDEV/5/EDEV_BOOTROM_UPDATE_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the bootrom update command.
Explanation	A user executed the bootrom update command but the command failed. The BootWare image was not loaded from the file system to the Normal BootWare area.
Recommended action	Take actions as prompted.

EDEV_BOOTROM_UPDATE_SUCCESS

Message text	Executed the bootrom update command successfully.
Variable fields	None
Severity level	5
Example	EDEV/5/EDEV_BOOTROM_UPDATE_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the bootrom update command successfully.
Explanation	A user executed the bootrom update command successfully. The BootWare image was loaded from the file system to the Normal BootWare area.
Recommended action	No action is required.

EDEV_FAILOVER_GROUP_STATE_CHANGE

Message text	Status of stateful failover group [STRING] with ID [UINT32] changed to [STRING].
Variable fields	$1: Failover group name. $2: Failover group ID. $3: Failover group state.
Severity level	5
Example	EDEV/5/EDEV_FAILOVER_GROUP_STATE_CHANGE: -MDC=1; Status of stateful failover group 123 with ID 0 changed to primary.
Explanation	The status of a failover group changed.
Recommended action	No action is required.

ERPS messages

This section contains ERPS messages.

ERPS_STATE_CHANGED

Message text	Ethernet ring [UINT16] instance [UINT16] changed state to [STRING]
Variable fields	$1: ERPS ring ID. $2: ERPS instance ID. $3: ERPS instance status.
Severity level	6
Example	ERPS/4/ERPS_STATE_CHANGED: Ethernet ring 1 instance 1 changed state to Idle.
Explanation	The status of the ERPS instance changed.
Recommended action	No action is required.

ETH messages

This section contains ETH messages.

ETH_SET_MAC_FAILED

Message text	Failed to set the MAC address [STRING] on [STRING].
Variable fields	$1: MAC address. $2: Interface name.
Severity level	5
Example	ETH/5/ETH_SET_MAC_FAILED: Failed to set the MAC address 0001-0001-0001 on GigabitEthernet1/0/1.
Explanation	Failed to set the MAC address for an interface because the highest 36 bits of the MAC address are inconsistent with the highest 36 bits of the device's bridge MAC address in the case of configuration recovery, IRF split, or new interface module plugging.
Recommended action	Configure a proper MAC address again for the interface.

ETHMLAG

This section contains ETHMLAG messages.

ETHMLAG_MAC_INEFFECTIVE

Message text	ETHMLAG failed to add the MAC address of [STRING]. Cause: [STRING].
Variable fields	$1: Interface name. $2: Cause.
Severity level	3
Example	ETHMLAG/3/ETHMLAG_MAC_INEFFECTIVE: ETHMLAG failed to add the MAC address of Vlan-interface20. Cause: Insufficient hardware resources.
Explanation	The ETHMLAG module failed to add the MAC address of a VLAN interface.
Recommended action	Contact the administrator to locate the cause and resolve the problem.

ETHOAM messages

This section contains Ethernet OAM messages.

ETHOAM_CONNECTION_FAIL_DOWN

Message text	The link is down on interface [string] because a remote failure occurred on peer interface.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_CONNECTION_FAIL_DOWN: The link is down on interface Ethernet1/0/1 because a remote failure occurred on peer interface.
Explanation	The link goes down because a remote failure occurred on the peer interface.
Recommended action	Check the link status or the OAM status on the peer.

ETHOAM_CONNECTION_FAIL_TIMEOUT

Message text	Interface [string] removed the OAM connection because it received no Information OAMPDU before the timer times out.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_CONNECTION_FAIL_TIMEOUT: Interface Ethernet1/0/1 removed the OAM connection because it received no Information OAMPDU before the timer times out.
Explanation	The interface removed the OAM connection because it had not received Information OAMPDUs before the timer timed out.
Recommended action	Check the link status or the OAM status on the peer.

ETHOAM_CONNECTION_FAIL_UNSATISF

Message text	Interface [string] failed to establish an OAM connection because the peer doesn’t match the capacity of the local interface.
Variable fields	$1: Interface name.
Severity level	3
Example	ETHOAM/3/ETHOAM_CONNECTION_FAIL_UNSATISF: Interface Ethernet1/0/1 failed to establish an OAM connection because the peer doesn’t match the capacity of the local interface.
Explanation	Failed to establish an OAM connection because the peer does not match the OAM protocol state of the local interface.
Recommended action	Check the State field of the OAMPDUs sent from both ends.

ETHOAM_CONNECTION_SUCCEED

Message text	An OAM connection is established on interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_CONNECTION_SUCCEED: An OAM connection is established on interface Ethernet1/0/1.
Explanation	An OAM connection is established.
Recommended action	No action is required.

ETHOAM_DISABLE

Message text	Ethernet OAM is now disabled on interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_DISABLE: Ethernet OAM is now disabled on interface Ethernet1/0/1.
Explanation	Ethernet OAM is disabled.
Recommended action	No action is required.

ETHOAM_DISCOVERY_EXIT

Message text	OAM interface [string] quit the OAM connection.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ ETHOAM_DISCOVERY_EXIT: OAM interface Ethernet1/0/1 quit the OAM connection.
Explanation	The local interface ended the OAM connection.
Recommended action	No action is required.

ETHOAM_ENABLE

Message text	Ethernet OAM is now enabled on interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_ENABLE: Ethernet OAM is now enabled on interface Ethernet1/0/1.
Explanation	Ethernet OAM is enabled.
Recommended action	No action is required.

ETHOAM_ENTER_LOOPBACK_CTRLLED

Message text	The local OAM entity enters remote loopback as controlled DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ ETHOAM_ENTER_LOOPBACK_CTRLLED: The local OAM entity enters remote loopback as controlled DTE on OAM interface Ethernet1/0/1.
Explanation	The local OAM entity enters remote loopback as controlled DTE after you enable OAM loopback on the peer end.
Recommended action	No action is required.

ETHOAM_ENTER_LOOPBACK_CTRLLING

Message text	The local OAM entity enters remote loopback as controlling DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ ETHOAM_ENTER_LOOPBACK_CTRLLING: The local OAM entity enters remote loopback as controlling DTE on OAM interface Ethernet1/0/1.
Explanation	The local OAM entity enters remote loopback as controlling DTE after you enable OAM loopback on the interface.
Recommended action	No action is required.

ETHOAM_LOCAL_DYING_GASP

Message text	A local Dying Gasp event has occurred on [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOCAL_DYING_GASP: A local Dying Gasp event occurred on interface Ethernet1/0/1.
Explanation	A local Dying Gasp event occurs when you reboot the local device or shut down the interface.
Recommended action	Do not use the link until it recovers.

ETHOAM_LOCAL_ERROR_FRAME

Message text	An errored frame event occurred on local interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME: An errored frame event occurred on local interface Ethernet1/0/1.
Explanation	An errored frame event occurred on the local interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_LOCAL_ERROR_FRAME_PERIOD

Message text	An errored frame period event occurred on local interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_PERIOD: An errored frame period event occurred on local interface Ethernet1/0/1.
Explanation	An errored frame period event occurred on the local interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_LOCAL_ERROR_FRAME_SECOND

Message text	An errored frame seconds event occurred on local interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_SECOND: An errored frame seconds event occurred on local interface Ethernet1/0/1.
Explanation	An errored frame seconds event occurred on the local interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_LOCAL_ERROR_SYMBOL

Message text	An errored symbol event occurred on local interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOCAL_ERROR_SYMBOL: An errored symbol event occurred on local interface Ethernet1/0/1.
Explanation	An errored symbol event occurred on the local interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_LOCAL_LINK_FAULT

Message text	A local Link Fault event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOCAL_LINK_FAULT: A local Link Fault event occurred on interface Ethernet1/0/1.
Explanation	A local Link Fault event occurred when the local link goes down.
Recommended action	Re-connect the Rx end of the fiber on the local interface.

ETHOAM_LOOPBACK_EXIT

Message text	OAM interface [string] quit remote loopback.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOOPBACK_EXIT: OAM interface Ethernet1/0/1 quit remote loopback.
Explanation	The OAM interface ended remote loopback after one of the following events occurred: · Remote loopback was disabled on the interface before the OAM connection was established. · The established OAM connection was torn down.
Recommended action	No action is required.

ETHOAM_LOOPBACK_EXIT_ERROR_STATU

Message text	OAM interface [string] quit remote loopback due to incorrect multiplexer or parser status.
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOOPBACK_EXIT_ERROR_STATU: OAM interface Ethernet1/0/1 quit remote loopback due to incorrect multiplexer or parser status.
Explanation	OAM interface Ethernet1/0/1 ended remote loopback due to incorrect multiplexer or parser status.
Recommended action	Disable and then re-enable Ethernet OAM on the OAM entity.

ETHOAM_LOOPBACK_NO_RESOURCE

Message text	OAM interface [string] can’t enter remote loopback due to insufficient resources.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOOPBACK_NO_RESOURCE: OAM interface Ethernet1/0/1 can’t enter remote loopback due to insufficient resources.
Explanation	The OAM interface cannot enter remote loopback due to insufficient resources when you execute the oam remote-loopback start command on the local or remote OAM entity.
Recommended action	To enable remote loopback on an interface, you must set the hardware forwarding resources on the interface. Enabling remote loopback on a large number of interfaces might cause insufficient resources. Disable remote loopback on other interfaces, and execute the oam remote-loopback start command on the interface again.

ETHOAM_LOOPBACK_NOT_SUPPORT

Message text	OAM interface [string] can’t enter remote loopback because the operation is not supported.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOOPBACK_NOT_SUPPORT: OAM interface Ethernet1/0/1 can't enter remote loopback because the operation is not supported.
Explanation	The OAM interface cannot enter remote loopback because the operation is not supported on the device.
Recommended action	No action is required.

ETHOAM_QUIT_LOOPBACK_CTRLLED

Message text	The local OAM entity quit remote loopback as controlled DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ ETHOAM_QUIT_LOOPBACK_CTRLLED: The local OAM entity quit remote loopback as controlled DTE on OAM interface Ethernet1/0/1.
Explanation	As the Loopback Control OAMPDUs receiving end, the local end quit remote loopback after you disabled OAM loopback on the peer end.
Recommended action	No action is required.

ETHOAM_QUIT_LOOPBACK_CTRLLING

Message text	The local OAM entity quit remote loopback as controlling DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_QUIT_LOOPBACK_CONTROLLING: The local OAM entity quit remote loopback as controlling DTE on OAM interface Ethernet1/0/1.
Explanation	The local end quit remote loopback after you disabled OAM loopback on the local interface.
Recommended action	No action is required.

ETHOAM_REMOTE_CRITICAL

Message text	A remote Critical event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_REMOTE_CRITICAL: A remote Critical event occurred on interface Ethernet1/0/1.
Explanation	A remote critical event occurred.
Recommended action	Do not use the link until it recovers.

ETHOAM_REMOTE_DYING_GASP

Message text	A remote Dying Gasp event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_REMOTE_DYING_GASP: A remote Dying Gasp event occurred on interface Ethernet1/0/1.
Explanation	A remote Dying Gasp event occurred when you reboot the remote device and shut down the interface.
Recommended action	Do not use this link until it recovers.

ETHOAM_REMOTE_ERROR_FRAME

Message text	An errored frame event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME: An errored frame event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored frame event occurred on the peer.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_ERROR_FRAME_PERIOD

Message text	An errored frame period event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_PERIOD: An errored frame period event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored frame period event occurred on the peer interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_ERROR_FRAME_SECOND

Message text	An errored frame seconds event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_SECOND: An errored frame seconds event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored frame seconds event occurred on the peer.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_ERROR_SYMBOL

Message text	An errored symbol event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_SYMBOL: An errored symbol event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored symbol event occurred on the peer.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_EXIT

Message text	OAM interface [string] quit OAM connection because Ethernet OAM is disabled on the peer interface.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ ETHOAM_REMOTE_EXIT: OAM interface Ethernet1/0/1 quit OAM connection because Ethernet OAM is disabled on the peer interface.
Explanation	The local interface ended the OAM connection because Ethernet OAM was disabled on the peer interface.
Recommended action	No action is required.

ETHOAM_REMOTE_FAILURE_RECOVER

Message text	Peer interface [string] recovered.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ ETHOAM_REMOTE_FAILURE_RECOVER: Peer interface Ethernet1/0/1 recovered.
Explanation	The Link fault was cleared from the peer interface and the OAM connection was restored.
Recommended action	No action is required.

ETHOAM_REMOTE_LINK_FAULT

Message text	A remote Link Fault event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_REMOTE_LINK_FAULT: A remote Link Fault event occurred on interface Ethernet1/0/1.
Explanation	A remote Link Fault event occurred when the remote link went down.
Recommended action	Reconnect the Rx end of the fiber on the remote interface.

ETHOAM_NO_ENOUGH_RESOURCE

Message text	The configuration failed on OAM interface [string] because of insufficient resources.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ ETHOAM_NO_ENOUGH_RESOURCE: The configuration failed on OAM interface Ethernet1/0/1 because of insufficient resources.
Explanation	The configuration failed on the OAM interface because of insufficient system resources.
Recommended action	Remove useless configurations to release the resources, and execute the command again.

ETHOAM_NOT_CONNECTION_TIMEOUT

Message text	Interface [string] quit Ethernet OAM because it received no Information OAMPDU before the timer times out.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ ETHOAM_NOT_CONNECTION_TIMEOUT: Interface Ethernet1/0/1 quit Ethernet OAM because it received no Information OAMPDU before the timer times out.
Explanation	The local interface ended Ethernet OAM because it had not received Information OAMPDUs before the timer timed out.
Recommended action	Check the link status and the OAM status on the peer.

EVIISIS messages

This section contains EVI IS-IS messages.

EVIISIS_LICENSE_EXPIRED

Message text	The EVIISIS feature is being disabled, because its license has expired.
Variable fields	N/A
Severity level	3
Example	EVIISIS/3/EVIISIS_LICENSE_EXPIRED: The EVIISIS feature is being disabled, because its license has expired.
Explanation	The EVI IS-IS license has expired.
Recommended action	Install a valid license for EVI IS-IS.

EVIISIS_LICENSE_EXPIRED_TIME

Message text	The EVIISIS feature will be disabled in [ULONG] days.
Variable fields	$1: Available period of the feature.
Severity level	5
Example	EVIISIS/5/EVIISIS_LICENSE_EXPIRED_TIME: The EVIISIS feature will be disabled in 2 days.
Explanation	EVI IS-IS will be disabled because no EVI IS-IS license is available. After an active/standby MPU switchover or IRF master/subordinate switchover, you can use EVI IS-IS only for 30 days if the new active MPU or master does not have an EVI IS-IS license.
Recommended action	Install a valid license for EVI IS-IS.

EVIISIS_LICENSE_UNAVAILABLE

Message text	The EVIISIS feature has no available license.
Variable fields	N/A
Severity level	3
Example	EVIISIS/3/EVIISIS_LICENSE_UNAVAILABLE: The EVIISIS feature has no available license.
Explanation	No license was found for EVI IS-IS when the EVI IS-IS process started.
Recommended action	Install a valid license for EVI IS-IS.

EVIISIS_NBR_CHG

Message text	EVIISIS [UINT32], [STRING] adjacency [STRING] ([STRING]), state changed to: [STRING].
Variable fields	$1: EVI IS-IS process ID. $2: EVI IS-IS neighbor level. $3: Neighbor system ID. $4: Interface name. $5: Adjacency state: ¡ up—Adjacency was set up. ¡ initializing—Neighbor state was initializing. ¡ down—Adjacency was lost.
Severity level	5
Example	EVIISIS/5/EVIISIS_NBR_CHG: EVIISIS 1, Level-1 adjacency 0011.2200.1501 (Evi-Link0), state changed to: down.
Explanation	The EVI IS-IS adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes to down or initializing on an interface, check for EVI IS-IS configuration errors or loss of network connectivity.

EVPN

This section contains EVPN messages.

EVPN_MAC_CONFLICT

Message text	Remote host MAC address [STRING] conflicts with the MAC address of VSI interface [UINT].
Variable fields	$1: Host MAC address learned from an EVPN route. $2: VSI interface number.
Severity level	4
Example	EVPN/4/EVPN_MAC_CONFLICT: Remote host MAC address [1-1-1] conflicts with the MAC address of VSI interface 100.
Explanation	In a centralized EVPN gateway network, the MAC address learned from an EVPN route conflicts with the gateway MAC address.
Recommended action	Edit the host MAC address.

FCLINK messages

This section contains FC link messages.

FCLINK_FDISC_REJECT_NORESOURCE

Message text	VSAN [UINT16], Interface [STRING]: An FDISC was rejected because the hardware resource is not enough.
Variable fields	$1: VSAN ID. $2: Interface name.
Severity level	4
Example	FCLINK/4/FCLINK_FDISC_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FDISC was rejected because the hardware resource is not enough.
Explanation	An FDISC is received when the hardware resources are insufficient.
Recommended action	Reduce the number of nodes.

FCLINK_FLOGI_REJECT_NORESOURCE

Message text	VSAN [UINT16], Interface [STRING]: An FLOGI was rejected because the hardware resource is not enough.
Variable fields	$1: VSAN ID. $2: Interface name.
Severity level	4
Example	FCLINK/4/FCLINK_FLOGI_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FLOGI was rejected because the hardware resource is not enough.
Explanation	An FLOGI is received when the hardware resources are insufficient.
Recommended action	Reduce the number of nodes.

FCOE messages

This section contains FCoE messages.

FCOE_INTERFACE_NOTSUPPORT_FCOE

Message text	Because the aggregate interface [STRING] has been bound to a VFC interface, assigning the interface [STRING] that does not support FCoE to the aggregate interface might cause incorrect processing.
Variable fields	$1: Aggregate interface name. $2: Ethernet interface name.
Severity level	4
Example	FCOE/4/FCOE_INTERFACE_NOTSUPPORT_FCOE: Because the aggregate interface Bridge-Aggregation 1 has been bound to a VFC interface, assigning the interface Ten-GigabitEthernet 2/0/1 that does not support FCoE to the aggregate interface might cause incorrect processing.
Explanation	This message is generated when an interface that does not support FCoE is assigned to an aggregate interface that has been bound to a VFC interface.
Recommended action	Assign an interface that supports FCoE to the aggregate interface, or remove the binding from the VFC interface.

FCOE_LAGG_BIND_ACTIVE

Message text	The binding between aggregate interface [STRING] and the VFC interface takes effect again, because the member port is unbound from its bound VFC interface or removed from the aggregate interface.
Variable fields	$1: Aggregate interface name.
Severity level	4
Example	FCOE/4/FCOE_LAGG_BIND_ACTIVE: The binding between aggregate interface Bridge-Aggregation1 and the VFC interface takes effect again, because the member port is unbound from its bound VFC interface or removed from the aggregate interface.
Explanation	This message is generated when a member port of an aggregate interface is unbound from its bound VFC interface or removed from the aggregate interface.
Recommended action	No action is required.

FCOE_LAGG_BIND_DEACTIVE

Message text	The binding between aggregate interface [STRING] and the VFC interface is no longer in effect, because the new member port has been bound to a VFC interface.
Variable fields	$1: Aggregate interface name.
Severity level	4
Example	FCOE/4/FCOE_LAGG_BIND_DEACTIVE: The binding between aggregate interface Bridge-Aggregation1 and the VFC interface is no longer in effect, because the new member port has been bound to a VFC interface.
Explanation	This message is generated when a new member port of an aggregate interface has been bound to a VFC interface.
Recommended action	No action is required.

FCZONE messages

This section contains FC zone messages.

FCZONE_DISTRIBUTE_FAILED

Message text	-VSAN=[UINT16]; Zone distribution failed. The zoning configurations might consequently be inconsistent across the fabric.
Variable fields	$1: VSAN ID.
Severity level	4
Example	FCZONE/4/FCZONE_DISTRIBUTE_FAILED: -VSAN=2; Zone distribution failed. The zoning configurations might consequently be inconsistent across the fabric.
Explanation	A distribution operation failed. Consequently, the zoning configurations might be inconsistent across the fabric.
Recommended action	To resolve the problem if the distribution operation is triggered by using the zoneset activate command: 1. Verify that the contents of the active zone set are consistent on all switches by using the display current-configuration command. 2. Reactivate the zone set and distribute it to the entire fabric by using the zoneset activate command. To resolve the problem if the distribution operation is triggered by using the zoneset distribute command: 3. Verify that the contents of the active zone set and zone database are consistent on all switches by using the display current-configuration command. 4. Trigger a new complete distribution by using the zoneset distribute command. To resolve the problem if the distribution operation is triggered by a zoning mode switchover: 5. Verify that the zoning mode is the same on all switches by using the display zone status command. 6. Trigger a new complete distribution by using the zoneset distribute command.

FCZONE_HARDZONE_DISABLED

Message text	-VSAN=[UINT16]: No enough hardware resource for zone rule, switched to soft zoning.
Variable fields	$1: VSAN ID.
Severity level	4
Example	FCZONE/4/FCZONE_HARDZONE_DISABLED: -VSAN=2: No enough hardware resource for zone rule, switched to soft zoning.
Explanation	Insufficient hardware resources.
Recommended action	Activate a smaller zone set.

FCZONE_HARDZONE_ENABLED

Message text	-VSAN=[UINT16]: Hardware resource for zone rule is restored, switched to hard zoning.
Variable fields	$1: VSAN ID.
Severity level	6
Example	FCZONE/6/FCZONE_HARDZONE_ENABLED: -VSAN=2: Hardware resource for zone rule is restored, switched to hard zoning.
Explanation	Hard zoning is enabled in a VSAN because the hardware resources are restored.
Recommended action	No action is required.

FCZONE_ISOLATE_ALLNEIGHBOR

Message text	-VSAN=[UINT16]; The E ports connected to all neighbors were isolated, because the length of the locally generated MR packet exceeded the limit.
Variable fields	$1: VSAN ID.
Severity level	4
Example	FCZONE/4/FCZONE_ISOLATE_ALLNEIGHBOR: -VSAN=2; The E ports connected to all neighbors were isolated, because the length of the locally generated MR packet exceeded the limit.
Explanation	E_Ports connected to all neighbors were isolated because the length of the locally generated MR packet exceeded the limit.
Recommended action	To resolve the problem: 1. Use the display current-configuration command on the local switch to view the zoning configuration. 2. Delete unnecessary zoning configuration of the active zone set. 3. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation. Or 4. Activate a smaller zone set. 5. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation.

FCZONE_ISOLATE_CLEAR_VSAN

Message text	-Interface=[STRING]-VSAN=[UINT16]; Isolation status was cleared.
Variable fields	$1: Interface name. $2: VSAN ID.
Severity level	6
Example	FCZONE/6/FCZONE_ISOLATE_CLEAR_VSAN: -Interface=Fc1/0/1-VSAN=2; Isolation status was cleared.
Explanation	The isolation status of an interface was cleared in a VSAN.
Recommended action	No action is required.

FCZONE_ISOLATE_CLEAR_ALLVSAN

Message text	-Interface=[STRING]; Isolation status was cleared in all supported VSANs.
Variable fields	$1: Interface name.
Severity level	6
Example	FCZONE/6/FCZONE_ISOLATE_CLEAR_ALLVSAN: -Interface=Fc1/0/1; Isolation status was cleared in all supported VSANs.
Explanation	The isolation status of an interface was cleared in all supported VSANs.
Recommended action	No action is required.

FCZONE_ISOLATE_NEIGHBOR

Message text	-VSAN=[UINT16]; All the E ports connected to a neighbor were isolated because of merge failure, and the neighbor’s switch WWN is [STRING].
Variable fields	$1: VSAN ID. $2: Neighbor's switch WWN.
Severity level	4
Example	FCZONE/4/FCZONE_ISOLATE_NEIGHBOR: -VSAN=2; All the E ports connected to a neighbor were isolated because of merge failure, and the neighbor’s switch WWN is 10:00:00:11:22:00:0d:01.
Explanation	All E_Ports connected to a neighbor were isolated because a merge operation with the neighbor failed.
Recommended action	To resolve the problem: 1. Use the display current-configuration command on the local switch and the neighbor switch to view their zoning configurations. 2. Modify those noncompliant configurations on both switches to be compliant with merge rules. 3. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation.

FIB messages

This section contains FIB messages.

FIB_FILE

Message text	Failed to save the IP forwarding table due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	FIB/4/FIB_FILE: -MDC=1; Failed to save the IP forwarding table due to lack of storage resources.
Explanation	Failed to save the IP forwarding table due to lack of storage resources.
Recommended action	Delete unused files to release storage space.

FIB_PREFIX_ENOUGHRESOURCE

Message text	Issued the software entry to the driver for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Issued the software entry to the driver for IP address [STRING] and mask length [UINT32] on the public network.
Variable fields	$1: IPv4 or IPv6 address. $2: Mask or prefix length. $3: VPN instance name. This field is not available for the public network.
Severity level	6
Example	FIB/6/FIB_PREFIX_ENOUGHRESOURCE: Issued the software entry to the driver for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_PREFIX_ENOUGHRESOURCE: Issued the software entry to the driver for IP address 10::2 and mask length 128 on the public network.
Explanation	This message occurs when the system successfully updates the FIB entry in hardware with the FIB entry in software for an IP address for consistency. You can use the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6).
Recommended action	No action is required.

FIB_PREFIX_INCONSISTENT

Message text	Inconsistent software and hardware FIB entries for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Inconsistent parameters: [STRING]. Inconsistent software and hardware FIB entries for IP address [STRING] and mask length [UINT32] on the public network. Inconsistent parameters: [STRING].
Variable fields	$1: IPv4 or IPv6 address. $2: Mask or prefix length. $3: VPN instance name. This field is not available for the public network. $4: Inconsistent parameters. Options: ¡ Next hop ¡ MPLS label ¡ Adjacent-table ¡ Micro-segment ID
Severity level	6
Example	FIB/6/FIB_PREFIX_INCONSISTENT: Inconsistent software and hardware FIB entries for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. Inconsistent parameters: next hop, mpls label, adjacent-table and micro-segment ID. FIB/6/FIB_PREFIX_INCONSISTENT: Inconsistent software and hardware FIB entries for IP address 10::2 and mask length 128 on the public network. Inconsistent parameters: next hop, mpls label, adjacent-table and micro-segment ID.
Explanation	This message occurs when the system detects an inconsistency between the FIB entry in software and FIB entry in hardware for an IP address. You can use the following commands to enable FIB entry consistency check for IPv4 and IPv6. · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). Once the device detects an inconsistency, it will generate this type of log.
Recommended action	No action is required. The device will update the FIB entry in hardware with the FIB entry in software automatically.

FIB_PREFIX_NORESOURCE

Message text	Not enough hardware resources to issue the software entry to the driver for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Not enough hardware resources to issue the software entry to the driver for IP address [STRING] and mask length [UINT32] on the public network.
Variable fields	$1: IPv4 or IPv6 address. $2: Mask or prefix length. $3: VPN instance name. This field is not available for the public network.
Severity level	6
Example	FIB/6/FIB_PREFIX_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_PREFIX_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IP address 10::2 and mask length 128 on the public network.
Explanation	This message occurs when the system fails to update the FIB entry in hardware with the FIB entry in software for an IP address for consistency due to insufficient hardware resources. You can use the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6).
Recommended action	No action is required. The device will attempt to re-issue the FIB entry from software to hardware automatically.

FIB_VN_ENOUGHRESOURCE

Message text	Issued the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Issued the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on the public network.
Variable fields	$1: Number of resynchronized FIB entries. $2: IPv4 or IPv6 address. $3: Mask or prefix length. $4: VPN instance name. This field is not available for the public network.
Severity level	6
Example	FIB/6/FIB_VN_ENOUGHRESOURCE: Issued the following 1 software FIB entries to the driver: Entry for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_PREFIX_ENOUGHRESOURCE: Issued the following 1 software FIB entries to the driver: Entry for IP address 10::2 and mask length 128 on the public network.
Explanation	The device attempts to re-issue virtual next hop information to hardware if it has failed to issue this information during synchronization of some FIB entries from software to hardware for consistency. This message occurs after the system successfully re-issues virtual next hop information to hardware. You can use one of the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6).
Recommended action	No action is required.

FIB_VN_INCONSISTENT

Message text	Inconsistent software and hardware entries for the following [UINT32] FIB entries. Inconsistent parameters: [STRING]. Entry for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Inconsistent software and hardware entries for the following [UINT32] FIB entries. Inconsistent parameters: [STRING]. Entry for IP address [STRING] and mask length [UINT32] on the public network.
Variable fields	$1: Number of inconsistent FIB entries. $2: Inconsistent parameters. ¡ Next hop ¡ MPLS label ¡ Maximum number of ECMP routes ¡ Output tunnel interface $3: IPv4 or IPv6 address. $4: Mask or prefix length. $5: VPN instance name. If the FIB table runs on the public network, this field will not be displayed.
Severity level	6
Example	FIB/6/FIB_VN_INCONSISTENT: Inconsistent software and hardware entries for the following 1 FIB entries. Inconsistent parameters: next hop and mpls label. Entry for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_VN_INCONSISTENT: Inconsistent software and hardware entries for the following 1 FIB entries. Inconsistent parameters: next hop and mpls label. Entry for IP address 10::2 and mask length 128 on the public network.
Explanation	You can use one of the following commands to enable FIB entry consistency check · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). Once the device detects an inconsistency between virtual nexthop entries in software and in hardware, it will generate this log to inform the user of the inconsistent FIB entries.
Recommended action	No action is required. The device will update the inconsistent virtual nexthop entries in hardware with the virtual nexthop entries in software automatically.

‌

FIB_VN_NORESOURCE

Message text	Not enough hardware resources to issue the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on VPN instance [STRING]. Not enough hardware resources to issue the following [UINT32] software FIB entries to the driver: Entry for IP address [STRING] and mask length [UINT32] on the public network.
Variable fields	$1: Number of FIB entries that failed to be issued to the hardware. $2: IPv4 or IPv6 address. $3: Mask or prefix length. $4: VPN instance name. If the FIB table runs on the public network, this field will not be displayed.
Severity level	6
Example	FIB/6/FIB_VN_NORESOURCE: Not enough hardware resources to issue the following 1 software FIB entries to the driver: Entry for IP address 10.1.1.1 and mask length 32 on VPN instance vpn_1. FIB/6/FIB_VN_NORESOURCE: Not enough hardware resources to issue the following 1 software FIB entries to the driver: Entry for IP address 10::2 and mask length 128 on the public network.
Explanation	You can use one of the following commands to enable FIB entry consistency check and the generation of this log for IPv4 and IPv6: · fib consistency-check enable (IPv4). · ipv6 fib consistency-check enable (IPv6). With FIB entry consistency check enabled, the device will generate this type of log if it fails to issue some software virtual nexthop entries to the hardware due to insufficient hardware resources. This log informs the user of the invalid FIB entries.
Recommended action	No action is required. The device will re-issue the software virtual nexthop entries to the hardware automatically.

FILTER messages

This section contains filter messages.

FILTER_EXECUTION_ICMP

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];IcmpType(1062)=[STRING]([UINT16]);IcmpCode(1063)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IP address. $7: Destination IP address. $8: ICMP message type. $9: ICMP message code. $10: Match count. $11: Event information.
Severity level	6
Example	FILTER/6/FILTER_EXECUTION_ICMP: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1067)=inbound;AclType(1064)=ACL;Acl(1065)=3000;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;DstIPAddr(1007)=200.1.1.1;IcmpType(1059)=Echo(8);IcmpCode(1060)=0;MatchAclCount(1066)=1000;Event(1048)=Permit;
Explanation	ICMP packets matched the packet filter. This message is sent when the first ICMP packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_EXECUTION_ICMPV6

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];Icmpv6Type(1064)=[STRING]([UINT16]);Icmpv6Code(1065)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IPv6 address. $7: Destination IPv6 address. $8: ICMPv6 message type. $9: ICMPv6 message code. $10: Match count. $11: Event information.
Severity level	6
Example	FILTER/6/FILTER_EXECUTION_ICMPV6: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1067)=inbound;AclType(1064)=ACL;Acl(1065)=3000;Protocol(1001)=ICMPV6;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=3001::1;Icmpv6Type(1064)=Echo(128);Icmpv6Code(1065)=0;MatchAclCount(1066)=1000;Event(1048)=Permit;
Explanation	ICMPv6 packets matched the packet filter. This message is sent when the first ICMPv6 packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_IPV4_EXECUTION

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IP address. $7: Source port. $8: Destination IP address. $9: Destination port number. $10: Match count. $11: Event information.
Severity level	6
Example	FILTER/6/FILTER_IPV4_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;AclType(1067)=ACL;Acl(1068)=3000;Protocol(1001)=TCP;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchAclCount(1069)=1000;Event(1048)=Permit;
Explanation	Packets other than ICMP packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_IPV6_EXECUTION

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];AclType(1067)=[STRING];Acl(1068)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];MatchAclCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: Layer 4 protocol name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Match count. $11: Event information.
Severity level	6
Example	FILTER/6/FILTER_IPV6_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;AclType(1067)=ACL;Acl(1068)=3000;Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3001::1;DstPort(1008)=1026;MatchAclCount(1069)=1000;Event(1048)=Permit;
Explanation	Packets other than ICMPv6 packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FIPSNG messages

This section contains FIP snooping messages.

FIPSNG_HARD_RESOURCE_NOENOUGH

Message text	No enough hardware resource for FIP snooping rule.
Variable fields	N/A
Severity level	4
Example	FIPSNG/4/FIPSNG_HARD_RESOURCE_NOENOUGH: No enough hardware resource for FIP snooping rule.
Explanation	Hardware resources are insufficient.
Recommended action	No action is required.

FIPSNG_HARD_RESOURCE_RESTORE

Message text	Hardware resource for FIP snooping rule is restored.
Variable fields	N/A
Severity level	6
Example	FIPSNG/6/FIPSNG_HARD_RESOURCE_RESTORE: Hardware resource for FIP snooping is restored.
Explanation	Hardware resources for FIP snooping rules are restored.
Recommended action	No action is required.

FS messages

This section contains file system messages.

FS_UNFORMATTED_PARTITION

Message text	Partition [%s] is not formatted yet. Please format the partition first.
Variable fields	$1: Partition name.
Severity level	4
Example	FS/4/FS_UNFORMATED_PARTITION: Partition usba0: is not formatted yet. Please format the partition first.
Explanation	The partition is not formatted. You must format a partition before you can perform other operations on the partition.
Recommended action	Format the specified partition.

FTP messages

This section contains File Transfer Protocol messages.

FTP_ACL_DENY

Message text	The FTP Connection [IPADDR]([STRING]) request was denied according to ACL rules.
Variable fields	$1: IP address of the FTP client. $2: VPN instance to which the IP address of the FTP client belongs.
Severity level	5
Example	FTP/5/FTP_ACL_DENY: The FTP Connection 1.2.3.4(vpn1) request was denied according to ACL rules.
Explanation	The ACL for controlling FTP access denied the access request of an FTP client.
Recommended action	No action is required.

FTP_REACH_SESSION_LIMIT

Message text	FTP client [STRING] failed to log in. The current number of FTP sessions is [NUMBER]. The maximum number allowed is ([NUMBER]).
Variable fields	$1: IP address of the FTP client. $2: Current number of FTP sessions. $3: Maximum number of FTP sessions allowed by the device.
Severity level	6
Example	FTP/6/FTP_REACH_SESSION_LIMIT: FTP client 1.1.1.1 failed to log in. The current number of FTP sessions is 10. The maximum number allowed is (10).
Explanation	The number of FTP connections reached the limit.
Recommended action	1. Use the display current-configuration \| include session-limit command to view the current limit for FTP connections. If the command does not display the limit, the device is using the default setting. 2. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

FTPD_AUTHOR_FAILED

Message text	Authorization failed for user [STRING]@[STRING].
Variable fields	$1: Username. $1: IP address of the FTP client.
Severity level	4
Example	FTP/4/FTPD_AUTHOR_FAILED: Authorization failed for user admin@10.11.115.63.
Explanation	Authorization for a user failed.
Recommended action	Check whether the user is assigned the FTP service.

gRPC messages

This section contains gRPC messages.

GRPC_LOGIN

Message text	[STRING] logged in from [STRING], session id [INT32].
Variable fields	$1: Username. $2: Client ID. $3: Session ID.
Severity level	6
Example	GRPC/6/GRPC_LOGIN: user logged in from 127.0.0.1, session id 1.
Explanation	A user logged in successfully.
Recommended action	No action is required.

GRPC_LOGIN_FAILED

Message text	[STRING] from [STRING] login failed. Or: [STRING] from [STRING] login failed. [STRING]
Variable fields	$1: Username. $2: Client ID. $3: Login failure reason. The value might be Number of the gRPC sessions reached the limit.
Severity level	4
Example	GRPC/4/GRPC_LOGIN_FAILED: user from 127.0.0.1 login failed.
Explanation	A user failed to log in.
Recommended action	1. If no failure reason is displayed, verify that the user is configured and the user entered the correct username and password. 2. If the maximum number of gRPC sessions was already reached, release gRPC sessions as required.

GRPC_LOGOUT

Message text	[STRING] logged out, session id [INT32].
Variable fields	$1: Username. $2: Session ID.
Severity level	6
Example	GRPC/6/GRPC_LOGOUT: user logged out, session id 1.
Explanation	A user logged out successfully.
Recommended action	No action is required.

GRPC_SERVER_FAILED

Message text	Failed to enable gRPC server.
Variable fields	N/A
Severity level	4
Example	GRPC/4/GRPC_SERVER_FAILED: Failed to enable gRPC server.
Explanation	A port conflict caused a gRPC server connection failure.
Recommended action	Identify whether a port conflict exist. If yes, modify the port settings as required.

GRPC_SUBSCRIBE_EVENT_FAILED

Message text	Failed to subscribe event [STRING].
Variable fields	$ 1: Event name.
Severity level	4
Example	GRPC/4/GRPC_SUBSCRIBE_EVENT_FAILED: Failed to subscribe event syslog.
Explanation	Failed to subscribe to an event.
Recommended action	No action is required.

GRPC_RECEIVE_SUBSCRIPTION

Message text	Received a subscription of module [STRING].
Variable fields	$ 1: Module name.
Severity level	6
Example	GRPC/6/GRPC_RECEIVE_SUBSCRIPTION: Received a subscription of module syslog.
Explanation	The device received a subscription request for a module.
Recommended action	No action is required.

HA messages

This section contains HA messages.

HA_BATCHBACKUP_FINISHED

Message text	Batch backup of standby board in [STRING] has finished.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	HA/5/HA_BATCHBACKUP_FINISHED: Batch backup of standby board in slot 1 has finished.
Explanation	Batch backup from the active MPU to the standby MPU has finished.
Recommended action	No action is required.

HA_BATCHBACKUP_STARTED

Message text	Batch backup of standby board in [STRING] started.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	HA/5/HA_BATCHBACKUP_STARTED: Batch backup of standby board in slot 1 started.
Explanation	Batch backup from the active MPU to the standby MPU has started.
Recommended action	No action is required.

HA_STANDBY_NOT_READY

Message text	Standby board in [STRING] is not ready, reboot ...
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	4
Example	HA/4/HA_STANDBY_NOT_READY: Standby board in slot 1 is not ready, reboot ...
Explanation	This message appears on the standby MPU. When batch backup is not complete on the standby MPU, performing active and standby MPU switchover results in restart of the active and standby MPUs.
Recommended action	Do not perform active and standby MPU switchover before batch backup is complete on the standby MPU.

HA_STANDBY_TO_MASTER

Message text	Standby board in [STRING] changed to the master.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	HA/5/HA_STANDBY_TO_MASTER: Standby board in slot 1 changed to the master.
Explanation	An active and standby MPU switchover occurs. The standby MPU changed to active.
Recommended action	No action is required.

HQOS messages

This section contains HQoS messages.

HQOS_DP_SET_FAIL

Message text	Failed to set drop profile [STRING] globally.
Variable fields	$1: Drop profile name.
Severity level	4
Example	HQOS/4/HQOS_DP_SET_FAIL: Failed to set drop profile b globally.
Explanation	The system failed to perform one of the following actions: · Apply a drop profile globally. · Modify a drop profile applied globally.
Recommended action	Check the drop profile settings.

HQOS_FP_SET_FAIL

Message text	Failed to set [STRING] in forwarding profile [STRING] globally.
Variable fields	$1: Policy type: · gts. · bandwidth. · queue. · drop profile. $2: Forwarding profile name.
Severity level	4
Example	HQOS/4/HQOS_FP_SET_FAIL: Failed to set gts in forwarding profile b globally.
Explanation	The system failed to perform one of the following actions: · Apply a forwarding profile globally. · Modify a forwarding profile applied globally.
Recommended action	Examine the forwarding profile, and make sure it is supported and has no conflicted contents.

HQOS_POLICY_APPLY_FAIL

Message text	Failed to apply some forwarding classes or forwarding groups in scheduler policy [STRING] to the [STRING] direction of interface [STRING].
Variable fields	$1: Scheduler policy name. $2: Policy direction: inbound or outbound. $3: Interface name.
Severity level	4
Example	HQOS/4/HQOS_POLICY_APPLY_FAIL: Failed to apply some forwarding classes or forwarding groups in scheduler policy b to the inbound direction of interface Ethernet3/1/2.
Explanation	The system failed to perform one of the following actions: · Apply a scheduler policy to a specific direction of an interface. · Modify a scheduler policy applied to a specific direction of an interface.
Recommended action	Use the display qos scheduler-policy diagnosis interface command to identify the nodes that failed to be applied and the failure causes, and modify the running configuration.

HQOS_POLICY_APPLY_FAIL

Message text	Failed to recover scheduler policy [STRING] to the [STRING] direction of interface [STRING] due to [STRING].
Variable fields	$1: Scheduler policy name. $2: Policy direction: inbound or outbound. $3: Interface name. $4: Cause.
Severity level	4
Example	HQOS/4/HQOS_POLICY_RECOVER_FAIL: Failed to recover scheduler policy b to the outbound direction of interface Ethernet3/1/2 due to conflicting with QoS configuration.
Explanation	The system failed to recover an applied scheduler policy after the card or device rebooted, because the scheduler policy conflicted with the QoS configuration on the interface.
Recommended action	Check the scheduler policy configuration according to the failure cause.

HTTPD messages

This section contains HTTP daemon messages.

HTTPD_CONNECT

Message text	[STRING] client [STRING] connected to the server successfully.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_CONNECT: HTTP client 192.168.30.117 connected to the server successfully.
Explanation	The HTTP or HTTPS server accepted the request from a client. An HTTP or HTTPS connection was set up.
Recommended action	No action is required.

HTTPD_CONNECT_TIMEOUT

Message text	[STRING] client [STRING] connection idle timeout.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_CONNECT_TIMEOUT: HTTP client 192.168.30.117 connection to server idle timeout.
Explanation	An HTTP or HTTPS connection was disconnected because the idle timeout timer expires.
Recommended action	No action is required.

HTTPD_DISCONNECT

Message text	[STRING] client [STRING] disconnected from the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_DISCONNECT: HTTP client 192.168.30.117 disconnected from the server.
Explanation	An HTTP or HTTPS client was disconnected from the server.
Recommended action	No action is required.

HTTPD_FAIL_FOR_ACL

Message text	[STRING] client [STRING] failed the ACL check and could not connect to the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_FAIL_FOR_ACL: HTTP client 192.168.30.117 failed the ACL check and cannot connect to the server.
Explanation	An HTTP or HTTPS client was filtered by the ACL.
Recommended action	No action is required.

HTTPD_FAIL_FOR_ACP

Message text	[STRING] client [STRING] was denied by the certificate access control policy and could not connect to the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_FAIL_FOR_ACP: HTTP client 192.168.30.117 was denied by the certificate attribute access control policy and could not connect to the server.
Explanation	An HTTP or HTTPS client was denied by the certificate access control policy.
Recommended action	No action is required.

HTTPD_REACH_CONNECT_LIMIT

Message text	[STRING] client [STRING] failed to connect to the server, because the number of connections reached the upper limit.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_REACH_CONNECT_LIMIT: HTTP client 192.168.30.117 failed to connect to the server, because the number of connections reached the upper limit.
Explanation	The number of connections reached the limit.
Recommended action	1. Use the display current-configuration \| include session-limit command to view the current limit for connections of the specified type. If the command does not display the limit, the device is using the default setting. 2. If you want to specify a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

IFMON

This section contains interface monitoring messages.

CRC_ERROR_RECOVERY

Message text	The number of CRC error packets dropped below the lower threshold: Interface name=[STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	IFMON/4/CRC_ERROR_RECOVERY: The number of CRC error packets dropped below the lower threshold: Interface name=GigabitEthernet1/0/1.
Explanation	This log message was generated when the number of CRC error packets detected within a statistics collection interval dropped below the threshold and the alarm was cleared.
Recommended action	No action is required.

CRC_ERROR_THRESHOLD

Message text	The number of CRC error packets exceeded the upper threshold: Interface name=[STRING], upper threshold=[UINT32], number of CRC error packets=[UINT64], interval=[UINT32]s.
Variable fields	$1: Interface name. $2: Upper threshold for the alarm or the upper bit error rate threshold. $3: Number of CRC error packets detected within the latest statistics collection interval. $4: Collection and comparison interval for CRC error packets, in seconds.
Severity level	4
Example	IFMON/4/CRC_ERROR_THRESHOLD: The number of CRC error packets exceeded the upper threshold: Interface name=GigabitEthernet1/0/1, upper threshold=100, number of CRC error packets=200, interval=10s.
Explanation	This log message was generated when the number of CRC error packets within a statistics collection interval exceeded the upper threshold. Typically, this issue occurs because the threshold is set improperly or too many error packets appear because data is destroyed during transmission.
Recommended action	· Identify whether the upper threshold is set properly. · Identify whether the link environment quality is good.

IFNET messages

This section contains interface management messages.

IF_BUFFER_CONGESTION_OCCURRENCE

Message text	[STRING] congestion occurs on queue [INTEGER] of [STRING].
Variable fields	$1: Data buffer type: ingress (for receive data buffer) or egress (for transmit data buffer). $2: Queue ID in the range of 0 to 7. $3: Interface name.
Severity level	4
Example	IFNET/4/IF_BUFFER_CONGESTION_OCCURRENCE: Ingress congestion occurs on queue 1 of GigabitEthernet1/0/1.
Explanation	On queue 1 of GigabitEthernet 1/0/1, congestion occurs in the receive data buffer.
Recommended action	Examine the network status.

IF_BUFFER_CONGESTION_CLEAR

Message text	[STRING] congestion on queue [UINT32] of [STRING] is cleared. [UINT64] packets are discarded.
Variable fields	$1: Data buffer type: ingress (for receive data buffer) or egress (for transmit data buffer). $2: Queue ID in the range of 0 to 7. $3: Interface name. $4: Number of packets dropped.
Severity level	5
Example	IFNET/5/IF_BUFFER_CONGESTION_CLEAR: Ingress congestion on queue 1 of GigabitEthernet1/0/1 is cleared. 1000 packets are discarded.
Explanation	On queue 1 of GigabitEthernet 1/0/1, congestion in the receive data buffer is removed. 1000 packets are dropped.
Recommended action	No action is required.

IF_JUMBOFRAME_WARN

Message text	The specified size of jumbo frames on the aggregate interface [STRING] is not supported on the member port [STRING].
Variable fields	$1: Aggregate interface name. $2: Member port name.
Severity level	3
Example	IFNET/3/IF_JUMBOFRAME_WARN: -MDC=1-Slot=3; The specified size of jumbo frames on the aggregate interface Bridge-Aggregation1 is not supported on the member port GigabitEthernet1/0/1.
Explanation	Some member ports do not support the jumbo frame size configured on the aggregate interface.
Recommended action	1. Identify the value ranges for the jumbo frame size supported on member ports. 2. Specify a jumbo frame size supported by member ports for the aggregate interface.

INTERFACE_NOTSUPPRESSED

Message text	Interface [STRING] is not suppressed.
Variable fields	$1: Interface name.
Severity level	6
Example	IFNET/6/INTERFACE_NOTSUPPRESSED: Interface Ethernet0/0/0 is not suppressed.
Explanation	The interface changed from suppressed state to unsuppressed state. When the interface is unsuppressed, the upper-layer services can detect the physical state changes of the interface.
Recommended action	No action is required.

INTERFACE_SUPPRESSED

Message text	Interface [STRING] was suppressed.
Variable fields	$1: Interface name.
Severity level	5
Example	IFNET/5/INTERFACE_SUPPRESSED: Interface Ethernet0/0/0 was suppressed.
Explanation	The interface was suppressed because its state frequently changed. When the interface is suppressed, the upper-layer services cannot detect the physical state changes of the interface.
Recommended action	1. Check whether the network cable of the interface or peer interface is frequently plugged and unplugged. 2. Configure physical state change suppression to adjust the suppression parameters.

LINK_UPDOWN

Message text	Line protocol state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: State of link layer protocol, which can be up or down.
Severity level	5
Example	IFNET/5/LINK_UPDOWN: Line protocol state on the interface Ethernet0/0 changed to down.
Explanation	The link layer protocol state changed on an interface.
Recommended action	When the link layer protocol state of an interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the interface.

PFC_WARNING

Message text	On interface [STRING], the rate of [STRING] PFC packets of 802.1p priority [INTEGER] exceeded the PFC early-warning threshold [INTEGER] pps. The current rate is [INTEGER].
Variable fields	$1: Interface name. $2: Alarm direction, which can be input or output. $3: 802.1p priority. $4: Rate threshold at which the interface receives or sends PFC frames, in pps. $5: Rate at which the interface receives or sends PFC frames, in pps.
Severity level	4
Example	IFNET/4/PFC_WARNING: On interface GigabitEthernet1/0/1, the rate of input PFC packets of 802.1p priority 1 exceeded the PFC early-warning threshold 50 pps. The current rate is 60.
Explanation	The rate at which the interface receives or sends PFC frames reaches the early-warning threshold.
Recommended action	No action is required.

PHY_UPDOWN

Message text	Physical state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Link state, which can be up or down.
Severity level	3
Example	IFNET/3/PHY_UPDOWN: Physical state on the Ethernet0/0 changed to down.
Explanation	The physical state changed on an interface.
Recommended action	When the interface is physically down, check whether a physical link is present or whether the link fails.

‌

PROTOCOL_UPDOWN

Message text	Protocol [STRING] state on the interface [STRING] changed to [STRING].
Variable fields	$1: Protocol name. $2: Interface name. $3: Protocol state, which can be up or down.
Severity level	5
Example	IFNET/5/PROTOCOL_UPDOWN: Protocol IPX state on the interface Ethernet6/4/1 changed to up.
Explanation	The state of a protocol has been changed on an interface.
Recommended action	When the state of a network layer protocol is down, check the network layer protocol configuration.

‌

STORM_CONSTRAIN_BELOW

Message text	[STRING] is in controlled status, [STRING] flux falls below its lower threshold [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Lower suppression threshold: · lowerlimit% · lowerlimit pps · lowerlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_BELOW: GigabitEthernet1/0/1 is in controlled status, BC flux falls below its lower threshold 90%.
Explanation	The port is in controlled state. Any type of traffic on the port drops below the lower threshold from above the upper threshold.
Recommended action	No action is required.

STORM_CONSTRAIN_CONTROLLED

Message text	[STRING] turned into controlled status, port status is controlled, packet type is [STRING], upper threshold is [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Upper suppression threshold: · upperlimit% · upperlimit pps · upperlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_CONTROLLED: GigabitEthernet1/0/1 turned into controlled status, port status is controlled, packet type is BC, upper threshold is 90%.
Explanation	The port is in controlled state. Any type of traffic on the port exceeds the upper threshold.
Recommended action	No action is required.

STORM_CONSTRAIN_EXCEED

Message text	[STRING] is in controlled status, [STRING] flux exceeds its upper threshold [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Upper suppression threshold: · upperlimit% · upperlimit pps · upperlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_EXCEED: GigabitEthernet1/0/1 is in controlled status, BC flux exceeds its upper threshold 90%.
Explanation	The port is in controlled state. Any type of traffic on the port drops below the lower threshold from above the upper threshold.
Recommended action	No action is required.

STORM_CONSTRAIN_NORMAL

Message text	[STRING] returned to normal status, port status is [STRING], packet type is [STRING], lower threshold is [STRING].
Variable fields	$1: Interface name. $2: Packet type, which can be BC, MC, or UC. $3: Lower suppression threshold: · lowerlimit% · lowerlimit pps · lowerlimit kbps
Severity level	1
Example	IFNET/1/STORM_CONSTRAIN_NORMAL: GigabitEthernet1/0/1 returned to normal status, port status is normal, packet type is BC, lower threshold is 10%.
Explanation	The port is in normal state. Any type of traffic on the port drops below the lower threshold from above the upper threshold.
Recommended action	No action is required.

TUNNEL_LINK_UPDOWN

Message text	Line protocol state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Protocol state, which can be up or down.
Severity level	5
Example	IFNET/5/TUNNEL_LINK_UPDOWN: Line protocol state on the interface Tunnel1 changed to down.
Explanation	The state of a link layer protocol has been changed on a tunnel interface.
Recommended action	When the link layer protocol state of a tunnel interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the tunnel interface.

TUNNEL_PHY_UPDOWN

Message text	Physical state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Protocol state, which can be up or down.
Severity level	3
Example	IFNET/3/TUNNEL_PHY_UPDOWN: Physical state on the Tunnel1 changed to down.
Explanation	The state of a link layer protocol has been changed on a tunnel interface.
Recommended action	When the physical state of a link layer protocol is down, check whether a physical link is present or whether the link fails.

VLAN_MODE_CHANGE

Message text	Dynamic VLAN [INT32] has changed to a static VLAN.
Variable fields	$1: VLAN ID.
Severity level	5
Example	IFNET/5/VLAN_MODE_CHANGE: Dynamic VLAN 20 has changed to a static VLAN.
Explanation	Creating a VLAN interface for a VLAN cause the dynamic VLAN to become a static VLAN.
Recommended action	No action is required.

IKE messages

This section contains IKE messages.

IKE_P1_SA_ESTABLISH_FAIL

Message text	Failed to establish phase 1 SA for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING].
Variable fields	$1: Reason for the failure: ¡ No matching proposal. ¡ Invalid ID information. ¡ Unavailable certificate. ¡ Unsupported DOI. ¡ Unsupported situation. ¡ Invalid proposal syntax. ¡ Invalid SPI. ¡ Invalid protocol ID. ¡ Invalid certificate. ¡ Authentication failure. ¡ Invalid message header. ¡ Invalid transform ID. ¡ Malformed payload. ¡ Retransmission timeout. ¡ Incorrect configuration. $2: Source address. $3: Destination address.
Severity level	6
Example	IKE/6/IKE_P1_SA_ESTABLISH_FAIL: Failed to establish phase 1 SA for the reason of no matching proposal. The SA’s source address is 1.1.1.1 and its destination address is 2.2.2.2.
Explanation	An IKE SA cannot be established in phase 1. The failure reason is displayed.
Recommended action	Check the IKE configuration on the local and remote devices.

IKE_P2_SA_ESTABLISH_FAIL

Message text	Failed to establish phase 2 SA for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING].
Variable fields	$1: Reason for the failure: ¡ Invalid key information. ¡ Invalid ID information. ¡ Unavailable proposal. ¡ Unsupported DOI. ¡ Unsupported situation. ¡ Invalid proposal syntax. ¡ Invalid SPI. ¡ Invalid protocol ID. ¡ Invalid hash information. ¡ Invalid message header. ¡ Malformed payload. ¡ Retransmission timeout. ¡ Incorrect configuration. $2: Source address. $3: Destination address.
Severity level	6
Example	IKE/6/IKE_P2_SA_ESTABLISH_FAIL: Failed to establish phase 2 SA for the reason of invalid key information. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2.
Explanation	An IPsec SA cannot be established in phase 2. The failure reason is displayed.
Recommended action	Check the IKE and IPsec configurations on the local and remote devices.

IKE_P2_SA_TERMINATE

Message text	The IKE phase 2 SA was deleted for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING].
Variable fields	$1: Reason that the SA is deleted, which is SA expiration. $2: Source address. $3: Destination address.
Severity level	6
Example	IKE/6/IKE_P2_SA_TERMINATE: The IKE phase 2 SA was deleted for the reason of SA expiration. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2.
Explanation	An IPsec SA is deleted in phase 2 because it expires.
Recommended action	No action is required.

IKE_VERIFY_CERT_FAIL

Message text	Failed to verify the peer certificate. Reason: [STRING].
Variable fields	$1: Failure reason: ¡ Unable to get issuer certificate. ¡ Unable to get certificate CRL. ¡ Unable to decrypt CRL's signature. ¡ Unable to decode issuer public key. ¡ Certificate signature failure. ¡ CRL signature failure. ¡ Unable to decrypt certificate's signature. ¡ Certificate is not yet valid. ¡ Certificate has expired. ¡ CRL is not yet valid. ¡ CRL has expired. ¡ Format error in certificate's notBefore field. ¡ Format error in certificate's notAfter field. ¡ Format error in CRL's lastUpdate field. ¡ Format error in CRL's nextUpdate field. ¡ Out of memory. ¡ Self signed certificate. ¡ Self signed certificate in certificate chain. ¡ Unable to get local issuer certificate. ¡ Unable to verify the first certificate. ¡ Certificate chain too long. ¡ Certificate revoked. ¡ Invalid CA certificate. ¡ Invalid non-CA certificate (has CA markings). ¡ Path length constraint exceeded. ¡ Proxy path length constraint exceeded. ¡ Proxy certificates not allowed, please set the appropriate flag. ¡ Unsupported certificate purpose. ¡ Certificate not trusted. ¡ Certificate rejected. ¡ Application verification failure. ¡ Subject issuer mismatch. ¡ Authority and subject key identifier mismatch. ¡ Authority and issuer serial number mismatch. ¡ Key usage does not include certificate signing. ¡ Unable to get CRL issuer certificate. ¡ Unhandled critical extension. ¡ Key usage does not include CRL signing. ¡ Key usage does not include digital signature. ¡ Unhandled critical CRL extension. ¡ Invalid or inconsistent certificate extension. ¡ Invalid or inconsistent certificate policy extension. ¡ No explicit policy. ¡ Different CRL scope. ¡ Unsupported extension feature. ¡ RFC 3779 resource not subset of parent's resources. ¡ Permitted subtree violation. ¡ Excluded subtree violation. ¡ Name constraints minimum and maximum not supported. ¡ Unsupported name constraint type. ¡ CRL path validation error. ¡ Unsupported or invalid name syntax. ¡ Unsupported or invalid name constraint syntax. ¡ Suite B: certificate version invalid. ¡ Suite B: invalid public key algorithm. ¡ Suite B: invalid ECC curve. ¡ Suite B: invalid signature algorithm. ¡ Suite B: curve not allowed for this LOS. ¡ Suite B: cannot sign P-384 with P-256. ¡ Hostname mismatch. ¡ Email address mismatch. ¡ IP address mismatch. ¡ Invalid certificate verification context. ¡ Issuer certificate lookup error. ¡ Proxy subject name violation.
Severity level	6
Example	IKE/6/IKE_VERIFY_CERT_FAIL: Failed to verify the peer certificate. Reason: invalid or inconsistent certificate extension.
Explanation	Failed to verify a peer certificate. The reason for the failure is displayed.
Recommended action	No action is required.

IP6ADDR

This section contains IPv6 addressing messages.

IP6ADDR_CREATEADDRESS_ERROR

Message text	Failed to create an address by the prefix. Reason: [STRING] on [STRING] and [STRING] on [STRING] overlap.
Variable fields	$1: IPv6 prefix $2: Interface name. $3: IPv6 prefix $4: Interface name.
Severity level	4
Example	IP6ADDR/4/IP6ADDR_CREATEADDRESS_ERROR: Failed to create an address by the prefix. Reason: 2001::/ 64 on GigabitEthernet1/0/2 and 2001::/64 on GigabitEthernet1/0/1 overlap.
Explanation	The device failed to generate an IPv6 address for an interface by using the prefix because the prefixes overlapped on this interface and another interface.
Recommended action	Cancel the IPv6 address configuration on the conflicting interface and configure the interface to generate an IPv6 address by using a different prefix.

IP6ADDR_FUNCTION_FAIL

Message text	Failed to enable IPv6 on interface [STRING]. Reason: [STRING].
Variable fields	$1: Interface name. $2: Failure reasons: ¡ Insufficient resources. ¡ IPv6 is not supported. ¡ Unknown error.
Severity level	4
Example	IP6ADDR/6/IP6ADDR_FUNCTION_FAIL: Failed to enable IPv6 on interface GigabitEthernet1/0/1. Reason: Insufficient resources.
Explanation	This message is sent when the device failed to enable IPv6 on an interface during the stateful or stateless IPv6 address autoconfiguration or manual IPv6 address assignment.
Recommended action	· If the failure is caused by insufficient resources, release memory and then execute the operation again. · If the failure is caused by an unknown error, please contact H3C Support.

IPADDR messages

This section contains IP addressing messages.

IPADDR_HA_EVENT_ERROR

Message text	A process failed HA upgrade because [STRING].
Variable fields	$1: HA upgrade failure reason: · IPADDR failed the smooth upgrade. · IPADDR failed to reupgrade to the master process. · IPADDR stopped to restart the timer. · IPADDR failed to upgrade to the master process. · IPADDR failed to restart the upgrade. · IPADDR failed to add the unicast object to the master task epoll. · IPADDR failed to create an unicast object. · IPADDR role switchover failed when the standby process switched to the master process. · IPADDR switchover failed when the master process switched to the standby process. · IPADDR HA upgrade failed. · IPADDR failed to set the interface filtering criteria. · IPADDR failed to register interface events. · IPADDR failed to subscribe port events. · IPADDR failed to add a VPN port event to the master epoll. · IRDP failed to open DBM. · IRDP failed to initiate a connection to the device management module. · IRDP failed to add the master task epoll with the handle used to connect to the device management module. · IRDP failed to register device management events. · IRDP failed to subscribe port events. · IRDP failed to add the master task epoll with the handle used to subscribe port events. · IRDP failed to set the interface filtering criteria. · IRDP failed to register interface events. · IRDP failed to register network events. · IRDP failed to create the interface control block storage handle. · IRDP failed to create the timer. · IRDP failed to add the master task epoll with the handle used to create the timer. · IRDP failed to set the schedule time for the timer. · IRDP failed to set the timer to unblocked status. · IRDP failed to create a timer instance.
Severity level	4
Example	IPADDR/4/IPADDR_HA_EVENT_ERROR: A process failed HA upgrade because IPADDR failed the smooth upgrade.
Explanation	A process failed HA upgrade and the message showed the failure reason.
Recommended action	Please contact H3C Support.

IPADDR_HA_STOP_EVENT

Message text	The device received an HA stop event.
Variable fields	None.
Severity level	4
Example	IPADDR/4/IPADDR_HA_STOP_EVENT: The device received an HA stop event.
Explanation	This message is sent when the device receives an HA stop event.
Recommended action	Please contact H3C Support.

IPFW

This section contains IP forwarding messages.

IPFW_FAILURE

Message text	The card doesn't support the split horizon forwarding configuration.
Variable fields	N/A
Severity level	5
Example	IPFW/5/IPFW_FAILURE: -MDC=1; The card doesn't support the split horizon forwarding configuration.
Explanation	The card doesn't support the split horizon forwarding configuration.
Recommended action	1. Make sure the card on which you configure split horizon forwarding supports this feature. 2. Please contact H3C Support.

Message text	Failed to configure split horizon forwarding on the card.
Variable fields	N/A
Severity level	5
Example	IPFW/5/IPFW_FAILURE: -MDC=1; Failed to configure split horizon forwarding on the card.
Explanation	Failed to configure split horizon forwarding on the card.
Recommended action	Please contact H3C Support.

IPSEC messages

This section contains IPsec messages.

IPSEC_FAILED_ADD_FLOW_TABLE

Message text	Failed to add flow-table due to [STRING].
Variable fields	$1: Reason for the failure.
Severity level	4
Example	IPSEC/4/IPSEC_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource.
Explanation	Failed to add the flow table. Possible reasons include not enough hardware resources.
Recommended action	If the failure is caused by not enough hardware resources, contact H3C Support.

IPSEC_PACKET_DISCARDED

Message text	IPsec packet discarded, Src IP:[STRING], Dst IP:[STRING], SPI:[UINT32], SN:[UINT32], Cause:[STRING].
Variable fields	$1: Source IP address. $2: Destination IP address. $3: Security parameter index (SPI). $4: Sequence number of the packet. $5: Reason for dropping this packet: · Anti-replay checking failed. · AH authentication failed. · ESP authentication failed. · Invalid SA. · ESP decryption failed. · Source address of packet does not match the SA. · No ACL rule matched.
Severity level	6
Example	IPSEC/6/IPSEC_PACKET_DISCARDED: IPsec packet discarded, Src IP:1.1.1.2, Dest IP:1.1.1.4, SPI:1002, SN:0, Cause:ah authentication failed
Explanation	An IPsec packet is dropped. Possible reasons include anti-replay checking failed, AH/ESP authentication failed, invalid SA, ESP decryption failed, source address of packet does not match the SA, and no ACL rule matched.
Recommended action	No action is required.

IPSEC_SA_ESTABLISH

Message text	Established IPsec SA. The SA's source address is [STRING], destination address is [STRING], protocol is [STRING], and SPI is [UINT32].
Variable fields	$1: Source address. $2: Destination address. $3: Security protocol. $4: SPI.
Severity level	6
Example	IPSEC/6/IPSEC_SA_ESTABLISH: Established IPsec SA. The SA's source address is 1.1.1.1, destination address is 2.2.2.2, protocol is AH, and SPI is 2435.
Explanation	An IPsec SA is established.
Recommended action	No action is required.

IPSEC_SA_ESTABLISH_FAIL

Message text	Failed to establish IPsec SA for the reason of [STRING]. The SA's source address is [STRING], and its destination address is [STRING].
Variable fields	$1: Reason for the IPsec SA establishment failure: · Tunnel establishment failure. · Incomplete configuration. · Unavailable transform set. $2: Source address. $3: Destination address.
Severity level	6
Example	IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA for the reason of creating tunnel failure. The SA’s source address is 1.1.1.1, and its destination address is 2.2.2.2.
Explanation	Failed to establish the IPsec SA. Possible reasons include creating tunnel failure, incomplete configuration, and unavailable transform set.
Recommended action	Verify the IPsec configurations on the local and remote devices.

IPSEC_SA_INITINATION

Message text	Began to establish IPsec SA. The SA's source address is [STRING], and its destination address is [STRING].
Variable fields	$1: Source address. $2: Destination address.
Severity level	6
Example	IPSEC/6/IPSEC_SA_INITINATION: Began to establish IPsec SA. The SA's source address is 1.1.1.1, and its destination address is 2.2.2.2.
Explanation	An IPsec SA is to be established.
Recommended action	No action is required.

IPSEC_SA_TERMINATE

Message text	The IPsec SA was deleted for the reason of [STRING]. The SA's source address is [STRING], destination address is [STRING], protocol is [STRING], and SPI is [UINT32].
Variable fields	$1: Reason for the IPsec SA removal: · SA idle timeout. · reset command executed. $2: Source address. $3: Destination address. $4: Security protocol. $5: SPI.
Severity level	6
Example	IPSEC/6/IPSEC_SA_TERMINATE: The IPsec SA was deleted for the reason of SA idle timeout. The SA’s source address is 1.1.1.1, destination address is 2.2.2.2, protocol is ESP, and SPI is 34563.
Explanation	An IPsec SA is deleted. Possible reasons include SA idle timeout and using the reset command.
Recommended action	No action is required.

IPSG messages

This section contains IPSG messages.

IPSG_ADDENTRY_ERROR

Message text	Failed to add an IP source guard binding (IP [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING].
Variable fields	$1: IPv4 address or IPv6 address. If you do not specify an IP address, this field displays N/A. $2: MAC address. If you do not specify a MAC address, this field displays N/A. $3: VLAN ID. If you do not specify a VLAN, this field displays 65535. $4: Interface name. If you do not specify an interface, this field displays N/A. $5: Failure reasons. Available options include: ¡ Feature not supported. ¡ Resources not sufficient. ¡ Maximum number of IPv4 binding entries already reached. ¡ Maximum number of IPv6 binding entries already reached. ¡ Unknown error.
Severity level	6
Example	IPSG/6/IPSG_ADDENTRY_ERROR: Failed to add an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Resources not sufficient.
Explanation	IPSG failed to issue a static or dynamic IPSG binding. The message is sent in any of the following situations: · The IPSG feature is not supported. · The hardware resources are not sufficient for the operation. · The maximum number of IPv4SG or IPv6SG bindings is already reached. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. · Add the IPSG binding again if you are adding a static binding. · Contact H3C Support if the failure is caused by an unknown error.

IPSG_DELENTRY_ERROR

Message text	Failed to delete an IP source guard binding (IP [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING].
Variable fields	$1: IP address. If you do not specify an IP address, this field displays N/A. $2: MAC address. If you do not specify a MAC address, this field displays N/A. $3: VLAN ID. If you do not specify a VLAN, this field displays 65535. $4: Interface name. If you do not specify an interface, this field displays N/A. $5: Failure reason. Available options include: · Feature not supported. · Unknown error.
Severity level	6
Example	IPSG/6/IPSG_DELENTRY_ERROR: Failed to delete an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Unknown error.
Explanation	IPSG failed to delete a global static IPSG binding. The message is sent in any of the following situations: · The IPSG feature is not supported. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Delete the global static IPSG binding again. · Contact H3C Support if the failure is caused by an unknown error.

IPSG_ADDEXCLUDEDVLAN_ERROR

Message text	Failed to add excluded VLANs (start VLAN [UINT16] to end VLAN [UINT16]). [STRING].
Variable fields	$1: Start VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $2: End VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $3: Failure reasons. Available options include: · Feature not supported. · Resources not sufficient. · Unknown error.
Severity level	6
Example	IPSG/6/IPSG_ADDEXCLUDEDVLAN_ERROR: -MDC=1-Slot=4; Failed to add excluded VLANs (start VLAN 1 to end VLAN 5). Resources not sufficient.
Explanation	IPSG failed to issue the specified excluded VLANs. The message is sent in any of the following situations: · Excluded VLANs are not supported. · The hardware resources are not sufficient for the operation. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. Then configure the excluded VLANs again. · Contact H3C Support if the failure is caused by an unknown error.

IPSG_DELEXCLUDEDVLAN_ERROR

Message text	Failed to delete excluded VLANs (start VLAN [UINT16] to end VLAN [UINT16]). [STRING].
Variable fields	$1: Start VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $2: End VLAN ID of the VLAN range that has been configured to be excluded from IPSG filtering. $3: Failure reasons. Available options include: · Feature not supported. · Resources not sufficient. · Unknown error.
Severity level	6
Example	IPSG/6/IPSG_DELEXCLUDEDVLAN_ERROR: -MDC=1-Slot=4; Failed to delete excluded VLANs (start VLAN 1 to end VLAN 5). Resources not sufficient.
Explanation	IPSG failed to delete the specified excluded VLANs. The message is sent in any of the following situations: · Excluded VLANs are not supported. · The hardware resources are not sufficient for the operation. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. Then delete the excluded VLANs again. · Contact H3C Support if the failure is caused by an unknown error.

IRDP messages

This section contains IRDP messages.

IRDP_EXCEED_ADVADDR_LIMIT

Message text	The number of advertisement addresses on interface [STRING] exceeded the limit 255.
Variable fields	$1: Interface name.
Severity level	6
Example	IRDP/6/IRDP_EXCEED_ADVADDR_LIMIT: The number of advertisement addresses on interface Ethernet1/1/0/2 exceeded the limit 255.
Explanation	The number of addresses to be advertised on an interface exceeds the upper limit.
Recommended action	Remove unused addresses on the interface.

ISIS messages

This section contains IS-IS messages.

ISIS_LSP_CONFLICT

Message text	IS-IS [UINT16], [STRING] LSP, LSPID=[STRING], SeqNum=[HEX], system ID conflict might exist.
Variable fields	$1: IS-IS process ID. $2: IS type. The IS type can be Level-1 or Level-2. $3: LSP ID. $4: LSP sequence number.
Severity level	5
Example	ISIS/5/ISIS_LSP_CONFLICT: -MDC=1; IS-IS 1, Level-1 LSP, LSPID=1111.1111.1111.00-00, SeqNum=0x000045bf, system ID conflict might exist.
Explanation	System ID conflict might exist.
Recommended action	Check whether the system ID of the device that generates the LSP conflicts with the system ID of another device.

ISIS_MEM_ALERT

Message text	ISIS Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	ISIS/5/ISIS_MEM_ALERT: ISIS Process received system memory alert start event.
Explanation	IS-IS received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

ISIS_NBR_CHG

Message text	IS-IS [UINT16], [STRING] adjacency [STRING] ([STRING]), state changed to [STRING], Reason: [STRING].
Variable fields	$1: IS-IS process ID. $2: Neighbor level. $3: Neighbor ID. $4: Interface name. $5: Current neighbor state. This field might display DOWN, UP, or INIT. $6: Reason of neighbor state change. Possible reasons are as follows: · circuit data clean—The neighbor state changed to DOWN because routing information was cleared. · holdtime expired—The neighbor state changed to DOWN because no hello packets were received within the hold time. · BFD session down—The neighbor state changed to DOWN because BFD detected a link failure. · peer reset—The neighbor state changed to DOWN because the reset isis peer command was executed. · circuit ID conflicts—The neighbor state changed to DOWN because a hello packet with incorrect circuit ID was received from the neighbor. · P2P peer GR down—The neighbor state changed to DOWN because a P2P hello packet with no GR option was received during GR. · 2way-pass—The neighbor state changed to UP because the neighbor relationship was established. · 2way-fail—The neighbor state changed to INIT because a one-way hello packet was received from the neighbor.
Severity level	5
Example	ISIS/5/ISIS_NBR_CHG: IS-IS 1, Level-1 adjacency 0000.0000.0001 (GigabitEthernet1/0/1), state changed to DOWN, Reason: circuit data clean.
Explanation	The IS-IS neighbor state changed.
Recommended action	When the neighbor state changes to DOWN or INIT, check the reason and take recommended actions. · circuit data clean—Check the interface state, IS-IS configuration, and network connectivity. · holdtime expired—Verify whether a hello packet has been received from the neighbor within the hold time. · BFD session down—Check the connectivity to the neighbor. · peer reset—Check whether the reset isis peer command has been executed. · circuit ID conflicts—Check whether the IS-IS interface settings have been edited multiples times on the neighbor. · P2P peer GR down—Check whether the neighbor supports GR. · 2way-fail—Check the following: ¡ Check whether the reset isis peer command has been executed. ¡ Verify whether a hello packet has been received from the neighbor within the hold time. ¡ Check whether the authentication settings are the same on the device and the neighbor.

ISSU messages

This section contains ISSU messages.

ISSU_LOAD_FAILED

Message text	Failed to execute the issu load command.
Variable fields	N/A
Severity level	5
Example	ISSU/5/ISSU_LOAD_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the issu load command.
Explanation	A user executed the issu load command, but the operation failed.
Recommended action	Take actions as prompted.

ISSU_LOAD_SUCCESS

Message text	Executed the issu load command successfully.
Variable fields	N/A
Severity level	5
Example	ISSU/5/ISSU_LOAD_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the issu load command successfully.
Explanation	A user executed the issu load command successfully.
Recommended action	No action is required.

ISSU_PROCESSWITCHOVER

Message text	Switchover completed. The standby process became the active process.
Variable fields	N/A
Severity level	5
Example	ISSU/5/ISSU_PROCESSWITCHOVER: Switchover completed. The standby process became the active process.
Explanation	A user executed the issu run switchover command.
Recommended action	No action is required.

ISSU_ROLLBACKCHECKNORMAL

Message text	The rollback might not be able to restore the previous version for [STRING] because the status is not normal.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	4
Example	ISSU/4/ISSU_ROLLBACKCHECKNORMAL: The rollback might not be able to restore the previous version for chassis 1 slot 2 because the state is not normal.
Explanation	While an ISSU was in Switching state, a user executed the issu rollback command or the ISSU automatic-rollback timer expired. However, the status of the MPU was not Normal.
Recommended action	No action is required.

L2PT messages

This section contains L2PT messages.

L2PT_SET_MULTIMAC_FAILED

Message text	Failed to set a tunnel destination MAC address to [MAC].
Variable fields	$1: MAC address.
Severity level	4
Example	L2PT/4/L2PT_SET_MULTIMAC_FAILED: Failed to set a tunnel destination MAC address to 010f-e200-0003.
Explanation	Failed to specify the destination multicast MAC address for tunneled packets.
Recommended action	No action is required.

L2PT_CREATE_TUNNELGROUP_FAILED

Message text	Failed to create a VLAN tunnel group for [STRING].
Variable fields	$1: Protocol name.
Severity level	4
Example	L2PT/4/L2PT_CREATE_TUNNELGROUP_FAILED: Failed to create a VLAN tunnel group for STP.
Explanation	Failed to create a VLAN tunnel group for a protocol.
Recommended action	No action is required.

L2PT_ADD_GROUPMEMBER_FAILED

Message text	Failed to add [STRING] as a member to the VLAN tunnel group for [STRING].
Variable fields	$1: Interface name. $2: Protocol name.
Severity level	4
Example	L2PT/4/L2PT_ADD_GROUPMEMBER_FAILED: Failed to add GigabitEthernet2/0/1 as a member to the VLAN tunnel group for STP.
Explanation	Failed to add an interface to a VLAN tunnel group for a protocol.
Recommended action	No action is required.

L2PT_ENABLE_DROP_FAILED

Message text	Failed to enable [STRING] packet drop on [STRING].
Variable fields	$1: Protocol name. $2: Interface name.
Severity level	4
Example	L2PT/4/L2PT_ENABLE_DROP_FAILED: Failed to enable STP packet drop on GigabitEthernet2/0/1.
Explanation	Failed to enable L2PT drop for a protocol on an interface.
Recommended action	No action is required.

L2TPv2 messages

This section contains L2TPv2 messages.

L2TPV2_TUNNEL_EXCEED_LIMIT

Message text	Number of L2TP tunnels exceeded the limit.
Variable fields	N/A
Severity level	4
Example	L2TPV2/4/L2TPV2_TUNNEL_EXCEED_LIMIT: Number of L2TP tunnels exceeded the limit.
Explanation	The number of established L2TP tunnels has reached the limit.
Recommended action	1. Perform one of the following tasks: ¡ Execute the reset l2tp tunnel command to disconnect an idle tunnel. ¡ Wait for the device to automatically disconnect an idle tunnel after the hello interval elapses. 2. If the problem persists, contact H3C Support.

L2TPV2_SESSION_EXCEED_LIMIT

Message text	Number of L2TP sessions exceeded the limit.
Variable fields	N/A
Severity level	4
Example	L2TPV2/4/L2TPV2_SESSION_EXCEED_LIMIT: Number of L2TP sessions exceeded the limit.
Explanation	The number of established L2TP sessions has reached the limit.
Recommended action	No action is required.

L2VPN messages

This section contains L2VPN messages.

L2VPN_BGPVC_CONFLICT_LOCAL

Message text	Remote site ID [INT32] (From [STRING], route distinguisher [STRING]) conflicts with local site.
Variable fields	$1: ID of a remote site. $2: IP address of the remote site. $3: Route distinguisher of the remote site.
Severity level	5
Example	L2VPN/5/L2VPN_BGPVC_CONFLICT_LOCAL: Remote site ID 1 (From 1.1.1.1, route distinguisher 1:1) conflicts with local site.
Explanation	A remote site ID conflicted with the local site ID. This message is generated when one of the following situations occurs: · The received remote site ID is the same as the local site ID. · The local site ID is configured the same as a received remote site ID.
Recommended action	Modify the site ID configuration on the local device or remote device. Or, configure the remote site ID in a different VPLS instance than the local site ID.

L2VPN_BGPVC_CONFLICT_REMOTE

Message text	Remote site ID [INT32] (From [STRING], route distinguisher [STRING]) conflicts with another remote site.
Variable fields	$1: ID of a remote site. $2: IP address of the remote site. $3: Route distinguisher of the remote site.
Severity level	5
Example	L2VPN/5/L2VPN_BGPVC_CONFLICT_REMOTE: Remote site ID 1 (From 1.1.1.1, route distinguisher 1:1) conflicts with another remote site.
Explanation	Two remote site IDs conflicted. This message is generated when the received remote site ID is the same as another received remote site ID.
Recommended action	Modify the site ID configuration on one remote device. Or, configure the two remote site IDs in different VPLS instances.

L2VPN_HARD_RESOURCE_NOENOUGH

Message text	No enough hardware resource for L2VPN.
Variable fields	N/A
Severity level	4
Example	L2VPN/4/L2VPN_HARD_RESOURCE_NOENOUGH: No enough hardware resource for L2VPN.
Explanation	Hardware resources for L2VPN were insufficient.
Recommended action	Check whether unnecessary VSIs, PWs, or ACs had been generated. If yes, delete them.

L2VPN_HARD_RESOURCE_RESTORE

Message text	Hardware resources for L2VPN are restored.
Variable fields	N/A
Severity level	6
Example	L2VPN/6/L2VPN_HARD_RESOURCE_RESTORE: Hardware resources for L2VPN are restored.
Explanation	Hardware resources for L2VPN were restored.
Recommended action	No action is required.

L2VPN_LABEL_DUPLICATE

Message text	Incoming label [INT32] for a static PW in [STRING] [STRING] is duplicate.
Variable fields	$1: Incoming label value. $2: Type of L2VPN, Xconnect-group or VSI. $3: Name of the Xconnect-group or VSI.
Severity level	4
Example	L2VPN/4/L2VPN_LABEL_DUPLICATE: Incoming label 1024 for a static PW in Xconnect-group aaa is duplicate.
Explanation	The incoming label of a static PW in this Xconnect-group or VSI was occupied by another configuration, for example, by a static LSP or by a static CRLSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static PW with an incoming label which is occupied by another configuration. · Enable MPLS when a static PW whose incoming label is occupied by another configuration already exists.
Recommended action	Remove this static PW, and reconfigure it with another incoming label.

L2VPN_MLAG_AC_CONFLICT

Message text	The dynamic AC created for Ethernet service instance [INT32] on interface [STRING] causes a conflict.
Variable fields	$1: Ethernet service instance ID. $2: Interface on which the Ethernet service instance is created.
Severity level	4
Example	L2VPN/4/L2VPN_MLAG_AC_CONFLICT: The dynamic AC created for Ethernet service instance 10 on interface Bridge-Aggregation 5 causes a conflict.
Explanation	On an EVPN M-LAG network, the dynamic ACs created for different static ACs conflict when the peer link is changed from a tunnel to an aggregate link.
Recommended action	Delete and then reconfigure the corresponding static ACs. Make sure the match criterion specified for different ACs do not overlap.

PROCESS

Message text	The EVPN global MAC address is a reserved MAC.
Variable fields	N/A
Severity level	7
Example	L2VPN/7/PROCESS: The EVPN global MAC address is a reserved MAC.
Explanation	The configured EVPN global MAC address is a reserved MAC address.
Recommended action	Change the EVPN global MAC address.

LAGG messages

This section contains link aggregation messages.

LAGG_ACTIVE

Message text	Member port [STRING] of aggregation group [STRING] changed to the active state.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_ACTIVE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the active state.
Explanation	A member port in an aggregation group changed to the Selected state.
Recommended action	No action is required.

LAGG_AUTO_AGGREGATION

Message text	Failed to assign automatic assignment-enabled interface [STRING] to an aggregation group. Please check the configuration on the interface.
Variable fields	$1: Port name.
Severity level	6
Example	LAGG/6/LAGG_AUTO_AGGREGATON: Failed to assign automatic assignment-enabled interface FGE1/0/1 to an aggregation group. Please check the configuration on the interface.
Explanation	A port failed to join an automatically created aggregation group for one of the following reasons: · The attribute configuration of the port is inconsistent with that of the aggregate interface. · Some settings on the port prevent it from joining the aggregation group.
Recommended action	To resolve this issue: · Modify the attribute configuration of the port to be consistent with the aggregate interface. · Remove the settings that affect automatic member port assignment from the port.

LAGG_INACTIVE_AICFG

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the member port and the aggregate interface have different attribute configurations.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_AICFG: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the member port and the aggregate interface have different attribute configurations.
Explanation	A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different attribute configurations.
Recommended action	Modify the attribute configurations of the member port to be consistent with the aggregate interface.

LAGG_INACTIVE_BFD

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the BFD session state of the port was down.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_BFD: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the BFD session state of the port is down.
Explanation	A member port in an aggregation group changed to the Unselected state because the BFD session on the port went down.
Recommended action	To resolve this issue: · Check for a link failure. · Modify the port settings to make sure it has the same operational key and attribute configuration as the reference port.

LAGG_INACTIVE_CONFIGURATION

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the aggregation configuration of the port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_CONFIGURATION: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of the port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different aggregation configuration.
Recommended action	No action is required.

LAGG_INACTIVE_DUPLEX

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the duplex mode is different between the member port and the reference port.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_DUPLEX: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the duplex mode is different between the member port and the reference port.
Explanation	A member port in an aggregation group changed to the Unselected state because the duplex mode was different between the member port and the reference port.
Recommended action	Change the duplex mode of the member port to be the same as the reference port.

LAGG_INACTIVE_HARDWAREVALUE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because of the port's hardware restriction.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_HARDWAREVALUE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because of the port's hardware restriction.
Explanation	A member port in an aggregation group changed to the Unselected state because of the port's hardware restriction.
Recommended action	No action is required.

LAGG_INACTIVE_LOWER_LIMIT

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of active ports is below the lower limit.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_LOWER_LIMIT: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the number of active ports is below the lower limit.
Explanation	A member port in an aggregation group was placed in Unselected state because the required minimum number of Selected ports was not reached.
Recommended action	Make sure the minimum number of Selected ports is met.

LAGG_INACTIVE_PARTNER

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the aggregation configuration of its peer port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_PARTNER: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of its peer port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the port's partner changed to the Unselected state.
Recommended action	No action is required.

LAGG_INACTIVE_PHYSTATE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the physical state of the port is down.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_PHYSTATE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the physical state of the port is down.
Explanation	A member port in an aggregation group changed to the Unselected state because the port went down.
Recommended action	Bring up the member port.

LAGG_INACTIVE_RESOURCE_INSUFICIE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because all aggregate resources are occupied.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_RESOURCE_INSUFICIE: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because all aggregate resources are occupied.
Explanation	A member port in an aggregation group changed to the Unselected state because all aggregation resources were used.
Recommended action	No action is required.

LAGG_INACTIVE_SPEED

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the speed configuration of the port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_SPEED: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the speed configuration of the port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the speed was different between the member port and the reference port.
Recommended action	Change the speed of the member port to be the same as the reference port.

LAGG_INACTIVE_UPPER_LIMIT

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of active ports has reached the upper limit.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_UPPER_LIMIT: Member port FGE1/0/50 of aggregation group BAGG1 changed to the inactive state, because the number of active ports has reached the upper limit.
Explanation	The number of Selected ports reached the upper limit in a dynamic aggregation group. A member port in the aggregation group changed to the Unselected state because a more eligible port joined the aggregation group.
Recommended action	No action is required.

LAGG_SELECTPORT_INCONSISTENT

Message text	The maximum number of Selected ports for [STRING] on PEXs is inconsistent with that on the parent fabric. Please reconfigure this setting.
Variable fields	$1: Link aggregation group type and ID.
Severity level	4
Example	LAGG/4/LAGG_SELECTPORT_INCONSISTENT: The maximum number of Selected ports for Route-Aggregation1 on PEXs is inconsistent with that on the parent fabric. Please reconfigure this setting.
Explanation	The number of Selected ports in an aggregation group on PEXs exceeded the configured maximum number of Selected ports in the aggregation group on the parent fabric. This message is generated when ports join or leave an aggregation group.
Recommended action	To resolve this issue, use either of the following methods: · Increase the maximum number of Selected ports in the aggregation group on the parent fabric. · Remove some ports from the aggregation group.

LDP messages

This section contains LDP messages.

LDP_MPLSLSRID_CHG

Message text	Please reset LDP sessions if you want to make the new MPLS LSR ID take effect.
Variable fields	N/A
Severity level	5
Example	LDP/5/LDP_MPLSLSRID_CHG: -MDC=1; Please reset LDP sessions if you want to make the new MPLS LSR ID take effect.
Explanation	If you configure an LDP LSR ID by using the lsr-id command in LDP view or LDP-VPN instance view, LDP uses the LDP LSR ID. Otherwise, LDP uses the MPLS LSR ID configured by the mpls lsr-id command. This message is sent when the following situations occur: · No LDP LSR ID is configured by using the lsr-id command. · The MPLS LSR ID is modified.
Recommended action	1. Execute the display mpls ldp parameter command to display the LSR ID. 2. Verify that the LSR ID is the same as the configured MPLS LSR ID. If they are not the same, reset LDP sessions by executing the reset mpls ldp command.

LDP_SESSION_CHG

Message text	Session ([STRING], [STRING]) is [STRING].
Variable fields	$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session, up or down. When the state is down, this field also displays the reason for the down state error. Possible reasons include: · interface not operational. · MPLS disabled on interface. · LDP disabled on interface. · LDP auto-configure disabled on interface. · VPN instance changed on interface. · LDP instance deleted. · targeted peer deleted. · L2VPN disabled targeted peer. · TE tunnel disabled targeted peer. · session protection disabled targeted peer. · process deactivated. · failed to receive the initialization message. · graceful restart reconnect timer expired. · failed to recover adjacency by NSR. · failed to upgrade session by NSR. · closed the GR session. · keepalive hold timer expired. · adjacency hold timer expired. · session reset manually. · TCP connection down. · received a fatal notification message. · internal error. · memory in critical state. · transport address changed on interface.
Severity level	5
Example	LDP/5/LDP_SESSION_CHG: Session (22.22.22.2:0, public instance) is up. LDP/5/LDP_SESSION_CHG: Session (22.22.22.2:0, VPN instance: vpn1) is down (hello hold timer expired).
Explanation	The session state changed.
Recommended action	When the session state is up, no action is required. When the session state is down, check the interface state, link state, and other configurations depending on the reason displayed.

LDP_SESSION_GR

Message text	Session ([STRING], [STRING]): ([STRING]).
Variable fields	$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session graceful restart: ¡ Start reconnection. ¡ Reconnection failed. ¡ Start recovery. ¡ Recovery completed.
Severity level	5
Example	LDP/5/LDP_SESSION_GR: Session (22.22.22.2:0, VPN instance: vpn1): Start reconnection.
Explanation	State of the session graceful restart. When a GR-capable LDP session is down, the LDP GR started. This message is generated during the GR of the LDP session, indicating the current GR state.
Recommended action	Check for the reason of session graceful restart, which can be obtained from the LDP_SESSION_CHG log message. When the graceful restart state Reconnection failed is displayed, verify the interface state, link state, and other configurations according to the reason for the session graceful restart. No action is required for other graceful restart states.

LDP_SESSION_SP

Message text	Session ([STRING], [STRING]): ([STRING]).
Variable fields	$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session protection: ¡ Hold up the session. ¡ Session recovered successfully. ¡ Session recovery failed.
Severity level	5
Example	LDP/5/LDP_SESSION_SP: Session (22.22.22.2:0, VPN instance: vpn1): Hold up the session.
Explanation	When the last link adjacency of the session was lost, session protection started. This message is generated during the session protection process, indicating the current session protection state.
Recommended action	Verify the interface state and link state.

LIPC messages

This section contains LIPC messages.

PORT_CHANGE

Message text	STCP: Node where the listening port number [INTGER] (MDC: [INTGER] VRF: [INTGER]) resides changed from LIP [INTGER] to LIP [INTGER].
Variable fields	$1: LIPC global port number. $2: Name of the MDC where the LIPC global port resides. $3: Name of the VRF to which the LIPC global port belongs. $4: Name of the old LIPC node where the LIPC global port resides. $5: Name of the new LIPC node where the LIPC global port resides.
Severity level	5
Example	LIPC/5/PORT_CHANGE: STCP: Node where the listening port number 620 (MDC: 1 VRF: 1) resides changed from LIP 1 to LIP 3.
Explanation	STCP assigns an LIPC global port number as a listening port number to each service module as requested. Typically, a service module listens to the port number only on the LIPC node where the port has been requested. This message is generated if the service module listens to the port number on a different LIPC node. STCP will move the port number from the old LIPC node to the new node.
Recommended action	No action is required.

LLDP messages

This section contains LLDP messages.

LLDP_CREATE_NEIGHBOR

Message text	[STRING] agent new neighbor created on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	6
Example	LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent new neighbor created on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	The port received an LLDP message from a new neighbor.
Recommended action	No action is required.

LLDP_DELETE_NEIGHBOR

Message text	[STRING] agent neighbor deleted on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	6
Example	LLDP/6/LLDP_DELETE_NEIGHBOR: Nearest bridge agent neighbor deleted on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	The port received a deletion message when a neighbor was deleted.
Recommended action	No action is required.

LLDP_LESS_THAN_NEIGHBOR_LIMIT

Message text	The number of [STRING] agent neighbors maintained by port [STRING] (IfIndex [UINT32]) is less than [UINT32], and new neighbors can be added.
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain.
Severity level	6
Example	LLDP/6/LLDP_LESS_THAN_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by port Ten-GigabitEthernet10/0/15 (IfIndex 599) is less than 5, and new neighbors can be added.
Explanation	New neighbors can be added for the port because the limit has not been reached.
Recommended action	No action is required.

LLDP_NEIGHBOR_AGE_OUT

Message text	[STRING] agent neighbor aged out on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	5
Example	LLDP/5/LLDP_NEIGHBOR_AGE_OUT: Nearest bridge agent neighbor aged out on port Ten-GigabitEthernet10/0/15 (IfIndex599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	This message is generated when the port failed to receive LLDPDUs from the neighbor within a certain period of time.
Recommended action	Verify the link status or the receive/transmit status of LLDP on the peer.

LLDP_NEIGHBOR_PROTECTION_BLOCK

Message text	The status of port [STRING] changed to blocked ([STRING]) for the [STRING] agent.
Variable fields	$1: Interface name. $2: Neighbor protection feature that caused the state change: aging or validation. $3: LLDP agent type.
Severity level	4
Example	LLDP/4/LLDP_NEIGHBOR_PROTECTION_BLOCK: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to blocked (aging) for the nearest bridge agent.
Explanation	The port was blocked because of neighbor aging or neighbor validation failure.
Recommended action	· If the port is blocked because of neighbor aging, verify the link status or the receive/transmit status of LLDP on both ends. · If the port is blocked because of neighbor validation failure, verify that the following attribute values in the received LLDP packet match those configured on the port: ¡ Chassis ID subtype. ¡ Chassis ID. ¡ Port ID subtype. ¡ Port ID.

LLDP_NEIGHBOR_PROTECTION_DOWN

Message text	The status of port [STRING] changed to down (aging) for the [STRING] agent.
Variable fields	$1: Interface name. $2: LLDP agent type.
Severity level	4
Example	LLDP/4/LLDP_NEIGHBOR_PROTECTION_DOWN: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to down (aging) for the nearest bridge agent.
Explanation	The port was shut down because of neighbor aging.
Recommended action	Verify the link status or the receive/transmit status of LLDP on both ends.

LLDP_NEIGHBOR_PROTECTION_UNBLOCK

Message text	The status of port [STRING] changed to unblocked for the [STRING] agent.
Variable fields	$1: Interface name. $2: LLDP agent type.
Severity level	4
Example	LLDP/4/LLDP_NEIGHBOR_PROTECTION_UNBLOCK: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to unblocked for the nearest bridge agent.
Explanation	The port state changed from blocked to unblocked.
Recommended action	No action is required.

LLDP_NEIGHBOR_PROTECTION_UP

Message text	The status of port [STRING] changed to up for the [STRING] agent.
Variable fields	$1: Interface name. $2: LLDP agent type.
Severity level	4
Example	LLDP/4/LLDP_NEIGHBOR_PROTECTION_UP: -MDC=1; -ifDescr=GigabitEthernet1/0/1; The status of port GigabitEthernet1/0/1 changed to up for the nearest bridge agent.
Explanation	The port state changed from DOWN to UP.
Recommended action	No action is required.

LLDP_PVID_INCONSISTENT

Message text	PVID mismatch discovered on [STRING] (PVID [UINT32]), with [STRING] [STRING] (PVID [STRING]).
Variable fields	$1: Port name. $2: VLAN ID. $3: System name. $4: Port name. $5: VLAN ID.
Severity level	5
Example	LLDP/5/LLDP_PVID_INCONSISTENT: MDC=1; PVID mismatch discovered on Ten-GigabitEthernet0/2/6 (PVID 1), with Ten-GigabitEthernet0/2/7 (PVID 500).
Explanation	This message is generated when the PVID on the peer is different from the PVID of the local interface.
Recommended action	Configure the same PVID for the local and peer interfaces.

LLDP_REACH_NEIGHBOR_LIMIT

Message text	The number of [STRING] agent neighbors maintained by the port [STRING] (IfIndex [UINT32]) has reached [UINT32], and no more neighbors can be added.
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain.
Severity level	5
Example	LLDP/5/LLDP_REACH_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by the port Ten-GigabitEthernet10/0/15 (IfIndex 599) has reached 5, and no more neighbors can be added.
Explanation	This message is generated when the port with its maximum number of neighbors reached received an LLDP packet.
Recommended action	No action is required.

LOAD messages

This section contains load management messages.

BOARD_LOADING

Message text	Board in chassis [INT32] slot [INT32] is loading software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	4
Example	LOAD/4/BOARD_LOADING: Board in chassis 1 slot 5 is loading software images.
Explanation	The card is loading software images during the boot process.
Recommended action	No action is required.

LOAD_FAILED

Message text	Board in chassis [INT32] slot [INT32] failed to load software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	3
Example	LOAD/3/LOAD_FAILED: Board in chassis 1 slot 5 failed to load software images.
Explanation	The card failed to load software images during the boot process.
Recommended action	1. Execute the display boot-loader command to identify the startup software images. 2. Execute the dir command to verify that the startup software images exist. If the startup software images do not exist or are damaged, re-upload the software images to the device or set another one as the startup software images. 3. If the problem persists, contract H3C/H3C Support.

LOAD_FINISHED

Message text	Board in chassis [INT32] slot [INT32] has finished loading software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	5
Example	LOAD/5/LOAD_FINISHED: Board in chassis 1 slot 5 has finished loading software images.
Explanation	The card has finished loading software images.
Recommended action	No action is required.

LOGIN messages

This section contains login messages.

LOGIN_FAILED

Message text	[STRING] failed to login from [STRING].
Variable fields	$1: Username. $2: Line name or IP address.
Severity level	5
Example	LOGIN/5/LOGIN_FAILED: TTY failed to log in from console0. LOGIN/5/LOGIN_FAILED: usera failed to log in from 192.168.11.22.
Explanation	A login attempt failed.
Recommended action	No action is required.

LOGIN_ INVALID_USERNAME_PWD

Message text	Invalid username or password from [STRING].
Variable fields	$1: User line name and user IP address.
Severity level	5
Example	LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from console0. LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from 192.168.11.22.
Explanation	A user entered an invalid username or password.
Recommended action	No action is required.

LPDT messages

This section contains loop detection messages.

LPDT_LOOPED

Message text	A loop was detected on [STRING].
Variable fields	$1: Port name.
Severity level	4
Example	LPDT/4/LPDT_LOOPED: A loop was detected on GigabitEthernet1/0/1.
Explanation	The first intra-VLAN loop was detected on a port.
Recommended action	Check the links and configuration on the device for the loop, and remove the loop.

LPDT_RECOVERED

Message text	All loops were removed on [STRING].
Variable fields	$1: Port name.
Severity level	5
Example	LPDT/5/LPDT_RECOVERED: All loops were removed on GigabitEthernet1/0/1.
Explanation	All intra-VLAN loops on a port were removed.
Recommended action	No action is required.

LPDT_VLAN_LOOPED

Message text	A loop was detected on [STRING] in VLAN [UINT16].
Variable fields	$1: Port name. $2: VLAN ID.
Severity level	4
Example	LPDT/4/LPDT_VLAN_LOOPED: A loop was detected on GigabitEthernet1/0/1 in VLAN 1.
Explanation	A loop in a VLAN was detected on a port.
Recommended action	Check the links and configurations in the VLAN for the loop, and remove the loop.

LPDT_VLAN_RECOVERED

Message text	A loop was removed on [STRING] in VLAN [UINT16].
Variable fields	$1: Port name. $2: VLAN ID.
Severity level	5
Example	LPDT/5/LPDT_VLAN_RECOVERED: A loop was removed on GigabitEthernet1/0/1 in VLAN 1.
Explanation	A loop in a VLAN was removed on a port.
Recommended action	No action is required.

LS messages

This section contains Local Server messages.

LOCALSVR_PROMPTED_CHANGE_PWD

Message text	Please change the password of [STRING] [STRING], because [STRING].
Variable fields	$1: Password type: ¡ device management user. ¡ user line. ¡ user line class. $2: Username, the number of the user line, or the type of the user line class. $3: Password change reason: ¡ the current password is a weak-password. ¡ the current password is the default password. ¡ it is the first login of the current user or the password had been reset. ¡ the password had expired.
Severity level	6
Example	LOCALSVR/6/LOCALSVR_PROMPTED_CHANGE_PWD: Please change the password of device management user hhh, because the current password is a weak password.
Explanation	This message is generated at an interval of 24 hours if a user uses a password that does not meet the password control requirements to log in to the device.
Recommended action	If the device performs scheme authentication on the user, change the password of the local user account. If the device performs password authentication on the user, change the password for the user line or user line class.

LS_ADD_USER_TO_GROUP

Message text	Admin [STRING] added user [STRING] to group [STRING].
Variable fields	$1: Admin name. $2: Username. $3: User group name.
Severity level	4
Example	LS/4/LS_ADD_USER_TO_GROUP: Admin admin added user user1 to group group1.
Explanation	The administrator added a user into a user group.
Recommended action	No action is required.

LS_AUTHEN_FAILURE

Message text	User [STRING] from [STRING] failed authentication. [STRING]
Variable fields	$1: Username. $2: IP address. $3: Failure reason: ¡ "User not found." ¡ "Password verified failed." ¡ "User not active." ¡ "Access type mismatch." ¡ "Binding attribute is failed." ¡ "User in blacklist."
Severity level	5
Example	LS/5/LS_AUTHEN_FAILURE: User cwf@system from 192.168.0.22 failed authentication. "User not found."
Explanation	The local server rejected a user's authentication request.
Recommended action	No action is required.

LS_AUTHEN_SUCCESS

Message text	User [STRING] from [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	LS/6/LS_AUTHEN_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully.
Explanation	The local server accepted a user's authentication request.
Recommended action	No action is required.

LS_DEL_USER_FROM_GROUP

Message text	Admin [STRING] delete user [STRING] from group [STRING].
Variable fields	$1: Admin name. $2: Username. $3: User group name.
Severity level	4
Example	LS/4/LS_DEL_USER_FROM_GROUP: Admin admin delete user user1 from group group1.
Explanation	The administrator deleted a user from a user group.
Recommended action	No action is required.

LS_DELETE_PASSWORD_FAIL

Message text	Failed to delete the password for user [STRING].
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_DELETE_PASSWORD_FAIL: Failed to delete the password for user abcd.
Explanation	Failed to delete the password for a user.
Recommended action	Check the file system for errors.

LS_PWD_ADDBLACKLIST

Message text	User [STRING] at [STRING] was added to the blacklist due to multiple login failures, [STRING].
Variable fields	$1: Username. $2: IP address. $3: Options include: ¡ but could make other attempts. ¡ and is permanently blocked. ¡ and was temporarily blocked for [UINT32] minutes.
Severity level	4
Example	LS/4/LS_PWD_ADDBLACKLIST: User user1 at 192.168.0.22 was added to the blacklist due to multiple login failures, but could make other attempts.
Explanation	A user was added to the blacklist because of multiple login failures.
Recommended action	Check the user's password.

LS_PWD_CHGPWD_FOR_AGEDOUT

Message text	User [STRING] changed the password because it was expired.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_AGEDOUT: User aaa changed the password because it was expired.
Explanation	A user changed the password because the old password has expired.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_AGEOUT

Message text	User [STRING] changed the password because it was about to expire.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_AGEOUT: User aaa changed the password because it was about to expire.
Explanation	A user changed the password because the old password was about to expire.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_COMPOSITION

Message text	User [STRING] changed the password because it had an invalid composition.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_COMPOSITION: User aaa changed the password because it had an invalid composition.
Explanation	A user changed the password because it had an invalid composition.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_FIRSTLOGIN

Message text	User [STRING] changed the password at the first login.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_FIRSTLOGIN: User aaa changed the password at the first login.
Explanation	A user changed the password at the first login.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_LENGTH

Message text	User [STRING] changed the password because it was too short.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_LENGTH: User aaa changed the password because it was too short.
Explanation	A user changed the password because it was too short.
Recommended action	No action is required.

LS_PWD_FAILED2WRITEPASS2FILE

Message text	Failed to write the password records to file.
Variable fields	N/A
Severity level	4
Example	LS/4/LS_PWD_FAILED2WRITEPASS2FILE: Failed to write the password records to file.
Explanation	Failed to write the password records to file.
Recommended action	No action is required.

LS_PWD_MODIFY_FAIL

Message text	Admin [STRING] from [STRING] could not modify the password for user [STRING], because [STRING].
Variable fields	$1: Admin name. $2: IP address. $3: Username. $4: Failure reason: ¡ old password is incorrect. ¡ password is too short. ¡ password has not minimum different chars. ¡ invalid password composition. ¡ password has repeated chars. ¡ password contains username. ¡ password used already. ¡ password is in update-wait time.
Severity level	4
Example	LS/4/LS_PWD_MODIFY_FAIL: Admin admin from 1.1.1.1 could not modify the password for user user1, because old password is incorrect.
Explanation	An administrator failed to modify a user's password.
Recommended action	No action is required.

LS_PWD_MODIFY_SUCCESS

Message text	Admin [STRING] from [STRING] modify the password for user [STRING] successfully.
Variable fields	$1: Admin name. $2: IP address. $3: Username.
Severity level	6
Example	LS/6/LS_PWD_MODIFY_SUCCESS: Admin admin from 1.1.1.1 modify the password for user abc successfully.
Explanation	An administrator successfully modified a user's password.
Recommended action	No action is required.

LS_REAUTHEN_FAILURE

Message text	User [STRING] from [STRING] failed reauthentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	LS/5/LS_REAUTHEN_FAILURE: User abcd from 1.1.1.1 failed reauthentication.
Explanation	A user failed reauthentication.
Recommended action	Check the old password.

LS_UPDATE_PASSWORD_FAIL

Message text	Failed to update the password for user [STRING].
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_UPDATE_PASSWORD_FAIL: Failed to update the password for user abc.
Explanation	Failed to update the password for a user.
Recommended action	Check the file system for errors.

LS_USER_CANCEL

Message text	User [STRING] from [STRING] cancelled inputting the password.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	LS/5/LS_USER_CANCEL: User 1 from 1.1.1.1 cancelled inputting the password.
Explanation	The user cancelled inputting the password or did not input the password in 90 seconds.
Recommended action	No action is required.

LS_USER_PASSWORD_EXPIRE

Message text	User [STRING]'s login idle timer timed out.
Variable fields	$1: Username.
Severity level	5
Example	LS/5/LS_USER_PASSWORD_EXPIRE: User 1's login idle timer timed out.
Explanation	The login idle time for a user expired.
Recommended action	No action is required.

LS_USER_ROLE_CHANGE

Message text	Admin [STRING] [STRING] the user role [STRING] for [STRING].
Variable fields	$1: Admin name. $2: Added/Deleted. $3: User role. $4: Username.
Severity level	4
Example	LS/4/LS_USER_ROLE_CHANGE: Admin admin add the user role network-admin for abcd.
Explanation	The administrator added a user role for a user.
Recommended action	No action is required.

LSPV messages

This section contains LSP verification messages.

LSPV_PING_STATIS_INFO

Message text	Ping statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packets loss, round-trip min/avg/max = [UINT32]/[UINT32]/[UINT32] ms.
Variable fields	$1: FEC. $2: Number of echo requests sent. $3: Number of echo replies received. $4: Percentage of the non-replied packets to the total requests. $5: Minimum round-trip delay. $6: Average round-trip delay. $7: Maximum round-trip delay.
Severity level	6
Example	LSPV/6/LSPV_PING_STATIS_INFO: Ping statistics for FEC 192.168.1.1/32: 5 packets transmitted, 5 packets received, 0.0% packets loss, round-trip min/avg/max = 1/2/5 ms.
Explanation	Ping statistics for an LSP tunnel or a PW. This message is generated when the ping mpls command is executed.
Recommended action	If no reply is received, verify the connectivity of the LSP tunnel or the PW.

MAC messages

This section contains MAC messages.

MAC_DRIVER_ADD_ENTRY

Message text	Driver failed to add MAC address entry: MAC address=[STRING], VLAN=[UINT32], State=[UINT32], interface=[STRING].
Variable fields	$1: MAC address. $2: VLAN ID. $3: Entry type number. $4: Interface type and interface number.
Severity level	4
Example	MAC/4/MAC_DRIVER_ADD_ENTRY: Driver failed to add MAC address entry: MAC address=1-1-1, VLAN=1, State=2, interface=GigabitEthernet1/0/1.
Explanation	Failed to add a MAC address entry on an interface.
Recommended action	No action is required.

MAC_NOTIFICATION

Message text	Form 1: MAC address [STRING] in VLAN [UNIT32] has moved from port [STRING] to port [STRING] for [UNIT32] times. Form 2: MAC address [STRING] in VSI [STRING] has moved from [STRING] service-instance [UNIT32] to [STRING] service-instance [UNIT32] for [UNIT32] times.
Variable fields	Form 1: $1: MAC address. $2: VLAN ID. $3: Interface name. $4: Interface name. $5: Number of MAC moves. Form 2: $1: MAC address. $2: VSI name. $3: Interface name. $4: Ethernet service instance ID. $5: Interface name. $6: Ethernet service instance ID. $7: Number of MAC moves.
Severity level	4
Example	Form 1: MAC/4/MAC_NOTIFICATION: MAC address 0000-0012-0034 in VLAN 500 has moved from port GE1/0/1 to port GE1/0/2 for 1 times Form 2: MAC/4/MAC_NOTIFICATION: MAC address 0010-9400-0002 in VSI vpna has moved from Twenty-FiveGigE1/0/1 service-instance 40 to Twenty-FiveGigE1/0/3 service-instance 30 for 152499 times.
Explanation	A MAC address moved between Ethernet interfaces or Ethernet service instances.
Recommended action	No action is required.

MAC_PROTOCOLPKT_NORES_GLOBAL

Message text	The card does not have enough hardware resources to send protocol packets destined for [STRING] to the CPU for [STRING],
Variable fields	$1: MAC address. $2: Protocol type.
Severity level	5
Example	MAC/5/MAC_PROTOCOLPKT_NORES_GLOBAL: The card does not have enough hardware resources to send protocol packets destined for 0180-C200-000e to the CPU for LLDP.
Explanation	Protocol packets fail to be sent to the CPU because the hardware resources of the card are insufficient.
Recommended action	No action is required.

MAC_PROTOCOLPKT_NORES_PORT

Message text	The card does not have enough hardware resources to send protocol packets destined for [STRING] to the CPU for [STRING] on [STRING].
Variable fields	$1: MAC address. $2: Protocol type. $3: Interface name.
Severity level	5
Example	MAC/5/MAC_PROTOCOLPKT_NORES_PORT: The card does not have enough hardware resources to send protocol packets destined for 0180-C200-000e to the CPU for LLDP on GigabitEthernet2/0/32.
Explanation	Protocol packets on an interface fail to be sent to the CPU because the hardware resources of the card are insufficient.
Recommended action	No action is required.

MAC_PROTOCOLPKT_NORES_VLAN

Message text	The card does not have enough hardware resources to send protocol packets destined for [STRING] to the CPU for [STRING] in VLAN [UINT16].
Variable fields	$1: MAC address. $2: Protocol type. $3: VLAN ID.
Severity level	5
Example	MAC/5/MAC_PROTOCOLPKT_NORES_VLAN: The card does not have enough hardware resources to send protocol packets destined for 0180-C200-000e to the CPU for LLDP in VLAN 100.
Explanation	Protocol packets in a VLAN fail to be sent to the CPU because the hardware resources of the card are insufficient.
Recommended action	No action is required.

MAC_TABLE_FULL_GLOBAL

Message text	The number of MAC address entries exceeded the maximum number [UINT32].
Variable fields	$1: Maximum number of MAC addresses.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_GLOBAL: The number of MAC address entries exceeded the maximum number 1024.
Explanation	The number of entries in the global MAC address table exceeded the maximum number supported by the table.
Recommended action	No action is required.

MAC_TABLE_FULL_PORT

Message text	The number of MAC address entries exceeded the maximum number [UINT32] for interface [STRING].
Variable fields	$1: Maximum number of MAC addresses. $2: Interface name.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_PORT: The number of MAC address entries exceeded the maximum number 1024 for interface GigabitEthernet2/0/32.
Explanation	The number of entries in the MAC address table for an interface exceeded the maximum number supported by the table.
Recommended action	No action is required.

MAC_TABLE_FULL_VLAN

Message text	The number of MAC address entries exceeded the maximum number [UINT32] in VLAN [UINT32].
Variable fields	$1: Maximum number of MAC addresses. $2: VLAN ID.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_VLAN: The number of MAC address entries exceeded the maximum number 1024 in VLAN 2.
Explanation	The number of entries in the MAC address table for a VLAN exceeded the maximum number supported by the table.
Recommended action	No action is required.

MAC_VLAN_LEARNLIMIT_NORESOURCE

Message text	The card does not have enough hardware resources to set MAC learning limit for VLAN [UINT16].
Variable fields	$1: VLAN ID.
Severity level	5
Example	MAC/5/MAC_VLAN_LEARNLIMIT_NORESOURCE: The card does not have enough hardware resources to set MAC learning limit for VLAN 100.
Explanation	Failed to set the MAC learning limit for a VLAN because the card does not have enough hardware resources.
Recommended action	No action is required.

MAC_VLAN_LEARNLIMIT_NOTSUPPORT

Message text	The card does not support setting MAC learning limit for VLAN [UINT16].
Variable fields	$1: VLAN ID.
Severity level	5
Example	MAC/5/ MAC_VLAN_LEARNLIMIT_NOTSUPPORT: The card does not support setting MAC learning limit for VLAN 100.
Explanation	MAC learning limit setting for a VLAN is not supported on the card.
Recommended action	No action is required.

MACA messages

This section contains MAC authentication messages.

MACA_ENABLE_NOT_EFFECTIVE

Message text	MAC authentication is enabled but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	MACA/3/MACA_ENABLE_NOT_EFFECTIVE: MAC authentication is enabled but is not effective on interface Ethernet3/1/2.
Explanation	MAC authentication configuration does not take effect on an interface, because the interface does not support MAC authentication.
Recommended action	1. Disable MAC authentication on the interface. 2. Reconnect the connected devices to another interface that supports MAC authentication. 3. Enable MAC authentication on the new interface.

MACA_LOGIN_FAILURE

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User failed MAC authentication. Reason: [STRING].
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format. $6: Failure cause: · MAC address authorization failed. · VLAN authorization failed. · VSI authorization failed. · ACL authorization failed. · User profile authorization failed. · URL authorization failed. · Authentication process failed.
Severity level	6
Example	MACA/6/MACA_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=0000-0000-0001-VLANID=1-Username=0000-0000-0001-UsernameFormat=MAC address; User failed MAC authentication. Reason: VLAN authorization failed.
Explanation	The user failed MAC authentication for a specific reason.
Recommended action	Locate the failure cause and handle the issue according to the failure cause.

MACA_LOGIN_SUCC

Message text	-IfName=[STRING]-MACAddr=[STRING]-AccessVLANID=[STRING]-AuthorizationVLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; User passed MAC authentication and came online.
Variable fields	$1: Interface type and number. $2: MAC address. $3: ID of the access VLAN. $4: ID of the authorization VLAN. $5: Username. $6: User account format.
Severity level	6
Example	MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-AccessVLANID=444-AuthorizationVLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; User passed MAC authentication and came online.
Explanation	The user passed MAC authentication.
Recommended action	No action is required.

MACA_LOGIN_SUCC (in open mode)

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; The user that failed MAC authentication passed open authentication and came online.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format.
Severity level	6
Example	MACA/6/MACA_LOGIN_SUCC:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; The user that failed MAC authentication passed open authentication and came online.
Explanation	A user failed MAC authentication but passed open authentication.
Recommended action	No action is required.

MACA_LOGOFF

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; MAC authentication user was logged off.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format.
Severity level	6
Example	MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; MAC authentication user was logged off.
Explanation	The MAC authentication user was logged off.
Recommended action	Locate the logoff cause and remove the issue. If the logoff was requested by the user, no action is required.

MACA_LOGOFF (in open mode)

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-Username=[STRING]-UsernameFormat=[STRING]; MAC authentication open user was logged off.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Username. $5: User account format.
Severity level	6
Example	MACA/6/MACA_LOGOFF:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-Username=00-10-84-00-22-b9-UsernameFormat=MAC address; MAC authentication open user was logged off.
Explanation	A MAC authentication open user was logged off.
Recommended action	Locate the logoff cause and remove the issue. If the logoff was requested by the user, no action is required.

MACSEC messages

This section contains MACsec messages.

MACSEC_MKA_KEEPALIVE_TIMEOUT

Message text	The live peer with SCI [STRING] and CKN [STRING] aged out on interface [STRING].
Variable fields	$1: SCI. $2: CKN. $3: Interface name.
Severity level	4
Example	MACSEC/4/MACSEC_MKA_KEEPALIVE_TIMEOUT: The live peer with SCI 00E00100000A0006 and CKN 80A0EA0CB03D aged out on interface GigabitEthernet1/0/1.
Explanation	A live peer aged out on an interface, because the local participant had not received any MKA packets from the peer before the keepalive timer expired. The local participant removed the peer information from the port.
Recommended action	Check the link between the local participant and the live peer for link failure. If the link is down, recover the link.

MACSEC_MKA_PRINCIPAL_ACTOR

Message text	The actor with CKN [STRING] became principal actor on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_PRINCIPAL_ACTOR: The actor with CKN 80A0EA0CB03D became principal actor on interface GigabitEthernet1/0/1.
Explanation	The actor with the highest key server priority became the principal actor.
Recommended action	No action is required.

MACSEC_MKA_SAK_REFRESH

Message text	The SAK has been refreshed on interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SAK_REFRESH: The SAK has been refreshed on interface GigabitEthernet1/0/1.
Explanation	The participant on the interface derived or received a new SAK.
Recommended action	No action is required.

MACSEC_MKA_SESSION_REAUTH

Message text	The MKA session with CKN [STRING] was re-authenticated on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SESSION_REAUTH: The MKA session with CKN 80A0EA0CB03D was re-authenticated on interface GigabitEthernet1/0/1.
Explanation	The interface performed 802.1X reauthentication. After the 802.1X reauthentication, the participants received a new CAK, and used it to re-establish the MKA session.
Recommended action	No action is required.

MACSEC_MKA_SESSION_SECURED

Message text	The MKA session with CKN [STRING] was secured on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SESSION_SECURED: The MKA session with CKN 80A020EA0CB03D was secured on interface GigabitEthernet1/0/1.
Explanation	The MKA session on the interface was secured. Packets are encrypted and transmitted in cipher text. The event occurs in the following situations: · The MKA session state changes from unsecured to secured. · The local participant and the peer negotiate a new MKA session when the following conditions exist: ¡ Both the key server and the peer support MACsec. ¡ A minimum of one participant is enabled with the MACsec desire feature.
Recommended action	No action is required.

MACSEC_MKA_SESSION_START

Message text	The MKA session with CKN [STRING] started on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SESSION_START: The MKA session with CKN 80A020EA0CB03D started on interface GigabitEthernet1/0/1.
Explanation	The MKA session negotiation was initiated. Possible reasons include: · New CAK is available after MKA is enabled. · The user re-establishes the MKA session. · The interface that failed MKA session negotiation receives an MKA packet.
Recommended action	No action is required.

MACSEC_MKA_SESSION_STOP

Message text	The MKA session with CKN [STRING] stopped on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	5
Example	MACSEC/5/MACSEC_MKA_SESSION_STOP: The MKA session with CKN 80A020EA0CB03D stopped on interface GigabitEthernet1/0/1.
Explanation	The MKA session was terminated. Possible reasons include: · The user removes or re-establishes the MKA session on the interface. · The link associated to the session is down.
Recommended action	1. Use the display mka session command to check whether the session exists: ¡ If the session has been re-established, ignore the message. ¡ If the session does not exist and is not removed by the user, check the link associated with the session for link failure. 2. Recover the link if the link is down.

MACSEC_MKA_SESSION_UNSECURED

Message text	The MKA session with CKN [STRING] was not secured on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	5
Example	MACSEC/5/MACSEC_MKA_SESSION_UNSECURED: The MKA session with CKN 80A020EA0CB03D was not secured on interface GigabitEthernet1/0/1.
Explanation	The MKA session on the interface was not secured. Packets are transmitted in plain text. The event occurs in the following situations: · The MKA session state changes from secured to unsecured. · The local participant and the peer negotiate a new MKA session when the following conditions exist: ¡ The key server and the peer are not both MACsec capable. ¡ No participant is enabled with the MACsec desire feature.
Recommended action	To secure the MKA session, perform the following tasks: · Verify that both the key server and the peer support MACsec. · Verify that a minimum of one participant is enabled with the MACsec desire feature.

MBFD messages

This section contains MPLS BFD messages.

MBFD_TRACEROUTE_FAILURE

Message text	[STRING] is failed. ([STRING].)
Variable fields	$1: LSP information. $2: Reason for the LSP failure.
Severity level	5
Example	MBFD/5/MBFD_TRACEROUTE_FAILURE: LSP (LDP IPv4: 22.22.2.2/32, nexthop: 20.20.20.2) is failed. (Replying router has no mapping for the FEC.) MBFD/5/MBFD_TRACEROUTE_FAILURE: TE tunnel (RSVP IPv4: Tunnel1) is failed. (No label entry.)
Explanation	LSP/MPLS TE tunnel failure was detected by periodic MPLS tracert. This message is generated when the system receives an MPLS echo reply with an error return code.
Recommended action	Verify the configuration for the LSP or MPLS TE tunnel.

MBUF messages

This section contains MBUF messages.

MBUF_DATA_BLOCK_CREATE_FAIL

Message text	Failed to create an MBUF data block because of insufficient memory. Failure count: [UINT32].
Variable fields	$1: Failure count.
Severity level	2
Example	MBUF/2/MBUF_DATA_BLOCK_CREATE_FAIL: Failed to create an MBUF data block because of insufficient memory. Failure count: 128.
Explanation	The message is output when the system fails to create an MBUF data block 1 minute or more after the most recent creation failure.
Recommended action	1. Execute the display system internal kernel memory pool \| include mbuf command in probe view to view the number of the allocated MBUF data blocks. 2. Execute the display memory command in system view to display the total size of the system memory. 3. Determine whether an excessive number of MBFU data blocks are allocated by comparing the size of the allocated MBUF data blocks with that of the system memory. ¡ If it is not an excessive number, use the memory management commands to check for the memory-intensive modules. ¡ If it is an excessive number, go to step 4. 4. Execute the display system internal mbuf socket statistics command in probe view to view the number of the MBUF data blocks buffered in the socket. Determine whether a process has too many MBUF data blocks buffered in the socket buffer. ¡ If it is too many, locate the reason why the MBUF data blocks cannot be released from the socket buffer. ¡ If it is not too many, use other means to locate the reasons for excessive allocation of MBUF data blocks. 5. If the problem persists, contact H3C Support.

MDC messages

This section contains MDC messages.

MDC_CREATE_ERR

Message text	Failed to create MDC [UINT16] for insufficient resources.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_CREATE_ERR: -Slot=1; Failed to create MDC 2 for insufficient resources.
Explanation	The standby MPU did not have enough resources to create the MDC. At startup, the standby MPU obtains MDC configuration information from the active MPU. If the standby MPU does not have enough resources to create an MDC, it outputs this log message.
Recommended action	1. Use the display mdc resource command to display the CPU, memory, and disk space resources on the standby MPU. 2. Perform one of the following tasks: ¡ If the memory space is insufficient, increase the memory space. If the disk space is insufficient, delete unused files. ¡ Use the undo mdc command to delete the specified MDC. ¡ Replace the standby MPU with an MPU that has sufficient resources.

MDC_CREATE

Message text	MDC [UINT16] was created.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_CREATE: MDC 2 was created.
Explanation	An MDC was created successfully.
Recommended action	No action is required.

MDC_DELETE

Message text	MDC [UINT16] was deleted.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_DELETE: MDC 2 was deleted.
Explanation	An MDC was deleted successfully.
Recommended action	No action is required.

MDC_KERNEL_EVENT_TOOLONG

Message text	[STRING] [UINT16] kernel event in sequence [STRING] function [STRING] failed to finish within [UINT32] minutes.
Variable fields	$1: Object type, MDC or Context. $2: MDC ID or context ID. $3: Kernel event phase. $4: Address of the function corresponding to the kernel event. $5: Time duration.
Severity level	4
Example	MDC/4/MDC_KERNEL_EVENT_TOOLONG: -slot=1; MDC 2 kernel event in sequence 0x4fe5 function 0xff245e failed to finish within 15 minutes.
Explanation	A kernel event stayed unfinished for a long period of time.
Recommended action	1. Reboot the card in the specified slot. 2. If the problem persists, contact HP Support.

MDC_LICENSE_EXPIRE

Message text	The MDC feature's license will expire in [UINT32] days.
Variable fields	$1: Number of days, in the range of 1 to 30.
Severity level	5
Example	MDC/5/MDC_LICENSE_EXPIRE: The MDC feature’s license will expire in 5 days.
Explanation	The license for the MDC feature was about to expire.
Recommended action	Install a new license.

MDC_NO_FORMAL_LICENSE

Message text	The feature MDC has no formal license.
Variable fields	N/A
Severity level	5
Example	MDC/5/MDC_NO_FORMAL_LICENSE: The feature MDC has no formal license.
Explanation	The standby MPU became the active MPU but it did not have a formal license. The MDC feature has a free trial period. To use the feature after the period elapses, you must install a license for the standby MPU.
Recommended action	Install a formal license.

MDC_NO_LICENSE_EXIT

Message text	The MDC feature is being disabled, because it has no license.
Variable fields	N/A
Severity level	5
Example	MDC/5/MDC_NO_LICENSE_EXIT: The MDC feature is being disabled, because it has no license.
Explanation	The MDC feature was disabled because the license for the MDC feature expired or was uninstalled.
Recommended action	Install the required license.

MDC_OFFLINE

Message text	MDC [UINT16] is offline now.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_OFFLINE: MDC 2 is offline now.
Explanation	An MDC was stopped.
Recommended action	No action is required.

MDC_ONLINE

Message text	MDC [UINT16] is online now.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_ONLINE: MDC 2 is online now.
Explanation	An MDC was started.
Recommended action	No action is required.

MDC_STATE_CHANGE

Message text	MDC [UINT16] status changed to [STRING].
Variable fields	$1: MDC ID. $2: MDC status: ¡ updating–The system is assigning interface cards to the MDC (executing the location command). ¡ stopping–The system is stopping the MDC (executing the undo mdc start command). ¡ inactive–The MDC is inactive. ¡ starting–The system is starting the MDC (executing the mdc start command). ¡ active–The MDC is operating correctly.
Severity level	5
Example	MDC/5/MDC_STATE_CHANGE: MDC 2 status changed to active.
Explanation	The status of an MDC changed.
Recommended action	No action is required.

MFIB messages

This section contains MFIB messages.

MFIB_MEM_ALERT

Message text	MFIB process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alert event.
Severity level	5
Example	MFIB/5/MFIB_MEM_ALERT: MFIB process receive system memory alert start event.
Explanation	The MFIB module received a memory alert event from the system.
Recommended action	1. Check the system memory to make sure the memory usage does not exceed the thresholds. 2. Release memory from memory-intensive modules.

MGROUP messages

This section contains mirroring group messages.

MGROUP_APPLY_SAMPLER_FAIL

Message text	Failed to apply the sampler for mirroring group [UINT16], because the sampler resources are insufficient.
Variable fields	$1: Mirroring group ID.
Severity level	3
Example	MGROUP/3/MGROUP_APPLY_SAMPLER_FAIL: Failed to apply the sampler for mirroring group 1, because the sampler resources are insufficient.
Explanation	A sampler was not applied to the mirroring group because the sampler resources were insufficient.
Recommended action	No action is required.

MGROUP_RESTORE_CPUCFG_FAIL

Message text	Failed to restore configuration for mirroring CPU of [STRING] in mirroring group [UINT16], because [STRING]
Variable fields	$1: Slot number. $2: Mirroring group ID. $3: Failure reason.
Severity level	3
Example	MGROUP/3/MGROUP_RESTORE_CPUCFG_FAIL: Failed to restore configuration for mirroring CPU of chassis 1 slot 2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported.
Explanation	When the CPU of the card in the slot is the source CPU in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the source CPU configuration might fail.
Recommended action	Check for the failure reason. If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the source CPU in the mirroring group.

MGROUP_RESTORE_GROUP_FAIL

Message text	Failed to restore configuration for mirroring group [UINT16], because [STRING]
Variable fields	$1: Mirroring group ID. $2: Failure reason, which is monitor resources are insufficient.
Severity level	3
Example	MGROUP/3/MGROUP_RESTORE_GROUP_FAIL: Failed to restore configuration for mirroring group 1, because monitor resources are insufficient.
Explanation	Failed to restore the configuration of a mirroring group after device reboot because the monitor resources are insufficient.
Recommended action	Delete mirroring configurations to release monitor resources and then re-configure the mirroring group for which configuration restoration failed. After device reboot, flow mirroring configurations are restored before port mirroring configurations. The monitor resources are limited and restoration of port mirroring configurations might fail if the monitor resources are insufficient.

MGROUP_RESTORE_IFCFG_FAIL

Message text	Failed to restore configuration for interface [STRING] in mirroring group [UINT16], because [STRING]
Variable fields	$1: Interface name. $2: Mirroring group ID. $3: Failure reason.
Severity level	3
Example	MGROUP/3/MGROUP_RESTORE_IFCFG_FAIL: Failed to restore configuration for interface Ethernet3/1/2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported.
Explanation	When the interface of the card in the slot is the monitor port in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the monitor port configuration might fail.
Recommended action	Check for the failure reason. If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the monitor port in the mirroring group.

MGROUP_SYNC_CFG_FAIL

Message text	Failed to restore configuration for mirroring group [UINT16] in [STRING], because [STRING]
Variable fields	$1: Mirroring group ID. $2: Slot number. $3: Failure reason.
Severity level	3
Example	MGROUP/3/MGROUP_SYNC_CFG_FAIL: Failed to restore configuration for mirroring group 1 in chassis 1 slot 2, because monitor resources are insufficient.
Explanation	When the complete mirroring group configuration was synchronized on the card in the slot, restoring configuration failed because resources on the card were insufficient.
Recommended action	Delete the mirroring group.

MLAG

This section contains M-LAG messages.

MLAG_AUTO-RECOVERY_TIMEOUT

Message text	The reload delay timer timed out. Please check configuration of the M-LAG system.
Variable fields	N/A
Severity level	4
Example	MLAG/4/MLAG_AUTO-RECOVERY_TIMEOUT: The reload delay timer timed out. Please check configuration of the M-LAG system.
Explanation	The reload delay timer expired, and the M-LAG system had only one available member device or had two primary member devices.
Recommended action	· Verify that the unavailable member device is operating correctly. · Verify that the peer link and keepalive link are correctly configured and connected. · Increase the reload delay timer.

MLAG_DEVICE_MADDOWN

Message text	[STRING] will change to the M-LAG MAD DOWN state because [STRING].
Variable fields	$1: Interfaces to be placed in M-LAG MAD DOWN state: · All service interfaces not excluded from the M-LAG MAD DOWN action. · All service interfaces included in the M-LAG MAD DOWN action. · All new service interfaces not excluded from the M-LAG MAD DOWN. · All new service interfaces included in the M-LAG MAD DOWN action. $2: Cause of the M-LAG MAD DOWN state and recommended remedy: · The device is Initializing. Please set up the M-LAG system fisrt. · The peer-link went down and the keepalive link remains up. Please check the peer-link settings on both ends of the peer-link. · The peer-link came up. Please wait for the data restoration delay timer to expire. · The peer-link and all M-LAG interfaces went down. Please first check the peer-link settings on both ends of the peer-link.
Severity level	4
Example	MLAG/4/MLAG_DEVICE_MADDOWN: All service interfaces not excluded from the MLAG MAD DOWN action will change to the M-LAG MAD DOWN state because the peer-link went down and the keepalive link remains up. Please check the peer-link interface settings on both ends of the peer-link.
Explanation	Network interfaces on the device will be shut down by M-LAG MAD.
Recommended action	Verify that the peer link is correctly connected and the cable is working correctly.

MLAG_DEVICE_MADRECOVERY

Message text	All service interfaces on the device will be recovered from the M-LAG MAD DOWN state.
Variable fields	N/A
Severity level	4
Example	MLAG/4/MLAG_DEVICE_MADRECOVERY: All service interfaces on the device will be recovered from the M-LAG MAD DOWN state.
Explanation	The device will restore the state of all service interfaces that have been placed in M-LAG MAD DOWN state.
Recommended action	No action is required.

MLAG_GLBCHECK_CONSISTENCY

Message text	Finished global type [UINT16] configuration consistency check. No inconsistency exists.
Variable fields	$1: Configuration consistency check type.
Severity level	6
Example	MLAG/6/MLAG_GLBCHECK_CONSISTENCY: Finished global type 1 configuration consistency check. No inconsistency exists.
Explanation	No inconsistency was detected in global type 1 or type 2 configuration.
Recommended action	No action is required.

MLAG_GLBCHECK_INCONSISTENCY

Message text	Detected global type [UINT16] configuration inconsistency.
Variable fields	$1: Configuration consistency check type.
Severity level	6
Example	MLAG/6/MLAG_GLBCHECK_INCONSISTENCY: Detected global type 1 configuration inconsistency.
Explanation	Inconsistencies were detected in global type 1 or type 2 configuration.
Recommended action	If type 1 configuration inconsistencies exist, use the display m-lag consistency command to view the inconsistent settings and modify them on the M-LAG member devices. If type 2 configuration inconsistencies exist, modify the inconsistent settings on the M-LAG member devices.

MLAG_IFCHECK_CONSISTENCY

Message text	Finished M-LAG interface [STRING] type [UINT16] configuration consistency check. No inconsistency exists.
Variable fields	$1: Layer 2 aggregate interface name. $2: Configuration consistency check type.
Severity level	6
Example	MLAG/6/MLAG_IFCHECK_CONSISTENCY: Finished M-LAG interface Bridge-Aggregation2 type 1 configuration consistency check. No inconsistency exists.
Explanation	No inconsistency was detected in type 1 or type 2 configuration of an M-LAG interface.
Recommended action	No action is required.

MLAG_IFCHECK_INCONSISTENCY

Message text	Detected type [UINT16] configuration inconsistency on interface [STRING].
Variable fields	$1: Layer 2 aggregate interface name. $2: Configuration consistency check type.
Severity level	6
Example	MLAG/6/MLAG_IFCHECK_INCONSISTENCY: Detected type 1 configuration inconsistency on interface Bridge-Aggregation2.
Explanation	Inconsistencies were detected in type 1 or type 2 configuration of an M-LAG interface.
Recommended action	If type 1 configuration inconsistencies exist, use the display m-lag consistency command to view the inconsistent settings and modify them on the M-LAG interfaces. If type 2 configuration inconsistencies exist, modify the inconsistent settings on the M-LAG interfaces.

MLAG_IFEVT_MLAGIF_BIND

Message text	Interface [STRING] was assigned to M-LAG group [UINT32].
Variable fields	$1: Layer 2 aggregate interface name. $2: M-LAG group number.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_MLAGIF_BIND: Interface Bridge-Aggregation1 was assigned to M-LAG group 1.
Explanation	A Layer 2 aggregate interface was assigned to an M-LAG group.
Recommended action	No action is required.

MLAG_IFEVT_MLAGIF_GLOBALDOWN

Message text	The state of M-LAG interface [STRING] changed to globally down.
Variable fields	$1: Layer 2 aggregate interface name.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_MLAGIF_GLOBALDOWN: The state of M-LAG interface Bridge-Aggregation1 changed to globally down.
Explanation	One M-LAG interface changed to the globally down state because all its member interfaces and all the member interfaces of the other M-LAG interface in the same M-LAG group became Unselected.
Recommended action	Verify that the device and the M-LAG peer use the same system priority and system MAC address, and different system numbers.

MLAG_IFEVT_MLAGIF_GLOBALUP

Message text	The state of M-LAG interface [STRING] changed to globally up.
Variable fields	$1: Layer 2 aggregate interface name.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_MLAGIF_GLOBALUP: The state of M-LAG interface Bridge-Aggregation1 changed to globally up.
Explanation	An M-LAG interface changed to the globally up state. If member interfaces of M-LAG interfaces in an M-LAG group become Selected for the first time, the M-LAG interfaces become globally up.
Recommended action	No action is required.

MLAG_IFEVT_MLAGIF_MAC_CHG

Message text	Local M-LAG interface [STRING]'s system MAC address changed to [STRING]. Please ensure that the configuration is consistent with that of the peer M-LAG interface.
Variable fields	$1: Layer 2 aggregate interface name. $2: System MAC address.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_MLAGIF_MAC_CHG: Local M-LAG interface Bridge-Aggregation1's system MAC address changed to 2-2-2. Please ensure that the configuration is consistent with that of the peer M-LAG interface.
Explanation	The system MAC address of an M-LAG interface was modified.
Recommended action	No action is required.

MLAG_IFEVT_MLAGIF_NOSELECTED

Message text	Local M-LAG interface [STRING] in M-LAG group [UINT32] does not have Selected member ports because [STRING].
Variable fields	$1: Layer 2 aggregate interface name. $2: M-LAG group number. $3: Cause of the down state of the M-LAG interface: · the aggregate interface went down. Please check the aggregate link status. · no peer M-LAG interface was detected. Please check peer M-LAG interface configuration. · of configuration consistency check failure. Please check the type 1 configuration of the M-LAG member devices for inconsistencies. · it was removed from a M-LAG group. Please reconfigure the M-LAG interface settings as needed.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_MLAGIF_NOSELECTED: Local M-LAG interface Bridge-Aggregation1 in M-LAG group 2 does not have Selected member ports because no peer M-LAG interface was detected. Please check peer M-LAG interface configuration.
Explanation	The local M-LAG interface in an M-LAG group does not have member ports in Selected state.
Recommended action	Verify that the member ports of the M-LAG interface are correctly configured and connected.

MLAG_IFEVT_PEERIF_NOSELECTED

Message text	Peer M-LAG interface in M-LAG group [UINT32] does not have Selected member ports.
Variable fields	$1: M-LAG group number.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_PEERIF_NOSELECTED: Peer M-LAG interface in M-LAG group 10 does not have Selected member ports.
Explanation	The peer M-LAG interface in an M-LAG group does not have member ports in Selected state.
Recommended action	Verify that the member ports of the M-LAG interface are correctly configured and connected.

MLAG_IFEVT_PEERIF_SELECTED

Message text	Peer M-LAG interface in M-LAG group [UINT32] has Selected member ports.
Variable fields	$1: M-LAG group number.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_PEERIF_SELECTED: Peer M-LAG interface in M-LAG group 10 has Selected member ports.
Explanation	The peer M-LAG interface in an M-LAG group has member ports in Selected state.
Recommended action	No action is required.

MLAG_IFEVT_MLAGIF_PEERBIND

Message text	An aggregate interface on the peer M-LAG device was assigned to M-LAG group [UINT32].
Variable fields	$1: M-LAG group number.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_MLAGIF_PEERBIND: An aggregate interface on the peer M-LAG device was assigned to M-LAG group 1.
Explanation	An aggregate interface on the peer M-LAG member device was assigned to an M-LAG group.
Recommended action	No action is required.

MLAG_IFEVT_MLAGIF_PRIORITY_CHG

Message text	M-LAG interface [STRING]'s system priority changed to [UINT16]. Please ensure that the configuration is consistent with that of the peer M-LAG interface.
Variable fields	$1: Layer 2 aggregate interface name. $2: New system priority.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_MLAGIF_PRIORITY_CHG: M-LAG interface Bridge-Aggregation1's system priority changed to 564. Please ensure that the configuration is consistent with that of the peer M-LAG interface.
Explanation	The system priority of an M-LAG interface was modified.
Recommended action	No action is required.

MLAG_IFEVT_MLAGIF_SELECTED

Message text	Local M-LAG interface [STRING] in M-LAG group [UINT32] has Selected member ports.
Variable fields	$1: Layer 2 aggregate interface name. $2: M-LAG group number.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_MLAGIF_SELECTED: Local M-LAG interface Bridge-Aggregation1 in M-LAG group 2 has Selected member ports.
Explanation	The local M-LAG interface has member ports in Selected state.
Recommended action	No action is required.

MLAG_IFEVT_MLAGIF_UNBIND

Message text	Interface [STRING] was removed from M-LAG group [UINT32].
Variable fields	$1: Layer 2 aggregate interface name. $2: M-LAG group number.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_MLAGIF_UNBIND: Interface Bridge-Aggregation1 was removed from M-LAG group 1.
Explanation	A Layer 2 aggregate interface was removed from an M-LAG group.
Recommended action	No action is required.

MLAG_IFEVT_PEERLINK_BIND

Message text	Interface [STRING] was configured as peer-link interface [UINT16].
Variable fields	$1: Layer 2 aggregate interface name. $2: Peer-link interface number.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_PEERLINK_BIND: Interface Bridge-Aggregation1 was configured as peer-link interface 1.
Explanation	A Layer 2 aggregate interface was configured as the peer-link interface.
Recommended action	No action is required.

MLAG_IFEVT_PEERLINK_DOWN

Message text	IPP [STRING] went down because [STRING].
Variable fields	$1: Layer 2 aggregate interface name. $2: Cause of the down state of the peer-link interface: · the aggregate interface went down. Please check the aggregate link status. · the tunnel interface went down. Please check the tunnel link status. · no DRCPDUs were received. Please check the devices' DRCPDU transmission and reception status. · the peer failed to receive DRCPDUs. Please check the devices' DRCPDU transmission and reception status. · the peer-link role of the interface was removed. Please reconfigure an interface as the peer-link interface.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_PEERLINK_DOWN: IPP Bridge-Aggregation1 went down because the tunnel interface went down. Please check the tunnel link status.
Explanation	The peer-link interface went down.
Recommended action	· Verify that the device and the M-LAG peer use the same system priority and system MAC address, and different system numbers. · Verify that the device and the M-LAG peer have the same authentication key and MLAG sequence number check status. · Verify that the Layer 2 aggregate interface that acts as the peer-link interface is working correctly.

MLAG_IFEVT_PEERLINK_UNBIND

Message text	Configuration for peer-link [UINT16] was removed from interface [STRING].
Variable fields	$1: Peer-link interface number. $2: Layer 2 aggregate interface name.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_PEERLINK_UNBIND: Configuration for peer-link 1 was removed from interface Bridge-Aggregation1.
Explanation	The peer-link interface configuration was removed.
Recommended action	No action is required.

MLAG_IFEVT_PEERLINK_UP

Message text	Peer-link interface [STRING] came up.
Variable fields	$1: Layer 2 aggregate interface name.
Severity level	6
Example	MLAG/6/MLAG_IFEVT_PEERLINK_UP: Peer-link interface Bridge-Aggregation1 came up.
Explanation	The peer-link interface came up because it could receive and send DRCPDUs.
Recommended action	No action is required.

MLAG_PEERLINK_BLOCK

Message text	The status of peer-link interface [STRING] changed to blocked.
Variable fields	$1: Layer 2 aggregate interface name.
Severity level	6
Example	MLAG/6/MLAG_PEERLINK_BLOCK: The status of peer-link interface Bridge-Aggregation20 changed to blocked.
Explanation	The status of the peer-link interface changed to blocked because the device had been assigned an M-LAG role, and the peer-link interface went down.
Recommended action	· Verify that the peer link is correctly connected and the cable is working correctly. · Verify that the device and the M-LAG peer have correct M-LAG settings.

MLAG_PEERLINK_UNBLOCK

Message text	The status of peer-link interface [STRING] changed to unblocked.
Variable fields	$1: Layer 2 aggregate interface name.
Severity level	6
Example	MLAG/6/MLAG_PEERLINK_UNBLOCK: The status of peer-link interface Bridge-Aggregation20 changed to unblocked.
Explanation	The status of the peer-link interface changed to unblocked because the device had been assigned an M-LAG role, and the peer-link interface came up.
Recommended action	No action is required.

MLAG_KEEPALIVEINTERVAL_MISMATCH

Message text	Keepalive interval on the local M-LAG device is different from that on the neighbor.
Variable fields	N/A
Severity level	6
Example	MLAG/6/MLAG_KEEPALIVEINTERVAL_MISMATCH: Keepalive interval on the local M-LAG device is different from that on the neighbor.
Explanation	The device and the M-LAG peer use different keepalive intervals.
Recommended action	Make sure the device and the M-LAG peer use the same keepalive interval.

MLAG_KEEPALIVELINK_DOWN

Message text	Keepalive link went down because [STRING].
Variable fields	$1: Cause of the down state of the keepalive link and recommended remedy: · keepalive IP address was not configured. Please configure keepalive IP address. · the device failed to send keepalive packets. Please check Layer 3 reachability to the peer. · the local keepalive timeout timer expired. Please check the keepalive packet transmission and reception status at the two ends. · the peer keepalive timeout timer expired. Please check the keepalive packet transmission and reception status at the two ends.
Severity level	6
Example	MLAG/6/MLAG_KEEPALIVELINK_DOWN: Keepalive link went down because the local keepalive timeout timer expired. Please check the keepalive packet transmission and reception status at the two ends.
Explanation	The keepalive link went down.
Recommended action	· Verify that the role of the device is correct. · Verify that the device and the M-LAG peer use consistent packet source and destination IP addresses for keepalive detection. · Verify Layer 3 connectivity for the keepalive link.

MLAG_KEEPALIVELINK_UP

Message text	Keepalive link came up.
Variable fields	N/A
Severity level	6
Example	MLAG/6/MLAG_KEEPALIVELINK_UP: Keepalive link came up.
Explanation	The keepalive link came up.
Recommended action	No action is required.

MLAG_KEEPALIVEPACKETS_FAILED

Message text	Failed to send keepalive packets to the CPU due to [STRING].
Variable fields	$1: Cause of the failure to send keepalive packets to the CPU. The cause can only be insufficient device ACL resources.
Severity level	6
Example	MLAG/6/MLAG_KEEPALIVEPACKETS_FAILED: Failed to send keepalive packets to the CPU due to insufficient device ACL resources.
Explanation	The device failed to send keepalive packets to the CPU because of insufficient device ACL resources.
Recommended action	Release ACL resources as needed and verify that the keepalive link is operating correctly.

MLAG_SYSEVENT_DEVICEROLE_CHANGE

Message text	Device role changed from [STRING] to [STRING] for [STRING].
Variable fields	$1: Old device role, which can be primary, secondary, or none. $2: New device role, which can be primary, secondary, or none. $3: Reason for the role change: ¡ M-LAG system initialization—The M-LAG system initialized. ¡ peer-link down and all M-LAG interfaces down—All M-LAG interfaces were shut down because the peer link failed. ¡ peer-link and keepalive link down—Both the peer link and keepalive link failed. ¡ peer-link calculation—The role was negotiated over the peer link. ¡ peer-link down and role calculation based on keepalive link—The peer link failed and the local role was negotiated over the keepalive link.
Severity level	6
Example	MLAG/6/MLAG_SYSEVENT_DEVICEROLE_CHANGE: Device role changed from Secondary to Primary for peer-link calculation.
Explanation	The M-LAG role of the device changed.
Recommended action	Examine the reason for the change and take action to recover the peer link or keepalive link if it has failed.

MLAG_SYSEVENT_MAC_CHANGE

Message text	System MAC address changed from [STRING] to [STRING].
Variable fields	$1: Old system MAC address. $2: New system MAC address.
Severity level	6
Example	MLAG/6/MLAG_SYSEVENT_MAC_CHANGE: System MAC address changed from 1-1-1 to 2-2-2.
Explanation	The M-LAG system MAC address was modified.
Recommended action	No action is required.

MLAG_SYSEVENT_MODE_CHANGE

Message text	The device's working mode changed to [STRING].
Variable fields	$1: Working mode of the device: · M-LAG system—The device is operating as an M-LAG member device. · standalone—The device is operating as a standalone device.
Severity level	6
Example	MLAG/6/MLAG_SYSEVENT_MODE_CHANGE: The device's working mode changed to standalone.
Explanation	The working mode of the device changed because the M-LAG system split or reunited.
Recommended action	No action is required.

MLAG_SYSEVENT_NUMBER_CHANGE

Message text	System number changed from [STRING] to [STRING].
Variable fields	$1: Old system number. $2: New system number.
Severity level	6
Example	MLAG/6/MLAG_SYSEVENT_NUMBER_CHANGE: System number changed from 1 to 2.
Explanation	The M-LAG system number was modified.
Recommended action	No action is required.

MLAG_SYSEVENT_PRIORITY_CHANGE

Message text	System priority changed from [UINT16] to [UINT16].
Variable fields	$1: Old system priority. $2: New system priority.
Severity level	6
Example	MLAG/6/MLAG_SYSEVENT_PRIORITY_CHANGE: System priority changed from 123 to 564.
Explanation	The M-LAG system priority was modified.
Recommended action	No action is required.

MPLS messages

This section contains MPLS messages.

MPLS_HARD_RESOURCE_NOENOUGH

Message text	No enough hardware resource for MPLS.
Variable fields	N/A
Severity level	4
Example	MPLS/4/MPLS_HARD_RESOURCE_NOENOUGH: No enough hardware resource for MPLS.
Explanation	Hardware resources for MPLS were insufficient.
Recommended action	Check whether unnecessary LSPs had been generated. If yes, configure or modify the LSP generation policy, label advertisement policy, and label acceptance policy to filter out unnecessary LSPs.

MPLS_HARD_RESOURCE_RESTORE

Message text	Hardware resources for MPLS are restored.
Variable fields	N/A
Severity level	6
Example	MPLS/6/MPLS_HARD_RESOURCE_RESTORE: Hardware resources for MPLS are restored.
Explanation	Hardware resources for MPLS were restored.
Recommended action	No action is required.

MTLK messages

This section contains Monitor Link messages.

MTLK_UPLINK_STATUS_CHANGE

Message text	The uplink of monitor link group [UINT32] is [STRING].
Variable fields	$1: Monitor link group ID. $2: Monitor Link group status, up or down.
Severity level	6
Example	MTLK/6/MTLK_UPLINK_STATUS_CHANGE: The uplink of monitor link group 1 is up.
Explanation	The uplink of a monitor link group went up or down.
Recommended action	Troubleshoot the uplink when it fails.

ND messages

This section contains ND messages.

ND_COMMONPROXY_ENABLE_FAILED

Message text	Failed to enable common ND proxy on interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	ND/4/ND_COMMONPROXY_ENABLE_FAILED: -MDC=1-Slot=2; Failed to enable common ND proxy on interface Vlan-interface 1.
Explanation	Failed to enable common ND proxy on an interface on the card.
Recommended action	1. Verify that the card supports common ND proxy. 2. Make sure the device has sufficient hardware resources.

ND_CONFLICT

Message text	[STRING] is inconsistent.
Variable fields	$1: Configuration type: ¡ M_FLAG. ¡ O_FLAG. ¡ CUR_HOP_LIMIT. ¡ REACHABLE TIME. ¡ NS INTERVAL. ¡ MTU. ¡ PREFIX VALID TIME. ¡ PREFIX PREFERRED TIME.
Severity level	6
Example	ND/6/ND_CONFLICT: PREFIX VALID TIME is inconsistent
Explanation	The configuration information in the received router advertisement was not consistent with the configuration on the device. A message is sent if an inconsistency is detected.
Recommended action	Verify that the configurations on the device and the neighboring router are consistent.

ND_DUPADDR

Message text	Duplicate address: [STRING] on the interface [STRING].
Variable fields	$1: IPv6 address that is to be assigned to the interface. $2: Name of the interface.
Severity level	6
Example	ND/6/ND_DUPADDR: Duplicate address: 33::8 on interface Vlan-interface9.
Explanation	The IPv6 address that was to be assigned to the interface is being used by another device.
Recommended action	Assign another IPv6 address to the interface.

ND_ENTRY_ENOUGHRESOURCE

Message text	Issued the software entry to the driver for IPv6 address [STRING] on VPN instance [STRING]. Issued the software entry to the driver for IPv6 address [STRING] on the public network.
Variable fields	$1: IPv6 address. $2: VPN instance name. If the ND entry belongs to the public network, this field is not displayed.
Severity level	6
Example	ND/6/ND_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv6 address 10::1 on VPN instance vpn_1. ND/6/ND_ENTRY_ENOUGHRESOURCE: Issued the software entry to the driver for IPv6 address 10::2 on the public network.
Explanation	After ND entry consistency check is enabled by using the ipv6 nd consistency-check enable command, a log is output when ND successfully refreshes hardware entries according to software entries.
Recommended action	No action is required.

ND_ENTRY_INCONSISTENT

Message text	Inconsistent software and hardware ND entries for IPv6 address [STRING] on VPN instance [STRING]. Inconsistent parameters: [STRING]. Inconsistent software and hardware ND entries for IPv6 address [STRING] on the public network. Inconsistent parameters: [STRING].
Variable fields	$1: IPv6 address. $2: VPN instance name. If the ND entry belongs to the public network, this field is not displayed. $3: Inconsistent items: ¡ MAC address. ¡ output interface. ¡ output port. ¡ outermost layer VLAN ID. ¡ second outermost layer VLAN ID. ¡ VSI index. ¡ link ID.
Severity level	6
Example	ND/6/ND _ENTRY_INCONSISTENT: Inconsistent software and hardware ND entries for IPv6 address 10::1 on VPN instance vpn_1. Inconsistent parameters: MAC address, output port, VSI index, and link ID. ND/6/ND_ENTRY_INCONSISTENT: Inconsistent software and hardware ND entries for IPv6 address 10::2 on the public network. Inconsistent parameters: MAC address, output port, VSI index, and link ID.
Explanation	After ND entry consistency check is enabled by using the ipv6 nd consistency-check enable command, a log is output when the device detects an inconsistency between software and hardware entries (for example, inconsistent output interface).
Recommended action	No action is required. ND automatically refreshes the hardware entries.

ND_ENTRY_NORESOURCE

Message text	Not enough hardware resources to issue the software entry to the driver for IPv6 address [STRING] on VPN instance [STRING]. Not enough hardware resources to issue the software entry to the driver for IPv6 address [STRING] on the public network.
Variable fields	$1: IPv6 address. $2: VPN instance name. If the ND entry belongs to the public network, this field is not displayed.
Severity level	6
Example	ND/6/ND_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv6 address 10::1 on VPN instance vpn_1. ND/6/ND_ENTRY_NORESOURCE: Not enough hardware resources to issue the software entry to the driver for IPv6 address 10::2 on the public network.
Explanation	After ND entry consistency check is enabled by using the ipv6 nd consistency-check enable command, a log is output when the device does not have sufficient hardware resources to deploy software entries to the driver.
Recommended action	No action is required. ND automatically refreshes the hardware entries.

ND_HOST_IP_CONFLICT

Message text	The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IPv6 address as the host connected to interface [STRING].
Variable fields	$1: IPv6 global unicast address of the host. $2: Name of the interface. $3: Name of the interface.
Severity level	4
Example	ND/4/ND_HOST_IP_CONFLICT: The host 2::2 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IPv6 address as the host connected to interface GigabitEthernet1/0/1.
Explanation	The IPv6 global unicast address of the host is being used by another host that connects to the same interface.
Recommended action	Disconnect the host and assign another IPv6 global unicast address to the host.

ND_LOCALPROXY_ENABLE_FAILED

Message text	Failed to enable local ND proxy on interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	ND/4/ND_LOCALPROXY_ENABLE_FAILED: -MDC=1-Slot=2; Failed to enable local ND proxy on interface Vlan-interface 1.
Explanation	Failed to enable local ND proxy on an interface on the card.
Recommended action	1. Verify that the card supports local ND proxy. 2. Make sure the device has sufficient hardware resources.

ND_MAC_CHECK

Message text	Packet received on interface [STRING] was dropped because source MAC [STRING] was inconsistent with link-layer address [STRING].
Variable fields	$1: Receiving interface of the ND packet. $2: Source MAC address in the Ethernet frame header of the ND packet. $3: Source link-layer address in the ND packet.
Severity level	6
Example	ND/6/ND_MAC_CHECK: Packet received on interface Ethernet2/0/2 was dropped because source MAC 0002-0002-0001 was inconsistent with link-layer address 0002-0002-0002.
Explanation	The device dropped an ND packet because source MAC consistency check detected that the source MAC address and the source link-layer address in the packet are inconsistent.
Recommended action	Verify the validity of the ND packet originator.

ND_NETWORKROUTE_DUPLICATE

Message text	Prefix [STRING] of the IPv6 ND network route matches different ports: [STRING] and [STRING].
Variable fields	$1: IPv6 address prefix. $2: Interface name. $3: Interface name.
Severity level	5
Example	ND/5/ND_NETWORKROUTE_DUPLICATE: Prefix 120::/70 of the IPv6 ND network route matches different ports: GigabitEthernet1/0/1 and GigabitEthernet1/0/2.
Explanation	This message is sent when a network route is generated for different ND entries of neighbors in the same VLAN but connected to different Layer 2 ports.
Recommended action	Modify the network configuration.

ND_RAGUARD_DROP

Message text	Dropped RA messages with the source IPv6 address [STRING] on interface [STRING]. [STRING] messages dropped in total on the interface.
Variable fields	$1: IPv6 source IP address of the dropped RA messages. $2: Interface name on which the RA messages are dropped. $3: Total number of dropped RA messages on the interface.
Severity level	4
Example	ND/4/ND_RAGUARD_DROP: Dropped RA messages with the source IPv6 address FE80::20 on interface GigabitEthernet1/0/1. 20 RA messages dropped in total on the interface.
Explanation	RA guard dropped RA messages and displayed the information when RA guard detected an attack.
Recommended action	Verify the validity of the RA message originator.

ND_SET_PORT_TRUST_NORESOURCE

Message text	Not enough resources to complete the operation.
Variable fields	N/A
Severity level	6
Example	ND/6/ND_SET_PORT_TRUST_NORESOURCE: Not enough resources to complete the operation.
Explanation	Failed to execute the command because driver resources were not enough.
Recommended action	Release the driver resources and execute the command again.

ND_SET_VLAN_REDIRECT_NORESOURCE

Message text	Not enough resources to complete the operation.
Variable fields	N/A
Severity level	6
Example	ND/6/ND_SET_VLAN_REDIRECT_NORESOURCE: Not enough resources to complete the operation.
Explanation	Failed to execute the command because driver resources were not enough.
Recommended action	Release the driver resources and execute the command again.

ND_USER_DUPLICATE_IPV6ADDR

Message text	Detected a user IPv6 address conflict. New user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] and old user (MAC [STRING], SVLAN [STRING], CVLAN [STRING]) on interface [STRING] were using the same IPv6 address [IPV6ADDR].
Variable fields	$1: MAC address of the new user. $2: SVLAN of the new user. $3: CVLAN of the new user. $4: Name of the interface connected to the new user. $5: MAC address of the old user. $6: SVLAN of the old user. $7: CVLAN of the old user. $8: Name of the interface connected to the old user. $9: IPv6 address of the user.
Severity level	6
Example	ND/6/ND_USER_DUPLICATE_IPV6ADDR: Detected a user IPv6 address conflict. New user (MAC 0010-2100-01e1, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 and old user (MAC 0120-1e00-0102, SVLAN 100, CVLAN 10) on interface GigabitEthernet1/0/1 were using the same IPv6 address 10::1.
Explanation	This message is sent when ND detects an IPv6 address conflict.
Recommended action	Examine IPv6 addresses of all endpoint users, locate the address conflict reason, and take actions to remove the conflict.

ND_USER_MOVE

Message text	Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) moved to another interface. Before user move: interface [STRING], SVLAN [STRING], CVLAN [STRING]. After user move: interface [STRING], SVLAN [STRING], CVLAN [STRING].
Variable fields	$1: IPv6 address of the user. $2: MAC address of the user. $3: Interface name before the migration. $4: Old SVLAN of the user. $5: Old CVLAN of the user. $6: Interface name after the migration. $7: New SVLAN of the user. $8: New CVLAN of the user.
Severity level	6
Example	ND/6/ND_USER_MOVE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) moved to another interface. Before user move: interface GigabitEthernet1/0/1, SVLAN 100, CVLAN 20. After user move: interface GigabitEthernet1/0/2, SVLAN 100, CVLAN 10.
Explanation	This message is sent when ND detects that a user accesses the network through another port.
Recommended action	Execute the display ipv6 nd user-move record command to verify that the migration is valid.

ND_USER_OFFLINE

Message text	Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) was offline from interface [STRING].
Variable fields	$1: IPv6 address of the offline user. $2: MAC address of the offline user. $3: Name of the interface connected to the offline user.
Severity level	6
Example	ND/6/ND_USER_OFFLINE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) was offline from interface GigabitEthernet1/0/1.
Explanation	This message is sent when ND detects a user offline event.
Recommended action	No action is required.

ND_USER_ONLINE

Message text	Detected a user (IPv6 address [IPV6ADDR], MAC address [STRING]) was online on interface [STRING].
Variable fields	$1: IPv6 address of the online user. $2: MAC address of the online user. $3: Name of the interface connected to the online user.
Severity level	6
Example	ND/6/ND_USER_ONLINE: Detected a user (IPv6 address 10::1, MAC address 0010-2100-01e1) was online on interface GigabitEthernet1/0/1.
Explanation	This message is sent when ND detects a user online event.
Recommended action	Verify the validity of the online user.

NETCONF messages

This section contains NETCONF messages.

CLI

Message text	User ([STRING], [STRING][STRING]) performed an CLI operation: [STRING] operation result=[STRING][STRING]
Variable fields	$1: Username or user line type. · If scheme login authentication was performed for the user, this field displays the username. · If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. · For a Telnet or SSH user, this field displays the IP address of the user. · For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed for Web and RESTful sessions. $4: Message ID of the NETCONF request. This field is not displayed for Web and RESTful sessions. $5: Operation result, Succeeded or Failed. $6: Cause for an operation failure. This field is displayed only if the failure is caused by a known reason.
Severity level	6
Example	XMLSOAP/6/CLI: -MDC=1; User (test, 169.254.5.222, session ID=1) performed an CLI operation: message ID=101, operation result=Succeeded.
Explanation	After a CLI command is executed by using NETCONF, the device outputs this message to show the operation result.
Recommended action	No action is required.

EDIT-CONFIG

Message text	User ([STRING], [STRING][STRING])[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. No attributes. Or: User ([STRING], [STRING],[STRING]),[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. Attributes: [STRING].
Variable fields	$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as CON0. $3: ID of the NETCONF session. This field is not displayed if the session does not have a session ID. $4: Message ID of the NETCONF request. This field is not displayed if the request does not have a message ID. $5: Name of a NETCONF row operation. $6: Module name and table name. $7: Index information. If there are multiple indexes, this field uses a comma as the delimiter. This field is displayed only when there are indexes. $8: Operation result, Succeeded or Failed. $9: Attribute column information. This field is displayed only when the operation configures an attribute column.
Severity level	6
Example	XMLSOAP/6/EDIT-CONFIG: User (test, 192.168.100.20, session ID 1), message ID=1, operation=create Ifmgr/Interfaces (IfIndex="GigabitEthernet1/0/1"), result=Succeeded. Attributes: Description="This is Desc1", AdminDown=1, Speed=1.
Explanation	The device outputs this log message for each row operation for an <action> or <edit-config> operation.
Recommended action	No action is required.

NETCONF_MSG_DEL

Message text	A NETCONF message was dropped. Reason: Packet size exceeded the upper limit.
Variable fields	N/A
Severity level	7
Example	NETCONF/7/NETCONF_MSG_DEL: A NETCONF message was dropped. Reason: Packet size exceeded the upper limit.
Explanation	The system dropped a NETCONF request message that was received from a NETCONF over SSH client or at the XML view. The reason is that the message size exceeded the upper limit.
Recommended action	1. Reduce the size of the request message. For example, delete blank spaces, carriage returns, and tab characters. 2. Contact the technical support to segment the request message and then re-encapsulate them before sending them to the device.

THREAD

Message text	Maximum number of NETCONF threads already reached.
Variable fields	N/A
Severity level	3
Example	XMLCFG/3/THREAD: -MDC=1; Maximum number of NETCONF threads already reached.
Explanation	The number of NETCONF threads already reached the upper limit.
Recommended action	Please try again later.

NQA messages

This section contains NQA messages.

NQA_LOG_UNREACHABLE

Message text	Server [STRING] unreachable.
Variable fields	$1: IP address of the NQA server.
Severity level	6
Example	NQA/6/NQA_LOG_UNREACHABLE: Server 192.168.30.117 unreachable.
Explanation	An unreachable server was detected.
Recommended action	Check the network environment.

NTP messages

This section contains NTP messages.

NTP_CLOCK_CHANGE

Message text	System clock changed from [STRING] to [STRING], the NTP server's IP address is [STRING].
Variable fields	$1: Time before synchronization. $2: Time after synchronization. $3: IP address.
Severity level	5
Example	NTP/5/NTP_CLOCK_CHANGE: System clock changed from 02:12:58 12/28/2012 to 02:29:12 12/28/2012, the NTP server's IP address is 192.168.30.116.
Explanation	The NTP client has synchronized its time to the NTP server.
Recommended action	No action is required.

NTP_LEAP_CHANGE

Message text	System Leap Indicator changed from [UINT32] to [UINT32] after clock update.
Variable fields	$1: Original Leap Indicator. $2: Current Leap Indicator.
Severity level	5
Example	NTP/5/NTP_LEAP_CHANGE: System Leap Indicator changed from 00 to 01 after clock update.
Explanation	The system Leap Indicator changed. For example, the NTP status changed from unsynchronized to synchronized. NTP Leap Indicator is a two-bit code warning of an impending leap second to be inserted in the NTP timescale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rolloverinterval) in the day of insertion to be increased or decreased by one.
Recommended action	No action is required.

NTP_SOURCE_CHANGE

Message text	NTP server's IP address changed from [STRING] to [STRING].
Variable fields	$1: IP address of the original time source. $2: IP address of the new time source.
Severity level	5
Example	NTP/5/NTP_SOURCE_CHANGE: NTP server's IP address changed from 1.1.1.1 to 1.1.1.2.
Explanation	The system changed the time source.
Recommended action	No action is required.

NTP_SOURCE_LOST

Message text	Lost synchronization with NTP server with IP address [STRING].
Variable fields	$1: IP address.
Severity level	5
Example	NTP/5/NTP_SOURCE_LOST: Lost synchronization with NTP server with IP address 1.1.1.1.
Explanation	The clock source of the NTP association is in unsynchronized state or it is unreachable.
Recommended action	1. Verify the NTP server and network connection. 2. For NTP server failures: ¡ Use the ntp-service unicast-server command to specify a new NTP server. ¡ Use the ntp-service multicast-client command to configure the device to operate in NTP multicast client mode and receive NTP multicast packets from a new NTP server. 3. If the problem persists, contract H3C Support.

NTP_STRATUM_CHANGE

Message text	System stratum changed from [UINT32] to [UINT32] after clock update.
Variable fields	$1: Original stratum. $2: Current stratum.
Severity level	5
Example	NTP/5/NTP_STRATUM_CHANGE: System stratum changed from 6 to 5 after clock update.
Explanation	System stratum has changed.
Recommended action	No action is required.

OAP messages

This section contains OAP messages.

OAP_CLIENT_DEREG

Message text	OAP client [UINT32] on interface [STRING] deregistered.
Variable fields	$1: Client ID. $2: Interface type and name.
Severity level	5
Example	OAP/5/OAP_CLIENT_DEREG: OAP client 1 on interface GigabitEthernet1/0/24 deregistered.
Explanation	The OAP client on an interface deregistered.
Recommended action	Check the login information of the OAP client.

OAP_CLIENT_TIMEOUT

Message text	OAP client [UINT32] on interface [STRING] timed out.
Variable fields	$1: Client ID. $2: Interface type and name.
Severity level	4
Example	OAP/4/OAP_CLIENT_TIMEOUT: OAP client 1 on interface GigabitEthernet1/0/24 timed out.
Explanation	The OAP client on an interface was timed out.
Recommended action	Verify that the link is up.

OBJP messages

This section contains object policy messages.

OBJP_ACCELERATE_NO_RES

Message text	Failed to accelerate [STRING] object-policy [STRING]. The resources are insufficient.
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_ACCELERATE_NO_RES: Failed to accelerate IPv6 object-policy a. The resources are insufficient.
Explanation	Object policy acceleration failed because of insufficient hardware resources.
Recommended action	Delete unnecessary rules or disable acceleration for other object policies to release hardware resources.

OBJP_ACCELERATE_NOT_SUPPORT

Message text	Failed to accelerate [STRING] object-policy [STRING]. The operation is not supported.
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 object-policy a. The operation is not supported.
Explanation	Object policy acceleration failed because the system did not support acceleration.
Recommended action	No action is required.

OBJP_ACCELERATE_UNK_ERR

Message text	Failed to accelerate [STRING] object-policy [STRING].
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 object-policy a.
Explanation	Object policy acceleration failed because of a system failure.
Recommended action	No action is required.

OFP messages

This section contains OpenFlow messages.

OFP_ACTIVE

Message text	Activate openflow instance [UINT16].
Variable fields	$1: Instance ID.
Severity level	5
Example	OFP/5/OFP_ACTIVE: Activate openflow instance 1.
Explanation	A command is received from comsh to activate an OpenFlow instance.
Recommended action	No action is required.

OFP_ACTIVE_FAILED

Message text	Failed to activate instance [UINT16].
Variable fields	$1: Instance ID.
Severity level	4
Example	OFP/4/OFP_ACTIVE_FAILED: Failed to activate instance 1.
Explanation	An OpenFlow instance cannot be activated.
Recommended action	No action is required.

OFP_CONNECT

Message text	Openflow instance [UINT16], controller [CHAR] is [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Connection status: connected or disconnected.
Severity level	5
Example	OFP/5/OFP_CONNECT: Openflow instance 1, controller 0 is connected.
Explanation	The connection status with a controller is changed in an OpenFlow instance.
Recommended action	No action is required.

OFP_FAIL_OPEN

Message text	Openflow instance [UINT16] is in fail [STRING] mode.
Variable fields	$1: Instance ID. $2: Connection interruption mode: secure or standalone.
Severity level	5
Example	OFP/5/OFP_FAIL_OPEN: Openflow instance 1 is in fail secure mode.
Explanation	An activated instance cannot connect to any controller or is disconnected from all controllers. The connection interrupt mode is also displayed.
Recommended action	No action is required.

OFP_FLOW_ADD

Message text	Openflow instance [UINT16] controller [CHAR]: add flow entry [UINT32], xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: XID. $5: Cookie of the flow entry. $6: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD: Openflow instance 1 controller 0: add flow entry 1, xid 0x1, cookie 0x0, table id 0.
Explanation	A flow entry is to be added to a flow table, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_ADD_ARP_FAILED

Message text	Failed to add OpenFlow ARP entry: IPAddr=[STRING], OutIfIndex=[UINT32], MACAddr=[STRING].
Variable fields	$1: IP address in an OpenFlow ARP entry. $2: Index of the outgoing interface in the OpenFlow ARP entry. $3: MAC address in the OpenFlow ARP entry.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD_ARP_FAILED: Failed to add OpenFlow ARP entry: IPAddr=102.0.1.1, OutIfIndex=605, MACAddr=0002-0300-0002.
Explanation	Failed to add an OpenFlow ARP entry.
Recommended action	Contact the technical support.

OFP_FLOW_ADD_BUSY

Message text	The device is busy adding a large number of OpenFlow entries. Please do not reboot the active MPU.
Variable fields	N/A
Severity level	5
Example	OFP/5/OFP_FLOW_ADD_BUSY: The device is busy adding a large number of OpenFlow entries. Please do not reboot the active MPU.
Explanation	The device is busing adding a large number of OpenFlow entries. As a best practice to prevent standby MPUs from rebooting twice, do not reboot the active MPU.
Recommended action	Make sure the active MPU will not be rebooted.

OFP_FLOW_ADD_BUSY_RECOVER

Message text	Finished adding a large number of OpenFlow entries.
Variable fields	N/A
Severity level	5
Example	OFP/5/OFP_FLOW_ADD_BUSY_RECOVER: Finished adding a large number of OpenFlow entries.
Explanation	The OpenFlow controller has finished adding a large number of OpenFlow entries to the device. The device is not busy any longer.
Recommended action	No action is required.

OFP_FLOW_ADD_DUP

Message text	Openflow instance [UINT16] controller [CHAR]: add duplicate flow entry [UINT32], xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: XID. $5: Cookie. $6: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD_DUP: Openflow instance 1 controller 0: add duplicate flow entry 1, xid 0x1, cookie 0x1, table id 0.
Explanation	A duplicate flow entry was added.
Recommended action	No action is required.

OFP_FLOW_ADD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add flow entry [UINT32],table id [CHAR],because of insufficient resources.
Variable fields	$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_ADD_FAILED: Openflow instance 1 controller 0: failed to add flow entry 641,table id 0,because of insufficient resources.
Explanation	A flow entry failed to be added because of insufficient resources.
Recommended action	Contact the technical support.

OFP_FLOW_ADD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add flow entry [UINT32], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_ADD_FAILED: Openflow instance 1 controller 0: failed to add flow entry1, table id 0.
Explanation	Failed to add a flow entry.
Recommended action	Contact the technical support.

OFP_FLOW_ADD_ND_FAILED

Message text	Failed to add OpenFlow ND entry: IPv6Addr=[STRING], OutIfIndex=[UINT32], MACAddr=[STRING].
Variable fields	$1: IPv6 address in an OpenFlow ND entry. $2: Index of the outgoing interface in the OpenFlow ND entry. $3: MAC address in the OpenFlow ND entry.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD_ND_FAILED: Failed to add OpenFlow ND entry: IPv6Addr=1:1::1:1, OutIfIndex=5, MACAddr=1-1-1.
Explanation	Failed to add an OpenFlow ND entry.
Recommended action	Contact the technical support.

OFP_FLOW_ADD_TABLE_MISS

Message text	Openflow instance [UINT16] controller [CHAR]: add table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD_TABLE_MISS: Openflow instance 1 controller 0: add table miss flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A table-miss flow entry is to be added to a flow table, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_ADD_TABLE_MISS_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add table miss flow entry, table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_ADD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to add table miss flow entry, table id 0.
Explanation	Failed to add a table-miss flow entry.
Recommended action	No action is required.

OFP_FLOW_DEL

Message text	Openflow instance [UINT16] controller [CHAR]: delete flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL: Openflow instance 1 controller 0: delete flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of flow entries are to be deleted, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_DEL_L2VPN_DISABLE

Message text	[UINT32] flow entries in table [UINT8] of instance [UINT16] were deleted because L2VPN was disabled.
Variable fields	$1: Total number of deleted flow entries. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL_L2VPN_DISABLE: 2 flow entries in table 1 of instance 1 were deleted because L2VPN was disabled.
Explanation	Multiple OpenFlow flow entries were deleted because L2VPN was disabled.
Recommended action	No action is required.

OFP_FLOW_DEL_TABLE_MISS

Message text	Openflow instance [UINT16] controller [CHAR]: delete table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL_TABLE_MISS: Openflow instance 1 controller 0: delete table miss flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of table-misses flow entries are to be deleted, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_DEL_TABLE_MISS_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to delete table miss flow entry, table id [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_DEL_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to delete table miss flow entry, table id 0.
Explanation	Failed to delete a table-miss flow entry.
Recommended action	No action is required.

OFP_FLOW_DEL_VXLAN_DEL

Message text	[UINT32] flow entries in table [UINT8] of instance [UINT16] were deleted because a tunnel (ifindex [UINT32]) in VXLAN [UINT32] was deleted.
Variable fields	$1: Total number of deleted flow entries. $2: Table ID. $3: Instance ID. $4: Index of a tunnel interface. $5: VXLAN ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL_VXLAN_DEL: 2 flow entries in table 1 of instance 1 were deleted because a tunnel (ifindex 141) in VXLAN 1 was deleted.
Explanation	Multiple OpenFlow flow entries were deleted because a VXLAN tunnel was deleted.
Recommended action	No action is required.

OFP_FLOW_MOD

Message text	Openflow instance [UINT16] controller [CHAR]: modify flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_MOD: Openflow instance 1 controller 0: modify flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of flow entries are to be modified, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_MOD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify flow entry, table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_MOD_FAILED: Openflow instance 1 controller 0: failed to modify flow entry, table id 0.
Explanation	Failed to modify a flow entry.
Recommended action	The controller must retry to modify the flow entry. If the flow entry still cannot be modified, the controller will delete it.

OFP_FLOW_MOD_TABLE_MISS

Message text	Openflow instance [UINT16] controller [CHAR]: modify table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_MOD_TABLE_MISS: Openflow instance 1 controller 0: modify table miss flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of flow entries are to be modified, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_MOD_TABLE_MISS_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify table miss flow entry, table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_MOD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to modify table miss flow entry, table id 0.
Explanation	Failed to modify a table-miss flow entry.
Recommended action	The controller must retry to modify the table-miss flow entry. If the entry still cannot be modified, the controller will delete it.

OFP_FLOW_RMV_GROUP

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a group_mod message.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_GROUP: The flow entry 1 in table 0 of instance 1 was deleted with a group_mod message.
Explanation	A flow entry was deleted due to a group modification message.
Recommended action	No action is required.

OFP_FLOW_RMV_HARDTIME

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted because of a hard-time expiration.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_HARDTIME: The flow entry 1 in table 0 of instance 1 was deleted because of a hard-time expiration.
Explanation	A flow entry was deleted because of a hard time expiration.
Recommended action	No action is required.

OFP_FLOW_RMV_IDLETIME

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted because of an idle-time expiration.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_IDLETIME: The flow entry 1 in table 0 of instance 1 was deleted because of an idle-time expiration.
Explanation	A flow entry was deleted because of an idle time expiration.
Recommended action	No action is required.

OFP_FLOW_RMV_METER

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a meter_mod message.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_GROUP: The flow entry 1 in table 0 of instance1 was deleted with a meter_mod message.
Explanation	A flow entry was deleted due to a meter modification message.
Recommended action	No action is required.

OFP_FLOW_UPDATE_FAILED

Message text	OpenFlow instance [UINT16] table [CHAR]: failed to update or synchronize flow entry [UINT32].
Variable fields	$1: Instance ID. $2: Table ID. $3: Flow entry ID.
Severity level	4
Example	OFP/4/OFP_FLOW_SMOOTH_FAILED: OpenFlow instance 1 table 0: failed to update or synchronize flow entry 10000.
Explanation	When an active/standby switchover occurred, the new active MPU failed to update flow entries. When a new interface card was installed on the device, the interface card failed to synchronize flow entries from the MPUs. When a master/subordinate switchover occurred in an IRF fabric, the new master device failed to update flow entries. When new member devices joined an IRF fabric, the new member devices failed to synchronize flow entries from the master device.
Recommended action	Delete the flow entries that fail to be deployed.

OFP_GROUP_ADD

Message text	Openflow instance [UINT16] controller [CHAR]: add group [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_GROUP_ADD: Openflow instance 1 controller 0: add group 1, xid 0x1.
Explanation	A group entry is to be added to a group table, according to a group table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_GROUP_ADD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add group [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID.
Severity level	4
Example	OFP/4/OFP_GROUP_ADD_FAILED: Openflow Instance 1 controller 0: failed to add group 1.
Explanation	Failed to add a group entry.
Recommended action	Contact the technical support.

OFP_GROUP_DEL

Message text	Openflow instance [UINT16] controller [CHAR]: delete group [STRING], xid [HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_GROUP_DEL: Openflow instance 1 controller 0: delete group 1, xid 0x1.
Explanation	A group entry is to be deleted, according to a group table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_GROUP_MOD

Message text	Openflow instance [UINT16] controller [CHAR]: modify group [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_GROUP_MOD: Openflow instance 1 controller 0: modify group 1, xid 0x1.
Explanation	A group entry is to be modified, according to a group table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_GROUP_MOD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify group [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID.
Severity level	4
Example	OFP/4/OFP_GROUP_MOD_FAILED: Openflow instance 1 controller 0: failed to modify group 1.
Explanation	Failed to modify a group entry.
Recommended action	The controller must retry to modify the group. If the group still cannot be modified, the controller will delete it.

OFP_GROUP_REFRESH_FAILED

Message text	Openflow instance [STRING]:Failed to refresh group [STRING].
Variable fields	$1: Instance ID. $2: Group ID.
Severity level	4
Example	OFP/4/OFP_GROUP_REFRESH_FAILED: Openflow instance 1:Failed to refresh group 1.
Explanation	After the controller successfully deploys a group to the device, the interface information of some buckets in the group must be refreshed if interface cards are plugged or unplugged or interfaces are deleted or re-created on the device. However, the group fails to be refreshed because the hardware resources are insufficient or the device fails.
Recommended action	Contact the technical support.

OFP_GROUP_ROLLBACK_FAILED

Message text	Openflow instance [STRING]:Failed to roll back group [STRING].
Variable fields	$1: Instance ID. $2: Group ID.
Severity level	4
Example	OFP/4/OFP_GROUP_ROLLBACK_FAILED: Openflow instance 1:Failed to roll back group 1.
Explanation	When the controller fails to modify the group of the device, the device needs to roll the group back to the status before modification. However, rolling back the group fails because the hardware resources are insufficient or the device fails.
Recommended action	Contact the technical support.

OFP_METER_ADD

Message text	Openflow instance [UINT16] controller [CHAR]: add meter [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_METER_ADD: Openflow instance 1 controller 0: add meter 1, xid 0x1.
Explanation	A meter entry is to be added to a meter table.
Recommended action	No action is required.

OFP_METER_ADD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add meter [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID.
Severity level	4
Example	OFP/4/OFP_METER_ADD_FAILED: Openflow Instance 1 controller 0: failed to add meter 1.
Explanation	Failed to add a meter entry.
Recommended action	Contact the technical support.

OFP_METER_DEL

Message text	Openflow instance [UINT16] controller [CHAR]: delete meter [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_METER_DEL: Openflow instance 1 controller 0: delete meter 1, xid 0x1.
Explanation	A meter entry is to be deleted, according to a meter table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_METER_MOD

Message text	Openflow instance [UINT16] controller [CHAR]: modify meter [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_METER_MOD: Openflow Instance 1 controller 0: modify meter 1, xid 0x1.
Explanation	A meter entry is to be modified, according to a meter table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_METER_MOD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify meter [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID.
Severity level	4
Example	OFP/4/OFP_METER_MOD_FAILED: Openflow instance 1 controller 0: failed to modify meter 1.
Explanation	Failed to modify a meter entry.
Recommended action	The controller must retry to modify the meter entry. If the meter entry still cannot be modified, the controller will delete it.

OFP_MISS_RMV_GROUP

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a group_mod message.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_GROUP: The table-miss flow entry in table 0 of instance 1 was deleted with a group_mod message.
Explanation	The table-miss flow entry was deleted due to a group modification message.
Recommended action	No action is required.

OFP_MISS_RMV_HARDTIME

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted because of a hard-time expiration.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_HARDTIME: The table-miss flow entry in table 0 of instance 1 was deleted because of a hard-time expiration.
Explanation	The table-miss flow entry was deleted because of a hard time expiration.
Recommended action	No action is required.

OFP_MISS_RMV_IDLETIME

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted because of an idle-time expiration.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_IDLETIME: The table-miss flow entry in table 0 of instance 1 was deleted because of an idle-time expiration.
Explanation	The table-miss flow entry was deleted because of an idle time expiration.
Recommended action	No action is required.

OFP_MISS_RMV_METER

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a meter_mod message.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_METER: The table-miss flow entry in table 0 of instance 1 was deleted with a meter_mod message.
Explanation	The table-miss flow entry was deleted due to a meter modification message.
Recommended action	No action is required.

OFP_RADARDETECTION

Message text	inIfIndex = [UINT32], packageId = [UINT16], innerTTL = [CHAR], outerTTL = [CHAR].
Variable fields	$1: Index of the ingress port of the packet. $2: Packet identifier. $3: Time To Live value in the inner IP header of the packet. $4: Time To Live value in the outer IP header of the packet.
Severity level	5
Example	OFP/5/OFP_RADARDETECTION: inIfIndex = 1, packageId = 1, innerTTL = 128, outerTTL = 128.
Explanation	A packet used for radar detection or VM simulation was received.
Recommended action	No action is required.

PORT_MOD

Message text	Port modified. InstanceID =[UINT16], IfIndex =[UINT32], PortDown=[STRING], NoRecv=[STRING], NoFwd=[STRING], NoPktIn=[STRING], Speed=[STRING], Duplex=[STRING].
Variable fields	$1: Instance ID. $2: Interface index. $3: Whether to set the status of the interface to down: · NoChange—Does not change the status of the interface. · True—Sets the status of the interface to down. · False—Sets the status of the interface to up. $4: Whether to disable the interface from receiving packets: · NoChange—Does not change the setting of the interface. · True—Disables the interface from receiving packets. · False—Enables the interface to receive packets. $5: Whether to disable the interface from forwarding packets: · NoChange—Does not change the setting of the interface. · True—Disables the interface from forwarding packets. · False—Enables the interface to forward packets. $6: Whether to disable the interface from sending packets to the controller: · NoChange—Does not change the setting of the interface. · True—Disables the interface from sending packets to the controller. · False—Enables the interface to send packets to the controller. $7: Sets the speed of the interface. An empty field means that the interface speed is not set. The field has the following possible values: · Auto—Enables the interface to negotiate a speed with its peer. · Error—Sets the interface speed to an unsupported value. · 10M—Sets the interface speed to 10 Mbps. · 100M—Sets the interface speed to 100 Mbps. · 1G—Sets the interface speed to 1 Gbps. · 10G—Sets the interface speed to 10 Gbps. $8: Sets the duplex mode of the interface. An empty filed means that the duplex mode of the interface is not set. The field has the following possible values: · Full—Configures the interface to operate in full duplex mode. · Half—Configures the interface to operate in half duplex mode. · Auto—Configures the interface to negotiate the duplex mode with the peer. · Error—Configures the interface to operate in an unsupported duplex mode.
Severity level	5
Example	OFP/5/PORT_MOD: Port modified. InstanceID =1, IfIndex =2, PortDown=True, NoRecv=NoChange, NoFwd=NoChange, NoPktIn=NoChange, Speed=, Duplex=.
Explanation	The controller modified the settings of an interface in an OpenFlow instance.
Recommended action	No action is required.

OPENSRC (FreeRADIUS) messages

This section contains FreeRADIUS system log messages.

HUP event

Message text	[DATE] [TIME] radiusd[UINT32]: [STRING]
Variable fields	$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: HUP event description, as listed in Table 1.
Severity level	6
Example	OPENSRC/6/SYSLOG: Jan 1 01:14:04 radiusd[427]: Received HUP sign
Explanation	A HUP signal was received and the user configuration was reloaded for authentication, including the user name, password, authorization VLAN, authorization ACL, and user validity period. The HUP signal could be ignored if it arrived in less than 5 seconds since the last signal reception.
Recommended action	For the recommended action for each event, see Table 1.

Table 1 HUP events

HUP event	Explanation	Recommended action
Received HUP sign	A HUP signal was received.	No action is required.
Module: Reloaded module "files"	The module configuration file was reloaded.	No action is required.
HUP - Files loaded by a module have changed.	A HUP signal was received and the configuration file was reloaded.	No action is required.
Ignoring HUP (less than 5s since last one)	The HUP signal was ignored because it was less than 5 seconds since the last signal reception.	To immediately activate the new user configuration, use the radius-server activate command.

Process restart event

Message text	[DATE] [TIME] radiusd[UINT32]: [STRING]
Variable fields	$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: Process restart event description, as listed in Table 2.
Severity level	6
Example	OPENSRC/6/SYSLOG: Jan 1 02:00:02 radiusd[427]: Signalled to terminate
Explanation	The current process was terminated and restarted.
Recommended action	No action is required.

Table 2 Process restart events

Process restart event	Explanation
Signalled to terminate	A process termination signal was received.
Exiting normally	The process was closed.
Debugger not attached	Debugging was disabled for the process.
Loaded virtual server <default>	The virtual server was loaded.
Loaded virtual server inner-tunnel	The inner tunnel of the virtual server was loaded.
Loaded virtual server default	The default configuration of the virtual server was loaded.
Ready to process requests	Ready to process authentication packets.

Process start event

Message text	[DATE] [TIME] radiusd[UINT32]: [STRING]
Variable fields	$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: Process restart event description, as listed in Table 3.
Severity level	4
Example	OPENSRC/4/SYSLOG: Jan 1 02:00:03 radiusd[460]: [//etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
Explanation	The system loaded default filter options when the process started.
Recommended action	No action is required.

Table 3 Process start events

Process start event	Explanation
11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".	The default filter option FreeRADIUS-Response-Delay was checked in the specified file.
11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".	The default filter option FreeRADIUS-Response-Delay-USec was checked in the specified file.
Ignoring "sql" (see raddb/mods-available/README.rst)	SQL was ignored.
Ignoring "ldap" (see raddb/mods-available/README.rst)	LDAP was ignored.

User authentication

Message text	[DATE] [TIME] radiusd[UINT32]: ([UINT32]) [STRING]: [[STRING]] (from client [IPADDR] port [UINT32] cli [MAC])
Variable fields	$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: Log ID. $5: Authentication result. $6: User name. $7: RADIUS client IP address. $8: RADIUS client port number. $9: User's MAC address.
Severity level	5
Example	OPENSRC/5/SYSLOG: Jan 1 02:06:15 radiusd[460]: (0) Login OK: [test] (from client 7.7.7.7 port 33591297 cli 00-00-00-00-00-02)
Explanation	User authentication succeeded.
Recommended action	For the recommended action for each authentication result, see Table 4.

Table 4 Authentication results

Authentication result	Explanation	Recommended action
Login OK	Authentication succeeded or shared key mismatch occurred.	· If user authentication succeeded, no action is required. · If user authentication failed, verify that the RADIUS client and server use the same shared key. To set the shared key for the client, use the primary authentication command. To set the shared key for the server, use the radius-server client ip command.
Login incorrect (pap: Cleartext password does not match "known good" password)	Incorrect password for PAP authentication.	Provide the correct user password.
Login incorrect (chap: Password comparison failed: password is incorrect)	Incorrect password for CHAP authentication.	Provide the correct user password.
Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject)	User name mismatch occurred during PAP authentication, or the EAP authentication type was specified for an 802.1X user.	· If the user is unauthorized and should be ignored, no action is required. · If the user is new and should be authenticated, create a local user account for it by using the local-user command. · If a configuration error has occurred, modify the authentication type. For example, check the authentication type of 802.1X users by using the display dot1x command, and then modify the authentication type by using the authentication-method command.
Login incorrect (chap: &control:Cleartext-Password is required for authentication)	User name mismatch occurred during CHAP authentication.	· If the user is unauthorized and should be ignored, no action is required. · If the user is new and should be authenticated, create a local user account for it by using the local-user command.
Invalid user (expiration: Account expired at 'Jan 1 2013 02:19:00 UTC')	The user had expired.	· To ignore the expired user, no action is required. · To extend the validity, modify the expiration period of the local user by using the validity-datetime command.

Message text	[DATE] [TIME] radiusd[UINT32]: ([UINT32]) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [[STRING]] (from client [IPADDR] port [UINT32])
Variable fields	$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: Log ID. $5: User name. $6: RADIUS client IP address. $7: RADIUS client port number.
Severity level	5
Example	OPENSRC/5/SYSLOG: Jan 1 02:21:20 radiusd[460]: (16) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [ddd] (from client 7.7.7.7 port 0)
Explanation	Authentication requests of login users were not supported.
Recommended action	No action is required.

Message text	[DATE] [TIME] radiusd[UINT32]: Ignoring request to auth address * port 1812 bound to server default from unknown client [IPADDR] port [UINT32] proto udp
Variable fields	$1: Date in month abbreviation and day format. $2: Time in hh:mm:ss format. $3: FreeRADIUS process ID. $4: RADIUS client IP address. $5: RADIUS client port number.
Severity level	3
Example	OPENSRC/3/SYSLOG: Jan 1 02:31:05 radiusd[548]: Ignoring request to auth address * port 1812 bound to server default from unknown client 7.7.7.7 port 11969 proto udp
Explanation	The authentication request was sent from an unknown client and was ignored.
Recommended action	· If the client cannot be trusted, no action is required. · If the client is new and safe, add the RADIUS client configuration by using the radius-server client command.

OPTMOD messages

This section contains transceiver module messages.

BIAS_HIGH

Message text	[STRING]: Bias current is high.
Variable fields	$1: Interface type and number.
Severity level	2
Example	OPTMOD/2/BIAS_HIGH: GigabitEthernet1/0/1: Bias current is high.
Explanation	The bias current of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high bias current alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

BIAS_LOW

Message text	[STRING]: Bias current is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/BIAS_LOW: GigabitEthernet1/0/1: Bias current is low.
Explanation	The bias current of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low bias current alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

BIAS_NORMAL

Message text	[STRING]: Bias current is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/BIAS_NORMAL: GigabitEthernet1/0/1: Bias current is normal.
Explanation	The bias current of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

CFG_ERR

Message text	[STRING]: Transceiver type and port configuration mismatched.
Variable fields	$1: Interface type and number.
Severity level	3
Example	OPTMOD/3/CFG_ERR: GigabitEthernet1/0/1: Transceiver type and port configuration mismatched.
Explanation	The transceiver module type does not match the port configurations.
Recommended action	Check for the transceiver module type and the current port configurations. If they mismatch, replace the transceiver module or update the port configurations.

CHKSUM_ERR

Message text	[STRING]: Transceiver information checksum error.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/CHKSUM_ERR: GigabitEthernet1/0/1: Transceiver information checksum error .
Explanation	Checksum verification on the register information on the transceiver module failed.
Recommended action	Replace the transceiver module, or contact H3C Support.

FIBER_SFP MODULE_INVALID

Message text	[STRING]: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in [UINT32] days. Please replace it with a compatible one as soon as possible.
Variable fields	$1: Interface type and number. $2: Number of days that the transceiver module will be invalid.
Severity level	4
Example	OPTMOD/4/FIBER_SFPMODULE_INVALID: GigabitEthernet1/0/1: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in 3 days. Please replace it with a compatible one as soon as possible.
Explanation	The transceiver module is not compatible with the interface card.
Recommended action	Replace the transceiver module.

FIBER_SFPMODULE_NOWINVALID

Message text	[STRING]: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers.
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/FIBER_SFPMODULE_NOWINVALID: GigabitEthernet1/0/1: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers.
Explanation	The system does not support the transceiver module.
Recommended action	Replace the transceiver module.

IO_ERR

Message text	[STRING]: The transceiver information I/O failed.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/IO_ERR: GigabitEthernet1/0/1: The transceiver information I/O failed.
Explanation	The device failed to access the register information of the transceiver module.
Recommended action	Execute the display transceiver diagnosis interface and display transceiver alarm interface commands. If both commands fail to be executed, the transceiver module is faulty. Replace the transceiver module.

MOD_ALM_OFF

Message text	[STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: Fault type.
Severity level	5
Example	OPTMOD/5/MOD_ALM_OFF: GigabitEthernet1/0/1: Module_not_ready was removed..
Explanation	A fault was removed from the transceiver module.
Recommended action	No action is required.

MOD_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: Fault type.
Severity level	5
Example	OPTMOD/5/MOD_ALM_ON: GigabitEthernet1/0/1: Module_not_ready wasdetected.
Explanation	A fault was detected on the transceiver module.
Recommended action	1. Execute the display transceive alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module.

MODULE_IN

Message text	[STRING]: The transceiver is [STRING].
Variable fields	$1: Interface type and number. $2: Type of the transceiver module.
Severity level	4
Example	OPTMOD/4/MODULE_IN: GigabitEthernet1/0/1: The transceiver is 1000_BASE_T_AN_SFP.
Explanation	When a transceiver module is inserted, the OPTMOD module generates the message to display the transceiver module type.
Recommended action	No action is required.

MODULE_OUT

Message text	[STRING]: Transceiver absent.
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/MODULE_OUT: GigabitEthernet1/0/1: Transceiver absent.
Explanation	The transceiver module was removed.
Recommended action	No action is required.

OPTMOD_COUNTERFEIT_MODULE

Message text	The following transceiver you are using is suspected to be acounterfeit/pirated/unauthorized H3C transceiver, which might causecompatibility problems and expose your device to security threats. Pleasecontact H3C for further detection and verification promptly. [STRING]: Transceiver type [STRING], SN [STRING].
Variable fields	$1: Interface type and number. $2: Transceiver type. $3: Transceiver serial number.
Severity level	3
Example	OPTMOD/3/OPTMOD_COUNTERFEIT_MODULE: The following transceiver you are using is suspected to be acounterfeit/pirated/unauthorized H3C transceiver, which might causecompatibility problems and expose your device to security threats. Pleasecontact H3C for further detection and verification promptly. GigabitEthernet1/0/1: Transceiver type 1000_BASE_SX_SFP, SN 2013AYU0711103. GigabitEthernet1/0/2: Transceiver type 1000_BASE_SX_SFP, SN 2013AYU0711103.
Explanation	This log is generated when a probably counterfeited H3C transceiver module is detected. For a counterfeited H3C transceiver module, you cannot obtain any data from the display transceiver diagnosis command.
Recommended action	Please contact the technical support.

OPTMOD_MODULE_CHECK

Message text	An H3C transceiver is detected. Please go to the website www.h3c.com to verify its authenticity.
Variable fields	N/A
Severity level	6
Example	OPTMOD/6/OPTMOD_MODULE_CHECK: An H3C transceiver is detected. Please go to the website www.h3c.com to verify its authenticity.
Explanation	The log is generated when an H3C transceiver module is detected. It reminds the user to verify the authenticity of the transceiver module from the H3C website (www.h3c.com).
Recommended action	No action is required.

PHONY_MODULE

Message text	[STRING]: A non-H3C transceiver is detected. Please confirm the label of the transceiver. If there is an H3C Logo, it is suspected to be a counterfeit H3C transceiver. This transceiver is NOT sold by H3C. H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof!
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/PHONY_MODULE: GigabitEthernet1/0/1: A non-H3C transceiver is detected. Please confirm the label of the transceiver. If there is an H3C Logo, it is suspected to be a counterfeit H3C transceiver. This transceiver is NOT sold by H3C. H3C therefore shall NOT guarantee the normal function of the device or assume the maintenance responsibility thereof!
Explanation	This log is generated when a non-H3C transceiver module is detected.
Recommended action	Purchase and use genuine H3C transceiver modules for the device.

RX_ALM_OFF

Message text	STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: RX fault type.
Severity level	5
Example	OPTMOD/5/RX_ALM_OFF: GigabitEthernet1/0/1: RX_not_ready was removed.
Explanation	An RX fault was removed from the transceiver module.
Recommended action	No action is required.

RX_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: RX fault type.
Severity level	5
Example	OPTMOD/5/RX_ALM_ON: GigabitEthernet1/0/1: RX_not_ready was detected.
Explanation	An RX fault was detected on the transceiver module.
Recommended action	1. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module.

RX_POW_HIGH

Message text	[STRING]: RX power is high.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_HIGH: GigabitEthernet1/0/1: RX power is high.
Explanation	The RX power of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high RX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

RX_POW_LOW

Message text	[STRING]: RX power is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_LOW: GigabitEthernet1/0/1: RX power is low.
Explanation	The RX power of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low RX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

RX_POW_NORMAL

Message text	[STRING]: RX power is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_NORMAL: GigabitEthernet1/0/1: RX power is normal.
Explanation	The RX power of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TEMP_HIGH

Message text	[STRING]: Temperature is high.
Variable fields	$1: Interface type and number
Severity level	5
Example	OPTMOD/5/TEMP_HIGH: GigabitEthernet1/0/1: Temperature is high.
Explanation	The temperature of the transceiver module exceeded the high threshold.
Recommended action	1. Verify that the fan trays are operating correctly. ¡ If there are no fan trays, install fan trays. ¡ If the fan trays fail, replace the fan trays. 2. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to lower the temperature. 3. Replace the transceiver module.

TEMP_LOW

Message text	[STRING]: Temperature is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TEMP_LOW: GigabitEthernet1/0/1: Temperature is low.
Explanation	The temperature of the transceiver module went below the low threshold.
Recommended action	1. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to raise the temperature. 2. Replace the transceiver module.

TEMP_NORMAL

Message text	[STRING]: Temperature is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TEMP_NORMAL: GigabitEthernet1/0/1: Temperature is normal.
Explanation	The temperature of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TX_ALM_OFF

Message text	[STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: TX fault type.
Severity level	5
Example	OPTMOD/5/TX_ALM_OFF: GigabitEthernet1/0/1: TX_fault was removed.
Explanation	A TX fault was removed from the transceiver module.
Recommended action	No action is required.

TX_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: TX fault type.
Severity level	5
Example	OPTMOD/5/TX_ALM_ON: GigabitEthernet1/0/1: TX_fault was detected.
Explanation	A TX fault was detected on the transceiver module.
Recommended action	1. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 2. Replace the transceiver module.

TX_POW_HIGH

Message text	[STRING]: TX power is high.
Variable fields	$1: Interface type and number.
Severity level	2
Example	OPTMOD/2/TX_POW_HIGH: GigabitEthernet1/0/1: TX power is high.
Explanation	The TX power of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high TX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

TX_POW_LOW

Message text	[STRING]: TX power is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TX_POW_LOW: GigabitEthernet1/0/1: TX power is low.
Explanation	The TX power of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low TX power alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

TX_POW_NORMAL

Message text	[STRING]: TX power is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TX_POW_NORMAL: GigabitEthernet1/0/1: TX power is normal.
Explanation	The TX power of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TYPE_ERR

Message text	[STRING]: The transceiver type is not supported by port hardware.
Variable fields	$1: Interface type and number.
Severity level	3
Example	OPTMOD/3/TYPE_ERR: GigabitEthernet1/0/1: The transceiver type is not supported by port hardware.
Explanation	The transceiver module is not supported by the port.
Recommended action	Replace the transceiver module.

VOLT_HIGH

Message text	[STRING]: Voltage is high.
Variable fields	$1: Interface type and number
Severity level	5
Example	OPTMOD/5/VOLT_HIGH: GigabitEthernet1/0/1: Voltage is high.
Explanation	The voltage of the transceiver module exceeded the high threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module has exceeded the high threshold. 2. Execute the display transceiver alarm interface command to verify that a high voltage alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

VOLT_LOW

Message text	[STRING]: Voltage is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/VOLT_LOW: GigabitEthernet1/0/1: Voltage is low.
Explanation	The voltage of the transceiver module went below the low threshold.
Recommended action	1. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module is below the low threshold. 2. Execute the display transceiver alarm interface command to verify that a low voltage alarm for the transceiver module has been generated and not cleared. 3. Replace the transceiver module.

VOLT_NORMAL

Message text	[STRING]: Voltage is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/VOLT_NORMAL: GigabitEthernet1/0/1: Voltage is normal.
Explanation	The voltage of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

OSPF messages

This section contains OSPF messages.

OSPF_DUP_RTRID_NBR

Message text	OSPF [UINT16] Duplicate router ID [STRING] on interface [STRING], sourced from IP address [IPADDR].
Variable fields	$1: OSPF process ID. $2: Router ID. $3: Interface name. $4: IP address.
Severity level	6
Example	OSPF/6/OSPF_DUP_RTRID_NBR: OSPF 1 Duplicate router ID 11.11.11.11 on interface GigabitEthernet0/0/3, sourced from IP address 11.2.2.2.
Explanation	Two directly connected devices were configured with the same router ID.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_IP_CONFLICT_INTRA

Message text	OSPF [UINT16] Received newer self-originated network-LSAs. Possible conflict of IP address [IPADDR] in area [STRING] on interface [STRING].
Variable fields	$1: OSPF process ID. $2: IP address. $3: OSPF area ID. $4: Interface name.
Severity level	6
Example	OSPF/6/OSPF_IP_CONFLICT_INTRA: OSPF 1 Received newer self-originated network-LSAs. Possible conflict of IP address 11.1.1.1 in area 0.0.0.1 on interface GigabitEthernet0/0/3.
Explanation	The interfaces on two devices in the same OSPF area might have the same primary IP address. At least one of the devices is a DR.
Recommended action	Modify IP address configuration after you make sure no router ID conflict occurs in the same OSPF area.

OSPF_LAST_NBR_DOWN

Message text	OSPF [UINT32] Last neighbor down event: Router ID: [STRING] Local address: [STRING] Remote address: [STRING] Reason: [STRING]
Variable fields	$1: OSPF process ID. $2: Router ID. $3: Local IP address. $4: Neighbor IP address. $5: Reason.
Severity level	6
Example	OSPF/6/OSPF_LAST_NBR_DOWN: OSPF 1 Last neighbor down event: Router ID: 2.2.2.2 Local address: 10.1.1.1 Remote address: 10.1.1.2 Reason: Dead Interval timer expired.
Explanation	The device records the OSPF neighbor down event caused by a specific reason.
Recommended action	· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity.

OSPF_MEM_ALERT

Message text	OSPF Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	OSPF/5/OSPF_MEM_ALERT: OSPF Process received system memory alert start event.
Explanation	OSPF received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

OSPF_NBR_CHG

Message text	OSPF [UINT32] Neighbor [STRING] ([STRING]) changed from [STRING] to [STRING]
Variable fields	$1: OSPF process ID. $2: Neighbor router ID. $3: Interface name. $4: Old adjacency state. $5: New adjacency state.
Severity level	5
Example	OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 2.2.2.2 (Vlan-interface100) changed from Full to Down.
Explanation	The OSPF adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPF configuration errors and loss of network connectivity.

OSPF_RT_LMT

Message text	OSPF [UINT32] route limit reached.
Variable fields	$1: OSPF process ID.
Severity level	4
Example	OSPF/4/OSPF_RT_LMT: OSPF 1 route limit reached.
Explanation	The number of routes of an OSPF process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

OSPF_RTRID_CHG

Message text	OSPF [UINT32] New router ID elected, please restart OSPF if you want to make the new router ID take effect.
Variable fields	$1: OSPF process ID.
Severity level	5
Example	OSPF/5/OSPF_RTRID_CHG: OSPF 1 New router ID elected, please restart OSPF if you want to make the new router ID take effect.
Explanation	The OSPF router ID was changed because the user had changed the router ID or the interface IP address used as the router ID had changed.
Recommended action	Use the reset ospf process command to make the new router ID take effect.

OSPF_RTRID_CONFLICT_INTER

Message text	OSPF [UINT16] Received newer self-originated ase-LSAs. Possible conflict of router ID [STRING].
Variable fields	$1: OSPF process ID. $2: Router ID.
Severity level	6
Example	OSPF/6/OSPF_RTRID_CONFILICT_INTER: OSPF 1 Received newer self-originated ase-LSAs. Possible conflict of router ID 11.11.11.11.
Explanation	Two indirectly connected devices in the same OSPF area might have the same router ID. One of the devices is an ASBR.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_RTRID_CONFLICT_INTRA

Message text	OSPF [UINT16] Received newer self-originated router-LSAs. Possible conflict of router ID [STRING] in area [STRING].
Variable fields	$1: OSPF process ID. $2: Router ID. $3: OSPF area ID.
Severity level	6
Example	OSPF/6/OSPF_RTRID_CONFLICT_INTRA: OSPF 1 Received newer self-originated router-LSAs. Possible conflict of router ID 11.11.11.11 in area 0.0.0.1.
Explanation	Two indirectly connected devices in the same OSPF area might have the same router ID.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_VLINKID_CHG

Message text	OSPF [UINT32] Router ID changed, reconfigure Vlink on peer
Variable fields	$1: OSPF process ID.
Severity level	5
Example	OSPF/5/OSPF_VLINKID_CHG:OSPF 1 Router ID changed, reconfigure Vlink on peer
Explanation	A new OSPF router ID takes effect.
Recommended action	Check and modify the virtual link configuration on the peer router to match the new router ID.

OSPFV3 messages

This section contains OSPFv3 messages.

OSPFV3_LAST_NBR_DOWN

Message text	OSPFv3 [UINT32] Last neighbor down event: Router ID: [STRING] Local interface ID: [UINT32] Remote interface ID: [UINT32] Reason: [STRING].
Variable fields	$1: OSPFv3 process ID. $2: Router ID. $3: Local interface ID. $4: Remote interface ID. $5: Reason.
Severity level	6
Example	OSPFV3/6/OSPFV3_LAST_NBR_DOWN: OSPFv3 1 Last neighbor down event: Router ID: 2.2.2.2 Local interface ID: 1111 Remote interface ID: 2222 Reason: Dead Interval timer expired.
Explanation	The device records the OSPFv3 neighbor down event caused by a specific reason.
Recommended action	· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity.

OSPFV3_MEM_ALERT

Message text	OSPFV3 Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	OSPFV3/5/OSPFV3_MEM_ALERT: OSPFV3 Process received system memory alert start event.
Explanation	OSPFv3 received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

OSPFV3_NBR_CHG

Message text	OSPFv3 [UINT32] Neighbor [STRING] ([STRING]) received [STRING] and its state from [STRING] to [STRING].
Variable fields	$1: Process ID. $2: Neighbor router ID. $3: Interface name. $4: Neighbor event. $5: Old adjacency state. $6: New adjacency state.
Severity level	5
Example	OSPFV3/5/OSPFV3_NBR_CHG: OSPFv3 1 Neighbor 2.2.2.2 (Vlan100) received 1-Way and its state from Full to Init.
Explanation	The OSPFv3 adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPFv3 configuration errors and loss of network connectivity.

OSPFV3_RT_LMT

Message text	OSPFv3 [UINT32] route limit reached.
Variable fields	$1: Process ID.
Severity level	5
Example	OSPFV3/5/OSPFV3_RT_LMT:OSPFv3 1 route limit reached.
Explanation	The number of routes of an OSPFv3 process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

PBR messages

This section contains PBR messages.

PBR_HARDWARE_ERROR

Message text	Failed to update policy [STRING] due to [STRING].
Variable fields	$1: Policy name. $2: Hardware error reasons: · insufficient hardware resources. · unsupported operations. · insufficient hardware resources and unsupported operations.
Severity level	4
Example	PBR/4/PBR_HARDWARE_ERROR: Failed to update policy aaa due to insufficient hardware resources and not supported operations.
Explanation	The device failed to update PBR configuration.
Recommended action	Modify the PBR policy configuration according to the failure reason.

PCE messages

This section contains PCE messages.

PCE_PCEP_SESSION_CHG

Message text	Session ([STRING], [STRING]) is [STRING].
Variable fields	$1: Peer address of the session. $2: VPN instance name. Value unknown indicates that the VPN instance cannot be obtained. $3: State of the session, up or down. When the state is down, this field also displays the reason for the down state error. Possible reasons include: · TCP connection down. · received a close message. · reception of a malformed PCEP message. · internal error. · memory in critical state. · dead timer expired. · process deactivated. · remote peer unavailable/untriggered. · reception of an unacceptable number of unrecognized PCEP messages. · reception of an unacceptable number of unknown requests/replies. · PCE address changed. · initialization failed.
Severity level	5
Example	PCE/5/PCE_PCEP_SESSION_CHG: Session (22.22.22.2, public instance) is up. PCE/5/PCE_PCEP_SESSION_CHG: Session (22.22.22.2, public instance) is down (dead timer expired).
Explanation	The session state changed.
Recommended action	When the session state is up, no action is required. When the session state is down, verify the network and configuration according to the reason displayed.

PFILTER messages

This section contains packet filter messages.

PFILTER_GLB_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_GLB_ RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction globally. [STRING] ACL [UINT] has already been applied globally.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: ACL type. $5: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction globally. IPv6 ACL 3000 has already been applied globally.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction globally. · Updating the ACL applied to a specific direction globally.
Recommended action	Remove the ACL of the same type.

PFILTER_GLB_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_IF_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions because an unknown error: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_IF_RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of interface [STRING]. [STRING] ACL [UINT] has already been applied to the interface.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: Interface name. $5: ACL type. $6: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_IF_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of interface Ethernet 3/1/2. IPv6 ACL 3000 has already been applied to the interface.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of an interface. · Updating the ACL applied to a specific direction of an interface.
Recommended action	Remove the ACL of the same type.

PFILTER_IF_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING].
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IPV4_FLOW_INFO

Message text	ACL [STRING] [STRING] [STRING] rule [STRING] [STRING]
Variable fields	$1: ACL number or name. $2: Traffic direction. $3: Destination to which packet filter applies. $4: ID and content of an ACL rule. $5: Information about the first packet of a flow that matches the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV4_FLOW_INFO: ACL 3000 inbound Ethernet 3/1/2 rule 0 permit tcp 192.168.1.1(1024) -> 192.168.5.1(1024).
Explanation	This message is sent when the first packet of a flow matches an IPv4 advanced ACL rule for packet filtering. The rule has been configured with the flow-logging keyword.
Recommended action	No action is required.

PFILTER_IPV4_FLOW_STATIS

Message text	ACL [STRING] [STRING] rule [STRING] [STRING], [UINT64] packet(s).
Variable fields	$1: ACL number or name. $2: Traffic direction. $3: ID and content of an ACL rule. $4: Information about the first packet of a flow that matched the rule. $5: Number of packets that match the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV4_FLOWLOG_STATIS: ACL 3000 inbound rule 0 permit icmp 192.168.1.1(1024) -> 192.168.5.1(1024), 1000 packets.
Explanation	This message is sent at the logging interval. The rule has been configured with the flow-logging keyword.
Recommended action	No action is required.

PFILTER_IPV6_FLOW_INFO

Message text	IPv6 ACL [STRING] [STRING] [STRING] rule [STRING] [STRING]
Variable fields	$1: ACL number or name. $2: Traffic direction. $3: Destination to which packet filter applies. $4: ID and content of an ACL rule. $5: Information about the first packet of a flow that matches the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV6_FLOW_INFO: IPv6 ACL 3000 inbound Ethernet 3/1/2 rule 0 permit tcp 0:1020::200:0(0)->0:720::200:0(0).
Explanation	This message is sent when the first packet of a flow matches an IPv6 advanced ACL rule applied for packet filtering. The rule has been configured with the flow-logging keyword.
Recommended action	No action is required.

PFILTER_IPV6_FLOW_STATIS

Message text	IPv6 ACL [STRING] [STRING] rule [STRING] [STRING], [UINT64] packet(s).
Variable fields	$1: ACL number or name. $2: Traffic direction. $3: ID and content of an ACL rule. $4: Information about the first packet of a flow that matched the rule. $5: Number of packets that match the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV6_FLOWLOG_STATIS: IPv6 ACL 3000 rule 0 permit icmpv6 0:1020::200:0(0)->0:720::200:0(0), 1000 packets.
Explanation	This message is sent at the logging interval. The rule has been configured with the flow-logging keyword.
Recommended action	No action is required.

PFILTER_IPV6_STATIS_INFO

Message text	[STRING] ([STRING]): Packet-filter IPv6 [UINT32] [STRING] [STRING] [UINT64] packet(s).
Variable fields	$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number or name. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule.
Severity level	6
Example	PFILTER/6/PFILTER_IPV6_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter IPv6 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).
Explanation	This message is generated at the logging interval. The rule has been configured with the logging keyword.
Recommended action	No action is required.

PFILTER_MAC_FLOW_INFO

Message text	MAC ACL [STRING] [STRING] [STRING] rule [STRING] [STRING]
Variable fields	$1: ACL number or name. $2: Traffic direction. $3: Destination to which packet filter applies. $4: ID and content of an ACL rule. $5: Information about the first packet that matches the rule.
Severity level	6
Example	PFILTER/6/PFILTER_MAC_FLOW_INFO: MAC ACL 4000 inbound Ethernet 3/1/2 rule 0 permit 0800-2700-9000 -> 0CDA-411D-0676.
Explanation	This message is sent when the first packet matches an Layer 2 ACL rule for packet filtering.
Recommended action	No action is required.

PFILTER_STATIS_INFO

Message text	[STRING] ([STRING]): Packet-filter [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number or name. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule.
Severity level	6
Example	PFILTER/6/PFILTER_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	This message is sent at the logging interval.
Recommended action	No action is required.

PFILTER_VLAN_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_NOT_SUPPORT: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_VLAN_RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of VLAN [UINT16]. [STRING] ACL [UINT] has already been applied to the VLAN.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: VLAN ID. $5: ACL type. $6: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of VLAN 1. IPv6 ACL 3000 has already been applied to the VLAN.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of a VLAN. · Updating the ACL applied to a specific direction of a VLAN.
Recommended action	Remove the ACL of the same type.

PFILTER_VLAN_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_UNK_ERR: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	No action is required.

PIM messages

This section contains PIM messages.

PIM_NBR_DOWN

Message text	[STRING]: Neighbor [STRING] ([STRING]) is down.
Variable fields	$1: VPN instance name enclosed in parentheses (()). If the PIM neighbor belongs to the public network, this field is not displayed. $2: IP address of the PIM neighbor. $3: Interface name.
Severity level	5
Example	PIM/5/PIM_NBR_DOWN: Neighbor 10.1.1.1(Vlan-interface10) is down.
Explanation	A PIM neighbor went down.
Recommended action	Check the PIM configuration and network status.

PIM_NBR_UP

Message text	[STRING]: Neighbor [STRING] ([STRING]) is up.
Variable fields	$1: VPN instance name enclosed in parentheses (()). If the PIM neighbor belongs to the public network, this field is not displayed. $2: IP address of the PIM neighbor. $3: Interface name.
Severity level	5
Example	PIM/5/PIM_NBR_UP: Neighbor 10.1.1.1(Vlan-interface10) is up.
Explanation	A PIM neighbor came up.
Recommended action	No action is required.

PING messages

This section contains ping messages.

PING_STATISTICS

Message text	[STRING] statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms.
Variable fields	$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: Number of sent echo requests. $4: Number of received echo replies. $5: Percentage of the non-replied packets to the total request packets. $6: Minimum round-trip delay. $7: Average round-trip delay. $8: Maximum round-trip delay. $9: Standard deviation round-trip delay.
Severity level	6
Example	PING/6/PING_STATISTICS: Ping statistics for 192.168.0.115: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms.
Explanation	A user uses the ping command to identify whether a destination in the public network is reachable.
Recommended action	If there is no packet received, identify whether the interface is down.

PING_VPN_STATISTICS

Message text	[STRING] statistics for [STRING] in VPN instance [STRING] : [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms.
Variable fields	$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: VPN instance name. $4: Number of sent echo requests. $5: Number of received echo replies. $6: Percentage of the non-replied packets to the total request packets. $7: Minimum round-trip delay. $8: Average round-trip delay. $9: Maximum round-trip delay. $10: Standard deviation round-trip delay.
Severity level	6
Example	PING/6/PING_VPN_STATISTICS: Ping statistics for 192.168.0.115 in VPN instance vpn1: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms.
Explanation	A user uses the ping command to identify whether a destination in a private network is reachable.
Recommended action	If there is no packet received, identify whether the interface is down and identify whether a valid route exists in the routing table.

PKG messages

This section contains package management messages.

PKG_BOOTLOADER_FILE_FAILED

Message text	Failed to execute the boot-loader file command.
Variable fields	None
Severity level	5
Example	PKG/5/PKG_BOOTLOADER_FILE_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the boot-loader file command.
Explanation	A user executed the boot-loader file command, but the command failed.
Recommended action	Take actions as prompted by the command.

PKG_BOOTLOADER_FILE_SUCCESS

Message text	Executed the boot-loader file command successfully.
Variable fields	· None
Severity level	5
Example	PKG/5/PKG_BOOTLOADER_FILE_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the boot-loader file command successfully.
Explanation	A user executed the boot-loader file command successfully.
Recommended action	No action is required.

PKG_INSTALL_ACTIVATE_FAILED

Message text	Failed to execute the install activate command.
Variable fields	None
Severity level	5
Example	PKG/5/PKG_INSTALL_ACTIVATE_FAILED: -IPAddr=192.168.79.1-User=**; Failed to execute the install activate command.
Explanation	A user executed the install activate command, but the command failed.
Recommended action	Take actions as prompted by the command.

PKG_INSTALL_ACTIVATE_SUCCESS

Message text	Executed the install activate command successfully.
Variable fields	None
Severity level	5
Example	PKG/5/PKG_INSTALL_ACTIVATE_SUCCESS: -IPAddr=192.168.79.1-User=**; Executed the install activate command successfully.
Explanation	A user executed the install activate command successfully.
Recommended action	No action is required.

PKI messages

This section contains PKI messages.

GET_CERT_FROM_CA_SERVER_FAIL

Message text	Failed to get the CA or RA certificate from the CA server. Reason: [STRING].
Variable fields	$1: Failure reason: · Failed to get the source IP address of PKI protocol packets. · Failed to get the certificate chain. · Root CA not found in the certificate chain. · Failed to verify the CA/RA certificate chain (%s).
Severity level	5
Example	PKI/5/GET_CERT_FROM_CA_SERVER_FAIL: Failed to get the CA or RA certificate from the CA server. Reason: root CA not found in the certificate chain.
Explanation	Failed to get the CA or RA certificate from the CA server. The reason for the failure is displayed.
Recommended action	No action is required.

IMPORT_CERT_FAIL

Message text	Failed to import the certificate. Reason: [STRING].
Variable fields	$1: Failure reason: · Unable to get issuer certificate. · Unable to get certificate CRL. · Unable to decrypt CRL's signature. · Unable to decode issuer public key. · Certificate signature failure. · CRL signature failure. · Unable to decrypt certificate's signature. · Certificate is not yet valid. · Certificate has expired. · CRL is not yet valid. · CRL has expired. · Format error in certificate's notBefore field. · Format error in certificate's notAfter field. · Format error in CRL's lastUpdate field. · Format error in CRL's nextUpdate field. · Out of memory. · Self signed certificate. · Self signed certificate in certificate chain. · Unable to get local issuer certificate. · Unable to verify the first certificate. · Certificate chain too long. · Certificate revoked. · Invalid CA certificate. · Invalid non-CA certificate (has CA markings). · Path length constraint exceeded. · Proxy path length constraint exceeded. · Proxy certificates not allowed, please set the appropriate flag. · Unsupported certificate purpose. · Certificate not trusted. · Certificate rejected. · Application verification failure. · Subject issuer mismatch. · Authority and subject key identifier mismatch. · Authority and issuer serial number mismatch. · Key usage does not include certificate signing. · Unable to get CRL issuer certificate. · Unhandled critical extension. · Key usage does not include CRL signing. · Key usage does not include digital signature. · Unhandled critical CRL extension. · Invalid or inconsistent certificate extension. · Invalid or inconsistent certificate policy extension. · No explicit policy. · Different CRL scope. · Unsupported extension feature. · RFC 3779 resource not subset of parent's resources. · Permitted subtree violation. · Excluded subtree violation. · Name constraints minimum and maximum not supported. · Unsupported name constraint type. · CRL path validation error. · Unsupported or invalid name syntax. · Unsupported or invalid name constraint syntax. · Suite B: certificate version invalid. · Suite B: invalid public key algorithm. · Suite B: invalid ECC curve. · Suite B: invalid signature algorithm. · Suite B: curve not allowed for this LOS. · Suite B: cannot sign P-384 with P-256. · Hostname mismatch. · Email address mismatch. · IP address mismatch. · Invalid certificate verification context. · Issuer certificate lookup error. · proxy subject name violation.
Severity level	5
Example	PKI/5/IMPORT_CERT_FAIL: failed to import the certificate. Reason: invalid CA certificate.
Explanation	Failed to import a certificate. The reason for the failure is displayed.
Recommended action	No action is required.

REQUEST_CERT_FAIL

Message text	Failed to request certificate of domain [STRING].
Variable fields	$1: PKI domain name
Severity level	5
Example	PKI/5/REQUEST_CERT_FAIL: Failed to request certificate of domain abc.
Explanation	Failed to request certificate for a domain.
Recommended action	Check the configuration of the device and CA server, and the network between them.

REQUEST_CERT_SUCCESS

Message text	Request certificate of domain [STRING] successfully.
Variable fields	$1: PKI domain name
Severity level	5
Example	PKI/5/REQUEST_CERT_SUCCESS: Request certificate of domain abc successfully.
Explanation	Successfully requested certificate for a domain.
Recommended action	No action is required.

RETRIEVE_CRL_FAIL

Message text	Failed to retrieve the CRL. Reason: [STRING].
Variable fields	$1: Failure reason: · Certificate request URL is not configured. · No local certificate. · No RA certificate. · Type of certificate request reception authority is not configured. · Failed to get the source IP address of PKI protocol packets. · Local certificate and key mismatch. · Failed to get the encryption certificate. · Failed to get issuer name from CA certificate. · Failed to get serial number from CA certificate. · Failed to parse the URL. · Failed to get CRLs from reply. · Failed to get CRL data from the reply. · Unable to get local issuer certificate. · CRL signature failure. · Unable to decode issuer public key. · Format error in CRL's lastUpdate field. · CRL is not yet valid. · Format error in CRL's nextUpdate field. · CRL has expired. · Unable to get issuer certificate. · Failed to save the CRL to the device. · Unable to get certificate CRL. · Unable to decrypt CRL's signature.
Severity level	5
Example	PKI/5/RETRIEVE_CRL_FAIL: Failed to retrieve the CRL. Reason: CRL has expired.
Explanation	Failed to retrieve the CRL. The reason for the failure is displayed.
Recommended action	No action is required.

VALIDATE_CERT_FAIL

Message text	Failed to validate the certificate. Reason: [STRING].
Variable fields	$1: Failure reason: · Unable to get issuer certificate. · Unable to get certificate CRL. · Unable to decrypt CRL's signature. · Unable to decode issuer public key. · Certificate signature failure. · CRL signature failure. · Unable to decrypt certificate's signature. · Certificate is not yet valid. · Certificate has expired. · CRL is not yet valid. · CRL has expired. · Format error in certificate's notBefore field. · Format error in certificate's notAfter field. · Format error in CRL's lastUpdate field. · Format error in CRL's nextUpdate field. · Out of memory. · Self signed certificate. · Self signed certificate in certificate chain. · Unable to get local issuer certificate. · Unable to verify the first certificate. · Certificate chain too long. · Certificate revoked. · Invalid CA certificate. · Invalid non-CA certificate (has CA markings). · Path length constraint exceeded. · Proxy path length constraint exceeded. · Proxy certificates not allowed, please set the appropriate flag. · Unsupported certificate purpose. · Certificate not trusted. · Certificate rejected. · Application verification failure. · Subject issuer mismatch. · Authority and subject key identifier mismatch. · Authority and issuer serial number mismatch. · Key usage does not include certificate signing. · Unable to get CRL issuer certificate. · Unhandled critical extension. · Key usage does not include CRL signing. · Key usage does not include digital signature. · Unhandled critical CRL extension. · Invalid or inconsistent certificate extension. · Invalid or inconsistent certificate policy extension. · No explicit policy. · Different CRL scope. · Unsupported extension feature. · RFC 3779 resource not subset of parent's resources. · Permitted subtree violation. · Excluded subtree violation. · Name constraints minimum and maximum not supported. · Unsupported name constraint type. · CRL path validation error. · Unsupported or invalid name syntax. · Unsupported or invalid name constraint syntax. · Suite B: certificate version invalid. · Suite B: invalid public key algorithm. · Suite B: invalid ECC curve. · Suite B: invalid signature algorithm. · Suite B: curve not allowed for this LOS. · Suite B: cannot sign P-384 with P-256. · Hostname mismatch. · Email address mismatch. · IP address mismatch. · Invalid certificate verification context. · Issuer certificate lookup error. · Proxy subject name violation.
Severity level	5
Example	PKI/5/VALIDATE_CERT_FAIL: Failed to validate certificate. Reason: Invalid CA certificate.
Explanation	Failed to validate the certificate. The reason for the failure is displayed.
Recommended action	No action is required.

PKT2CPU messages

This section contains PKT2CPU messages.

PKT2CPU_NO_RESOURCE

Message text	-Interface=[STRING]-ProtocolType=[UINT32]-MacAddr=[STRING]; The resources are insufficient. -Interface=[STRING]-ProtocolType=[UINT32]-SrcPort=[UINT32]-DstPort=[UINT32]; The resources are insufficient.
Variable fields	$1: Interface type and number. $2: Protocol type. $3: MAC address or source port. $4: Destination port.
Severity level	4
Example	PKT2CPU/4/PKT2CPU_NO_RESOURCE: -Interface=Ethernet0/0/2-ProtocolType=21-MacAddr=0180-c200-0014; The resources are insufficient.
Explanation	Hardware resources were insufficient.
Recommended action	Cancel the configuration.

PKTCPT

This section contains packet capture messages.

PKTCPT_AP_OFFLINE

Message text	Failed to start packet capture. Reason: AP was offline.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_AP_OFFLINE: Failed to start packet capture. Reason: AP was offline.
Explanation	Packet capture failed to start because the AP configured with packet capture was offline.
Recommended action	1. Verify the AP configuration, and restart packet capture after the AP comes online. 2. If the problem persists, contact H3C Support.

PKTCPT_AREADY_EXIT

Message text	Failed to start packet capture. Reason: The AP was uploading frames captured during the previous capturing operation.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_AREADY_EXIT: Failed to start packet capture. Reason: The AP was uploading frames captured during the previous capturing operation.
Explanation	When packet capture is stopped on the AC, the fit AP might be still uploading the captured frames. This message is generated when the user restarted packet capture at that time.
Recommended action	1. Restart packet capture later. 2. If the problem persists, contact H3C Support.

PKTCPT_CONN_FAIL

Message text	Failed to start packet capture. Reason: Failed to connect to the FTP server.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_CONN_FAIL: Failed to start packet capture. Reason: Failed to connect to the FTP server.
Explanation	Packet capture failed to start because the device failed to be connected to the FTP server in the same network segment.
Recommended action	1. Verify that the URL of the FTP server is valid. Possible reasons for an invalid URL include: ¡ The specified IP address does not exist or is not the FTP server address. ¡ The specified FTP server port is disabled. 2. Verify that the domain name resolution is successful. 3. Verify that the FTP server is reachable for the device configured with packet capture. 4. Verify that the FTP server is online. 5. If the problem persists, contact H3C Support.

PKTCPT_INVALID_FILTER

Message text	Failed to start packet capture. Reason: Invalid expression for matching packets to be captured.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_INVALD_FILTER: Failed to start packet capture. Reason: Invalid expression for matching packets to be captured.
Explanation	Packet capture failed to start because the capture filter expression was invalid.
Recommended action	1. Correct the capture filter expression. 2. If the problem persists, contact H3C Support.

PKTCPT_LOGIN_DENIED

Message text	Packet capture aborted. Reason: FTP server login failure.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_LOGIN_DENIED: Packet capture aborted. Reason: FTP server login failure.
Explanation	Packet capture stopped because the user failed to log in to the FTP server.
Recommended action	1. Verify the username and password. 2. If the problem persists, contact H3C Support.

PKTCPT_MEMORY_ALERT

Message text	Packet capture aborted. Reason: Memory threshold reached.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_MEMORY_ALERT: Packet capture aborted. Reason: Memory threshold reached.
Explanation	Packet capture stopped because the memory threshold was reached.
Recommended action	N/A

PKTCPT_OPEN_FAIL

Message text	Failed to start packet capture. Reason: File for storing captured frames not opened.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_OPEN_FAIL: Failed to start packet capture. Reason: File for storing captured frames not opened.
Explanation	Packer capture failed to start because the file for storing the captured frames cannot be opened.
Recommended action	1. Verify that the user has the write permission to the file. If the user does not have the write permission, assign the permission to the user. 2. Verify that the specified file has been created and is not used by another feature. If the file is used by another feature, use another file. 3. If the problem persists, contact H3C Support.

PKTCPT_OPERATION_TIMEOUT

Message text	Failed to start or continue packet capture. Reason: Operation timed out.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_OPERATION_TIMEOUT: Failed to start or continue packet capture. Reason: Operation timed out.
Explanation	This message is generated in the following situations: · Packet capture failed to start because the FTP server in a different network segment is not reachable and the connection timed out. · Packet capture stopped because the FTP server in a different network segment is offline and uploading the captured frames timed out.
Recommended action	1. Verify that the FTP server is reachable. 2. Verify that the FTP server is online. 3. If the problem persists, contact H3C Support.

PKTCPT_SERVICE_FAIL

Message text	Failed to start packet capture. Reason: TCP or UDP port binding faults.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_SERVICE_FAIL: Failed to start packet capture. Reason: TCP or UDP port binding faults.
Explanation	Packet capture failed to start because an error occurs during TCP or UDP port binding.
Recommended action	1. Verify that Wireshark has been closed before you start packet capture. If it is not closed, close Wireshark, and then restart packet capture. 2. Bind a new TCP or UDP port, and then restart packet capture. 3. If the problem persists, contact H3C Support.

PKTCPT_UNKNOWN_ERROR

Message text	Failed to start or continue packet capture. Reason: Unknown error.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_UNKNOWN_ERROR: Failed to start or continue the packet capture. Reason: Unknown error.
Explanation	Packet capture failed to start or packet capture stopped because of an unknown error.
Recommended action	N/A

PKTCPT_UPLOAD_ERROR

Message text	Packet capture aborted. Reason: Failed to upload captured frames.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_UPLOAD_ERROR: Packet capture aborted. Reason: Failed to upload captured frames.
Explanation	Packet capture stopped because the capture failed to upload the captured frames.
Recommended action	1. Verify that the FTP working directory is not changed. 2. Verify that the user has the write permission to the file on the FTP server. 3. Verify that the FTP server is online. 4. Verify that the FTP server is reachable. 5. Verify that the FTP server has enough memory space. 6. Verify that the packet capture is not stopped during the upload of captured frames. 7. If the problem persists, contact H3C Support.

PKTCPT_WRITE_FAIL

Message text	Packet capture aborted. Reason: Not enough space to store captured frames.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_WRITE_FAIL: Packet capture aborted. Reason: Not enough space to store captured frames.
Explanation	Packet capture stopped because the memory space is not enough for storing captured frames.
Recommended action	1. Delete unnecessary files to release the space. 2. If the problem persists, contact H3C Support.

PORTSEC messages

This section contains port security messages.

PORTSEC_ACL_FAILURE

Message text	-IfName=[STRING]-MACAddr=[STRING]; ACL authorization failed because [STRING].
Variable fields	$1: Interface type and number. $2: MAC address. $3: Cause of failure: · the specified ACL didn't exist. · this type of ACL is not supported. · hardware resources were insufficient. · the specified ACL conflicted with other ACLs applied to the interface. · the specified ACL didn't contain any rules.
Severity level	4
Example	PORTSEC/4/PORTSEC_ACL_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; ACL authorization failed because the specified ACL didn't exist.
Explanation	ACL authorization failed for a specific reason.
Recommended action	Handle the issue according to the failure cause.

PORTSEC_CAR_FAILURE

Message text	-IfName=[STRING]-MACAddr=[STRING]; Failed to assign CAR attributes to driver.
Variable fields	$1: Interface type and number. $2: MAC address.
Severity level	5
Example	PORTSEC/5/PORTSEC_CAR_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; Failed to assign CAR attributes to driver.
Explanation	The device failed to assign CAR attributes to the driver.
Recommended action	No action is required.

PORTSEC_CREATEAC_FAILURE

Message text	-IfName=[STRING]-VLANID=[STRING]-MACAddr=[STRING]-VSIName=[STRING]; Failed to map an Ethernet service instance to the VSI.
Variable fields	$1: Interface type and number. $2: VLAN ID. $3: MAC address. $4: VSI name.
Severity level	3
Example	PORTSEC/3/PORTSEC_CREATEAC_FAILURE:-IfName=GigabitEthernet1/0/4-VLANID=444-MACAddr=0010-8400-22b9-VSIName=aaa; Failed to map an Ethernet service instance to the VSI.
Explanation	The operation of mapping an Ethernet service instance to a specific VSI failed.
Recommended action	Execute the display l2vpn vsi command and verify that the VSI exists. If the VSI does not exist, create the VSI by using the vsi command.

PORTSEC_LEARNED_MACADDR

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]; A new MAC address was learned.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID.
Severity level	6
Example	PORTSEC/6/PORTSEC_LEARNED_MACADDR:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444; A new MAC address was learned.
Explanation	A new secure MAC address was learned on the interface.
Recommended action	No action is required.

PORTSEC_NTK_NOT_EFFECTIVE

Message text	The NeedToKnow feature is configured but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	PORTSEC/3/PORTSEC_NTK_NOT_EFFECTIVE: The NeedToKnow feature is configured but is not effective on interface Ethernet3/1/2.
Explanation	The NeedToKnow mode does not take effect on an interface, because the interface does not support the NeedToKnow mode.
Recommended action	1. Disable the NeedToKnow feature on the interface. 2. Reconnect the connected devices to another interface that supports the NeedToKnow mode. 3. Configure the NeedToKnow mode on the new interface.

PORTSEC_PORTMODE_NOT_EFFECTIVE

Message text	The port security mode is configured but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	PORTSEC/3/PORTSEC_PORTMODE_NOT_EFFECTIVE: The port security mode is configured but is not effective on interface Ethernet3/1/2.
Explanation	The port security mode does not take effect on an interface, because the interface does not support this mode.
Recommended action	· Change the port security mode to another mode that is supported by the interface. · Reconnect the connected devices to another interface that supports this port security mode, and configure the port security mode on the new interface.

PORTSEC_PROFILE_FAILURE

Message text	-IfName=[STRING]-MACAddr=[STRING]; Failed to assign a user profile to driver.
Variable fields	$1: Interface type and number. $2: MAC address.
Severity level	5
Example	PORTSEC/5/PORTSEC_PROFILE_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; Failed to assign a user profile to driver.
Explanation	The device failed to assign a user profile to the driver.
Recommended action	No action is required.

PORTSEC_URL_FAILURE

Message text	-IfName=[STRING]-MACAddr=[STRING]; URL authorization failed because [STRING].
Variable fields	$1: Interface type and number. $2: MAC address. $3: Cause of failure: · this operation was not supported. · hardware resources were insufficient. · parameters were invalid. · an unknown error existed.
Severity level	4
Example	PORTSEC/4/PORTSEC_URL_FAILURE:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9; URL authorization failed because hardware resources were insufficient.
Explanation	URL authorization failed for a specific reason.
Recommended action	Handle the issue according to the failure cause.

PORTSEC_VIOLATION

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]-IfStatus=[STRING]; Intrusion protection was triggered.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID. $4: Interface status.
Severity level	5
Example	PORTSEC/5/PORTSEC_VIOLATION:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444-IfStatus=Up; Intrusion protection was triggered.
Explanation	Intrusion protection was triggered.
Recommended action	· Check the port security configuration. · Change the port security mode to another mode.

PORTSEC_VLANMACLIMIT

Message text	-IfName=[STRING]-MACAddr=[STRING]-VLANID=[STRING]; Maximum number of MAC addresses already reached in the VLAN.
Variable fields	$1: Interface type and number. $2: MAC address. $3: VLAN ID.
Severity level	5
Example	PORTSEC/5/PORTSEC_VLANMACLIMIT:-IfName=GigabitEthernet1/0/4-MACAddr=0010-8400-22b9-VLANID=444; Maximum number of MAC addresses already reached in the VLAN.
Explanation	Access attempt from a new user in a VLAN was rejected on a port because the number of MAC addresses has reached port security's limit on the port for that VLAN.
Recommended action	Examine the network for the risk of unknown source MAC attacks.

PWDCTL messages

This section contains password control messages.

PWDCTL_ADD_BLACKLIST

Message text	[STRING] was added to the blacklist for failed login attempts.
Variable fields	$1: Username.
Severity level	6
Example	PWDCTL/6/PWDCTRL_ADD_BLACKLIST: hhh was added to the blacklist for failed login attempts.
Explanation	The user entered an incorrect password. It failed to log in to the device and was added to the password control blacklist.
Recommended action	No action is required.

PWDCTL_CHANGE_PASSWORD

Message text	[STRING] changed the password because [STRING].
Variable fields	$1: Username. $2: The reasons for changing the password. ¡ it was the first login of the account. ¡ the password had expired. ¡ the password was too short. ¡ the password was not complex enough. ¡ the password was default password.
Severity level	6
Example	PWDCTL/6/PWDCTL_CHANGE_PASSWORD: hhh changed the password because it was the first login of the account.
Explanation	The user changed the password for some reason. For example, the user changed the password because it is the first login of the user's account.
Recommended action	No action is required.

PWDCTL_FAILED_TO_OPENFILE

Message text	Failed to open the password file.
Variable fields	N/A
Severity level	3
Example	PWDCTL/3/PWDCTL_FAILED_TO_OPENFILE: Failed to open the password file.
Explanation	The device failed to create or open a .dat file because of file system exception.
Recommended action	No action is required.

PWDCTL_FAILED_TO_WRITEPWD

Message text	Failed to write the password records to file.
Variable fields	N/A
Severity level	3
Example	PWDCTL/3/PWDCTL_FAILEDTOWRITEPWD: Failed to write the password records to file.
Explanation	The device failed to write a password to a file.
Recommended action	Check the file system of the device for memory space insufficiency.

PWDCTL_NOENOUGHSPACE

Message text	Not enough free space on the storage media where the file is located.
Variable fields	N/A
Severity level	3
Example	PWDCTL/3/PWDCTL_NOENOUGHSPACE: Not enough free space on the storage media where the file is located.
Explanation	Operation failed. There is no sufficient memory space on the storage media such as the flash or CF card where the .dat file is located.
Recommended action	Check the file system of the device for memory space insufficiency.

PWDCTL_NOTFOUNDUSER

Message text	Can't find the username in the file.
Variable fields	N/A
Severity level	3
Example	PWDCTL/3/PWDCTL_NOTFOUNDUSER: Can't find the username in the file.
Explanation	Failed to configure a password for a local user because the device cannot find the user information in .dat files.
Recommended action	Create a local user, or re-enable the password control feature.

PWDCTL_UPDATETIME

Message text	Last login time updated after clock update.
Variable fields	N/A
Severity level	6
Example	PWDCTL/6/PWDCTL_UPDATETIME: Last login time updated after clock update.
Explanation	The device updated the users last login time after clock update.
Recommended action	No action is required.

QOS messages

This section contains QoS messages.

MIRROR_SYNC_CFG_FAIL

Message text	Failed to restore configuration for monitoring group [UINT32] in [STRING], because [STRING]
Variable fields	$1: Monitoring group. $2: Chassis number plus slot number or slot number. $3: Failure cause.
Severity level	4
Example	QOS/4/MIRROR_SYNC_CFG_FAIL: Failed to restore configuration for monitoring group 1 in chassis 2 slot 1, because monitoring resources are insufficient.
Explanation	After a card was installed, the system failed to restore the configuration for a monitoring group on the card for the following possible reasons: · The number of member ports in the monitoring group exceeds the limit. · The monitoring resources are insufficient on the card. · Member ports in the monitoring group are not supported by the card.
Recommended action	Delete or modify unsupported settings.

QOS_CAR_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply the [STRING] CAR in [STRING] profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: Application direction. $3: Profile type. $4: Profile name. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_CAR_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply the inbound CAR in user profile a to the user. Reason: The resources are insufficient.
Explanation	The system failed to perform one of the following actions: · Apply a CAR policy when a user went online. · Modify a configured CAR policy or configure a new CAR policy when a user is online.
Recommended action	Delete the CAR policy from the profile or modify the parameters of the CAR policy.

QOS_CBWFQ_REMOVED

Message text	CBWFQ is removed from [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	QOS/3/QOS_CBWFQ_REMOVED: CBWFQ is removed from GigabitEthernet4/0/1.
Explanation	CBWFQ was removed from an interface because the maximum bandwidth or speed configured on the interface was below the bandwidth or speed required for CBWFQ.
Recommended action	Increase the bandwidth or speed and apply the removed CBWFQ again.

QOS_GTS_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply GTS in user profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: User profile name. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_GTS_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply GTS in user profile a to the user. Reason: The resources are insufficient.
Explanation	The system failed to perform one of the following actions: · Apply a GTS action when a user went online. · Modify a configured GTS action or configure a new GTS action when a user is online.
Recommended action	Delete the GTS action from the user profile or modify the parameters of the GTS action.

QOS_LR_APPLYIF_FAIL

Message text	Failed to apply the rate limit on interface [STRING]. Reason: [STRING]
Variable fields	$1: Interface name. $2: Failure cause: ¡ The operation is not supported. ¡ The resources are insufficient.
Severity level	4
Example	QOS/4/QOS_LR_APPLYIF_FAIL: Failed to apply the rate limit on interface GigabitEthernet1/0/1. Reason: The operation is not supported.
Explanation	The system failed to apply the rate limit on an interface because the interface does not support rate limit configuration or the resources are insufficient.
Recommended action	Delete or modify the rate limit configuration according to the failure cause.

QOS_NOT_ENOUGH_BANDWIDTH

Message text	Policy [STRING] requested bandwidth [UINT32](kbps). Only [UINT32](kbps) is available on [STRING].
Variable fields	$1: Policy name. $2: Required bandwidth for CBWFQ. $3: Available bandwidth on an interface. $4: Interface name.
Severity level	3
Example	QOS/3/QOS_NOT_ENOUGH_BANDWIDTH: Policy d requested bandwidth 10000(kbps). Only 80(kbps) is available on GigabitEthernet4/0/1.
Explanation	Configuring CBWFQ on an interface failed because the maximum bandwidth on the interface was less than the bandwidth required for CBWFQ.
Recommended action	Increase the maximum bandwidth configured for the interface or set lower bandwidth required for CBWFQ.

QOS_NOT_ENOUGH_NNIBANDWIDTH

Message text	The total UNI bandwidth is greater than the NNI bandwidth. The total UNI bandwidth is greater than the NNI bandwidth. The bandwidth of [STRING] is changed. The total UNI bandwidth is greater than the NNI bandwidth. [STRING] is created based on [STRING] of the UNI interface
Variable fields	$1: Interface name.
Severity level	4
Example	QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. The bandwidth of GigabitEthernet4/0/1 is changed. QOS/4/ QOS_NOT_ENOUGH_NNIBANDWIDTH: The total UNI bandwidth is greater than the NNI bandwidth. Virtual-Access1 is created based on Virtual-Template1 of the UNI interface.
Explanation	This message is generated when the total UNI bandwidth is still greater than the NNI bandwidth after the NNI bandwidth is increased or the total UNI bandwidth is reduced. This message is generated when the total UNI bandwidth is greater than the NNI bandwidth because the interface bandwidth is changed. This message is generated when the total UNI bandwidth is greater than the NNI bandwidth because a virtual access interface is created based on a virtual template of the UNI interface.
Recommended action	Increase the NNI bandwidth or reduce the total UNI bandwidth.

QOS_POLICY_APPLYCOPP_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: Slot number. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYCOPP_CBFAIL: Failed to apply classifier-behavior d in policy b to the inbound direction of control plane slot 3. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a control plane. · Update a classifier-behavior association applied to a specific direction of a control plane.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYCOPP_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Slot number. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYCOPP_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of control plane slot 3. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a control plane. · Update a QoS policy applied to a specific direction of a control plane.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYGLOBAL_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction globally. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYGLOBAL_CBFAIL: Failed to apply classifier-behavior a in policy b to the outbound direction globally. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction globally. · Update a classifier-behavior association applied to a specific direction globally.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYGLOBAL_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction globally. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYGLOBAL_FAIL: Failed to apply or refresh QoS policy b to the inbound direction globally. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction globally. · Update a QoS policy applied to a specific direction globally.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYIF_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of interface [STRING]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Interface name. $5: Failure cause: · The behavior is empty. · The card where the interface specified in the class-behavior association resides is not in position.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYIF_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of interface Ethernet3/1/2. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of an interface. · Update a classifier-behavior association applied to a specific direction of an interface.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYIF_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of interface [STRING]. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Interface name. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYIF_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of interface Ethernet3/1/2. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of an interface. · Update a QoS policy applied to a specific direction of an interface.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply the [STRING] QoS policy [STRING] in user profile [STRING] to the user.Reason: [STRING].
Variable fields	$1: User identity. $2: Application direction. $3: QoS policy name. $4: User profile name. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound QoS policy p in user profile a to the user.Reason: The QoS policy is not supported.
Explanation	The system failed to perform one of the following actions: · Issue the settings of a QoS policy when a user went online. · Modify an applied QoS policy or apply a new QoS policy when a user is online.
Recommended action	Remove the QoS policy from the user profile or modify the parameters of the QoS policy.

QOS_POLICY_APPLYVLAN_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: VLAN ID. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYVLAN_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of VLAN 2. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a VLAN. · Update a classifier-behavior association applied to a specific direction of a VLAN.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYVLAN_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING].
Variable fields	$1: Policy name. $2: Application direction. $3: VLAN ID. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYVLAN_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of VLAN 2. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a VLAN. · Update a QoS policy applied to a specific direction of a VLAN.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_QMPROFILE_APPLYIF_FAIL

Message text	Failed to apply queue management profile [STRING] on interface [STRING]. Reason: [STRING]
Variable fields	$1: Queue scheduling profile name. $2: Interface name. $3: Failure cause: ¡ The operation is not supported. ¡ The resources are insufficient.
Severity level	4
Example	QOS/4/QOS_QMPROFILE_APPLYIF_FAIL: Failed to apply queue management profile b on interface GigabitEthernet1/0/1. Reason: The operation is not supported.
Explanation	The system failed to apply a queue scheduling profile to an interface because the interface does not support queue scheduling profiles or the resources are insufficient.
Recommended action	Remove or modify the queue scheduling profile configuration according to the failure cause.

QOS_QMPROFILE_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply queue management profile [STRING] in session group profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: Queue scheduling profile name. $3: Session group profile name. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_QMPROFILE_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-SVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply queue management profile b in session group profile a to the user. Reason: The QMProfile is not supported.
Explanation	The system failed to perform one of the following actions: · Issue the settings of a queue scheduling profile when a user went online. · Modify an applied queue scheduling profile or apply a new queue scheduling profile when a user is online.
Recommended action	Remove the queue scheduling profile from the session group profile or modify the parameters of the queue scheduling profile.

QOS_QMPROFILE_MODIFYQUEUE_FAIL

Message text	Failed to configure queue [UINT32] in queue management profile [STRING]. [STRING].
Variable fields	$1: Queue ID. $2: Profile name. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_QMPROFILE_MODIFYQUEUE_FAIL: Failed to configure queue 1 in queue management profile myqueue. The value is out of range.
Explanation	The system failed to modify a queue in a queue scheduling profile successfully applied to an interface because the new parameter was beyond port capabilities.
Recommended action	Remove the queue scheduling profile from the interface, and then modify the parameters for the queue.

QOS_QUEUE_APPLYIF_FAIL

Message text	Failed to apply queue scheduling on interface [STRING]. Reason: [STRING]
Variable fields	$1: Interface name. $2: Failure cause: ¡ The operation is not supported. ¡ The resources are insufficient.
Severity level	4
Example	QOS/4/QOS_QUEUE_APPLYIF_FAIL: Failed to apply queue scheduling on interface GigabitEthernet1/0/1. Reason: The operation is not supported.
Explanation	The system failed to apply queuing configuration to an interface because the interface does not support queuing configuration or the resources are insufficient.
Recommended action	Delete or modify the queuing configuration according to the failure cause.

QOS_UNI_RESTORE_FAIL

Message text	Failed to restore the UNI configuration of [STRING], because the total UNI bandwidth is greater than the NNI bandwidth.
Variable fields	$1: Interface name.
Severity level	4
Example	QOS/4/ QOS_NNIBANDWIDTH_OVERFLOW: Failed to restore the UNI configuration of the interface GigabitEthernet5/1/5, because the total UNI bandwidth is greater than the NNI bandwidth.
Explanation	The system failed to restore the UNI configuration of an interface, because the total UNI bandwidth is greater than the NNI bandwidth.
Recommended action	Increase the NNI bandwidth or reduce the total UNI bandwidth, and then reconfigure the downlink ports as UNI ports.

WRED_TABLE_CFG_FAIL

Message text	Failed to dynamically modify the configuration of WRED table [STRING], because [STRING].
Variable fields	$1: WRED table name. $2: Failure cause.
Severity level	4
Example	QOS/4/WRED_TABLE_CFG_FAIL: Failed to dynamically modify the configuration of WRED table a, because ECN is not supported.
Explanation	Failed to dynamically modify the configuration of a WRED table, because some settings are not supported.
Recommended action	No action is required.

RADIUS messages

This section contains RADIUS messages.

RADIUS_AUTH_FAILURE

Message text	User [STRING] from [STRING] failed authentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	RADIUS/5/RADIUS_AUTH_FAILURE: User abc@system from 192.168.0.22 failed authentication.
Explanation	An authentication request was rejected by the RADIUS server.
Recommended action	No action is required.

RADIUS_AUTH_SUCCESS

Message text	User [STRING] from [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	RADIUS/6/RADIUS_AUTH_SUCCESS: User abc@system from 192.168.0.22 was authenticated successfully.
Explanation	An authentication request was accepted by the RADIUS server.
Recommended action	No action is required.

RADIUS_DELETE_HOST_FAIL

Message text	Failed to delete servers in scheme [STRING].
Variable fields	$1: Scheme name.
Severity level	4
Example	RADIUS/4/RADIUS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc.
Explanation	Failed to delete servers from a RADIUS scheme.
Recommended action	No action is required.

RDDC messages

This section contains RDDC messages.

RDDC_ACTIVENODE_CHANGE

Message text	Redundancy group [STRING] active node changed to [STRING], because of [STRING].
Variable fields	$1: Redundancy group name. $2: Active node information. $3: Status change reason: ¡ manual switchover ¡ group's configuration changed ¡ node's weight changed
Severity level	5
Example	RDDC/5/RDDC_ACTIVENODE_CHANGE: Redundancy group 1 active node changed to node 1 (chassis 1), because of manual switchover.
Explanation	The active node in the redundancy group changed because of manual switchover, configuration change of the group, or weight change of the node.
Recommended action	No action is required.

RESMON

This section contains resource monitoring messages.

RESMON_MINOR

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource decreased to or below minor threshold [STRING]. [STRING].
Variable fields	$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Minor resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information.
Severity level	4
Example	RESMON/4/RESMON_MINOR: -Resource=AA-Total=100%-Used=83%-Free=17%; Free resource decreased to or below minor threshold 20%.
Explanation	When the available resource amount decreases to or below the minor resource depletion threshold, the resource type enters minor alarm state and the device outputs this log message periodically.
Recommended action	Configure the device based on the resource type so the device allocates the type of resources reasonably.

RESMON_MINOR_RECOVERY

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource increased above minor threshold [STRING]. [STRING].
Variable fields	$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Minor resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information.
Severity level	5
Example	RESMON/5/RESMON_MINOR_RECOVER: -Resource=AA-Total=100%-Used=77%-Free=23%; Free resource increased above minor threshold 20%.
Explanation	When the available resource amount increases above the minor resource depletion threshold, the resource type enters recovered state. The device removes the minor resource depletion alarm and outputs this log message.
Recommended action	No action is required.

RESMON_SEVERE

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource decreased to or below severe threshold [STRING]. [STRING].
Variable fields	$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Severe resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information.
Severity level	3
Example	RESMON/3/RESMON_SEVERE: -Resource=AA-Total=100%-Used=93%-Free=7%; Free resource decreased to or below severe threshold 10%.
Explanation	When the available resource amount decreases to or below the severe resource depletion threshold, the resource type enters severe alarm state and the device outputs this log message periodically.
Recommended action	Configure the device based on the resource type so the device allocates the type of resources reasonably.

RESMON_SEVERE_RECOVERY

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Free resource increased above severe threshold [STRING]. [STRING].
Variable fields	$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Severe resource depletion threshold. $6: Resource usage description. Some types of resources do not have description information.
Severity level	5
Example	RESMON/5/RESMON_SEVERE_RECOVER: -Resource=AA-Total=100%-Used=83%-Free=17%; Free resource increased above severe threshold 10%.
Explanation	When the available resource amount increases above the severe resource depletion threshold, the device removes the severe resource depletion alarm and outputs this log message.
Recommended action	No action is required.

RESMON_USEDUP

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; Resources used up. [STRING].
Variable fields	$1: Resource type. $2: Total amount. $3: Used amount. $4: Available amount. $5: Resource usage description. Some types of resources do not have description information.
Severity level	2
Example	RESMON/2/RESMON_USEDUP: -Resource=vlaninterface-Total=2048-Used=2048-Free=0; Resources used up.
Explanation	When the available resource amount decreases to zero, the device outputs this log message periodically.
Recommended action	To ensure correct operation of the relevant services, immediately clear data or entries of the resource type that are not used.

RESMON_USEDUP_RECOVERY

Message text	-Resource=[STRING]-Total=[STRING]-Used=[STRING]-Free=[STRING]; The amount of free resources increased from zero to a non-zero value. [STRING].
Variable fields	$1: Resource type. $2: Total amount, which can be 100% or an integer for an absolute value. $3: Used amount, a percentage or an integer for an absolute value. $4: Available amount, a percentage or an integer for an absolute value. $5: Additional resource usage information. This field might be null.
Severity level	5
Example	RESMON/5/RESMON_USEDUP_RECOVER: -Resource=vlaninterface-Total=2048-Used=2047-Free=1; The amount of free resources increased from zero to a non-zero value.
Explanation	When the available resource amount increases from zero, the device outputs this log message.
Recommended action	No action is required.

RIP messages

This section contains RIP messages.

RIP_MEM_ALERT

Message text	RIP Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	RIP/5/RIP_MEM_ALERT: RIP Process received system memory alert start event.
Explanation	RIP received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

RIP_RT_LMT

Message text	RIP [UINT32] Route limit reached
Variable fields	$1: Process ID.
Severity level	6
Example	RIP/6/RIP_RT_LMT: RIP 1 Route limit reached.
Explanation	The number of routes of a RIP process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

RIPNG messages

This section contains RIPng messages.

RIPNG_MEM_ALERT

Message text	RIPng Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	RIPNG/5/RIPNG_MEM_ALERT: RIPNG Process received system memory alert start event.
Explanation	RIPng received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

RIPNG_RT_LMT

Message text	RIPng [UINT32] Route limit reached
Variable fields	$1: Process ID
Severity level	6
Example	RIPNG/6/RIPNG_RT_LMT: RIPng 1 Route limit reached.
Explanation	The number of routes of a RIPng process reached the upper limit.
Recommended action	1. Check for network attacks. 2. Reduce the number of routes.

RM messages

This section contains RM messages.

RM_ACRT_REACH_LIMIT

Message text	Max active [STRING] routes [UINT32] reached in URT of [STRING]
Variable fields	$1: IPv4 or IPv6. $2: Maximum number of active routes. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_ACRT_REACH_LIMIT: Max active IPv4 routes 100000 reached in URT of VPN1
Explanation	The number of active routes reached the upper limit in the unicast routing table of a VPN instance.
Recommended action	Remove unused active routes.

RM_ACRT_REACH_THRESVALUE

Message text	Threshold value [UINT32] of max active [STRING] routes reached in URT of [STRING]
Variable fields	$1: Threshold of the maximum number of active routes in percentage. $2: IPv4 or IPv6. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_ACRT_REACH_THRESVALUE: Threshold value 50% of max active IPv4 routes reached in URT of vpn1
Explanation	The percentage of the maximum number of active routes was reached in the unicast routing table of a VPN instance.
Recommended action	Modify the threshold value or the route limit configuration.

RM_THRESHLD_VALUE_REACH

Message text	Threshold value [UINT32] of active [STRING] routes reached in URT of [STRING]
Variable fields	$1: Maximum number of active routes. $2: IPv4 or IPv6. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_THRESHLD_VALUE_REACH: Threshold value 10000 of active IPv4 routes reached in URT of vpn1
Explanation	The number of active routes reached the threshold in the unicast routing table of a VPN instance.
Recommended action	Modify the route limit configuration.

RM_TOTAL_THRESHLD_VALUE_REACH

Message text	Threshold value [UINT32] reached for active [STRING] routes in all URTs
Variable fields	$1: Maximum number of active routes. $2: IPv4 or IPv6.
Severity level	4
Example	RM/4/ RM_TOTAL_THRESHLD_VALUE_REACH:Threshold value 1000 reached for active IPv4 routes in all URTs
Explanation	The total number of active routes in the public network and all VPN instances reached the alarm threshold.
Recommended action	Check the routing table and take relevant actions.

RPR messages

This section contains RPR messages.

RPR_EXCEED_MAX_SEC_MAC

Message text	A maximum number of secondary MAC addresses exceeded defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_EXCEED_MAX_SEC_MAC: A maximum number of secondary MAC addresses exceeded defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of RPR secondary MAC addresses on the ring has reached the upper limit.
Recommended action	Disable VRRP on RPR stations.

RPR_EXCEED_MAX_SEC_MAC_OVER

Message text	A maximum number of secondary MAC addresses exceeded defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_EXCEED_MAX_SEC_MAC_OVER: A maximum number of secondary MAC addresses exceeded defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of secondary MAC addresses on the ring has dropped below the upper limit.
Recommended action	No action is required.

RPR_EXCEED_MAX_STATION

Message text	A maximum number of stations exceeded defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_EXCEED_MAX_STATION: A maximum number of stations exceeded defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of RPR stations on the ring has reached the upper limit.
Recommended action	Remove some RPR stations.

RPR_EXCEED_MAX_STATION_OVER

Message text	A maximum number of stations exceeded defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_EXCEED_MAX_STATION_OVER: A maximum number of stations exceeded defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of RPR stations on the ring has dropped below the upper limit.
Recommended action	No action is required.

RPR_EXCEED_RESERVED_RATE

Message text	An excess reserved rate defect is present on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_EXCEED_RESERVED_RATE: An excess reserved rate defect is present on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The reserved bandwidth for the RPR station was greater than the total bandwidth of the RPR ring.
Recommended action	Reduce the reserved bandwidth.

RPR_EXCEED_RESERVED_RATE_OVER

Message text	An excess reserved rate defect is cleared on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_EXCEED_RESERVED_RATE_OVER: An excess reserved rate defect is cleared on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The reserved bandwidth for the RPR station was smaller than the total bandwidth of the RPR ring.
Recommended action	No action is required.

RPR_IP_DUPLICATE

Message text	A duplicate IP address defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_IP_DUPLICATE: A duplicate IP address defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	Another RPR station used the same IP address.
Recommended action	Locate the RPR station, and change its IP address.

RPR_IP_DUPLICATE_OVER

Message text	A duplicate IP address defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_IP_DUPLICATE_OVER: A duplicate IP address defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The duplicate IP address defect was cleared.
Recommended action	No action is required.

RPR_JUMBO_INCONSISTENT

Message text	A jumbo configuration defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	RPR/6/RPR_JUMBO_INCONSISTENT: A jumbo configuration defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	An RPR station used different Jumbo frame configuration.
Recommended action	Locate the RPR station and change its Jumbo frame configuration.

RPR_JUMBO_INCONSISTENT_OVER

Message text	A jumbo configuration defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	RPR/6/RPR_JUMBO_INCONSISTENT_OVER: A jumbo configuration defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The Jumbo frame configuration inconsistency defect was cleared.
Recommended action	No action is required.

RPR_LAGGCONFIG_INCONSISTENT

Message text	An inconsistent LAGG configuration is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_LAGGCONFIG_INCONSISTENT: An inconsistent LAGG configuration is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	An RPR station used different link aggregation configuration.
Recommended action	Locate the RPR station and change its link aggregation configuration.

RPR_LAGGCONFIG_INCONSISTENT_OVER

Message text	An inconsistent LAGG configuration is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_LAGGCONFIG_INCONSISTENT: An inconsistent LAGG configuration is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The link aggregation configuration inconsistency defect was cleared.
Recommended action	No action is required.

RPR_MISCABLING

Message text	A miscabling defect is present on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_MISCABLING: A miscabling defect is present on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The west port of an RPR station was not connected to the east port of anther RPR station.
Recommended action	Examine the physical port connection of the two RPR stations.

RPR_MISCABLING_OVER

Message text	A miscabling defect is cleared on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_MISCABLING_OVER: A miscabling defect is cleared on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The RPR physical port connection defect was cleared.
Recommended action	No action is required.

RPR_PROTECTION_INCONSISTENT

Message text	A protection configuration defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_PROTECTION_INCONSISTENT: A protection configuration defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	An RPR station used different protection mode.
Recommended action	Locate the RPR station and change its protection mode.

RPR_PROTECTION_INCONSISTENT_OVER

Message text	A protection configuration defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_PROTECTION_INCONSISTENT_OVER: A protection configuration defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The protection mode inconsistency defect was cleared.
Recommended action	No action is required.

RPR_SEC_MAC_DUPLICATE

Message text	A duplicate secondary MAC addresses defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_SEC_MAC_DUPLICATE: A duplicate secondary MAC addresses defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	Another RPR station used the same secondary MAC address.
Recommended action	Locate the RPR station, and change its secondary MAC address.

RPR_SEC_MAC_DUPLICATE_OVER

Message text	A duplicate secondary MAC addresses defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_SEC_MAC_DUPLICATE_OVER: A duplicate secondary MAC addresses defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The duplicate secondary MAC address defect was cleared.
Recommended action	No action is required.

RPR_TOPOLOGY_INCONSISTENT

Message text	An inconsistent topology defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_TOPOLOGY_INCONSISTENT: An inconsistent topology defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information collected by the ports on the PRP stations was different.
Recommended action	Execute the shutdown command and then the undo shutdown command on the ports to collect topology information again.

RPR_TOPOLOGY_INCONSISTENT_OVER

Message text	An inconsistent topology defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_TOPOLOGY_INCONSISTENT_OVER: An inconsistent topology defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information inconsistency defect was cleared.
Recommended action	No action is required.

RPR_TOPOLOGY_INSTABILITY

Message text	A topology instability defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_TOPOLOGY_INSTABILITY: A topology instability defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The RPR ring topology was unstable.
Recommended action	No action is required.

RPR_TOPOLOGY_INSTABILITY_OVER

Message text	A topology instability defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_TOPOLOGY_INSTABILITY_OVER: A topology instability defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The RPR ring topology was stable.
Recommended action	No action is required.

RPR_TOPOLOGY_INVALID

Message text	A topology invalid defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_TOPOLOGY_INVALID: A topology invalid defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information collected by the RPR stations was invalid.
Recommended action	Execute the shutdown command and then the undo shutdown command on the RPR stations to collect topology information again.

RPR_TOPOLOGY_INVALID_OVER

Message text	A topology invalid defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_TOPOLOGY_INVALID_OVER: A topology invalid defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information collected by the RPR stations was valid.
Recommended action	No action is required.

RRPP messages

This section contains RRPP messages.

RRPP_RING_FAIL

Message text	Ring [UINT32] in Domain [UINT32] failed.
Variable fields	$1: Ring ID. $2: Domain ID.
Severity level	4
Example	RRPP/4/RRPP_RING_FAIL: Ring 1 in Domain 1 failed.
Explanation	A ring failure occurred in the RRPP domain.
Recommended action	Check each RRPP node to clear the network fault.

RRPP_RING_RESTORE

Message text	Ring [UINT32] in Domain [UINT32] recovered.
Variable fields	$1: Ring ID. $2: Domain ID.
Severity level	4
Example	RRPP/4/RRPP_RING_RESTORE: Ring 1 in Domain 1 recovered.
Explanation	The ring in the RRPP domain was recovered.
Recommended action	No action is required.

RTM messages

This section contains RTM messages.

RTM_TCL_NOT_EXIST

Message text	Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file was not found.
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_NOT_EXIST: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file was not found.
Explanation	The system did not find the Tcl script file for the policy while executing the policy.
Recommended action	1. Check that the Tcl script file exists. 2. Reconfigure the policy.

RTM_TCL_MODIFY

Message text	Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file had been modified.
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_MODIFY: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file had been modified.
Explanation	The Tcl script file for the policy was modified.
Recommended action	Reconfigure the policy, or modify the Tcl script to be the same as it was when it was bound with the policy.

RTM_TCL_LOAD_FAILED

Message text	Failed to load the Tcl script file of policy [STRING].
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_LOAD_FAILED: Failed to load the Tcl script file of policy [STRING].
Explanation	The system failed to load the Tcl script file for the policy to memory.
Recommended action	No action is required.

SAVA messages

This section contains SAVA messages.

SAVA_SET_DRV_FAILED

Message text	Failed to set the driver for enabling IPv6 SAVA on interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	SAVA/5/SAVA_SET_DRV_FAILED: Failed to set the driver for enabling IPv6 SAVA on interface GigabitEthernet1/0/1.
Explanation	The device failed to issue the command of enabling IPv6 SAVA on an interface to the driver.
Recommended action	Re-execute the command to enable IPv6 SAVA on the interface.

SAVA_SPOOFING_DETECTED

Message text	Spoofing packet detected: Spoofing packet detected : source IP 2000::1, destination IP 3000::2, protocol 6, source port 200, destination port 3000 on interface GigabitEthernet1/0/1.
Variable fields	$1: Spoofed source IPv6 address. $2: Destination IP address. $3: IP packet protocol number. $4: Source port number. $5: Destination port number. $6: Interface name.
Severity level	6
Example	SAVA/6/SAVA_SPOOFING_DETECTED: Spoofing packet detected : source IP 2000::1, destination IP 3000::2, protocol 6, source port 200, destination port 3000 on interface GigabitEthernet1/0/1.
Explanation	The device detected a source IPv6 address spoofing attack. An illegal host used the IP address of a legal user.
Recommended action	Verify that the packet source is legal.

SAVI messages

This section contains SAVI messages.

SAVI_FILTER_ENTRY_ADD

Message text	Filter entry add with IP address [STRING], MAC [STRING] on interface [STRING] and VLAN [UINT32].
Variable fields	$1: IP address. $2: MAC address. $3: Interface name. $4: VLAN ID.
Severity level	6
Example	SAVI/6/SAVI_FILTER_ENTRY_ADD: Filter entry add with IP address 3000::22, MAC 0011-0231-4520 on interface GigabitEthernet1/0/1 and VLAN 112.
Explanation	SAVI created a new entry for filtering invalid packets.
Recommended action	No action is required.

SAVI_FILTER_ENTRY_DEL

Message text	Filter entry delete with IP address [STRING], MAC [STRING] on interface [STRING] and VLAN [UINT32].
Variable fields	$1: IP address. $2: MAC address. $3: Interface name. $4: VLAN ID.
Severity level	6
Example	SAVI/6/ SAVI_FILTER_ENTRY_DEL: Filter entry delete with IP address 3000::22, MAC 0011-0231-4520 on interface GigabitEthernet1/0/1 and VLAN 112.
Explanation	SAVI deleted an entry for filtering invalid packets.
Recommended action	No action is required.

SAVI_SPOOFING_DETECTED

Message text	Spoofing packet detected: source IP [STRING], MAC [STRING], destination IP [STRING], protocol [UINT32], source port [UINT32], destination port [UINT32], incoming interface [STRING], VLAN [UINT32].
Variable fields	$1: Spoofing source IP address. $2: Source MAC address. $3: Destination IP address. $4: IP protocol version number. $5: Source port number. $6: Destination port number. $7: Interface name. $8: VLAN ID.
Severity level	6
Example	SAVI/6/SAVI_SPOOFING_DETECTED: Spoofing packet detected: source IP 2000::1, MAC 0011-0231-4520, destination IP 3000::2, protocol 6, source port 299, destination port 399, incoming interface GigabitEthernet1/0/1, VLAN 40.
Explanation	SAVI detected a spoofed packet.
Recommended action	Check the validity of the source addresses of incoming packets.

SCMD messages

This section contains SCMD messages.

PROCESS_ABNORMAL

Message text	The process [STRING] exited abnormally. ServiceName=[STRING], HasCore=[STRING], ExitCode=[STRING], KillSignal=[STRING], StartTime=[STRING], StopTime=[STRING].
Variable fields	$1: Process name. $2: Service name defined in the script. $3: Whether a core file was created: ¡ Y—Created. ¡ N—Not created. $4: Process exit code. If the process was closed by a signal, this field displays NA. $5: Signal that closed the process. If the process was not closed by a signal, this field displays NA. $6: Time when the process was created. $6: Time when the process was closed.
Severity level	4
Example	SCMD/4/PROCESS_ABNORMAL: The process diagd exited abnormally. ServiceName=DIAG, HasCore=N, ExitCode=1, KillSignal=NA, StartTime=2019-03-06 14:18:06, StopTime=2019-03-06 14:35:25.
Explanation	A process exited abnormally. You can use the process parameters for troubleshooting.
Recommended action	1. Use the display process command to identify whether the process exists. If the process exists, the process is recovered. 2. If the process is not recovered, collect the following information: a. Execute the view /var/log/trace.log > trace.log command in probe view, and upload the trace.log file saved in the storage media of the device to the server through FTP or TFTP (in binary mode). b. Execute the display process log command to display process information. If the core field displays Y, the core file was generated when the process exited. c. Execute the display exception context command to collect process exception information, and save the information. Then, execute the display exception filepath command to display core file path and upload the core file and the file that save the process exception information through FTP or TFTP (in binary mode). d. Send the files to H3C Support. 3. If the process has been recovered, but reasons need to be located, go to step 2.

PROCESS_ACTIVEFAILED

Message text	The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted.
Variable fields	$1: Process name.
Severity level	4
Example	SCMD/4/PROCESS_ACTIVEFAILED: The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted.
Explanation	The standby process failed to switch to the active process because the active process exited abnormally when the standby process has not completed synchronization. The standby process was restarted.
Recommended action	No action is required.

SCM_ABNORMAL_REBOOT

Message text	Failed to restore process [STRING]. Rebooting [STRING].
Variable fields	$1: Process name. $2: Chassis number and slot number, slot number, or string the system.
Severity level	3
Example	SCMD/3/SCM_ABNORMAL_REBOOT: Failed to restore process ipbased. Rebooting slot 1.
Explanation	The process exited abnormally during the device startup. If the process cannot recover after multiple automatic restart attempts, the slot or device will restart automatically.
Recommended action	1. Use the display process command to verify that the process has recovered after the card or device restarts. 2. If the problem persists, contact H3C Support.

SCM_ABNORMAL_REBOOTMDC

Message text	Failed to restore process [STRING] on [STRING] [UINT16]. Rebooting [STRING] [UINT16].
Variable fields	$1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Object type, MDC or context. $5: ID of the MDC or context.
Severity level	3
Example	SCMD/3/SCM_ABNORMAL_REBOOTMDC: Failed to restore process ipbased on MDC 2. Rebooting MDC 2.
Explanation	The process exited abnormally during the startup of the MDC on the active MPU or the context on the main security engine in the security engine group. If the process cannot recover after multiple automatic restart attempts, the MDC or context will restart automatically. This message will be output in MDC 1 or Context 1.
Recommended action	1. Use the display process command to verify that the process has recovered after the card restarts. 2. If the problem persists, contact H3C Support.

SCM_ABORT_RESTORE

Message text	Failed to restore process [STRING]. Restoration aborted.
Variable fields	$1: Process name.
Severity level	3
Example	SCMD/3/SCM_ABORT_RESTORE: Failed to restore process ipbased. Restoration aborted.
Explanation	The process exited abnormally during the system operation. If the process cannot recover after multiple automatic restart attempts, the device will not restore the process.
Recommended action	1. Use the display process log command in any view to display the details about process exit. 2. Restart the card or the MDC where the process is located. 3. Provide the output from the display process log command to H3C Support.

SCM_INSMOD_ADDON_TOOLONG

Message text	Failed to finish loading [STRING] in [UINT32] minutes.
Variable fields	$1: Kernel file name. $2: File loading duration.
Severity level	4
Example	SCMD/4/SCM_INSMOD_ADDON_TOOLONG: Failed to finish loading addon.ko in 30 minutes.
Explanation	Kernel file loading timed out during device startup.
Recommended action	1. Restart the card. 2. Contact H3C Support.

SCM_KERNEL_INIT_TOOLONG

Message text	Kernel init in sequence [STRING] function [STRING] is still starting for [UINT32] minutes.
Variable fields	$1: Kernel event phase. $2: Address of the function corresponding to the kernel event. $3: Time duration.
Severity level	4
Example	SCMD/4/SCM_KERNEL_INIT_TOOLONG: Kernel init in sequence 0x25e7 function 0x6645ffe2 is still starting for 15 minutes.
Explanation	A function at a phase during kernel initialization ran too long.
Recommended action	1. Restart the card. 2. Contact H3C Support.

SCM_KILL_PROCESS

Message text	Pattern 1: The process [STRING] was killed because it failed to stop within [STRING]. Pattern 2: The process [STRING] on [STRING] [UINT16] was killed because it failed to stop within [STRING].
Variable fields	Pattern 1: $1: Process name. $2: Time that elapsed after the process received the stop signal and before the device output this log message. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Time that elapsed after the process received the stop signal and before the device output this log message.
Severity level	6
Example	SCMD/6/SCM_KILL_PROCESS: The process stamgrd was killed because it failed to stop within 30 minutes.
Explanation	If a process does not stop after running a specific period of time, the system will kill the process.
Recommended action	1. After the system, MDC, or context operates stably, use the display process command to identify whether the process has recovered. 2. If the process does not recover, contact H3C Support.

SCM_PROCESS_STARTING_TOOLONG

Message text	Pattern 1: The process [STRING] has not finished starting in [UINT32] hours. Pattern 2: The process [STRING] on [STRING] [UINT16] has not finished starting in [STRING] hours.
Variable fields	Pattern 1: $1: Process name. $2: Time duration. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Time duration.
Severity level	4
Example	SCMD/4/SCM_PROCESS_STARTING_TOOLONG: The process ipbased has not finished starting in 1 hours.
Explanation	The process initialization takes a long time and has not been finished. Too many processes have been configured or the process is abnormal.
Recommended action	1. Wait 6 hours and then verify that the process has been started. 2. Restart the card/MDC/context, and then use the display process command to verify that the process has recovered. 3. Contact H3C Support.

SCM_PROCESS_STILL_STARTING

Message text	Pattern 1: The process [STRING] is still starting for [UINT32] minutes. Pattern 2: The process [STRING] on [STRING] [UINT16] is still starting for [STRING] minutes.
Variable fields	Pattern 1: $1: Process name. $2: Time duration. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context. $4: Time duration.
Severity level	6
Example	SCMD/6/SCM_PROCESS_STILL_STARTING: The process ipbased is still starting for 20 minutes.
Explanation	A process is always in startup state.
Recommended action	No action is required.

SCM_SKIP_PROCESS

Message text	Pattern 1: The process [STRING] was skipped because it failed to start within 6 hours. Pattern 2: The process [STRING] on [STRING] [UINT16] was skipped because it failed to start within 6 hours.
Variable fields	Pattern 1: $1: Process name. Pattern 2: $1: Process name. $2: Object type, MDC or context. $3: ID of the MDC or context.
Severity level	3
Example	SCMD/3/SCM_SKIP_PROCESS: The process ipbased was skipped because it failed to start within 6 hours.
Explanation	A process failed to start within 6 hours. The device will skip this process and continue to start.
Recommended action	1. Restart the card/MDC/context, and then use the display process command to verify that the process has restored. 2. Contact H3C Support.

SCRLSP messages

This section contains static CRLSP messages.

SCRLSP_LABEL_DUPLICATE

Message text	Incoming label [INT32] for static CRLSP [STRING] is duplicate.
Variable fields	$1: Incoming label value. $2: Static CRLSP name.
Severity level	4
Example	SCRLSP/4/SCRLSP_LABEL_DUPLICATE: Incoming label 1024 for static CRLSP aaa is duplicate.
Explanation	The incoming label of a static CRLSP was occupied by another configuration, for example, by a static PW or by a static LSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static CRLSP with an incoming label which is occupied by another configuration. · Enable MPLS when a static CRLSP whose incoming label is occupied by another configuration already exists.
Recommended action	Remove this static CRLSP, and reconfigure it with another incoming label.

SESSION messages

This section contains session messages.

SESSION_IPV4_FLOW

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation.. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Total number of inbound packets. $11: Total number of inbound bytes. $12: Total number of outbound packets. $13: Total number of outbound bytes. $14: Source VPN instance name. $15: Destination VPN instance name. $16: Source DS-Lite tunnel. $17: Destination DS-Lite tunnel. $18: Time when the session is created. $19: Time when the session is removed. $20: Event type. $20: Event description: · Session created. · Active flow threshold. · Normal over. · Aged for timeout. · Aged for reset or config-change. · Other.
Severity level	6
Example	SESSION/6/SESSION_IPV4_FLOW: Protocol(1001)=UDP;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=10.10.10.1;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03182024082546;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · An IPv4 session is created or removed. · Periodically during an IPv4 session. · The traffic-based or time-based threshold of an IPv4 session is reached.
Recommended action	No action is required.

SESSION_IPV6_FLOW

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IP address. $5: Destination port number. $6: Total number of inbound packets. $7: Total number of inbound bytes. $8: Total number of outbound packets. $9: Total number of outbound bytes. $10: Source VPN instance name. $11: Destination VPN instance name. $12: Time when the session is created. $13: Time when the session is removed. $14: Event type. $15: Event description: · Session created. · Active flow threshold. · Normal over. · Aged for timeout. · Aged for reset or config-change. · Other.
Severity level	6
Example	SESSION/6/SESSION_IPV6_FLOW: Protocol(1001)=UDP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=1024;DstIPv6Addr(1037)=3001::2;DstPort(1008)=53;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1047)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;BeginTime_e(1013)=03182024082901;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · An IPv6 session is created or removed. · Periodically during an IPv6 session. · The traffic-based or time-based threshold of an IPv6 session is reached.
Recommended action	No action is required.

SFLOW messages

This section contains sFlow messages.

SFLOW_HARDWARE_ERROR

Message text	Failed to [STRING] on interface [STRING] due to [STRING].
Variable fields	$1: Configuration item: update sampling mode $2: Interface name. $3: Failure reason: not supported operation
Severity level	4
Example	SFLOW/4/SFLOW_HARDWARE_ERROR: Failed to update sampling mode on interface GigabitEthernet1/0/1 due to not supported operation.
Explanation	The configuration failed because the device does not support the fixed flow sampling mode.
Recommended action	Specify the random flow sampling mode.

SHELL messages

This section contains shell messages.

SHELL_CMD

Message text	-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command is [STRING]
Variable fields	$1: User line type and number. If there is not user line information, this field displays . $2: IP address. If there is not IP address information, this field displays . $3: Username. If there is not username information, this field displays **. $4: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMD: -Line=aux0-IPAddr=-User=; Command is quit
Explanation	A command was executed.
Recommended action	No action is required.

SHELL_CMD_CONFIRM

Message text	Confirm option of command [STRING] is [STRING].
Variable fields	$1: Command string. $2: Confirm option.
Severity level	6
Example	SHELL/6/SHELL_CMD_CONFIRM: Confirm option of command save is no.
Explanation	A user selected a confirmation option for a command.
Recommended action	No action is required.

SHELL_CMD_EXECUTEFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be executed.
Variable fields	$1: Username. $2: IP address. $3: Command string. $4: Command view.
Severity level	4
Example	SHELL/4/SHELL_CMD_EXECUTEFAIL: -User=**-IPAddr=192.168.62.138; Command save in view system failed to be executed.
Explanation	A command deployed by a background program failed to be executed.
Recommended action	No action is required.

SHELL_CMD_INPUT

Message text	Input string for the [STRING] command is [STRING].
Variable fields	$1: Command string. $2: String entered by the user.
Severity level	6
Example	SHELL/6/SHELL_CMD_INPUT: Input string for the save command is startup.cfg. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is CTRL_C. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is the Enter key.
Explanation	A user responded to the input requirement of a command.
Recommended action	No action is required.

SHELL_CMD_INPUT_TIMEOUT

Message text	Operation timed out: Getting input for the [STRING] command.
Variable fields	$1: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMD_INPUT_TIMEOUT: Operation timed out: Getting input for the fdisk command.
Explanation	The user did not respond to the input requirement of a command before the timeout timer expired.
Recommended action	No action is required.

SHELL_CMD_INVALID_CHARACTER

Message text	Execution failed for the [STRING] command. Reason: The command contains invalid characters (? or \t).
Variable fields	$1: Command to be executed.
Severity level	6
Example	SHELL/6/SHELL_CMD_INVALID_CHARACTER: Execution failed for the sysname abc?? command. Reason: The command contains invalid characters (? or \t).
Explanation	Invalid characters (? or \t) were detected in the text-type configuration file used for configuration deployment, such as configuration restoration or rollback.
Recommended action	Delete the invalid characters and deploy the configuration manually.

SHELL_CMD_MATCHFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be matched.
Variable fields	$1: Username. $2: IP address. $3: Command string. $4: Command view.
Severity level	4
Example	SHELL/4/SHELL_CMD_MATCHFAIL: -User=**-IPAddr=192.168.62.138; Command description 10 in view system failed to be matched.
Explanation	The command string has errors, or the view does not support the command.
Recommended action	Enter the correct command string. Make sure the command is supported in the view.

SHELL_CMDDENY

Message text	-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command=[STRING] is denied.
Variable fields	$1: User line type and number. If there is not user line information, this field displays . $2: IP address. If there is not IP address information, this field displays . $3: Username. If there is not username information, this field displays **. $4: Command string.
Severity level	5
Example	SHELL/5/SHELL_CMDDENY: -Line=vty0-IPAddr=192.168.62.138-User=**; Command vlan 10 is permission denied.
Explanation	The user did not have the right to execute the command.
Recommended action	No action is required.

SHELL_CMDFAIL

Message text	The [STRING] command failed to restore the configuration.
Variable fields	$1: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMDFAIL: The “vlan 1024” command failed to restore the configuration.
Explanation	A command was not restored during a configuration rollback from a .cfg file.
Recommended action	No action is required.

SHELL_COMMIT

Message text	The configuration has been committed.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT: The configuration has been committed.
Explanation	A configuration commit operation succeeded.
Recommended action	No action is required.

SHELL_COMMIT_DELAY

Message text	A configuration rollback will be performed in [INT32] minutes.
Variable fields	$1: Configuration commit delay timer.
Severity level	5
Example	SHELL/5/SHELL_COMMIT_DELAY: A configuration rollback will be performed in 3 minutes.
Explanation	The configuration commit delay timer was set successfully.
Recommended action	Complete and commit the configuration before the timer expires. If you cannot complete the configuration, execute the configuration commit delay command again to delay the expiration.

SHELL_COMMIT_REDELAY

Message text	The commit delay has been reset, a configuration rollback will be performed in [INT32] minutes.
Variable fields	$1: Configuration commit delay timer reconfigured.
Severity level	5
Example	SHELL/5/SHELL_COMMIT_REDELAY: The commit delay has been reset, a configuration rollback will be performed in 3 minutes.
Explanation	The configuration commit delay timer was reconfigured before the timer expires.
Recommended action	No action is required.

SHELL_COMMIT_ROLLBACK

Message text	The configuration commit delay is overtime, a configuration rollback will be performed.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_ROLLBACK: The configuration commit delay is overtime, a configuration rollback will be performed.
Explanation	The configuration commit delay timer expired. A configuration rollback will occur.
Recommended action	Stop configuring the device and wait for the rollback to finish.

SHELL_COMMIT_ROLLBACKDONE

Message text	The configuration rollback has been performed.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_ROLLBACKDONE: The configuration rollback has been performed.
Explanation	The configuration rollback was finished.
Recommended action	You can continue to configure the device as required.

SHELL_COMMIT_WILLROLLBACK

Message text	A configuration rollback will be performed in 1 minute. To retain the configuration you have made after executing the configuration commit delay command, execute the commit command.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_WILLROLLBACK: A configuration rollback will be performed in 1 minute. To retain the configuration you have made after executing the configuration commit delay command, execute the commit command.
Explanation	A configuration rollback will be performed in 1 minute.
Recommended action	Complete the configuration within 1 minute and commit the configuration, or execute the configuration commit delay command again to delay the expiration.

SHELL_CRITICAL_CMDFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command=[STRING] .
Variable fields	$1: Username. $2: IP address. $3: Command string.
Severity level	6
Example	SHELL/6/SHELL_CRITICAL_CMDFAIL: -User=admin-IPAddr=169.254.0.7; Command is save.
Explanation	A command failed to be executed.
Recommended action	No action is required.

SHELL_LOGIN

Message text	[STRING] logged in from [STRING].
Variable fields	$1: Username. $2: User line type and number.
Severity level	5
Example	SHELL/5/SHELL_LOGIN: Console logged in from console0.
Explanation	A user logged in. If the user logged in to the standby MPU, the user line type and number field displays local.
Recommended action	No action is required.

SHELL_LOGOUT

Message text	[STRING] logged out from [STRING].
Variable fields	$1: Username. $2: User line type and number.
Severity level	5
Example	SHELL/5/SHELL_LOGOUT: Console logged out from console0.
Explanation	A user logged out. If the user logged out from the standby MPU, the user line type and number field displays local.
Recommended action	No action is required.

SLSP messages

This section contains static LSP messages.

SLSP_LABEL_DUPLICATE

Message text	Incoming label [INT32] for static LSP [STRING] is duplicate.
Variable fields	$1: Incoming label value. $2: Static LSP name.
Severity level	4
Example	SLSP/4/SLSP_LABEL_DUPLICATE: Incoming label 1024 for static LSP aaa is duplicate.
Explanation	The incoming label of a static LSP was occupied by another configuration, for example, by a static PW or by a static CRLSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static LSP with an incoming label which is occupied by another configuration. · Enable MPLS when a static LSP whose incoming label is occupied by another configuration already exists.
Recommended action	Remove this static LSP, and reconfigure it with another incoming label.

SMLK messages

This section contains Smart Link messages.

SMLK_LINK_SWITCH

Message text	Status of port [STRING] in smart link group [UINT16] changes to active.
Variable fields	$1: Port name. $2: Smart link group ID.
Severity level	4
Example	SMLK/4/SMLK_LINK_SWITCH: Status of port GigabitEthernet0/1/4 in smart link group 1 changes to active.
Explanation	The port takes over to forward traffic after the former active port fails.
Recommended action	Remove the network faults.

SNMP messages

This section contains SNMP messages.

SNMP_ACL_RESTRICTION

Message text	SNMP [STRING] from [STRING] is rejected due to ACL restriction.
Variable fields	$1: SNMP community/usm-user/group. $2: IP address of the NMS.
Severity level	3
Example	SNMP/3/SNMP_ACL_RESTRICTION: SNMP community public from 192.168.1.100 is rejected due to ACL restrictions.
Explanation	SNMP packets are denied because of ACL restrictions.
Recommended action	Check the ACL configuration on the SNMP agent, and identify whether the agent was attacked.

SNMP_AUTHENTICATION_FAILURE

Message text	Failed to authenticate SNMP message.
Variable fields	N/A
Severity level	4
Example	SNMP/4/SNMP_AUTHENTICATION_FAILURE: Failed to authenticate SNMP message.
Explanation	An NMS failed to be authenticated by the agent.
Recommended action	No action is required.

SNMP_GET

Message text	-seqNO=[UINT32]-srcIP=[STRING]-op=GET-node=[STRING]-value=[STRING]; The agent received a message.
Variable fields	$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: MIB object name and OID. $4: Value field of the request packet.
Severity level	6
Example	SNMP/6/SNMP_GET: -seqNO=1-srcIP=192.168.28.28-op=GET-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=; The agent received a message.
Explanation	SNMP received a Get request from an NMS. The system logs SNMP operations only when SNMP logging is enabled.
Recommended action	No action is required.

SNMP_INFORM_LOST

Message text	Inform failed to reach NMS [STRING]: Inform [STRING][STRING].
Variable fields	$1: NMS host address and port number. $2: Notification name and OID. $3: Variable-binding field of notifications. ¡ If no MIB object exists, NMS host address and port number and notification name and OID are displayed. ¡ If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;).
Severity level	3
Example	SNMP/3/SNMP_INFORM_LOST: Inform failed to reach NMS 192.168.111.222(163): Inform coldStart(1.3.6.1.6.3.1.1.5.1).
Explanation	If the SNMP agent sends an Inform packet to an NMS and does not receive any response, the SNMP agent determines that the NMS is unreachable. The agent will print the message for issue location. If a message is oversized, the system will automatically fragment the message and add a location identifier "-PART=xx" to each fragment before sending them. xx represents the sequence number of a fragment.
Recommended action	Identify whether the SNMP agent and the NMS are reachable to each other.

SNMP_NOTIFY

Message text	Notification [STRING][STRING].
Variable fields	$1: Notification name and OID. $2: Variable-binding field of notifications. ¡ If no MIB object exists, only notification name and OID are displayed. ¡ If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;).
Severity level	6
Example	Example of a complete message: SNMP/6/SNMP_NOTIFY: Notification hh3cLogIn(1.3.6.1.4.1.25506.2.2.1.1.3.0.1) with hh3cTerminalUserName(1.3.6.1.4.1.25506.2.2.1.1.2.1.0)=;hh3cTerminalSource(1.3.6.1.4.1.25506.2.2.1.1.2.2.0)=Console. Example of a fragmented message: SNMP/6/SNMP_NOTIFY: -MDC=1; -PART=1; Notification syslogMsgNotification(1.3.6.1.2.1.192.0.1) with syslogMsgFacility(1.3.6.1.2.1.192.1.2.1.2.1)=23;syslogMsgSeverity(1.3.6.1.2.1.192.1.2.1.3.1)=6;syslogMsgVersion(1.3.6.1.2.1.192.1.2.1.4.1)=1;syslogMsgTimeStamp(1.3.6.1.2.1.192.1.2.1.5.1)=07-e2-04-12-12-26-35-00-00-00-2d-00-00[hex];syslogMsgHostName(1.3.6.1.2.1.192.1.2.1.6.1)=H3C;syslogMsgAppName(1.3.6.1.2.1.192.1.2.1.7.1)=SHELL;syslogMsgProcID(1.3.6.1.2.1.192.1.2.1.8.1)=-;syslogMsgMsgID(1.3.6.1.2.1.192.1.2.1.9.1)=SHELL_CMD;syslogMsgSDParams(1.3.6.1.2.1.192.1.2.1.10.1)=4;syslogMsgMsg(1.3.6.1.2.1.192.1.2.1.11.1)= Command is snmp-agent trap enable syslog;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.1.12.83.121.115.76.111.99.64.50.53.53.48.54.3.77.68.67)=1;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.2.12.65.112.112.76.111.99.64.50.53.53.48.54.4.76.105.110.101)=con0. SNMP/6/SNMP_NOTIFY: -MDC=1; -PART=2; Notification syslogMsgNotification(1.3.6.1.2.1.192.0.1) with syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.3.12.65.112.112.76.111.99.64.50.53.53.48.54.6.73.80.65.100.100.114)=;syslogMsgSDParamValue(1.3.6.1.2.1.192.1.3.1.4.1.4.12.65.112.112.76.111.99.64.50.53.53.48.54.4.85.115.101.114)=.
Explanation	The SNMP agent sent a notification. This message displays the notification content. If a message is oversized, the system will automatically fragment the message and add a location identifier "-PART=xx" to each fragment before sending them. xx represents the sequence number of a fragment.
Recommended action	No action is required.

SNMP_SET

Message text	-seqNO=[UINT32]-srcIP=[STRING]-op=SET-errorIndex=[UINT32]-errorStatus=[STRING]-node=[STRING]-value=[STRING]; The agent received a message.
Variable fields	$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: Error index of the Set operation. $4: Error status of the Set operation. $5: MIB object name and OID. $6: Value of the MIB object changed by the Set operation.
Severity level	6
Example	SNMP/6/SNMP_SET: -seqNO=3-srcIP=192.168.28.28-op=SET-errorIndex=0-errorStatus=noError-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=Hangzhou China; The agent received a message.
Explanation	SNMP received a Set request from an NMS. The system logs SNMP operations only when SNMP logging is enabled.
Recommended action	No action is required.

SNMP_USM_NOTINTIMEWINDOW

Message text	-User=[STRING]-IPAddr=[STRING]; SNMPv3 message is not in the time window.
Variable fields	$1: Username. $2: IP address of the NMS.
Severity level	4
Example	SNMP/4/SNMP_USM_NOTINTIMEWINDOW: -User=admin-IPAddr=169.254.0.7; SNMPv3 message is not in the time window.
Explanation	The SNMPv3 message is not in the time window.
Recommended action	No action is required.

SSHC messages

This section contains SSH client messages.

SSHC_ALGORITHM_MISMATCH

Message text	The SSH client failed to log in because of [STRING] algorithm mismatch.
Variable fields	$1: Type of the algorithm: ¡ encryption—Encryption algorithm. ¡ key exchange—Key exchange algorithm. ¡ MAC—HMAC algorithm. ¡ public key—Public key algorithm.
Severity level	5
Example	SSHC/5/SSHC_ALGORITHM_MISMATCH: The SSH client failed to log in because of encryption algorithm mismatch.
Explanation	The SSH client failed to log in because the algorithms on the SSH client did not have a match on the SSH server.
Recommended action	Change algorithms used by the SSH client to ensure that the SSH client and the SSH server use the same algorithms.

SSHC_AUTH_PASSWORD_FAIL

Message text	SSH user [STRING] failed to pass password authentication because of invalid username or wrong password.
Variable fields	$1: Username.
Severity level	5
Example	SSHC/5/SSHC_AUTH_PASSWORD_FAIL: SSH user aaa failed to pass password authentication because of invalid username or wrong password.
Explanation	The SSH user failed to pass password authentication because of invalid username or wrong password.
Recommended action	Make sure the username and the user password are correct.

SSHC_AUTH_PUBLICKEY_FAIL

Message text	SSH user [STRING] failed to pass publickey authentication.
Variable fields	$1: Username.
Severity level	5
Example	SSHC/5/SSHC_AUTH_PUBLICKEY_FAIL: SSH user abc failed to pass publickey authentication.
Explanation	The SSH user failed to pass publickey authentication.
Recommended action	Verify that the correct public key of the client is saved on the SSH server.

SSHC_CERT_VERIFY_FAIL

Message text	Failed to verify the certificate because [STRING].
Variable fields	$1: Failure reason: ¡ null certificate. ¡ null certificate name. ¡ unable to get issuer certificate. ¡ unable to get certificate CRL. ¡ unable to decrypt CRL's signature. ¡ certificate signature failure. ¡ CRL signature failure. ¡ unable to decrypt certificate's signature. ¡ certificate is not yet valid. ¡ certificate has expired. ¡ CRL is not yet valid. ¡ CRL has expired. ¡ format error in certificate's notBefore field. ¡ format error in certificate's notAfter field. ¡ format error in CRL's lastUpdate field. ¡ format error in CRL's nextUpdate field. ¡ out of memory. ¡ self signed certificate. ¡ self signed certificate in certificate chain. ¡ unable to verify the first certificate. ¡ certificate chain too long. ¡ certificate revoked. ¡ invalid CA certificate. ¡ invalid non-CA certificate (has CA markings). ¡ path length constraint exceeded. ¡ proxy path length constraint exceeded. ¡ proxy certificates not allowed, please set the appropriate flag. ¡ unsupported certificate purpose. ¡ certificate not trusted. ¡ certificate rejected. ¡ application verification failure. ¡ subject issuer mismatch. ¡ authority and subject key identifier mismatch. ¡ authority and issuer serial number mismatch. ¡ key usage does not include certificate signing. ¡ unable to get CRL issuer certificate. ¡ unhandled critical extension. ¡ key usage does not include CRL signing. ¡ key usage does not include digital signature. ¡ unhandled critical CRL extension. ¡ invalid or inconsistent certificate extension. ¡ invalid or inconsistent certificate policy extension. ¡ no explicit policy. ¡ Different CRL scope. ¡ CRL path validation error. ¡ unsupported or invalid name syntax. ¡ unsupported or invalid name constraint syntax. ¡ Suite B: certificate version invalid. ¡ Suite B: invalid public key algorithm. ¡ Suite B: invalid ECC curve. ¡ Suite B: invalid signature algorithm. ¡ Suite B: curve not allowed for this LOS. ¡ Suite B: cannot sign P-384 with P-256. ¡ Invalid certificate verification context. ¡ Issuer certificate lookup error. ¡ proxy subject name violation.
Severity level	5
Example	SSHC/5/SSHC_CERT_VERIFY_FAIL: Failed to verify the certificate because null certificate.
Explanation	Certificate authentication failed.
Recommended action	Make sure the certificate is valid.

SSHC_CONNECT_FAIL

Message text	The SSH client failed to connect to SSH server [IPADDR] port [UINT32].
Variable fields	$1: IP address of the SSH server. $2: Port number of the SSH server.
Severity level	5
Example	SSHC/5/SSHC_CONNECT_FAIL: The SSH client failed to connect to SSH server 1.1.1.1 port 2000.
Explanation	The SSH client failed to establish a connection to the SSH server.
Recommended action	Verify that the IP address and port number of the SSH server are correct and the SSH server service has been enabled.

SSHC_DECRYPT_FAIL

Message text	The SSH client failed to use [STRING] to decrypt the packet received from the SSH server.
Variable fields	$1: Encryption algorithm.
Severity level	5
Example	SSHC/5/SSHC_DECRYPT_FAIL: The SSH client failed to use aes256-cbc to decrypt the packet received from the SSH server.
Explanation	The SSH client failed to decrypt the packet received from the SSH server.
Recommended action	Please contact H3C Support.

SSHC_DISCONNECT

Message text	The SSH client was disconnected from the SSH server because the network was not available.
Variable fields	None.
Severity level	5
Example	SSHC/5/SSHC_DISCONNECT: The SSH client was disconnected from the SSH server because the network was not available.
Explanation	The SSH client was disconnected from the SSH server because the network was not available.
Recommended action	Make sure the network is available.

SSHC_ENCRYPT_FAIL

Message text	The SSH client failed to use [STRING] to encrypt the packet sent to the SSH server.
Variable fields	$1: Encryption algorithm, such as aes256-cbc.
Severity level	5
Example	SSHC/5/SSHC_ENCRYPT_FAIL: The SSH client failed to use aes256-cbc to encrypt the packet sent to the SSH server.
Explanation	The SSH client failed to encrypt the packet sent to the SSH server.
Recommended action	Please contact H3C Support.

SSHC_HOST_NAME_ERROR

Message text	The SSH server host name [STRING] is incorrect.
Variable fields	$1: Host name.
Severity level	5
Example	SSHC/5/SSHC_HOST_NAME_ERROR: The SSH server host name AAA is incorrect.
Explanation	The host name of the SSH server is incorrect.
Recommended action	Verify that the host name is correct.

SSHC_KEY_EXCHANGE_FAIL

Message text	The SSH client failed to exchange keys with the SSH server.
Variable fields	None.
Severity level	5
Example	SSHC/5/SSHC_KEY_EXCHANGE_FAIL: The SSH client failed to exchange keys with the SSH server.
Explanation	The SSH client failed to exchange keys with the SSH server.
Recommended action	Verify that the SSH client and the SSH server use the same key exchange algorithm. If the algorithms used by the two parties do not match, change the algorithm on the SSH client.

SSHC_MAC_ERROR

Message text	The SSH client received from the SSH server a packet with incorrect message authentication code.
Variable fields	None.
Severity level	5
Example	SSHC/5/SSHC_MAC_ERROR: The SSH client received from the SSH server a packet with incorrect message authentication code.
Explanation	The SSH client received a packet from the SSH server, and the message authentication code of the packet was incorrect.
Recommended action	No action is required.

SSHC_PUBLICKEY_NOT_EXIST

Message text	The public key of the SSH server does not exist.
Variable fields	None.
Severity level	5
Example	SSHC/5/SSHC_PUBLICKEY_NOT_EXIST: The public key of the SSH server does not exist.
Explanation	The specified public key of the SSH server does not exist.
Recommended action	Use the display public-key peer command on the SSH client to verify that the client has the specified public key of the SSH server.

SSHC_VERSION_MISMATCH

Message text	The SSH client failed to log in because of version mismatch.
Variable fields	None.
Severity level	5
Example	SSHC/5/SSHC_VERSION_MISMATCH: The SSH client failed to log in because of version mismatch.
Explanation	The SSH client failed login because the SSH client and the SSH server use different SSH versions.
Recommended action	Modify the SSH client version on the client to ensure that it uses the same SSH version as the SSH server.

SSHS messages

This section contains SSH server messages.

SSHS_ACL_DENY

Message text	The SSH Connection [IPADDR]([STRING]) request was denied according to ACL rules.
Variable fields	$1: IP address of the SSH client. $2: VPN instance to which the IP address of the SSH client belongs.
Severity level	5
Example	SSHS/5/SSH_ACL_DENY: The SSH Connection 1.2.3.4(vpn1) request was denied according to ACL rules.
Explanation	The SSH server detected a login attempt from the invalid SSH client and denied the connection request of the client by using the ACL rules.
Recommended action	No action is required.

SSHS_ALGORITHM_MISMATCH

Message text	SSH client [STRING] failed to log in because of [STRING] algorithm mismatch.
Variable fields	$1: IP address of the SSH client. $2: Type of the algorithm, including encryption, key exchange, MAC, and public key.
Severity level	6
Example	SSHS/6/SSHS_ALGORITHM_MISMATCH: SSH client 192.168.30.117 failed to log in because of encryption algorithm mismatch.
Explanation	The SSH client and the SSH server used different algorithms.
Recommended action	Verify that the SSH client and the SSH server use the same algorithm.

SSHS_AUTH_EXCEED_RETRY_TIMES

Message text	SSH user [STRING] (IP: [STRING]) failed to log in, because the number of authentication attempts exceeded the upper limit.
Variable fields	$1: User name. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_AUTH_EXCEED_RETRY_TIMES: SSH user David (IP: 192.168.30.117) failed to log in, because the number of authentication attempts exceeded the upper limit.
Explanation	The number of authentication attempts by an SSH user reached the upper limit.
Recommended action	Prompt the SSH user to use the correct login data to try again.

SSHS_AUTH_FAIL

Message text	SSH user [STRING] (IP: [STRING]) didn't pass public key authentication for [STRING].
Variable fields	$1: Username. $2: IP address of the SSH client. $3: Failure reasons: ¡ Wrong public key algorithm. ¡ Wrong public key. ¡ Wrong digital signature.
Severity level	6
Example	SSHS/6/SSHS_AUTH_FAIL: SSH user David (IP: 192.168.30.117) didn't pass public key authentication for wrong public key algorithm.
Explanation	An SSH user failed the publickey authentication.
Recommended action	Tell the SSH user to try to log in again.

SSHS_AUTH_KBDINT_FAIL

Message text	SSH user [STRING] (IP: [STRING]) didn't pass keyboard-interactive authentication.
Variable fields	$1: Username. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_AUTH_KBDINT_FAIL: SSH user David (IP: 192.168.30.117) didn't pass keyboard-interactive authentication.
Explanation	An SSH user failed the keyboard-interactive authentication.
Recommended action	Tell the SSH user to try to log in again.

SSHS_AUTH_PWD_FAIL

Message text	Authentication failed for user [STRING] from [STRING] port [INT32] because of invalid username or wrong password.
Variable fields	$1: Username. $2: IP address of the SSH client. $3: Port number.
Severity level	6
Example	SSHS/6/SSHS_AUTH_PWD_LOG: Authentication failed for user David from 140.1.1.46 port 16266 because of invalid username or wrong password.
Explanation	An SSH user failed authentication because of invalid username or wrong password.
Recommended action	Make sure the SSH user uses correct username and password.

SSHS_AUTH_TIMEOUT

Message text	Authentication timed out for [IPADDR].
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_AUTH_TIMEOUT: Authentication timed out for 1.1.1.1.
Explanation	The authentication timeout timer expired, and the SSH user failed the authentication.
Recommended action	Make sure the SSH user enters correct authentication information before the authentication timeout timer expires.

SSHS_AUTH_SUCCESS

Message text	SSH user [STRING] from [IPADDR] port [INTEGER] passed [STRING] authentication.
Variable fields	$1: Username. $2: IP address of the SSH client. $3: TCP source port. $4: Authentication method: keyboard-interactive, password, or publickey.
Severity level	6
Example	SSHS/6/SSHS_AUTH_SUCCESS: SSH user ABC from 1.1.1.1 port 55361 passed keyboard-interactive authentication.
Explanation	An SSH user passed authentication.
Recommended action	No action is required.

SSHS_AUTHOR_FAIL

Message text	Authorization failed for user [STRING] from [STRING] port [INT32].
Variable fields	$1: Username. $2: IP address of the SSH client. $3: Port number.
Severity level	6
Example	SSHS/6/SSHS_AUTHOR_FAIL: Authorization failed for user David from 140.1.2.46 port 15000.
Explanation	Authorization failed for an SSH user.
Recommended action	Check the configuration of the local user or the authentication server.

SSHS_CERT_VERIFY_FAIL

Message text	Failed to verify the certificate because [STRING].
Variable fields	$1: Failure reason: ¡ null certificate. ¡ null certificate name. ¡ unable to get issuer certificate. ¡ unable to get certificate CRL. ¡ unable to decrypt CRL's signature. ¡ certificate signature failure. ¡ CRL signature failure. ¡ unable to decrypt certificate's signature. ¡ certificate is not yet valid. ¡ certificate has expired. ¡ CRL is not yet valid. ¡ CRL has expired. ¡ format error in certificate's notBefore field. ¡ format error in certificate's notAfter field. ¡ format error in CRL's lastUpdate field. ¡ format error in CRL's nextUpdate field. ¡ out of memory. ¡ self signed certificate. ¡ self signed certificate in certificate chain. ¡ unable to verify the first certificate. ¡ certificate chain too long. ¡ certificate revoked. ¡ invalid CA certificate. ¡ invalid non-CA certificate (has CA markings). ¡ path length constraint exceeded. ¡ proxy path length constraint exceeded. ¡ proxy certificates not allowed, please set the appropriate flag. ¡ unsupported certificate purpose. ¡ certificate not trusted. ¡ certificate rejected. ¡ application verification failure. ¡ subject issuer mismatch. ¡ authority and subject key identifier mismatch. ¡ authority and issuer serial number mismatch. ¡ key usage does not include certificate signing. ¡ unable to get CRL issuer certificate. ¡ unhandled critical extension. ¡ key usage does not include CRL signing. ¡ key usage does not include digital signature. ¡ unhandled critical CRL extension. ¡ invalid or inconsistent certificate extension. ¡ invalid or inconsistent certificate policy extension. ¡ no explicit policy. ¡ Different CRL scope. ¡ CRL path validation error. ¡ unsupported or invalid name syntax. ¡ unsupported or invalid name constraint syntax. ¡ Suite B: certificate version invalid. ¡ Suite B: invalid public key algorithm. ¡ Suite B: invalid ECC curve. ¡ Suite B: invalid signature algorithm. ¡ Suite B: curve not allowed for this LOS. ¡ Suite B: cannot sign P-384 with P-256. ¡ Invalid certificate verification context. ¡ Issuer certificate lookup error. ¡ proxy subject name violation.
Severity level	5
Example	SSHS/5/SSHS_CERT_VERIFY_FAIL: Failed to verify the certificate because null certificate.
Explanation	Certificate authentication fails.
Recommended action	Make sure the certificate is valid.

SSHS_CONNECT

Message text	SSH user [STRING] (IP: [STRING]) connected to the server successfully.
Variable fields	$1: Username. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_CONNECT: SSH user David (IP: 192.168.30.117) connected to the server successfully.
Explanation	An SSH user logged in to the server successfully.
Recommended action	No action is required.

SSHS_DECRYPT_FAIL

Message text	The packet from [STRING] failed to be decrypted with [STRING].
Variable fields	$1: IP address of the SSH client. $2: Encryption algorithm, such as AES256-CBC.
Severity level	5
Example	SSHS/5/SSHS_DECRYPT_FAIL: The packet from 192.168.30.117 failed to be decrypted with aes256-cbc.
Explanation	A packet from an SSH client failed to be decrypted.
Recommended action	No action is required.

SSHS_DISCONNECT

Message text	SSH user [STRING] (IP: [STRING]) disconnected from the server.
Variable fields	$1: Username. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_DISCONNECT: SSH user David (IP: 192.168.30.117) disconnected from the server.
Explanation	An SSH user logged out.
Recommended action	No action is required.

SSHS_ENCRYPT_FAIL

Message text	The packet to [STRING] failed to be encrypted with [STRING].
Variable fields	$1: IP address of the SSH client. $2: Encryption algorithm, such as aes256-cbc.
Severity level	5
Example	SSHS/5/SSHS_ENCRYPT_FAIL: The packet to 192.168.30.117 failed to be encrypted with aes256-cbc.
Explanation	A packet to an SSH client failed to be encrypted.
Recommended action	No action is required.

SSHS_LOG

Message text	Authentication failed for user [STRING] from [STRING] port [INT32] because of invalid username or wrong password. Authorization failed for user [STRING] from [STRING] port [INT32].
Variable fields	$1: Username. $2: IP address of the SSH client. $3: Port number.
Severity level	6
Example	SSHS/6/SSHS_LOG: Authentication failed for user David from 140.1.1.46 port 16266 because of invalid username or wrong password. SSHS/6/SSHS_LOG: Authorization failed for user David from 140.1.2.46 port 15000.
Explanation	An SSH user failed authentication because the username or password was wrong. An SSH user failed authorization.
Recommended action	No action is required.

SSHS_MAC_ERROR

Message text	SSH server received a packet with wrong message authentication code (MAC) from [STRING].
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_MAC_ERROR: SSH server received a packet with wrong message authentication code (MAC) from 192.168.30.117.
Explanation	The SSH server received a packet with a wrong MAC from a client.
Recommended action	No action is required.

SSHS_REACH_SESSION_LIMIT

Message text	SSH client [STRING] failed to log in. The current number of SSH sessions is [NUMBER]. The maximum number allowed is [NUMBER].
Variable fields	$1: IP address of the SSH client. $2: Current number of SSH sessions. $3: Maximum number of SSH sessions allowed on the device.
Severity level	6
Example	SSHS/6/SSHS_REACH_SESSION_LIMIT: SSH client 192.168.30.117 failed to log in. The current number of SSH sessions is 10. The maximum number allowed is 10.
Explanation	The number of SSH sessions reached the upper limit.
Recommended action	No action is required.

SSHS_REACH_USER_LIMIT

Message text	SSH client [STRING] failed to log in, because the number of users reached the upper limit.
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_REACH_USER_LIMIT: SSH client 192.168.30.117 failed to log in, because the number of users reached the upper limit.
Explanation	The number of SSH users reached the upper limit.
Recommended action	No action is required.

SSHS_SCP_OPER

Message text	User [STRING] at [IPADDR] requested operation: [STRING].
Variable fields	$1: Username. $2: IP address of the SCP client. $3: Requested file operations: ¡ get file "name"'—Downloads the file name from the SCP server. ¡ put file "name"—Uploads the file name to the SCP server.
Severity level	6
Example	SSHS/6/SSHS_SCP_OPER: -MDC=1; User user1 at 1.1.1.1 requested operation: put file "aa".
Explanation	The SCP sever received an operation request from an SCP client.
Recommended action	No action is required.

SSHS_SFTP_OPER

Message text	User [STRING] at [IPADDR] requested operation: [STRING].
Variable fields	$1: Username. $2: IP address of the SFTP client. $3: Requested operations on a file or directory: ¡ open dir "path"—Opens the directory path. ¡ open "file" (attribute code code) in MODE mode—Opens the file file with the attribute code code in mode MODE. ¡ remove file "path"—Deletes the file path. ¡ mkdir "path" (attribute code code)—Creates a new directory path with the attribute code code. ¡ rmdir "path"—Deletes the directory path. ¡ rename old "old-name" to new "new-name"—Changes the name of a file or folder from old-name to new-name.
Severity level	6
Example	SSHS/6/SSHS_SFTP_OPER: User user1 at 1.1.1.1 requested operation: open dir "flash:/".
Explanation	The SFTP sever received an operation request from an SFTP client.
Recommended action	No action is required.

SSHS_SRV_UNAVAILABLE

Message text	The [STRING] server is disabled or the [STRING] service type is not supported.
Variable fields	$1: Service type, which can be Stelnet, SCP, SFTP, or NETCONF.
Severity level	6
Example	SSHS/6/SSHS_SRV_UNAVAILABLE: The SCP server is disabled or the SCP service type is not supported.
Explanation	The server was disconnecting the connection because of unavailable Stelnet/SCP/SFTP service.
Recommended action	Verify that the Stelnet/SCP/SFTP service is available and the user configuration is correct.

SSHS_VERSION_MISMATCH

Message text	SSH client [STRING] failed to log in because of version mismatch.
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_VERSION_MISMATCH: SSH client 192.168.30.117 failed to log in because of version mismatch.
Explanation	The SSH client and the SSH server used different SSH versions.
Recommended action	Verify that the SSH client and the SSH server use the same SSH version.

STAMGR messages

This section contains station management messages.

STAMGR_ADD_FAILVLAN

Message text	-SSID=[STRING]-UserMAC=[STRING]; Added a user to the Fail VLAN [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: ID of the Fail VLAN.
Severity level	5
Example	STAMGR/5/STAMGR_ADD_FAILVLAN:-SSID=text-wifi-UserMAC=3ce5-a616-28cd; Added a user to the Fail VLAN 5.
Explanation	The client failed to pass the authentication and was assigned to the Auth-Fail VLAN.
Recommended action	No action is required.

STAMGR_ADDBAC_INFO

Message text	Add BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	STAMGR/6/STAMGR_ADDBAC_INFO: Add BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was connected to the master AC.
Recommended action	No action is required.

STAMGR_ADDSTA_INFO

Message text	Add client [STRING].
Variable fields	$1: MAC address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_ADDSTA_INFO: Add client 3ce5-a616-28cd.
Explanation	The client was connected to the BAS AC.
Recommended action	No action is required.

STAMGR_AUTHORACL_FAILURE

Message text	-SSID=[STRING]-UserMAC=[STRING]; Failed to assign an ACL. Reason: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Reason: · The ACL doesn't exist. · ACL type not supported. · Not enough hardware resources. · The ACL conflicts with other ACLs. · The ACL doesn't contain any rules. · Unknown error.
Severity level	5
Example	STAMGR/5/STAMGR_AUTHORACL_FAILURE:-SSID=text-wifi-UserMAC=3ce5-a616-28cd; Failed to assign an ACL. Reason: The ACL doesn’t exist.
Explanation	The authentication server failed to assign an ACL to the client.
Recommended action	No action is required.

STAMGR_AUTHORUSERPROFILE_FAILURE

Message text	-SSID=[STRING]-UserMAC=[STRING]; Failed to assign a user profile.
Variable fields	$1: SSID. $2: MAC address of the client.
Severity level	5
Example	STAMGR/5/STAMGR_AUTHORUSERPROFILE_FAILURE:-SSID=text-wifi-UserMAC=3ce5-a616-28cd; Failed to assign a user profile.
Explanation	The authentication server failed to assign a user profile to the client.
Recommended action	No action is required.

STAMGR_CLIENT_OFFLINE

Message text	Client [STRING] went offline from BSS [STRING] with [STRING]. State changed to Unauth.
Variable fields	$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template.
Severity level	6
Example	STAMGR/6/STAMGR_CLIENT_OFFLINE: Client 0023-8933-2147 went offline from BSS 0023-12ef-78dc with SSID abc. State changed to Unauth.
Explanation	The client went offline from the BSS. The state of the client changed to Unauth.
Recommended action	To resolve the issue: 1. Examine whether the AP and its radios operate correctly if the client went offline abnormally. 2. If they do not operate correctly, check the debugging information to locate the issue and resolve it. 3. If the issue persists, contact H3C Support.

STAMGR_CLIENT_ONLINE

Message text	Client [STRING] went online from BSS [STRING] with SSID [STRING]. State changed to Run.
Variable fields	$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template.
Severity level	6
Example	STAMGR/6/STAMGR_CLIENT_ONLINE: Client 0023-8933-2147 went online from BSS 0023-12ef-78dc with SSID abc. State changed to Run.
Explanation	The client came online from the BSS. The state of the client changed to Run.
Recommended action	No action is required.

STAMGR_DELBAC_INFO

Message text	Delete BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	STAMGR/6/STAMGR_DELBAC_INFO: Delete BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was disconnected from the master AC.
Recommended action	No action is required.

STAMGR_DELSTA_INFO

Message text	Delete client [STRING].
Variable fields	$1: MAC address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_DELSTA_INFO: Delete client 3ce5-a616-28cd.
Explanation	The client was disconnected from the BAS AC.
Recommended action	No action is required.

STAMGR_DOT1X_LOGIN_FAILURE

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-VLANID=[STRING]; A user failed 802.1X authentication.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID.
Severity level	5
Example	STAMGR/5/STAMGR_DOT1X_LOGIN_FAILURE:-Username= Dot1X-UserMAC=3ce5-a616-28cd-SSID=text-wifi-VLANID=11; A user failed 802.1X authentication.
Explanation	The client failed to pass 802.1X authentication. The failure can be caused by one of the following reasons: · Unavailable AAA server. · Incorrect username or password.
Recommended action	To resolve the issue: 1. Examine the network connection between the device and the AAA server. 2. Verify that the AAA server works correctly. 3. Verify that the AAA server is configured with the correct username and password. 4. If the issue persists, contact H3C Support.

STAMGR_DOT1X_LOGIN_SUCC

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-VLANID=[STRING]; A user passed 802.1X authentication and came online.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID.
Severity level	6
Example	STAMGR/6/STAMGR_DOT1X_LOGIN_SUCC:-Username=Dot1X-UserMAC=3ce5-a616-28cd-SSID=text-wifi-VLANID=11; A user passed 802.1X authentication and came online.
Explanation	The client came online after passing 802.1X authentication.
Recommended action	No action is required.

STAMGR_DOT1X_LOGOFF

Message text	Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-VLANID=[STRING]; Session for an 802.1X user was terminated.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID.
Severity level	6
Example	STAMGR/6/STAMGR_DOT1X_LOGOFF:-Username=Dot1X-UserMAC=3ce5-a616-28cd-SSID=text-wifi-VLANID=11; Session for an 802.1X user was terminated.
Explanation	The 802.1X authenticated client was logged off.
Recommended action	No action is required.

STAMGR_MACA_LOGIN_FAILURE

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; A user failed MAC authentication.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. $5: Username format: · fixed. · MAC address.
Severity level	5
Example	STAMGR/5/STAMGR_MACA_LOGIN_FAILURE:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-VLANID=11-UsernameFormat=fixed; A user failed MAC authentication.
Explanation	The client failed to pass MAC authentication. The failure can be caused by one of the following reasons: · Unavailable AAA server. · Incorrect username or password.
Recommended action	To resolve the issue: 1. Examine the network connection between the device and the AAA server. 2. Verify that the AAA server works correctly. 3. Verify that the AAA server is configured with the correct username and password. 4. If the issue persists, contact H3C Support.

STAMGR_MACA_LOGIN_SUCC

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; A user passed MAC authentication and came online.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. $5: Username format: · fixed. · MAC address.
Severity level	6
Example	STAMGR/6/STAMGR_MACA_LOGIN_SUCC:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-VLANID=11-UsernameFormat=fixed; A user passed MAC authentication and came online.
Explanation	The client came online after passing MAC authentication.
Recommended action	No action is required.

STAMGR_MACA_LOGOFF

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; Session for a MAC authentication user was terminated.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: VLAN ID. $5: Username format: · fixed. · MAC address.
Severity level	6
Example	STAMGR/6/STAMGR_MACA_LOGOFF:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-VLANID=11-UsernameFormat=fixed; Session for a MAC authentication user was terminated.
Explanation	The MAC authenticated client was logged off.
Recommended action	No action is required.

STAMGR_STAIPCHANGE_INFO

Message text	IP address of client [STRING] changed to [STRING].
Variable fields	$1: MAC address of the client. $1: New IP address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_STAIPCHANGE_INFO: IP address of client 3ce5-a616-28cd changed to 4.4.4.4.
Explanation	The IP address of the client was updated.
Recommended action	No action is required.

STAMGR_TRIGGER_IP

Message text	-SSID=[STRING]-UserMAC=[STRING]-VLANID=[STRING]; Intrusion protection triggered. Action: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $4: VLAN ID. $5: Action: · Added the user to the blocked MAC address list. · Closed the user's BSS temporarily. · Closed the user's BSS permanently.
Severity level	5
Example	STAMGR/5/STAMGR_TRIGGER_IP:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-VLANID=11; Intrusion protection triggered, the intrusion protection action: added a user to the list of Block-MAC.
Explanation	Intrusion protection was triggered and the action was displayed.
Recommended action	No action is required.

STM messages

This section contains IRF messages.

STM_AUTO_UPDATE_FAILED

Message text	Pattern 1: Slot [UINT32] auto-update failed. Reason: [STRING]. Pattern 2: Chassis [UINT32] slot [UINT32] auto-update failed. Reason: [STRING].
Variable fields	Pattern 1: $1: IRF member ID. $2: Failure reason: ¡ Timeout when loading—The IRF member device failed to complete loading software within the required time period. ¡ Wrong description when loading—The file description in the software image file does not match the current attributes of the software image. This issue might occur when the file does not exist or is corrupted. ¡ Disk full when writing to disk—The storage medium does not have sufficient space. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU. $3: Failure reason: ¡ Timeout when loading—The MPU failed to complete loading software within the required time period. ¡ Wrong description when loading—The file description in the software image file does not match the current attributes of the software image. This issue might occur when the file does not exist or is corrupted. ¡ Disk full when writing to disk—The MPU does not have sufficient storage space.
Severity level	4
Example	STM/4/STM_AUTO_UPDATE_FAILED: Slot 5 auto-update failed. Reason: Timeout when loading.
Explanation	Pattern 1: Software synchronization from the master failed on a subordinate device. Pattern 2: Software synchronization from the global active MPU failed on a standby MPU.
Recommended action	1. Remove the issue depending on the failure reason: ¡ If the failure reason is Timeout when loading, verify that all IRF links are up. ¡ If the failure reason is Wrong description when loading, download the software images again. ¡ If the failure reason is Disk full when writing to disk, delete unused files to free the storage space. 2. Upgrade software manually for the device or MPU to join the IRF fabric, and then connect the device to the IRF fabric.

STM_AUTO_UPDATE_FINISHED

Message text	Pattern 1: File loading finished on slot [UINT32]. Pattern 2: File loading finished on chassis [UINT32] slot [UINT32].
Variable fields	Pattern 1: $1: IRF member ID. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU.
Severity level	5
Example	STM/5/STM_AUTO_UPDATE_FINISHED: File loading finished on slot 3.
Explanation	Pattern 1: The member device finished loading software images. Pattern 2: The MPU finished loading software images.
Recommended action	No action is required.

STM_AUTO_UPDATING

Message text	Pattern 1: Don't reboot the slot [UINT32]. It is loading files. Pattern 2: Don't reboot the chassis [UINT32] slot [UINT32]. It is loading files.
Variable fields	Pattern 1: $1: IRF member ID. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU.
Severity level	5
Example	STM/5/STM_AUTO_UPDATING: Don't reboot the slot 2. It is loading files.
Explanation	Pattern 1: The member device is loading software images. To avoid software upgrade failure, do not reboot the member device. Pattern 2: The MPU is loading software images. To avoid software upgrade failure, do not reboot the MPU.
Recommended action	No action is required.

STM_LINK_DOWN

Message text	IRF port [UINT32] went down.
Variable fields	$1: IRF port name.
Severity level	3
Example	STM/3/STM_LINK_DOWN: IRF port 2 went down.
Explanation	This event occurs when all physical interfaces bound to an IRF port are down.
Recommended action	Check the physical interfaces bound to the IRF port. Make sure a minimum of one member physical interface is up.

STM_LINK_TIMEOUT

Message text	IRF port [UINT32] went down because the heartbeat timed out.
Variable fields	$1: IRF port name.
Severity level	2
Example	STM/2/STM_LINK_TIMEOUT: IRF port 1 went down because the heartbeat timed out.
Explanation	The IRF port went down because of heartbeat timeout.
Recommended action	Check the IRF link for link failure.

STM_LINK_UP

Message text	IRF port [UINT32] came up.
Variable fields	$1: IRF port name.
Severity level	6
Example	STM/6/STM_LINK_UP: IRF port 1 came up.
Explanation	An IRF port came up.
Recommended action	No action is required.

STM_MERGE

Message text	IRF merge occurred.
Variable fields	N/A
Severity level	4
Example	STM/4/STM_MERGE: IRF merge occurred.
Explanation	IRF merge occurred.
Recommended action	No action is required.

STM_MERGE_NEED_REBOOT

Message text	IRF merge occurred. This IRF system needs a reboot.
Variable fields	N/A
Severity level	4
Example	STM/4/STM_MERGE_NEED_REBOOT: IRF merge occurred. This IRF system needs a reboot.
Explanation	You must reboot the current IRF fabric for IRF merge, because it failed in the master election.
Recommended action	Log in to the IRF fabric, and use the reboot command to reboot the IRF fabric.

STM_MERGE_NOT_NEED_REBOOT

Message text	IRF merge occurred. This IRF system does not need to reboot.
Variable fields	N/A
Severity level	5
Example	STM/5/STM_MERGE_NOT_NEED_REBOOT: IRF merge occurred. This IRF system does not need to reboot.
Explanation	You do not need to reboot the current IRF fabric for IRF merge, because it was elected the master.
Recommended action	Reboot the IRF fabric that has failed in the master election to finish the IRF merge.

STM_SAMEMAC

Message text	Failed to stack because of the same bridge MAC addresses.
Variable fields	N/A
Severity level	4
Example	STM/4/STM_SAMEMAC: Failed to stack because of the same bridge MAC addresses.
Explanation	Failed to set up the IRF fabric because some member devices are using the same bridge MAC address.
Recommended action	1. Verify that IRF bridge MAC persistence is disabled on the member devices. To disable this feature, use the undo irf mac-address persistent command. 2. If the issue persists, contact H3C Support.

STM_SOMER_CHECK

Message text	Neighbor of IRF port [UINT32] cannot be stacked.
Variable fields	$1: IRF port name.
Severity level	3
Example	STM/3/STM_SOMER_CHECK: Neighbor of IRF port 1 cannot be stacked.
Explanation	The neighbor connected to the IRF port cannot form an IRF fabric with the device.
Recommended action	Check the following items: · The device models can form an IRF fabric. · The IRF settings are correct. For more information, see the IRF configuration guide for the device.

STP messages

This section contains STP messages.

STP_BPDU_PROTECTION

Message text	BPDU-Protection port [STRING] received BPDUs.
Variable fields	$1: Interface name.
Severity level	4
Example	STP/4/STP_BPDU_PROTECTION: BPDU-Protection port GigabitEthernet1/0/1 received BPDUs.
Explanation	A BPDU-guard-enabled port received BPDUs.
Recommended action	Check whether the downstream device is a terminal and check for possible attacks from the downstream device or other devices.

STP_BPDU_RECEIVE_EXPIRY

Message text	Instance [UINT32]'s port [STRING] received no BPDU within the rcvdInfoWhile interval. Information of the port aged out.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	5
Example	STP/5/STP_BPDU_RECEIVE_EXPIRY: Instance 0's port GigabitEthernet1/0/1 received no BPDU within the rcvdInfoWhile interval. Information of the port aged out.
Explanation	The state of a non-designated port changed because the port did not receive a BPDU within the max age.
Recommended action	Check the STP status of the upstream device and possible attacks from other devices.

STP_CONSISTENCY_CHECK

Message text	M-LAG role assignment finished. Please verify that the local device and the peer device have consistent global and mlag-interface-specific STP settings.
Variable fields	N/A
Severity level	5
Example	STP/5/STP_CONSISTENCY_CHECK: M-LAG role assignment finished. Please verify that the local device and the peer device have consistent global and mlag-interface-specific STP settings.
Explanation	The M-LAG member devices in an M-LAG system must have the same global and mlag-interface-specific STP settings.
Recommended action	Check the global and M-LAG-interface-specific STP settings on the local and peer M-LAG member devices.

STP_CONSISTENCY_RESTORATION

Message text	Consistency restored on VLAN [UINT32]'s port [STRING].
Variable fields	$1: VLAN ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_CONSISTENCY_RESTORATION: Consistency restored on VLAN 10's port GigabitEthernet1/0/1.
Explanation	Port link type or PVID inconsistency was removed on a port.
Recommended action	No action is required.

STP_DETECTED_TC

Message text	[STRING] [UINT32]'s port [STRING] detected a topology change.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	6
Example	STP/6/STP_DETECTED_TC: Instance 0's port GigabitEthernet1/0/1 detected a topology change.
Explanation	The MSTP instance or VLAN to which a port belongs had a topology change, and the local end detected the change.
Recommended action	Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link.

STP_DISABLE

Message text	STP is now disabled on the device.
Variable fields	N/A
Severity level	6
Example	STP/6/STP_DISABLE: STP is now disabled on the device.
Explanation	STP was globally disabled on the device.
Recommended action	No action is required.

STP_DISCARDING

Message text	Instance [UINT32]'s port [STRING] has been set to discarding state.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_DISCARDING: Instance 0's port GigabitEthernet1/0/1 has been set to discarding state.
Explanation	MSTP calculated the state of ports within an instance, and a port was set to the discarding state.
Recommended action	No action is required.

STP_DISPUTE

Message text	[STRING] [UINT32]'s port [STRING] received an inferior BPDU from a designated port which is in forwarding or learning state. The designated bridge ID contained in the BPDU is [STRING], and the designated port ID contained in the BPDU is [STRING].
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name. $4: Designated bridge ID contained in the inferior BPDU. $5: Designated port ID contained in the inferior BPDU.
Severity level	4
Example	STP/4/STP_DISPUTE: Instance 0's port GigabitEthernet1/0/2 received an inferior BPDU from a designated port which is in forwarding or learning state. The designated bridge ID contained in the BPDU is 32768.9a5c-5e0b-0300, and the designated port ID contained in the BPDU is 128.1293.
Explanation	A port in the MSTI or VLAN received a low-priority BPDU from a designated port in forwarding or learning state.
Recommended action	Verify that the peer port can receive packets from the local port: 1. Use the display stp abnormal-port command to display information about ports that are blocked by dispute protection. 2. Verify that the VLAN configurations on the local and peer ports are consistent. 3. Shut down the link between the two ports and then bring up the link, or connect the local port to another port. 4. Locate the BPDU sender device based on the designated bridge ID and designated port ID in the inferior BPDU and examine the link to the device to verify connectivity.

STP_ENABLE

Message text	STP is now enabled on the device.
Variable fields	N/A
Severity level	6
Example	STP/6/STP_ENABLE: STP is now enabled on the device.
Explanation	STP was globally enabled on the device.
Recommended action	No action is required.

STP_FORWARDING

Message text	Instance [UINT32]'s port [STRING] has been set to forwarding state.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_FORWARDING: Instance 0's port GigabitEthernet1/0/1 has been set to forwarding state.
Explanation	MSTP calculated the state of ports within an instance, and a port was set to the forwarding state.
Recommended action	No action is required.

STP_LOOP_PROTECTION

Message text	Instance [UINT32]'s LOOP-Protection port [STRING] failed to receive configuration BPDUs.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	4
Example	STP/4/STP_LOOP_PROTECTION: Instance 0's LOOP-Protection port GigabitEthernet1/0/1 failed to receive configuration BPDUs.
Explanation	A loop-guard-enabled port failed to receive configuration BPDUs.
Recommended action	Check the STP status of the upstream device and possible attacks from other devices.

STP_LOOPBACK_PROTECTION

Message text	[STRING] [UINT32]'s port [STRING] received its own BPDU.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	4
Example	STP/4/STP_LOOPBACK_PROTECTION: Instance 0's port GigabitEthernet1/0/2 received its own BPDU.
Explanation	A port in the MSTI or VLAN received a BPDU sent by itself.
Recommended action	Check for forged BPDUs from attackers or loops in the network.

STP_NOT_ROOT

Message text	The current switch is no longer the root of instance [UINT32].
Variable fields	$1: Instance ID.
Severity level	5
Example	STP/5/STP_NOT_ROOT: The current switch is no longer the root of instance 0.
Explanation	The current switch is no longer the root bridge of an instance. It received a superior BPDU after it was configured as the root bridge.
Recommended action	Check the bridge priority configuration and possible attacks from other devices.

STP_NOTIFIED_TC

Message text	[STRING] [UINT32]'s port [STRING] was notified of a topology change.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	6
Example	STP/6/STP_NOTIFIED_TC: Instance 0's port GigabitEthernet1/0/1 was notified of a topology change.
Explanation	The neighboring device on a port notified the current device that a topology change occurred in the instance or VLAN to which the port belongs.
Recommended action	Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link.

STP_PORT_TYPE_INCONSISTENCY

Message text	Access port [STRING] in VLAN [UINT32] received PVST BPDUs from a trunk or hybrid port.
Variable fields	$1: Interface name. $2: VLAN ID.
Severity level	4
Example	STP/4/STP_PORT_TYPE_INCONSISTENCY: Access port GigabitEthernet1/0/1 in VLAN 10 received PVST BPDUs from a trunk or hybrid port.
Explanation	An access port received PVST BPDUs from a trunk or hybrid port.
Recommended action	Check the port link type setting on the ports.

STP_PVID_INCONSISTENCY

Message text	Port [STRING] with PVID [UINT32] received PVST BPDUs from a port with PVID [UINT32].
Variable fields	$1: Interface name. $2: VLAN ID. $3: VLAN ID.
Severity level	4
Example	STP/4/STP_PVID_INCONSISTENCY: Port GigabitEthernet1/0/1 with PVID 10 received PVST BPDUs from a port with PVID 20.
Explanation	A port received PVST BPDUs from a remote port with a different PVID.
Recommended action	Verify that the PVID is consistent on both ports.

STP_PVST_BPDU_PROTECTION

Message text	PVST BPDUs were received on port [STRING], which is enabled with PVST BPDU protection.
Variable fields	$1: Interface name.
Severity level	4
Example	STP/4/STP_PVST_BPDU_PROTECTION: PVST BPDUs were received on port GigabitEthernet1/0/1, which is enabled with PVST BPDU protection.
Explanation	In MSTP mode, a port enabled with PVST BPDU guard received PVST BPDUs.
Recommended action	Identify the device that sends the PVST BPDUs.

STP_ROOT_PROTECTION

Message text	Instance [UINT32]'s ROOT-Protection port [STRING] received superior BPDUs.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	4
Example	STP/4/STP_ROOT_PROTECTION: Instance 0's ROOT-Protection port GigabitEthernet1/0/1 received superior BPDUs.
Explanation	A root-guard-enabled port received BPDUs that are superior to the BPDUs generated by itself.
Recommended action	Check the bridge priority configuration and possible attacks from other devices.

SYSEVENT

This section contains system event messages.

EVENT_TIMEOUT

Message text	Module [UINT32]'s processing for event [UINT32] timed out. Module [UINT32]'s processing for event [UINT32] on [STRING] timed out.
Variable fields	$1: Module ID. $2: Event ID. $3: MDC MDC-ID or Context Context-ID.
Severity level	6
Example	SYSEVENT/6/EVENT_TIMEOUT: -MDC=1; Module 0x1140000's processing for event 0x20000010 timed out. SYSEVENT/6/EVENT_TIMEOUT: -Context=1; Module 0x33c0000's processing for event 0x20000010 on context 16 timed out.
Explanation	A module's processing for an event timed out on an MDC or context. Logs generated on non-default MDCs or contexts do not include the MDC MDC-ID or Context Context-ID. Logs generated on the default MDC or context include the following types: · Logs of the default MDC or context, which do not include the MDC MDC-ID or Context Context-ID. · Logs of non-default MDCs or contexts, which include their MDC MDC-ID or Context Context-ID.
Recommended action	No action is required.

SYSLOG messages

This section contains syslog (information center) messages.

SYSLOG_LOGBUFFER_FAILURE

Message text	Log cannot be sent to the logbuffer because of communication timeout between syslog and DBM processes.
Variable fields	N/A
Severity level	4
Example	SYSLOG/4/SYSLOG_LOGBUFFER_FAILURE: Log cannot be sent to the logbuffer because of communication timeout between syslog and DBM processes.
Explanation	Failed to output logs to the logbuffer because of the communication timeout between syslog and DBM processes.
Recommended action	Reboot the device or contact H3C Support.

SYSLOG_LOGFILE_FULL

Message text	Log file space is full.
Variable fields	N/A
Severity level	4
Example	SYSLOG/4/SYSLOG_LOGFILE_FULL: Log file space is full.
Explanation	The log file is full.
Recommended action	Back up the log file, remove the original file, and then bring up interfaces as needed.

SYSLOG_NO_SPACE

Message text	Failed to save log file due to lack of space resources.
Variable fields	N/A
Severity level	4
Example	SYSLOG/4/SYSLOG_NO_SPACE: -MDC=1; Failed to save log file due to lack of space resources.
Explanation	Failed to save logs to the log file due to lack of storage space.
Recommended action	Clean up the storage space of the device regularly to ensure sufficient storage space for saving logs to the log file.

SYSLOG_RESTART

Message text	System restarted -- [STRING] [STRING] Software.
Variable fields	$1: Company name. $2: Software name.
Severity level	6
Example	SYSLOG/6/SYSLOG_RESTART: System restarted -- H3C Comware Software.
Explanation	A system restart log was generated.
Recommended action	No action is required.

SYSLOG_RTM_EVENT_BUFFER_FULL

Message text	In the last minute, [STRING] syslog logs were not monitored because the buffer was full.
Variable fields	$1: Number of system logs that were not sent to the EAA module in the last minute.
Severity level	5
Example	SYSLOG/5/SYSLOG_RTM_EVENT_BUFFER_FULL: In the last minute, 100 syslog logs were not monitored because the buffer was full.
Explanation	This message records the number of system logs that are not processed by EAA because the log buffer monitored by EAA is full. The log buffer can be filled up if the device generates large numbers of system logs in a short period of time.
Recommended action	· Identify log sources and take actions to reduce system logs. · Use the rtm event syslog buffer-size command to increase the log buffer size.

TACACS messages

This section contains TACACS messages.

TACACS_AUTH_FAILURE

Message text	User [STRING] from [STRING] failed authentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	TACACS/5/TACACS_AUTH_FAILURE: User cwf@system from 192.168.0.22 failed authentication.
Explanation	An authentication request was rejected by the TACACS server.
Recommended action	No action is required.

TACACS_AUTH_SUCCESS

Message text	User [STRING] from [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	TACACS/6/TACACS_AUTH_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully.
Explanation	An authentication request was accepted by the TACACS server.
Recommended action	No action is required.

TACACS_DELETE_HOST_FAIL

Message text	Failed to delete servers in scheme [STRING].
Variable fields	$1: Scheme name.
Severity level	4
Example	TACACS/4/TACACS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc.
Explanation	Failed to delete servers from a TACACS scheme.
Recommended action	No action is required.

TELNETD messages

This section contains Telnet daemon messages.

TELNETD_ACL_DENY

Message text	The Telnet Connection [IPADDR]([STRING]) request was denied according to ACL rules.
Variable fields	$1: IP address of the Telnet client. $2: VPN instance to which the IP address of the Telnet client belongs.
Severity level	5
Example	TELNETD/5/TELNETD_ACL_DENY: The Telnet Connection 1.2.3.4(vpn1) request was denied according to ACL rules.
Explanation	The ACL for controlling Telnet access denied the access request of a Telnet client.
Recommended action	No action is required.

TELNETD_REACH_SESSION_LIMIT

Message text	Telnet client [STRING] failed to log in. The current number of Telnet sessions is [NUMBER]. The maximum number allowed is ([NUMBER]).
Variable fields	$1: IP address of the Telnet client. $2: Current number of Telnet sessions. $3: Maximum number of Telnet sessions allowed by the device.
Severity level	6
Example	TELNETD/6/TELNETD_REACH_SESSION_LIMIT: Telnet client 1.1.1.1 failed to log in. The current number of Telnet sessions is 10. The maximum number allowed is (10).
Explanation	The number of Telnet connections reached the limit.
Recommended action	1. Use the display current-configuration \| include session-limit command to view the current limit for Telnet connections. If the command does not display the limit, the device is using the default setting. 2. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

VCF messages

This section contains VCF messages.

VCF_AGGR_CREAT

Message text	Phase [STRING], Device [STRING] created Layer 2 aggregation group [INT32]: member ports=[STRING].
Variable fields	$1: Phase. $2: MAC address of the device. $3: ID of a Layer 2 aggregation group. $4: List of Layer 2 aggregation member ports.
Severity level	6
Example	VCF/6/VCF_AGGR_CREAT: Phase 2.0.5, Device 0000-0000-0000 created Layer 2 aggregation group 10: member ports=Ten-GigabitEthernet1/0/2, Ten-GigabitEthernet1/0/10.
Explanation	A Layer 2 aggregation group was created and member ports were added to the aggregation group.
Recommended action	No action is required.

VCF_AGGR_DELETE

Message text	Phase [STRING], Device [STRING] deleted Layer 2 aggregation group [INT32].
Variable fields	$1: Phase. $2: MAC address of the device. $3: ID of a Layer 2 aggregation group.
Severity level	6
Example	VCF/6/VCF_AGGR_DELETE: Phase 2.0.6, Device 0000-0000-0000 deleted Layer 2 aggregation group 10.
Explanation	A Layer 2 aggregation group was deleted when only one link in the aggregation group was up.
Recommended action	No action is required.

VCF_AGGR_FAILED

Message text	Phase [STRING], Device [STRING] failed to create Layer 2 aggregation group [INT32].
Variable fields	$1: Phase. $2: MAC address of the device. $3: ID of a Layer 2 aggregation group.
Severity level	3
Example	VCF/3/ VCF_AGGR_FAILED: Phase 2.0.7, Device 0000-0000-0000 failed to create Layer 2 aggregation group 10.
Explanation	Failed to create a Layer 2 aggregation group.
Recommended action	Troubleshoot the reasons for the aggregation group creation failure, such as insufficient resources.

VCF_AUTO_ANALYZE_USERDEF

Message text	Phase [STRING], Device [STRING] started to parse template file.
Variable fields	$1: Phase. $2: MAC address of the device.
Severity level	6
Example	VCF/6/VCF_AUTO_ANALYZE_USERDEF: Phase 1.2.2, Device 0000-0000-0000 started to parse template file.
Explanation	Started to parse user-defined configurations in the template file.
Recommended action	No action is required.

VCF_AUTO_NO_USERDEF

Message text	Phase [STRING], Device [STRING] found undefined variable [STRING] in command [STRING] on line [INTEGER].
Variable fields	$1: Phase. $2: MAC address of the device. $3: Undefined user variable. $4: Command in which the undefined user variable resides. $5: Number of the command line.
Severity level	3
Example	VCF/3/VCF_AUTO_NO_USERDEF: Phase 1.2.3, Device 0000-0000-0000 found undefined variable $$_ABC in command interface $$_ABC on line 192.
Explanation	An undefined user variable exists in the template file. This message is displayed each time an undefined user variable is detected.
Recommended action	Verify whether the user-defined variables in the template file are correct.

VCF_AUTO_START

Message text	Phase [STRING], Device [STRING] (Role [STRING]) started VCF automated deployment.
Variable fields	$1: Phase. $2: MAC address of the device. $3: Role of the device, spine, leaf, or access.
Severity level	5
Example	VCF/5/VCF_AUTO_START: Phase 1.0.1, Device 0000-0000-0000 (Role leaf) started VCF automated deployment.
Explanation	Started VCF automated deployment.
Recommended action	No action is required.

VCF_AUTO_STATIC_CMD

Message text	Phase [STRING], Device [STRING] automatically executed static commands.
Variable fields	$1: Phase. $2: MAC address of the device.
Severity level	6
Example	VCF/6/VCF_AUTO_STATIC_CMD: Phase 1.2.4, Device 0000-0000-0000 automatically executed static commands.
Explanation	Executed static commands in the template file. Static commands refer to commands that are independent from the VCF fabric topology.
Recommended action	No action is required.

VCF_BGP

Message text	Pattern 1: Phase [STRING], Device [STRING] established a BGP session with peer [STRING] in AS [INT32]. Pattern 2: Phase [STRING], Device [STRING] established a BGP session with peers [[STRING]] in AS [INT32].
Variable fields	Pattern 1: $1: Phase. $2: MAC address of the device. $3: Address of a BGP peer. $4: Number of the AS where the BGP peer resides. Pattern 2: $1: Phase. $2: MAC address of the device. $3: List of BGP peer addresses, separated by commas (,). $4: Number of the AS where the BGP peers reside.
Severity level	6
Example	Pattern 1: VCF/6/VCF_BGP: Phase 3.0.5, Device 0000-0000-0000 established a BGP session with peer 1.1.1.1 in AS 100. Pattern 2: VCF/6/VCF_BGP: Phase 3.0.5, Device 0000-0000-0000 established a BGP session with peers [‘1.1.1.1’ , ‘1.1.1.2’] in AS 100.
Explanation	Pattern 1: Established a BGP session with a BGP peer. Pattern 2: Established BGP sessions with multiple BGP peers. Only the master spine node on a Layer 3 network generates this message.
Recommended action	No action is required.

VCF_DOWN_LINK

Message text	Phase [STRING], Device [STRING] discovered downlink interface [STRING].
Variable fields	$1: Phase. $2: MAC address of the device. $3: Name of a downlink interface.
Severity level	6
Example	VCF/6/VCF_DOWN_LINK: Phase 2.0.8, Device 0000-0000-0000 discovered downlink interface Ten-GigabitEthernet1/0/1.
Explanation	A downlink interface was found and the device deployed configuration to the downlink interface. On a spine node, a downlink interface is the interface through which the spine node connects to a leaf node. On a leaf node, a downlink interface is the interface through which the leaf node connects to a downstream access device.
Recommended action	No action is required.

VCF_DRIVER_INIT

Message text	Phase [STRING], failed to find driver [STRING]. Driver initialization failed.
Variable fields	$1: Phase. $2: Driver name.
Severity level	3
Example	VCF/3/VCF_DRIVER_INIT: Phase 3.0.8, failed to find driver 6820. Driver initialization failed.
Explanation	Driver initialization failed because the driver was not found.
Recommended action	1. Verify that the name of the driver is correct. 2. Contact H3C Support to verify that VCF fabric supports the driver.

VCF_GET_IMAGE

Message text	Phase [STRING], Device [STRING] obtained information about update startup image file [STRING]: new version=[STRING], current version=[STRING].
Variable fields	$1: Phase. $2: MAC address of the device. $3: Name of the new startup image file. $4: Version number of the new startup image file. $5: Version number of the current startup image file.
Severity level	6
Example	VCF/6/VCF_GET_IMAGE: Phase 1.3.1, Device 0000-0000-0000 obtained information about update startup image file s6800.ipe: new version=V300R009B01D002, current version=V300R009B01D001.
Explanation	Obtained the name and the version number of the new startup image file through the template file.
Recommended action	No action is required.

VCF_GET_TEMPLATE

Message text	Phase [STRING], Device [STRING] downloaded template file [STRING].
Variable fields	$1: Phase. $2: MAC address of the device. $3: Name of the template file.
Severity level	6
Example	VCF/6/VCF_GET_TEMPLATE: Phase 1.2.1, Device 0000-0000-0000 downloaded template file /mnt/flash:/vxlan_spine.template.
Explanation	Downloaded the template file for automated deployment.
Recommended action	No action is required.

VCF_INSTALL_IMAGE

Message text	Phase [STRING], Device [STRING] started to install the [STRING] version of startup image.
Variable fields	$1: Phase. $2: MAC address of the device. $3: Version number of the new startup image file.
Severity level	6
Example	VCF/6/VCF_INSTALL_IMAGE: Phase 1.3.3, Device 0000-0000-0000 started to install the V700R001B70D001 version of startup image.
Explanation	Started to install the new software version.
Recommended action	No action is required.

VCF_IRF_FINISH

Message text	Phase [STRING], Device [STRING] finished IRF configuration: result=[INT32].
Variable fields	$1: Phase. $2: MAC address of the device. $3: Result of IRF configuration: · 0—Success. · -1—Failure.
Severity level	5
Example	VCF/5/VCF_IRF_FINISH: Phase 2.0.3, Device 0000-0000-0000 finished IRF configuration: result=0.
Explanation	Finished IRF configuration.
Recommended action	Contact H3C Support if IRF configuration failed.

V CF_IRF_FOUND

Message text	Phase [STRING], Device [STRING] (Role [STRING]) found a peer ([STRING]) with the same role, IRF stackability check result : [INT32].
Variable fields	$1: Phase. $2: MAC address of the device. $3: Role of the device. $4: MAC address of the peer device. $5: Result of the IRF stackability check: · 0—Capable to form an IRF fabric. · 1—MAC address conflict.
Severity level	5
Example	VCF/5/VCF_IRF_FOUND: Phase 2.0.1, Device 0000-0000-0000 (Role leaf) found a peer with the same role, IRF stackability check result: 0.
Explanation	Found a peer device with the same role in VCF fabric topology discovery and checked whether the device can form an IRF fabric with the peer device.
Recommended action	No action is required.

V CF_IRF_REBOOT

Message text	Phase [STRING], Device [STRING] will reboot immediately to activate IRF settings.
Variable fields	$1: Phase. $2: MAC address of the device.
Severity level	5
Example	VCF/5/VCF_IRF_REBOOT: Phase 2.0.4, Device 0000-0000-0000 will reboot immediately to activate IRF settings.
Explanation	The device was about to reboot to activate IRF settings. After IRF configuration is finished, a leaf or access node whose IRF member ID has changed will reboot, and a spine node will always reboot.
Recommended action	No action is required.

V CF_IRF_START

Message text	Phase [STRING], Device [STRING] started IRF configuration: current member ID=[INT32], new member ID=[INT32], priority=[INT32], IRF-port 1's member ports=[STRING], IRF-port 2's member ports=[STRING].
Variable fields	$1: Phase. $2: MAC address of the device. $3: Current IRF member ID of the device. $4: New IRF member ID of the device. $5: New IRF member priority of the device. $6: List of IRF physical interfaces bound to IRF-port 1. The value none indicates that no IRF physical interfaces were bound to IRF-port 1. $7: List of IRF physical interfaces bound to IRF-port 2. The value none indicates that no IRF physical interfaces were bound to IRF-port 2.
Severity level	5
Example	VCF/5/VCF_IRF_START: Phase 2.0.2, Device 0000-0000-0000 started IRF configuration: current member ID=2, new member ID=1, priority=2, IRF-port 1's member ports=GigabitEthernet1/0/1, IRF-port 2's member ports=none.
Explanation	Started to deploy IRF configuration.
Recommended action	No action is required.

VCF_LOOPBACK_START

Message text	Phase [STRING], IP address assignment started for [STRING] on other nodes.
Variable fields	$1: Phase. $2: Interface name.
Severity level	5
Example	VCF/5/VCF_LOOPBACK_START: Phase 3.0.1, IP address assignment started for Loopback0 on other nodes.
Explanation	The master spine node started to assign IP addresses to interfaces on other devices.
Recommended action	No action is required.

VCF_LOOPBACK_START_FAILED

Message text	Phase [STRING], failed to assign IP addresses to [STRING] on other nodes: reason=[STRING].
Variable fields	$1: Phase. $2: Interface name. $3: Reason for failure to start IP address assignment: ¡ -1—No IP address range is specified. ¡ -2—Invalid IP addresses.
Severity level	5
Example	VCF/5/VCF_LOOPBACK_START_FAILED: Phase 3.0.1, failed to assign IP addresses to Loopback0 on other nodes: reason=-1.
Explanation	The master spine node failed to assign IP addresses to interfaces on other devices due to one of the following reasons: · No IP address range is specified. · Invalid IP addresses.
Recommended action	Verify that whether the IP address range in the template file is correct.

VCF_LOOPBACK_ALLOC

Message text	Phase [STRING], assigned IP [STRING] to [STRING] on Device [STRING]: result=[INT32].
Variable fields	$1: Phase. $2: IP address. $3: Interface name. $4: MAC address of the device. $5: Result of IP address assignment: ¡ 0—Success. ¡ -1—NETCONF failed to implement IP address assignment. ¡ -2—NETCONF processed IP address assignment incorrectly. ¡ -3—NETCONF failed to initialize.
Severity level	5
Example	VCF/5/VCF_LOOPBACK_ALLOC: Phase 3.0.2, assigned IP 10.100.1.1 to Loopback0 on Device 0000-0000-0000: result=0.
Explanation	The master spine node assigned an IP address to an interface on a device.
Recommended action	Troubleshoot the reasons for the IP address assignment failure according to the result.

VCF_LOOPBACK_NO_FREE_IP

Message text	Phase [STRING], no IP addresses available for Device [STRING].
Variable fields	$1: Phase. $2: MAC address of the device.
Severity level	4
Example	VCF/4/VCF_LOOPBACK_NO_FREE_IP: Phase 3.0.4, no IP addresses available for Device 0000-0000-0000.
Explanation	The master spine node failed to assign an IP address to an interface on a device because no IP address was available.
Recommended action	Verify whether the specified IP address range in the template file is correct.

VCF_LOOPBACK_RECLAIM

Message text	Phase [STRING], reclaimed IP [STRING] from [STRING] on Device [STRING]: reason=[INT32].
Variable fields	$1: Phase. $2: Reclaimed IP address. $3: Interface name. $4: MAC address of the device from which the IP address was reclaimed. $5: Reason for reclaiming the IP address. The value 1 indicates that the device was down.
Severity level	5
Example	VCF/5/VCF_LOOPBACK_RECLAIM: Phase 3.0.3, reclaimed IP 10.10.10.1 from Loopback0 on Device 0000-0000-0000: reason=1.
Explanation	The master spine node reclaimed the IP address that had been assigned to an interface on a device.
Recommended action	No action is required.

VCF_REBOOT

Message text	Phase [STRING], Device [STRING] completed startup image update. The device will reboot immediately.
Variable fields	$1: Phase. $2: MAC address of the device.
Severity level	5
Example	VCF/5/VCF_REBOOT: Phase 1.3.4, Device 0000-0000-0000 completed startup image update. The device will reboot immediately.
Explanation	Software update was completed. The device was about to reboot.
Recommended action	No action is required.

VCF_SKIP_INSTALL

Message text	Phase [STRING], Device [STRING] skipped automatic version update.
Variable fields	$1: Phase. $2: MAC address of the device.
Severity level	5
Example	VCF/5/VCF_SKIP_INSTALL: Phase 1.3.2, Device 0000-0000-0000 skipped automatic version update.
Explanation	Skipped software upgrade because the current startup image version is the same as the startup image version obtained from the template file.
Recommended action	No action is required.

VCF_STATIC_CMD_ERROR

Message text	Phase [STRING], Device [STRING] failed to automatically execute static command '[STRING]' in context '[STRING]'.
Variable fields	$1: Phase. $2: MAC address of the device. $3: Command that fail to be executed. $4: Context in which the command resides.
Severity level	4
Example	VCF/4/VCF_STATIC_CMD_ERROR: Phase 1.2.5, Device 0000-0000-0000 failed to automatically execute static command 'port link bridge' in context 'interface ten-gigabitethernet1/0/1; port link bridge'.
Explanation	Failed to execute a static command during automated deployment.
Recommended action	Troubleshoot the reasons for the failure, correct the errors, and then restart the automated deployment.

VCF_UP_LINK

Message text	Phase [STRING], Device [STRING] discovered uplink interface [STRING].
Variable fields	$1: Phase. $2: MAC address of the device. $3: Name of an uplink interface.
Severity level	6
Example	VCF/6/VCF_UP_LINK: Phase 2.0.9, Device 0000-0000-0000 discovered uplink interface Ten-GigabitEthernet1/0/1.
Explanation	An uplink interface was found and the device deployed configuration to the uplink interface. An uplink interface is the interface through which a leaf node connects to an upstream spine node.
Recommended action	No action is required.

VLAN messages

This section contains VLAN messages.

VLAN_CREATEFAIL

Message text	Failed to create VLAN [STRING]. The maximum number of VLANs has been reached.
Variable fields	$1: VLAN ID.
Severity level	4
Example	VLAN/4/ VLAN_CREATEFAIL: Failed to create VLAN 1025-4094. The maximum number of VLANs has been reached.
Explanation	A VLAN failed to be created because hardware resources were insufficient.
Recommended action	No action is required.

VLAN_FAILED

Message text	Failed to add interface [STRING] to the default VLAN.
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_FAILED: Failed to add interface S-Channel4/2/0/19:100 to the default VLAN.
Explanation	An S-channel interface was created when hardware resources were insufficient. The S-channel interface failed to be assigned to the default VLAN.
Recommended action	No action is required.

VLAN_QINQETHTYPE_FAILED

Message text	Failed to set the TPID value in CVLAN tags to [UINT32] (hexadecimal). The operation is not supported.
Variable fields	$1: TPID value in inner VLAN tags
Severity level	4
Example	VLAN/5/VLAN_QINQETHTYPE_FAILED: Failed to set the TPID value in CVLAN tags to 8200 (hexadecimal). The operation is not supported.
Explanation	In IRF 3.1 system, this message was printed to prompt that the configuration failed when the qinq ethernet-type customer-tag command was executed on a parent fabric if the following conditions existed: · The parent fabric supported setting the TPID value in inner VLAN tags. · PEXs did not support setting the TPID value in inner VLAN tags.
Recommended action	Identify whether PEXs support setting the TPID value in inner VLAN tags.

VLAN_VLANMAPPING_FAILED

Message text	The configuration failed because of resource insufficiency or conflicts on [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_VLANMAPPING_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0.
Explanation	Part of or all VLAN mapping configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group.
Recommended action	No action is required.

VLAN_VLANTRANSPARENT_FAILED

Message text	The configuration failed because of resource insufficiency or conflicts on [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_VLANTRANSPARENT_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0.
Explanation	Part of or all VLAN transparent transmission configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group.
Recommended action	No action is required.

VRRP messages

This section contains VRRP messages.

VRRP_STATUS_CHANGE

Message text	The status of [STRING] virtual router [UINT32] (configured on [STRING]) changed from [STRING] to [STRING]: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Original status. $5: Current status. $6: Reason for status change: · Interface event received—An interface event was received. · IP address deleted—The virtual IP address has been deleted. · The status of the tracked object changed—The status of the associated track entry changed. · VRRP packet received—A VRRP advertisement was received. · Current device has changed to IP address owner—The current device has become the IP address owner. · Master-down-timer expired—The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. · Zero priority packet received—A VRRP packet containing priority 0 was received. · Preempt—Preemption occurred. · Master group drove—The state of the master group changed.
Severity level	6
Example	VRRP/6/VRRP_STATUS_CHANGE: The status of IPv4 virtual router 10 (configured on Ethernet0/0) changed (from Backup to Master): Master-down-timer expired.
Explanation	The VRRP group status changed because of the following reasons: · An interface event was received. · The virtual IP address has been deleted. · The status of the associated track entry changed. · A VRRP advertisement was received. · The current device has become the IP address owner. · The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. · A VRRP packet containing priority 0 was received. · Preemption occurred. · The state of the master group changed.
Recommended action	Check the VRRP group status to make sure it is operating correctly.

VRRP_VF_STATUS_CHANGE

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) virtual forwarder [UINT32] detected status change (from [STRING] to [STRING]): [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: VF ID. $5: Original status of VF. $6: Current status of VF. $7: Reason for the status change.
Severity level	6
Example	VRRP/6/VRRP_VF_STATUS_CHANGE: The IPv4 virtual router 10 (configured on GigabitEthernet5/1) virtual forwarder 2 detected status change (from Active to Initialize): Weight changed.
Explanation	The status of the virtual forwarder has changed because the weight changed, the timeout timer expired, or VRRP went down.
Recommended action	Check the status of the track entry.

VRRP_VMAC_INEFFECTIVE

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual MAC: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Reason for the error.
Severity level	3
Example	VRRP/3/VRRP_VMAC_INEFFECTIVE: The IPv4 virtual router 10 (configured on Ethernet0/0) failed to add virtual MAC: Insufficient hardware resources.
Explanation	The virtual router failed to add a virtual MAC address.
Recommended action	Find out the root cause for the operation failure and fix the problem.

VSRP messages

This section contains VSRP messages.

VSRP_BIND_FAILED

Message text	Failed to bind the IP addresses and the port on VSRP peer [STRING].
Variable fields	$1: VSRP peer name.
Severity level	6
Example	VSRP/6/VSRP_BIND_FAILED: Failed to bind the IP addresses and the port on VSRP peer aaa.
Explanation	Failed to bind the IP addresses and the port when creating a TCP connection to the VSRP peer because the TCP port is in use.
Recommended action	No action is required.

VXLAN messages

This section contains VXLAN messages.

VXLAN_LICENSE_UNAVAILABLE

Message text	The VXLAN feature is disabled, because no licenses are valid.
Variable fields	N/A
Severity level	3
Example	VXLAN/3/VXLAN_LICENSE_UNAVAILABLE: The VXLAN feature is disabled, because no licenses are valid.
Explanation	VXLAN was disabled because no licenses were valid.
Recommended action	Install valid licenses for VXLAN.

WIPS messages

This section contains WIPS messages.

APFLOOD

Message text	-VSD=[STRING]; AP flood detected.
Variable fields	$1: VSD name.
Severity level	5
Example	WIPS/5/APFLOOD: -VSD=home; AP flood detected.
Explanation	The number of APs detected in the specified VSD reached the threshold.
Recommended action	Determine whether the device has suffered an attack.

AP_CHANNEL_CHANGE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Channel change detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/AP_CHANNEL_CHANGE: -VSD=home-SrcMAC=1122-3344-5566; Channel change detected.
Explanation	The channel of the specified AP changed.
Recommended action	Determine whether the channel change is valid.

ASSOCIATEOVERFLOW

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Association/Reassociation DoS attack detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/ASSOCIATEOVERFLOW: -VSD=home-SrcMAC=1122-3344-5566; Association/Reassociation DoS attack detected.
Explanation	The specified AP sent an association response with the status code 17.
Recommended action	Determine whether the AP has suffered an attack.

HONEYPOT

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Honeypot AP detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/HONEYPOT: -VSD=home-SrcMAC=1122-3344-5566; Honeypot AP detected.
Explanation	The specified AP was detected as a honeypot AP.
Recommended action	Determine whether the device has suffered an attack.

HTGREENMODE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; HT-Greenfield AP detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/HTGREENMODE: -VSD=home-SrcMAC=1122-3344-5566; HT-Greenfield AP detected.
Explanation	The specified AP was detected as an HT-greenfield AP.
Recommended action	Determine whether the device has suffered an attack.

MAN_IN_MIDDLE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Man-in-the-middle attack detected.
Variable fields	$1: VSD name. $2: MAC address of the client.
Severity level	5
Example	WIPS/5/MAN_IN_MIDDLE: -VSD=home-SrcMAC=1122-3344-5566; Man-in-the-middle attack detected.
Explanation	The specified client suffered a man-in-the-middle attack.
Recommended action	Determine whether the client has suffered a man-in-the-middle attack.

WIPS_DOS

Message text	-VSD=[STRING]; [STRING] rate attack detected.
Variable fields	$1: VSD name. $2: Device type: AP or client.
Severity level	5
Example	WIPS/5/WIPS_DOS: -VSD=home; AP rate attack detected.
Explanation	The number of device entries learned within the specified interval reached the threshold.
Recommended action	Determine whether the device has suffered an attack.

WIPS_FLOOD

Message text	-VSD=[STRING]-SrcMAC=[MAC]; [STRING] flood detected.
Variable fields	$1: VSD name. $2: Attacker's MAC address. $3: Flood attack type. Options include the following: · Association request · Authentication · Disassociation · Reassociation request · Deauthentication · Null data · Beacon · Probe request · BlockAck · CTS · RTS · EAPOL start
Severity level	5
Example	WIPS/5/WIPS_FLOOD: -VSD=home-SrcMAC=1122-3344-5566; Association request flood detected.
Explanation	The number of a specific type of packets detected within the specified interval reached the threshold.
Recommended action	Determine whether the packet sender is an authorized device.

WIPS_MALF

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Error detected: [STRING].
Variable fields	$1: VSD name. $2: Sender's MAC address. $3: Malformed packet type. Options include the following: · invalid ie length—Invalid IE length. · duplicated ie—Duplicate IE. · redundant ie—Redundant IE. · invalid pkt length—Invalid packet length. · illegal ibss ess—Abnormal IBSS and ESS setting. · invalid source addr—Invalid source MAC address. · overflow eapol key—Oversized EAPOL key. · malf auth—Malformed authentication request frame. · malf assoc req—Malformed association request frame. · malf ht ie—Malformed HT IE. · large duration—Oversized duration. · null probe resp—Malformed probe response frame. · invalid deauth code—Invalid deauthentication code. · invalid disassoc code—Invalid disassociation code. · over flow ssid—Oversized SSID. · fata jack—FATA-Jack.
Severity level	5
Example	WIPS/5/WIPS_MALF: -VSD=home-SrcMAC=1122-3344-5566; Error detected: fata jack.
Explanation	A malformed packet was detected.
Recommended action	Determine whether the packet sender is an authorized device.

WIPS_SPOOF

Message text	-VSD=[STRING]-SrcMAC=[MAC]; [STRING] detected.
Variable fields	$1: VSD name. $2: MAC address of the device being spoofed. $3: Spoofing attack type. Options include the following: · AP spoofing AP—A fake AP spoofs an authorized AP. · AP spoofing client—A fake AP spoofs an authorized client. · AP spoofing ad-hoc—A fake AP spoofs an Ad hoc device. · Ad-hoc spoofing AP—An Ad hoc device spoofs an authorized AP. · Client spoofing AP—A client spoofs an authorized AP.
Severity level	5
Example	WIPS/5/WIPS_SPOOF: -VSD=home-SrcMAC=1122-3344-5566; AP spoofing AP detected.
Explanation	A spoofing attack was detected.
Recommended action	Determine whether the packet sender is an authorized device.

WIPS_WEAKIV

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Weak IV detected.
Variable fields	$1: VSD name. $2: Sender's MAC address.
Severity level	5
Example	WIPS/5/WIPS_WEAKIV: -VSD=home-SrcMAC=1122-3344-5566; Weak IV detected.
Explanation	A weak IV was detected.
Recommended action	Use a more secure encryption method to encrypt packets.

WIRELESSBRIDGE

Message text	-VSD=[STRING]-AP1=[MAC]-AP2=[MAC]]; Wireless bridge detected.
Variable fields	$1: VSD name. $2: MAC address of AP 1. $3: MAC address of AP 2.
Severity level	5
Example	WIPS/5/WIRELESSBRIDGE: -VSD=home-AP1=1122-3344-5566-AP2=7788-9966-5544; Wireless bridge detected.
Explanation	The specified APs set up a wireless bridge.
Recommended action	Determine whether the wireless bridge is valid.