· Messages for the Comware 7 software platform version based on which E7740 was produced. Some platform system messages might not be available on the device.

This document is intended only for managing SR6600 and SR6600-X. Do not use this document for any other device models.

This document assumes that the readers are familiar with data communications technologies and H3C networking products.

System log message format

By default, the system log messages use one of the following formats depending on the output destination:

· Log host (RFC 3164-compliant format):

<PRI>TIMESTAMP Sysname %%vendorMODULE/severity/MNEMONIC: location; CONTENT

· Destinations except for the log host:

Prefix TIMESTAMP Sysname MODULE/severity/MNEMONIC: CONTENT

Table 1 System log message elements

Element	Description
<PRI>	Priority identifier. This element is contained only in messages sent to the log host. It is calculated by using the following formula: Priority identifier=facilityx8+severity Where: · Facility is specified by using the info-center loghost command. A log host uses this parameter to identify log sources and filter log messages. · Severity represents the importance of the message. For more information about severity levels, see Table 2.
Prefix	Message type identifier. This element is contained only in the messages sent to non-log-host destinations. This element uses the following symbols to indicate message severity: · Percentage sign (%)—Informational and higher levels. · Asterisk (*)—Debug level.
TIMESTAMP	Date and time when the event occurred. The following are commands for configuring the timestamp format: · Log host—Use the info-center timestamp loghost command. · Non-log-host destinations—Use the info-center timestamp command.
Sysname	Name or IP address of the device that generated the message.
%%vendor	Manufacturer flag. This element is %%10 for H3C. This element is contained only in messages sent to the log host.
MODULE	Name of the module that produced the message.
severity	Severity level of the message. (For more information about severity levels, see Table 2.)
MNEMONIC	Text string that uniquely identifies the system message. The maximum length is 32 characters.
location	Optional. This field is contained only in messages sent to the log host. This element presents location information about the message in the following format: -attribute1=x-attribute2=y…-attributeN=z A location might be a chassis number, slot number, source IP address, or any other location type defined in the module that produced the message. This element is separated from the CONTENT element by using a semicolon (;).
CONTENT	A description of the event or error. For variable fields in this element, this document uses the representations in Table 3.

System log messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity.

Table 2 System log message severity levels

Level	Severity	Description
0	Emergency	The system is unusable. For example, the system authorization has expired.
1	Alert	Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.
2	Critical	Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.
3	Error	Error condition. For example, the link state changes or a storage card is unplugged.
4	Warning	Warning condition. For example, an interface is disconnected, or the memory resources are used up.
5	Notification (Notice in RFC 3164)	Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.
6	Informational	Informational message. For example, a command or a ping operation is executed.
7	Debug	Debugging message.

For variable fields in the message text, this document uses the representations in Table 3. The values are case insensitive, even though the representations are uppercase letters.

Table 3 Variable field representations

Representation	Information type
INT16	Signed 16-bit decimal number.
UINT16	Unsigned 16-bit decimal number.
INT32	Signed 32-bit decimal number.
UINT32	Unsigned 32-bit decimal number.
INT64	Signed 64-bit decimal number.
UINT64	Unsigned 64-bit decimal number.
DOUBLE	Two dot-separated signed 32-bit decimal numbers. The format is [INTEGER].[INTEGER].
HEX	Hexadecimal number.
CHAR	Single character.
STRING	Character string.
IPADDR	IP address.
MAC	MAC address.
DATE	Date.
TIME	Time.

Managing and obtaining system log messages

You can manage system log messages by using the information center.

By default, the information center is enabled. Log messages can be output to the console, log buffer, monitor terminal, log host, and log file.

To filter log messages, use the info-center source command to specify log output rules. A log output rule specifies the source modules and the lowest severity level of log messages that can be output to a destination. A log message is output if its severity level is higher than or equal to the specified level. For example, if you specify a severity level of 6 (informational), log messages that have a severity level from 0 to 6 are output.

For more information about using the information center, see the network management and monitoring configuration guide for the product.

Obtaining log messages from the console terminal

Access the device through the console port. Real-time log messages are displayed on the console terminal.

Obtaining log messages from the log buffer

Use the display logbuffer command to display history log messages in the log buffer.

Obtaining log messages from a monitor terminal

Monitor terminals refer to terminals that access the device through the AUX, VTY, or TTY lines (for example, Telnet). To obtain log messages from a monitor terminal, use the following guidelines:

· To display log messages on the monitor terminal, you must configure the terminal monitor command.

· For monitor terminals, the lowest level of log messages that can be displayed is determined by both the terminal logging level and info-center source commands.

Obtaining log messages from the log file

By default, the log file feature automatically saves logs from the log file buffer to the log file every 24 hours. You can use the info-center logfile frequency command to change the automatic saving internal.

To manually save logs to the log file, use the logfile save command. The log file buffer is cleared each time a save operation is performed.

By default, you can obtain the log file from the cfa0:/logfile/ path if the CF card is not partitioned. If the CF card is partitioned, the file path is cfa1:/logfile/.

Obtaining log messages from a log host

Use the info-center loghost command to specify the service port number and IP address of a log host. To specify multiple log hosts, repeat the command.

For a successful log message transmission, make sure the specified port number is the same as the port number used on the log host. The default service port number is 514.

Software module list

Table 4 lists all software modules that might produce system log messages.

Table 4 Software module list

Module name representation	Module name expansion
AAA	Authentication, Authorization and Accounting
ACL	Access Control List
ANCP	Access Node Control Protocol
ANTIVIRUS	Anti-virus
APMGR	Access Point Management
ARP	Address Resolution Protocol
ASPF	Advanced Stateful Packet Filter
ATK	Attack Detection and Prevention
ATM	Asynchronous Transfer Mode
AUDIT	Audit
BFD	Bidirectional Forwarding Detection
BGP	Border Gateway Protocol
BLS	Blacklist
CFD	Connectivity Fault Detection
CFGLOG	Configuration log
CFGMAN	Configuration Management
CGROUP	Collaboration Group
CONNLMT	Connection Limit
DEV	Device Management
DFILTER	Data Filter
DHCP	Dynamic Host Configuration Protocol
DHCPS	DHCP Server
DHCPS6	DHCPv6 Server
DHCPSP4	DHCP Snooping
DHCPSP6	DHCPv6 Snooping
DIAG	Diagnosis
DLDP	Device Link Detection Protocol
DOT1X	802.1X
EDEV	Extended-Device Management
EIGRP	Enhanced Interior Gateway Routing Protocol
ERPS	Ethernet Ring Protection Switching
ETHOAM	Ethernet Operation, Administration and Maintenance
EVB	Edge Virtual Bridging
EVIISIS	Ethernet Virtual Interconnect Intermediate System-to-Intermediate System
FCLINK	Fibre Channel Link
FCOE	Fibre Channel Over Ethernet
FCZONE	Fibre Channel Zone
FFILTER	File Filter
FILTER	Filter
FIPSNG	FIP Snooping
FTPD	File Transfer Protocol Daemon
HA	High Availability
HQOS	Hierarchical QoS
HTTPD	Hypertext Transfer Protocol Daemon
IFNET	Interface Net Management
IKE	Internet Key Exchange
IPADDR	IP Addressing
IPS	Intrusion Prevention System
IPSEC	IP Security
IPSG	IP Source Guard
IRDP	ICMP Router Discovery Protocol
ISIS	Intermediate System-to-Intermediate System
ISSU	In-Service Software Upgrade
KDNS	Kernel Domain Name System
KHTTP	Kernel Hypertext Transfer Protocol
L2TP	Layer 2 Tunneling Protocol
L2VPN	Layer 2 VPN
LAGG	Link Aggregation
LB	Load Balancing
LDP	Label Distribution Protocol
LLDP	Link Layer Discovery Protocol
LOAD	Load Management
LOGIN	Login
LPDT	Loopback Detection
LS	Local Server
LSPV	LSP Verification
MAC	Media Access Control
MACA	MAC Authentication
MACSEC	MAC Security
MBFD	MPLS BFD
MBUF	Memory buffer
MDC	Multitenant Device Context
MFIB	Multicast Forwarding Information Base
MGROUP	Mirroring group
MPLS	Multiprotocol Label Switching
MTLK	Monitor Link
NAT	Network Address Translation
ND	Neighbor Discovery
NQA	Network Quality Analyzer
NTP	Network Time Protocol
OBJP	Object Policy
OFP	OpenFlow Protocol
OPTMOD	Optical Module
OSPF	Open Shortest Path First
OSPFV3	Open Shortest Path First Version 3
PBB	Provider Backbone Bridge
PBR	Policy-Based Routing
PCAPWARE	Packet Capture Wireshark
PCE	Path Computation Element
PEX	Port Extender
PFILTER	Packet Filter
PIM	Protocol Independent Multicast
PING	Packet Internet Groper
PKI	Public Key Infrastructure
PKT2CPU	Packet to CPU
PKTCPT	Packet Capture
PORTSEC	Port Security
POSA	Point Of Sales
PPP	Point to Point Protocol
PWDCTL	Password Control
QOS	Quality of Service
RADIUS	Remote Authentication Dial In User Service
RDDC	Redundancy
RIP	Routing Information Protocol
RIPNG	Routing Information Protocol Next Generation
RM	Routing Management
RRPP	Rapid Ring Protection Protocol
RTM	Real-Time Event Manager
SCD	Server Connection Detection
SCM	Service Control Manager
SCRLSP	Static CRLSP
SECDIAG	Security Diagnose
SESSION	Session
SFLOW	Sampler Flow
SHELL	Shell
SLSP	Static LSP
SMLK	Smart Link
SNMP	Simple Network Management Protocol
SSHC	Secure Shell Client
SSHS	Secure Shell Server
STAMGR	Station Management
STM	Stack Topology Management
STP	Spanning Tree Protocol
SYSEVENT	System Event
SYSLOG	System Log
TACACS	Terminal Access Controller Access Control System
TELNETD	Telnet Daemon
TRILL	Transparent Interconnect of Lots of Links
UDPI	User DPI
UFLT	URL Filter
VCF	Vertical Converged Framework
VLAN	Virtual Local Area Network
VRRP	Virtual Router Redundancy Protocol
VSRP	Virtual Service Redundancy Protocol
VXLAN	Virtual eXtensible LAN
WIPS	Wireless Intrusion Prevention System

Using this document

This document categorizes system log messages by software module. The modules are ordered alphabetically. For each module, the system log messages are also listed in alphabetic order of their mnemonic names.

This document explains messages in tables. Table 5 describes information provided in these tables.

Table 5 Message explanation table contents

Item	Content	Example
Message text	Presents the message description.	ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	Briefly describes the variable fields in the order that they appear in the message text. The variable fields are numbered in the "$Number" form to help you identify their location in the message text.	$1: ACL number. $2: ID and content of an ACL rule. $3: Number of packets that matched the rule.
Severity level	Provides the severity level of the message.	6
Example	Provides a real message example. The examples do not include the "<PRI>TIMESTAMP Sysname %%vendor" part or the "Prefix TIMESTAMP Sysname" part, because information in this part varies with system settings.	ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	Explains the message, including the event or error cause.	Number of packets that matched an ACL rule. This message is sent when the packet counter changes.
Recommended action	Provides recommended actions. For informational messages, no action is required.	No action is required.

AAA messages

This section contains AAA messages.

AAA_FAILURE

Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA failed.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	5
Example	AAA/5/AAA_FAILURE: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA failed.
Explanation	An AAA request was rejected. The following are the common reasons: · No response was received from the server. · The username or password was incorrect. · The service type that the user applied for was incorrect.
Recommended action	1. Verify that the device is correctly connected to the server. 2. Enter the correct username and password. 3. Verify that the server settings are the same as the settings on the device. 4. If the problem persists, contact H3C Support.

AAA_LAUNCH

Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA launched.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	6
Example	AAA/6/AAA_LAUNCH: -AAAType=AUTHEN-AAADomain=domain1-Service=login-UserName=cwf@system; AAA launched.
Explanation	An AAA request was received.
Recommended action	No action is required.

AAA_SUCCESS

Message text	-AAAType=[STRING]-AAADomain=[STRING]-Service=[STRING]-UserName=[STRING]; AAA succeeded.
Variable fields	$1: AAA type. $2: AAA scheme. $3: Service. $4: Username.
Severity level	6
Example	AAA/6/AAA_SUCCESS: -AAAType=AUTHOR-AAADomain=domain1-Service=login-UserName=cwf@system; AAA succeeded.
Explanation	An AAA request was accepted.
Recommended action	No action is required.

ACL messages

This section contains ACL messages.

ACL_ACCELERATE_NO_RES

Message text	Failed to accelerate [STRING] ACL [UINT32]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NO_RES: Failed to accelerate IPv6 ACL 2001. The resources are insufficient.
Explanation	Hardware resources were insufficient for accelerating an ACL.
Recommended action	Delete some rules or disabled ACL acceleration for other ACLs to release hardware resources.

ACL_ACCELERATE_NONCONTIGUOUSMASK

Message text	Failed to accelerate ACL [UINT32]. ACL acceleration supports only contiguous wildcard masks.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NONCONTIGUOUSMASK: Failed to accelerate ACL 2001. ACL acceleration supports only contiguous wildcard masks.
Explanation	ACL acceleration failed because rules containing noncontiguous wildcard masks exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_NOT_SUPPORT

Message text	Failed to accelerate [STRING] ACL [UINT32]. The operation is not supported.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 ACL 2001. The operation is not supported.
Explanation	ACL acceleration failed because the system does not support ACL acceleration.
Recommended action	No action is required.

ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP

Message text	Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support the rules that contain the hop-by-hop keywords.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORTHOPBYHOP: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support the rules that contain the hop-by-hop keywords.
Explanation	ACL acceleration failed for the IPv6 ACL because rules containing the hop-by-hop keyword exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG

Message text	Failed to accelerate IPv6 ACL [UINT32]. ACL acceleration does not support specifying multiple TCP flags in one rule.
Variable fields	$1: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_NOT_SUPPORTMULTITCPFLAG: Failed to accelerate IPv6 ACL 2001. ACL acceleration does not support specifying multiple TCP flags in one rule.
Explanation	ACL acceleration failed for the IPv6 ACL because rules containing multiple TCP flags exist in the ACL.
Recommended action	Check the ACL rules and delete the unsupported configuration.

ACL_ACCELERATE_UNK_ERR

Message text	Failed to accelerate [STRING] ACL [UINT32].
Variable fields	$1: ACL type. $2: ACL number.
Severity level	4
Example	ACL/4/ACL_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 ACL 2001.
Explanation	ACL acceleration failed because of an unknown error.
Recommended action	No action is required.

ACL_DYNRULE_COMMENT

Message text	The comment of [STRING], which was generated dynamically, can't be added or deleted manually.
Variable fields	$1: Dynamic ACL rule information.
Severity level	6
Example	ACL/6/ACL_DYNRULE_COMMENT: The comment of IPv4 ACL 3000 rule 1, which was generated dynamically, can't be added or deleted manually.
Explanation	The comment of a dynamic ACL rule can't be added or deleted manually.
Recommended action	No action is required.

ACL_DYNRULE_MDF

Message text	[STRING], which was generated dynamically, was deleted or modified manually.
Variable fields	$1: Dynamic ACL rule information.
Severity level	5
Example	ACL/5/ACL_DYNRULE_MDF: IPv4 ACL 3000 rule 1, which was generated dynamically, was deleted or modified manually.
Explanation	A dynamic ACL rule was deleted or modified manually.
Recommended action	Make sure deleting or modifying the dynamic ACL rule does not affect ongoing services on the network.

ACL_IPV6_STATIS_INFO

Message text	IPv6 ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: ACL number. $2: ID and content of an IPv6 ACL rule. $3: Number of packets that matched the rule.
Severity level	6
Example	ACL/6/ACL_IPV6_STATIS_INFO: IPv6 ACL 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).
Explanation	The number of packets matching the IPv6 ACL rule changed.
Recommended action	No action is required.

ACL_NO_MEM

Message text	Failed to configure [STRING] ACL [UINT] due to lack of memory.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	3
Example	ACL/3/ACL_NO_MEM: Failed to configure ACL 2001 due to lack of memory.
Explanation	Configuring the ACL failed because memory is insufficient.
Recommended action	Use the display memory-threshold command to check the memory usage.

ACL_RULE_REACH_MAXNUM

Message text	The maximum number of rules in [STRING] ACL [UNIT32] already reached.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	5
Example	ACL/5/ACL_RULE_REACH_MAXNUM:The maximum number of rules in IPv4 ACL 3000 already reached.
Explanation	A dynamic ACL rule failed to be added because the maximum number of rules in the ACL already reached.
Recommended action	Delete unused ACL rules.

ACL_RULE_SUBID_EXCEED

Message text	The rule ID in [STRING] ACL [UNIT32] is out of range.
Variable fields	$1: ACL type. $2: ACL number.
Severity level	5
Example	ACL/5/ ACL_RULE_SUBID_EXCEED: The rule ID in IPv4 ACL 3000 is out of range.
Explanation	A dynamic ACL rule failed to be added because the rule ID is out of range.
Recommended action	Modify the rule numbering step for the ACL.

ACL_STATIS_INFO

Message text	ACL [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: ACL number. $2: ID and content of an IPv4 ACL rule. $3: Number of packets that matched the rule.
Severity level	6
Example	ACL/6/ACL_STATIS_INFO: ACL 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	The number of packets matching the IPv4 ACL rule changed.
Recommended action	No action is required.

ADVPN messages

This section contains ADVPN messages.

ADVPN_SESSION_DELETED

Message text	An ADVPN tunnel was deleted: tunnel interface=[STRING], private addr=[STRING], public addr=[STRING], peer private addr=[STRING], peer public addr=[STRING], type=[STRING], last state=[STRING], last state duration=[STRING], domain name=[STRING], ADVPN group name=[STRING].
Variable fields	$1: Tunnel interface name. $2: Private address of the ADVPN tunnel. $3: Public address of the ADVPN tunnel. $4: Peer private address of the ADVPN tunnel. $5: Peer public address of the ADVPN tunnel. $6: ADVPN tunnel type. $7: Last state of the ADVPN tunnel. $8: Duration for the last state of the ADVPN tunnel, in the format of xH yM zS. $9: ADVPN domain name. $10: ADVPN group name.
Severity level	4
Example	ADVPN/4/ADVPN_SESSION_DELETED: An ADVPN tunnel was deleted: tunnel interface=888, private addr=112.168.60.56, public addr=192.168.60.137,peer private addr=112.168.60.18, peer public addr=192.168.60.11,type=Spoke-Hub, last state=Success, last state duration=0H 8M 8S,domain name=abc, ADVPN group name=
Explanation	An ADVPN tunnel was deleted.
Recommended action	Check the network connectivity and configuration.

ADVPN_SESSION_STATE_CHANGED

Message text	ADVPN tunnel state changed from [STRING] to [STRING]: tunnel interface=[STRING], private addr=[STRING], public addr=[STRING], peer private addr=[STRING], peer public addr=[STRING], type=[STRING], last state=[STRING], last state duration=[STRING], domain name=[STRING], ADVPN group name=[STRING].
Variable fields	$1: Original state of the ADVPN tunnel. $2: New state of the ADVPN tunnel. $3: Tunnel interface name. $4: Private address of the ADVPN tunnel. $5: Public address of the ADVPN tunnel. $6: Peer private address of the ADVPN tunnel. $7: Peer public address of the ADVPN tunnel. $8: ADVPN tunnel type. $9: Last state of the ADVPN tunnel. $10: Duration for the last state of the ADVPN tunnel, in the format of xH yM zS. $11: ADVPN domain name. $12: ADVPN group name.
Severity level	4
Example	ADVPN/4/ADVPN_SESSION_STATE_CHANGED: ADVPN tunnel state changed from Establishing to Success: tunnel interface=888, private addr=112.168.60.56, public addr=192.168.60.137,peer private addr=112.168.60.18, peer public addr=192.168.60.11,type=Spoke-Hub, last state=Establishing, last state duration=0H 0M 5S,domain name=abc, ADVPN group name=
Explanation	The state of an ADVPN tunnel was changed.
Recommended action	Check the network connectivity and configuration.

ANCP messages

This section contains ANCP messages.

ANCP_INVALID_PACKET

Message text	-NeighborName=[STRING]-State=[STRING]-MessageType=[STRING]; The [STRING] value [STRING] is wrong, and the value [STRING] is expected.
Variable fields	$1: ANCP neighbor name. $2: Neighbor state. $3: Message type. $4: Field. $5: Wrong value of the field. $6: Expected value of the field.
Severity level	6
Example	ANCP/6/ANCP_INVALID_PACKET: -NeighborName=Dslam-State=SYNSENT-MessageType=SYNACK; The Sender Instance value 0 is wrong, and the value 1 is expected.
Explanation	The system received an adjacency message that had a field with a wrong value.
Recommended action	No action is required.

ANTIVIRUS messages

This section contains antivirus messages.

ANTIVIRUS_IPV4_INTERZONE

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];VirusName(1085)=[STRING];VirusID(1086)=[UINT32];Severity(1087)=[STRING];MD5(1129)=[STRING];Action(1053)=[STRING];HitDirection(1115)=[STRING];RealSrcIP(1100)=[STRING];
Variable fields	$1: Protocol type. $2: Application layer protocol name. $3: Source IPv4 address. $4: Source port number. $5: Destination IPv4 address. $6: Destination port number. $7: Receiving VPN instance. $8: Source security zone name. $9: Destination security zone name. $10: Username. $11: Policy name. $12: Virus name. $13: Virus ID. $14: Severity level: ¡ LOW. ¡ MEDIUM. ¡ HIGH. ¡ CRITICAL. $15: MD5 value. $16: Action: ¡ Reset & Logging. ¡ Permit & Logging. ¡ Redirect & Logging. $17: Direction of matching packets: ¡ original. ¡ reply. $18: Actual source IPv4 address.
Severity level	4
Example	ANTI-VIR/4/ANTIVIRUS_IPV4_INTERZONE:-Context=1;Protocol(1001)=TCP;Application(1002)=http;SrcIPAddr(1003)=100.10.10.40;SrcPort(1004)=56690;DstIPAddr(1007)=200.10.10.40;DstPort(1008)=80;RcvVPNInstance(1042)=;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;PolicyName(1079)=av;VirusName(1085)=MODIFIED-EICAR-Test-File;VirusID(1086)=95;Severity(1087)=MEDIUM;MD5(1129)=d41d8cd98f00b204e9800998ecf8427e;Action(1053)=Reset & Logging;HitDirection(1115)=original;RealSrcIP(1100)=10.10.10.10,20.20.20.20;
Explanation	This message is sent when an IPv4 packet matches a virus signature.
Recommended action	No action is required.

ANTIVIRUS_IPV6_INTERZONE

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=-[STRING];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];VirusName(1085)=[STRING];VirusID(1086)=[UINT32];Severity(1087)=[STRING];MD5(1129)=[STRING];Action(1053)=[STRING];HitDirection(1115)=[STRING];RealSrcIP(1100)=[STRING];
Variable fields	$1: Protocol type. $2: Application layer protocol name. $3: Source IPv6 address. $4: Source port number. $5: Destination IPv6 address. $6: Destination port number. $7: Receiving VPN instance. $8: Source security zone name. $9: Destination security zone name. $10: Username. $11: Policy name. $12: Virus name. $13: Virus ID. $14: Severity level: ¡ LOW. ¡ MEDIUM. ¡ HIGH. ¡ CRITICAL. $15: MD5 value. $16: Action: ¡ Reset & Logging. ¡ Permit & Logging. ¡ Redirect & Logging. $17: Direction of matching packets: ¡ original. ¡ reply. $18: Actual source IPv6 address.
Severity level	4
Example	ANTI-VIR/4/ANTIVIRUS_IPV6_INTERZONE:-Context=1;Protocol(1001)=TCP;Application(1002)=http;SrcIPv6Addr(1036)=100::40;SrcPort(1004)=56690;DstIPv6Addr(1037)=200::40;DstPort(1008)=80;RcvVPNInstance(1042)=;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=aaa;PolicyName(1079)=av;VirusName(1085)=MODIFIED-EICAR-Test-File;VirusID(1086)=95;Severity(1087)=MEDIUM;MD5(1129)=d41d8cd98f00b204e9800998ecf8427e;Action(1053)=Reset & Logging;HitDirection(1115)=original;RealSrcIP(1100)=10::1;
Explanation	This message is sent when an IPv6 packet matches a virus signature.
Recommended action	No action is required.

ANTIVIRUS_WARNING

Message text	Updated the antivirus signature library successfully.
Variable fields	N/A
Severity level	4
Example	ANTI-VIR/4/ANTIVIRUS_WARNING: -Context=1; Updated the antivirus signature library successfully.
Explanation	This message is sent when the antivirus signature library is immediately or locally updated.
Recommended action	No action is required.

ANTIVIRUS_WARNING

Message text	Rolled back the antivirus signature library successfully.
Variable fields	N/A
Severity level	4
Example	ANTI-VIR/4/ANTIVIRUS_WARNING: -Context=1; Rolled back the antivirus signature library successfully.
Explanation	This message is sent when the antivirus signature library is rolled back to the previous version or the factory version.
Recommended action	No action is required.

ANTIVIRUS_WARNING

Message text	Failed to update the antivirus signature library because no valid license was found for the antivirus feature.
Variable fields	N/A
Severity level	4
Example	ANTI-VIR/4/ANTIVIRUS_WARNING: -Context=1; Failed to update the antivirus signature library because no valid license was found for the antivirus feature.
Explanation	This message is sent when one of the following antivirus signature library upgrade failure occurs: · Web-based or CLI-based immediate upgrade failed because no valid license is found. · Web-based local upgrade failed because no valid license is found.
Recommended action	No action is required.

APMGR messages

This section contains access point management messages.

AP_CREATE_FAILURE

Message text	Failed to create an AP with entity ID [UINT32] and model [STRING]. Reason: Region code is not available.
Variable fields	$1: AP ID. $2: AP model.
Severity level	6
Example	APMGR/6/AP_CREATE_FAILURE: Failed to create an AP with entity ID 1 and model WA2620i-AGN. Reason: Region code is not available.
Explanation	The system fails to create an AP because the AP is not specified with a region code.
Recommended action	Specify a region code in global configuration view.

APMGR_ADDBAC_INFO

Message text	Add BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	APMGR/6/APMGR_ADDBAC_INFO: Add BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was connected to the master AC.
Recommended action	No action is required.

APMGR_AP_CFG_FAILED

Message text	Failed to reset AP [STRING]. Reason: The AP is writing an image file into the flash.
Variable fields	$1: AP name.
Severity level	4
Example	APMGR/4/APMGR_CFG_FAILD: Fa iled to reset AP ap2. Reason: The AP is writing an image file into the flash.
Explanation	AP reset failed because the AP is writing an image file into the flash.
Recommended action	Restart the AP after the AP finishes writing an image file into the flash.

APMGR_AP_ONLINE

Message text	The AP failed to come online in discovery stage. Reason: AP model [$1] is not supported.
Variable fields	$1: AP model.
Severity level	6
Example	APMGR/6/APMGR_AP_ONLINE: The AP failed to come online in discovery stage. Reason: AP model wa2620i-AGN is not supported.
Explanation	The AP fails to come online because its model is not supported by the AC and the AC cannot receive discovery requests from the AP.
Recommended action	No action is required.

APMGR_DELBAC_INFO

Message text	Delete BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	APMGR/6/APMGR_DELBAC_INFO: Delete BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was disconnected from the master AC.
Recommended action	No action is required.

APMGR_LOG_ADD_AP_FAIL

Message text	AP [STRING] failed to come online using serial ID [STRING]: MAC address [STRING] is being used by AP [STRING].
Variable fields	$1: AP name. $2: Serial ID. $3: MAC address. $4: AP name.
Severity level	4
Example	APMGR/4/APMGR_LOG_ADD_AP_FAIL: AP ap1 failed to come online using serial ID 01247ef96: MAC address 0023-7961-5201 is being used by AP ap2.
Explanation	The AP failed to come online because a manual AP that has the same MAC address already exists on the AC.
Recommended action	Delete either the manual AP that has the MAC address or the serial ID.

APMGR_LOG_LACOFFLINE

Message text	Local AC [STRING] went offline. State changed to Idle.
Variable fields	$1: Name of the local AC.
Severity level	6
Example	APMGR/6/APMGR_LOG_LACOFFLINE: Local AC ac1 went offline. State changed to Idle.
Explanation	The local AC went offline. The state of the local AC changed to Idle.
Recommended action	5. If the local AC went offline abnormally, check the debugging information to locate the problem and resolve it. 6. If the problem persists, contact H3C Support.

APMGR_LOG_LACONLINE

Message text	Local AC [STRING] went online. State changed to Run.
Variable fields	$1: Name of the local AC.
Severity level	6
Example	APMGR/6/APMGR_LOG_LACONLINE: Local AC ac1 went online. State changed to Run..
Explanation	The local AC came online. The state of the local AC changed to Run.
Recommended action	No action is required.

APMGR_LOG_MEMALERT

Message text	The memory usage of the AC has reached the threshold.
Variable fields	N/A
Severity level	4
Example	APMGR/4/APMGR_LOG_MEMALERT: The memory usage of the AC has reached the threshold.
Explanation	The AP failed to come online because the memory utilization exceeded the limit.
Recommended action	Stop creating manual APs and prevent APs from coming online.

APMGR_LOG_NOLICENSE

Message text	AP failed to come online in [STRING]. Reason: No license for the [STRING].
Variable fields	$1: AP state: · discover. · join. $2: AP type: · common AP. · WTU AP.
Severity level	6
Example	APMGR/6/APMGR_LOG_NOLICENSE: AP failed to come online in discover. Reason: No license for the common AP.
Explanation	The AP failed to come online because the number of APs allowed by the license on the AC has reached the upper limit.
Recommended action	Purchase an upgrade license for AP number extension.

APMGR_LOG_OFFLINE

Message text	AP [STRING] went offline. State changed to Idle.
Variable fields	$1: AP name.
Severity level	6
Example	APMGR/6/APMGR_LOG_OFFLINE: AP ap1 went offline. State changed to Idle.
Explanation	The AP went offline. The state of the AP changed to Idle.
Recommended action	If the AP went offline abnormally, check the debugging information to locate the problem and resolve it.

APMGR_LOG_ONLINE

Message text	AP [STRING] came online. State changed to Run.
Variable fields	$1: AP name.
Severity level	6
Example	APMGR/6/APMGR_LOG_ONLINE: AP ap1 came online. State changed to Run.
Explanation	The AP came online. The state of the AP changed to Run.
Recommended action	No action is required.

APMGR_LOG_ONLINE_FAILED

Message text	[STRING] ([STRING]) failed to come online in join state. Reason: [STRING] ([STRING]) was offline.
Variable fields	$1: Name of a WTU or WAP. $2: Serial ID of a WTU or WAP. $3: Name of the connected WT or SPM. $4: Serial ID of the connected WT or SPM.
Severity level	6
Example	· APMGR/6/APMGR_AP_ONLINE_FAILED: WTU (219801A0WA916BQ12535) failed to come online in join state. Reason: WT (219801A11UC173000153) was offline. · APMGR/6/APMGR_AP_ONLINE_FAILED: WAP (219801A0VW916AG00254) failed to come online in join state. Reason: SPM (219801A13DB05B0004350) was offline.
Explanation	· The WTU cannot come online because its connected WT is offline. · The WAP cannot come online because its connected SPM is offline.
Recommended action	Make the WT or SPM come online.

APMGR_REACH_MAX_APNUMBER

Message text	An AP failed to come online: Maximum number of APs already reached.
Variable fields	N/A
Severity level	4
Example	APMGR/4/APMGR_REACH_MAX_APNEMBER: An AP failed to come online: Maximum number of APs already reached.
Explanation	An AP failed to come online because the number of APs on the AC already reached the upper limit.
Recommended action	No action is required.

APMGR_SWAC_DRV_FAILED

Message text	Failed to install WLAN feature package. Reason: Insufficient hardware resources.
Variable fields	N/A
Severity level	3
Example	APMGR/3/SWAC_DRV_FAILED: Failed to install WLAN feature package. Reason: Insufficient hardware resources.
Explanation	The system failed to install the WLAN feature package because of insufficient hardware resources.
Recommended action	To resolve the problem: 7. Uninstall the WLAN feature package. 8. Locate the reason that causes hardware resource exhaustion and remove the issue. 9. Reinstall the WLAN feature package. 10. If the problem persists, contact H3C Support.

CWC_AP_DOWN

Message text	CAPWAP tunnel to AC [STRING] went down. Reason: [STRING].
Variable fields	$1: AC IP address. $2: Reason: · Added AP IP address. · Deleted AP IP address. · AP interface used for CAPWAP tunnel went down. · AP config changed. · AP was reset. · Number of echo retransmission attempts exceeded the limit. · No license for the AP. · Full retransmission queue. · Data channel timer expired. · Backup AC IP address changed. · Backup tunnel changed to master tunnel. · Failed to change backup tunnel to master tunnel. · Backup method changed. · N/A.
Severity level	6
Example	CWC/6/CWC_AP_DOWN: CAPWAP tunnel to AC 192.168.10.1 went down. Reason: AP was reset.
Explanation	The CAPWAP tunnel between the AP and the AC was terminated for a specific reason.
Recommended action	Examine the network connection between the AP and the AC.

CWC_AP_UP

Message text	[STRING] CAPWAP tunnel to AC [STRING] went up.
Variable fields	$1: Tunnel type: · Master. · Backup. $2: AC IP address.
Severity level	6
Example	CWC/6/CWC_AP_UP: Master CAPWAP tunnel to AC 192.168.10.1 went up.
Explanation	The AP was connected to the AC successfully and entered Run state.
Recommended action	No action is required.

CWC_AP_REBOOT

Message text	AP in state [STRING] is rebooting. Reason: [STRING]
Variable fields	$1: AP state. $2: Reason: · Image was downloaded successfully. · Reset by admin. · Reset by CloudTunnel, · Reset on cloud, · The radio status was incorrect, · WT was offline, · Stayed in idle state for a long time.
Severity level	6
Example	CWC/6/CWC_AP_REBOOT: AP in State Run is rebooting. Reason: Reset by admin.
Explanation	The AP rebooted for a specific reason.
Recommended action	No action is required.

CWC_IMG_DOWNLOAD_COMPLETE

Message text	System software image file [STRING] downloading through the CAPWAP tunnel to AC [STRING] completed.
Variable fields	$1: Image file name. $2: AC IP address.
Severity level	6
Example	CWC/6/CWC_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel to AC 192.168.10.1 completed.
Explanation	The AP downloaded the image file from the AC successfully.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_FAILED

Message text	Failed to download image file [STRING1] for [STRING2] [STRING3].
Variable fields	$1: Image file name. $2: AP or local AC. $3: Name of the AP or local AC.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_FAILED: Failed to download image file wa4300.ipe for AP ap1.
Explanation	The AP or the local AC failed to download the image file from the AC.
Recommended action	No action is required.

CWC_IMG_DOWNLOAD_START

Message text	Started to download the system software image file [STRING] through the CAPWAP tunnel to AC [STRING].
Variable fields	$1: Image file name. $2: AC IP address.
Severity level	6
Example	CWC/6/CWC_IMG_DOWNLOAD_START: Started to download the system software image file 5800.ipe through the CAPWAP tunnel to AC 192.168.10.1.
Explanation	The AP started to download the image file from the AC.
Recommended action	Make sure the AP is correctly connected to the AC.

CWC_IMG_NO_ENOUGH_SPACE

Message text	Insufficient flash memory space for downloading system software image file [STRING].
Variable fields	$1: Image file name.
Severity level	6
Example	CWC/6/CWC_IMG_NO_ENOUGH_SPACE: Insufficient flash memory space for downloading system software image file 5800.ipe.
Explanation	The AP failed to download the image file from the AC because of insufficient flash memory.
Recommended action	Delete files not in use from the AP.

CWC_LOCALAC_DOWN

Message text	CAPWAP tunnel to Central AC [STRING] went down. Reason: [STRING].
Variable fields	$1: IP address of the central AC. $2: Reason: · Added local AC IP address. · Deleted local AC IP address. · Local AC interface used for CAPWAP tunnel went down. · Local AC config changed. · N/A
Severity level	4
Example	CWC/4/CWC_LOCALAC_DOWN: CAPWAP tunnel to Central AC 2.2.2.1 went down. Reason: Local AC config changed.
Explanation	The CAPWAP tunnel between the central AC and the local AC was terminated for a specific reason.
Recommended action	To resolve the problem: 11. Examine the network connection between the central AC and the local AC. 12. Verify that the central AC is correctly configured. 13. Verify that the local AC is correctly configured. 14. If the problem persists, contact H3C Support.

CWC_LOCALAC_UP

Message text	CAPWAP tunnel to Central AC [STRING] went up.
Variable fields	$1: IP address of the central AC.
Severity level	6
Example	CWC/6/CWC_LOCALAC_UP: CAPWAP tunnel to Central AC 2.2.2.1 went up.
Explanation	The central AC has established a CAPWAP tunnel with the local AC.
Recommended action	No action is required.

CWC_RUN_DOWNLOAD_COMPLETE

Message text	File [STRING] successfully downloaded through the CAPWAP tunnel to AC [STRING].
Variable fields	$1: File name. $2: AC IP address.
Severity level	6
Example	CWC/6/CWC_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel to AC 192.168.10.1.
Explanation	The AP downloaded the file from the AC successfully.
Recommended action	No action is required.

CWC_RUN_DOWNLOAD_START

Message text	Started to download the file [STRING] through the CAPWAP tunnel to AC [STRING].
Variable fields	$1: File name. $2: AC IP address.
Severity level	6
Example	CWC/6/CWC_RUN_DOWNLOAD_START: Started to download the file ac.cfg through the CAPWAP tunnel to AC 192.168.10.1.
Explanation	The AP started to download the file from the AC.
Recommended action	Make sure the AP is correctly connected to the AC.

CWC_RUN_NO_ENOUGH_SPACE

Message text	Insufficient flash memory space for downloading file [STRING].
Variable fields	$1: File name.
Severity level	6
Example	CWC/6/CWC_RUN_NO_ENOUGH_SPACE: Insufficient flash memory space for downloading file ac.cfg.
Explanation	The AP failed to download the file from the AC because of insufficient flash memory.
Recommended action	Delete files not in use from the AP.

CWS_AP_DOWN

Message text	CAPWAP tunnel to AP [STRING] went down. Reason: [STRING].
Variable fields	$1: AP name. $2: Reason: · Neighbor dead timer expired. · AP was reset by admin. · AP was reset by CloudTunnel. · AP was reset on cloud. · WT was offline. · AP was deleted. · Serial number changed. · Processed join request in Run state. · Failed to retransmit message. · Received WTP tunnel down event from AP. · Backup AC closed the backup tunnel. · Backup AP upgrade failed. · AC is inactive. · Tunnel switched. · N/A.
Severity level	6
Example	CWS/6/CWS_AP_DOWN: CAPWAP tunnel to AP ap1 went down. Reason: AP was reset by admin.
Explanation	The AP went offline for a specific reason.
Recommended action	To resolve the problem: 15. Examine the network connection between the AP and the AC. 16. Verify that the AP is correctly configured. 17. Verify that the AC is correctly configured. 18. If the problem persists, contact H3C Support.

CWS_AP_UP

Message text	[STRING] CAPWAP tunnel to AP [STRING] went up.
Variable fields	$1: Tunnel type: · Master. · Backup. $2: AP name or serial ID.
Severity level	6
Example	CWS/6/CWS_AP_UP: Backup CAPWAP tunnel to AP ap1 went up.
Explanation	The AP came online and entered Run state.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_COMPLETE

Message text	System software image file [STRING] downloading through the CAPWAP tunnel for AP [STRING] completed.
Variable fields	$1: Image file name. $2: AP name.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_COMPLETE: System software image file 5800.ipe downloading through the CAPWAP tunnel for AP ap2 completed.
Explanation	The AP downloaded the image file from the AC successfully.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_FAILED

Message text	Failed to download image file [STRING] for the AP. AC memory is not enough.
Variable fields	$1: Name of an image file.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_FAILED: Failed to download image file wa4300anchor.ipe for the AP. AC memory is not enough.
Explanation	The AP failed to download an image file from the AC because of insufficient AC memory.
Recommended action	No action is required.

CWS_IMG_DOWNLOAD_START

Message text	AP [STRING] started to download the system software image file [STRING].
Variable fields	$1: AP name. $2: Image file name.
Severity level	6
Example	CWS/6/CWS_IMG_DOWNLOAD_START: AP ap1 started to download the system software image file 5800.ipe.
Explanation	The AP started to download the image file from the AC.
Recommended action	No action is required.

CWS_IMG_OPENFILE_FAILED

Message text	Failed to open the image file [STRING].
Variable fields	$1: Path of the image file to be downloaded to the AP.
Severity level	3
Example	CWS/3/CWS_IMG_OPENFILE_FAILED: Failed to open the image file slot1#cfa0:/wa5600.ipe.
Explanation	The AP failed to open the image file downloaded from the AC.
Recommended action	No action is required.

CWS_LOCALAC_DOWN

Message text	CAPWAP tunnel to local AC [STRING] went down. Reason: [STRING].
Variable fields	$1: IP address of the local AC. $2: Reason: · Neighbor dead timer expired. · Local AC was deleted. · Serial number changed. · Processed join request in Run state. · Failed to retransmit message. · N/A
Severity level	4
Example	CWS/4/CWS_LOCALAC_DOWN: CAPWAP tunnel to local AC 1.1.1.1 went down. Reason: Local AC was deleted.
Explanation	The CAPWAP tunnel between the central AC and the local AC was terminated for a specific reason.
Recommended action	To resolve the problem: 19. Examine the network connection between the central AC and the local AC. 20. Verify that the central AC is correctly configured. 21. Verify that the local AC is correctly configured. 22. If the problem persists, contact H3C Support.

CWS_LOCALAC_UP

Message text	CAPWAP tunnel to local AC [STRING] went up.
Variable fields	$1: IP address of the local AC.
Severity level	6
Example	CWS/6/CWS_LOCALAC_UP: CAPWAP tunnel to local AC 1.1.1.1 went up.
Explanation	The central AC has established a CAPWAP tunnel with the local AC.
Recommended action	No action is required.

CWS_RUN_DOWNLOAD_COMPLETE

Message text	File [STRING] successfully downloaded through the CAPWAP tunnel for AP [STRING].
Variable fields	$1: File name. $2: AP name.
Severity level	6
Example	CWS/6/CWS_RUN_DOWNLOAD_COMPLETE: File ac.cfg successfully downloaded through the CAPWAP tunnel for AP ap2.
Explanation	The AP downloaded the file from the AC successfully.
Recommended action	No action is required.

CWS_RUN_DOWNLOAD_START

Message text	AP [STRING] started to download the file [STRING].
Variable fields	$1: AP name. $2: File name.
Severity level	6
Example	CWS/6/CWS_RUN_DOWNLOAD_START: AP ap1 started to download the file ac.cfg.
Explanation	The AP started to download the file from the AC.
Recommended action	No action is required.

RADIO

Message text	APMGR/6/RADIO: Current channel usage [UINT32] of radio [CHAR] on AP [STRING] exceeded the threshold.
Variable fields	$1: Current channel usage. $2: Radio ID. $3: AP name.
Severity level	6
Example	APMGR/6/RADIO: Current channel usage 63% of radio 2 on AP ap1 exceeded the threshold.
Explanation	The current channel usage on a radio has exceeded the channel usage threshold.
Recommended action	Execute the channel command to switch the working channel to a channel with low usage.

Application account extraction messages

This section contains application account extraction messages.

USER-NETLOG

Message text	Protocol(1001)= [STRING];SrcIPAddr(1003)= [IPADDR];SrcPort(1004)= [UINT16];DstIPAddr(1007)= [IPADDR];DstPort(1008)= [UINT16]; User(1098)=%s; Application(1002)= [STRING]; Account(1101)= [STRING].
Variable fields	$1: Protocol address. $2: Source IP address. $3: Source port number. $4: Destination IP address. $5: Destination port number. $6: Username. $7: Application name. $8: User account.
Severity level	6
Example	UDPI/6/USER-NETLOG:-Chassis=1-Slot=5.1;Protocol(1001)=UDP;SrcIPAddr(1003)=22.1.1.2;SrcPort(1004)=0;DstIPAddr(1007)=21.1.1.2;DstPort(1008)=65297;User(1098)=22.1.1.2; Application(1002)=ZhenAiWang; Account(1101)=72753475.
Explanation	This message is generated when a packet matches application account characteristics.
Recommended action	None

Application audit and management messages

This section contains application audit and management messages.

AUDIT_RULE_MATCH_IM_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING],FileName(1097)=[STRING],FileSize(1105)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: File name. $16: File size. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_IM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=QQ;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=12345678,Content(1104)=test,FileName(1097)=text,FileSize(1105)=152389};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an IM application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_MAIL_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Sender_addr(1106)=[STRING],Receiver_addr(1107)=[STRING],Subject(1108)=[STRING],Body(1109)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Sender. $14: Receiver. $15: Subject. $16: Body. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_MAIL_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=smtp;Behavior(1101)=SendMail;BehaviorContent(1102)={Sender_addr(1106)="wb"<wb@ubuntu.wb>,Receiver_addr(1107)=<wb@ubuntu.wb>,Subject(1108)=test,Body(1109)=abc};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an email application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FORUM_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FORUM_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=SinaWeibo;Behavior(1101)=Comment;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a social networking application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_SEARCH_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Keyword(1095)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Keyword. $14: Client type. $15: Application software version. $16: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_SEARCH_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=BaiduSearch;Behavior(1101)=Search;BehaviorContent(1102)={Keyword(1095)=12345678};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a search engine application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FILE_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],FileName(1097)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: File name $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FILE_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=ftp;Behavior(1101)=UploadFile;BehaviorContent(1102)={Account(1103)=ghj123,FileName(1097)=abc.txt};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for a file transfer application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_AS_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_AS_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=tonghuashun;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an entertainment or stock application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_OTHER_IPV4_LOG

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Password(1112)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Password. $15: Content. $16: Client type. $17: Application software version. $18: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_OTHER_IPV4_LOG:Protocol(1001)=TCP;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=Telnet;Behavior(1101)=Download;BehaviorContent(1102)={Account(1103)=hjk123456,Password(1112)=hhh123,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv4 packet matches an audit rule for an unclassified application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_IM_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING],FileName(1097)=[STRING],FileSize(1105)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)= [STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: File name. $16: File size. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_IM_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=QQ;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=12345678,Content(1104)=test,FileName(1097)=text,FileSize(1105)=152389};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an IM application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_MAIL_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Sender_addr(1106)=[STRING],Receiver_addr(1107)=[STRING],Subject(1108)=[STRING],Body(1109)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Sender. $14: Receiver. $15: Subject. $16: Body. $17: Client type. $18: Application software version. $19: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_MAIL_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=smtp;Behavior(1101)=SendMail;BehaviorContent(1102)={Sender_addr(1106)="wb"<wb@ubuntu.wb>,Receiver_addr(1107)=<wb@ubuntu.wb>,Subject(1108)=test,Body(1109)=abc};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an email application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FORUM_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content. $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FORUM_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=SinaWeibo;Behavior(1101)=Comment;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for a social networking application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_SEARCH_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Keyword(1095)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv4 address. $3: Source port number. $4: Destination IPv4 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Keyword. $14: Client type. $15: Application software version. $16: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_SEARCH_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=BaiduSearch;Behavior(1101)=Search;BehaviorContent(1102)={Keyword(1095)=12345678};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for a search engine application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_FILE_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],FileName(1097)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: File name $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_FILE_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=ftp;Behavior(1101)=UploadFile;BehaviorContent(1102)={Account(1103)=ghj123,FileName(1097)=abc.txt};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for a file transfer application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_AS_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcSrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Content $15: Client type. $16: Application software version. $17: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_AS_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=tonghuashun;Behavior(1101)=Login;BehaviorContent(1102)={Account(1103)=hjk123456,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an entertainment or stock application.
Recommended action	No action is required.

AUDIT_RULE_MATCH_OTHER_IPV6_LOG

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];Application(1002)=[STRING];Behavior(1101)=[STRING];BehaviorContent(1102)={Account(1103)=[STRING],Password(1112)=[STRING],Content(1104)=[STRING]};Client(1110)=[STRING];SoftVersion(1111)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Source IPv6 address. $3: Source port number. $4: Destination IPv6 address. $5: Destination port number. $6: Source security zone name. $7: Destination security zone name. $8: Username. $9: Application audit and management policy name. $10: Application name. $11: Application behavior. $12: Application behavior content. $13: Account. $14: Password. $15: Content. $16: Client type. $17: Application software version. $18: Action name: Permit or Deny.
Severity level	6
Example	AUDIT/6/AUDIT_RULE_MATCH_OTHER_IPV6_LOG:Protocol(1001)=TCP;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=hjp;PolicyName(1079)=policy1;Application(1002)=Telnet;Behavior(1101)=Download;BehaviorContent(1102)={Account(1103)=hjk123456,Password(1112)=hhh123,Content(1104)=hello};Client(1110)=PC;SoftVersion(1111)=;Action(1053)=Deny;
Explanation	This message is generated when an IPv6 packet matches an audit rule for an unclassified application.
Recommended action	No action is required.

APR messages

This section contains APR messages.

NBAR_WARNING

Message text	Updated the APR signature library successfully.
Variable fields	N/A
Severity level	4
Example	NBAR/4/NBAR_WARNING: -Context=1; Updated the APR signature library successfully.
Explanation	The APR signature library was updated successfully. The device outputs this log message for one of the following conditions: · The triggered update operation succeeds. · The local update operation succeeds.
Recommended action	No action is required.

NBAR_WARNING

Message text	Rolled back the APR signature library successfully.
Variable fields	N/A
Severity level	4
Example	NBAR/4/NBAR_WARNING: -Context=1; Rolled back the APR signature library successfully.
Explanation	The APR signature library was rolled back successfully to the last version or the factory version.
Recommended action	No action is required.

NBAR_WARNING

Message text	Failed to update the APR signature library because no valid license was found for the NBAR feature.
Variable fields	N/A
Severity level	4
Example	NBAR/4/NBAR_WARNING: -Context=1; Failed to update the APR signature library because no valid license was found for the NBAR feature.
Explanation	The APR signature library update failed because no valid license was found for updating the APR signature library. The device outputs this log message for one of the following conditions: · Failed to perform a triggered update operation. · Failed to perform a local update operation through the Web interface.
Recommended action	No action is required.

ARP messages

This section contains ARP messages.

ARP_ACTIVE_ACK_NO_REPLY

Message text	No ARP reply from IP [STRING] was received on interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_ACTIVE_ACK_NO_REPLY: No ARP reply from IP 192.168.10.1 was received on interface Ethernet0/1/0.
Explanation	The ARP active acknowledgement feature did not receive an ARP reply after it sent an ARP request to the sender IP of an ARP message. This message indicates the risk of attacks.
Recommended action	23. Verify that the learned ARP entries on the device are consistent with the existing legal devices. When gateways and servers are on the network, check the ARP entries for these devices first. 24. If the ARP entries are correct and the attack continues, contact H3C Support.

ARP_ACTIVE_ACK_NOREQUESTED_REPLY

Message text	Interface [STRING] received from IP [STRING] an ARP reply that was not requested by the device.
Variable fields	$1: Interface name. $2: IP address.
Severity level	6
Example	ARP/6/ARP_ACTIVE_ACK_NOREQUESTED_REPLY: Interface Ethernet0/1/0 received from IP 192.168.10.1 an ARP reply that was not requested by the device.
Explanation	The ARP active acknowledgement feature received an unsolicited ARP reply from a sender IP. This message indicates the risk of attacks.
Recommended action	No action is required. The device discards the ARP reply automatically.

ARP_BINDRULETOHW_FAILED

Message text	Failed to download binding rule to hardware on the interface [STRING], SrcIP [IPADDR], SrcMAC [MAC], VLAN [UINT16], Gateway MAC [MAC].
Variable fields	$1: Interface name. $2: Source IP address. $3: Source MAC address. $4: VLAN ID. $5: Gateway MAC address.
Severity level	5
Example	ARP/5/ARP_BINDRULETOHW_FAILED: Failed to download binding rule to hardware on the interface Ethernet1/0/1, SrcIP 1.1.1.132, SrcMAC 0015-E944-A947, VLAN 1, Gateway MAC 00A1-B812-1108.
Explanation	The system failed to set a binding rule to the hardware on an interface. The message is sent in any of the following situations: · The resources are not sufficient for the operation. · The memory is not sufficient for the operation. · A hardware error occurs.
Recommended action	To resolve the problem: 25. Execute the display qos-acl resource command to check if the ACL resources for the operation are sufficient. ¡ If yes, proceed to step 2. ¡ If no, delete unnecessary configuration to release ACL resources. If no configuration can be deleted, proceed to step 2. 26. Execute the display memory command to check if the memory for the operation is sufficient. ¡ If yes, proceed to step 3. ¡ If no, delete unnecessary configuration to release memory. If no configuration can be deleted, proceed to step 3. 27. Delete the configuration and perform the operation again.

ARP_DYNAMIC

Message text	The maximum number of dynamic ARP entries for the device reached.
Variable fields	N/A
Severity level	6
Example	The maximum number of dynamic ARP entries for the device reached.
Explanation	This message is displayed when the maximum number of dynamic ARP entries on the device is reached.
Recommended action	No action is required.

ARP_DYNAMIC_IF

Message text	The maximum number of dynamic ARP entries for interface [STRING] reached.
Variable fields	$1: Interface name.
Severity level	6
Example	The maximum number of dynamic ARP entries for interface GigabitEthernet3/0/1 reached.
Explanation	This message is displayed when maximum number of dynamic ARP entries on an interface is reached.
Recommended action	No action is required.

ARP_DYNAMIC_SLOT

Message text	The maximum number of dynamic ARP entries for [STRING] reached.
Variable fields	$1: Slot number (in standalone mode) or chassis number and slot number (in IRF mode).
Severity level	6
Example	The maximum number of dynamic ARP entries for slot 2 reached. The maximum number of dynamic ARP entries for chassis 1 slot 2 reached.
Explanation	This message is displayed when the maximum number of dynamic ARP entries on a slot is reached.
Recommended action	No action is required.

ARP_HOST_IP_CONFLICT

Message text	The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IP address as the host connected to interface [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: Interface name.
Severity level	4
Example	ARP/4/ARP_HOST_IP_CONFLICT: The host 1.1.1.1 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IP address as the host connected to interface GigabitEthernet1/0/2.
Explanation	The sender IP address in a received ARP message conflicted with the IP address of a host connected to another interface.
Recommended action	Check whether the hosts that send the ARP messages are legitimate. Disconnect the illegal host from the network.

ARP_RATE_EXCEEDED

Message text	The ARP packet rate ([UINT32] pps) exceeded the rate limit ([UINT32] pps) on interface [STRING] in the last [UINT32] seconds.
Variable fields	$1: ARP packet rate. $2: ARP limit rate. $3: Interface name. $4: Interval time.
Severity level	4
Example	ARP/4/ARP_RATE_EXCEEDED: The ARP packet rate (100 pps) exceeded the rate limit (80 pps) on interface Ethernet0/1/0 in the last 10 seconds.
Explanation	An interface received ARP messages at a higher rate than the rate limit.
Recommended action	Verify that the hosts at the sender IP addresses are legitimate.

ARP_SENDER_IP_INVALID

Message text	Sender IP [STRING] was not on the same network as the receiving interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_SENDER_IP_INVALID: Sender IP 192.168.10.2 was not on the same network as the receiving interface Ethernet0/1/0.
Explanation	The sender IP of a received ARP message was not on the same network as the receiving interface.
Recommended action	Verify that the host at the sender IP address is legitimate.

ARP_SENDER_MAC_INVALID

Message text	Sender MAC [STRING] was not identical to Ethernet source MAC [STRING] on interface [STRING].
Variable fields	$1: MAC address. $2: MAC address. $3: Interface name.
Severity level	6
Example	ARP/6/ARP_SENDER_MAC_INVALID: Sender MAC 0000-5E14-0E00 was not identical to Ethernet source MAC 0000-5C14-0E00 on interface Ethernet0/1/0.
Explanation	An interface received an ARP message. The sender MAC address in the message body was not identical to the source MAC address in the Ethernet header.
Recommended action	Verify that the host at the sender MAC address is legitimate.

ARP_SRC_MAC_FOUND_ATTACK

Message text	An attack from MAC [STRING] was detected on interface [STRING].
Variable fields	$1: MAC address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_SRC_MAC_FOUND_ATTACK: An attack from MAC 0000-5E14-0E00 was detected on interface Ethernet0/1/0.
Explanation	The source MAC-based ARP attack detection feature received more ARP packets from the same MAC address within 5 seconds than the specified threshold. This message indicates the risk of attacks.
Recommended action	Verify that the host at the source MAC address is legitimate.

ARP_TARGET_IP_INVALID

Message text	Target IP [STRING] was not the IP of the receiving interface [STRING].
Variable fields	$1: IP address. $2: Interface name.
Severity level	6
Example	ARP/6/ARP_TARGET_IP_INVALID: Target IP 192.168.10.2 was not the IP of the receiving interface Ethernet0/1/0.
Explanation	The target IP address of a received ARP message was not the IP address of the receiving interface.
Recommended action	Verify that the host at the sender IP address is legitimate.

DUPIFIP

Message text	Duplicate address [STRING] on interface [STRING], sourced from [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: MAC Address.
Severity level	6
Example	ARP/6/DUPIFIP: Duplicate address 1.1.1.1 on interface Ethernet1/1/1, sourced from 0015-E944-A947.
Explanation	ARP detected a duplicate address. The sender IP in the received ARP packet was being used by the receiving interface.
Recommended action	Modify the IP address configuration.

DUPIP

Message text	IP address [STRING] conflicted with global or imported IP address, sourced from [STRING].
Variable fields	$1: IP address. $2: MAC Address.
Severity level	6
Example	ARP/6/DUPIP: IP address 30.1.1.1 conflicted with global or imported IP address, sourced from 0000-0000-0001.
Explanation	The sender IP address of the received ARP packet conflicted with the global or imported IP address.
Recommended action	Modify the IP address configuration.

DUPVRRPIP

Message text	IP address [STRING] conflicted with VRRP virtual IP address on interface [STRING], sourced from [STRING].
Variable fields	$1: IP address. $2: Interface name. $3: MAC address.
Severity level	6
Example	ARP/6/DUPVRRPIP: IP address 1.1.1.1 conflicted with VRRP virtual IP address on interface Ethernet1/1/1, sourced from 0015-E944-A947.
Explanation	The sender IP address of the received ARP packet conflicted with the VRRP virtual IP address.
Recommended action	Modify the IP address configuration.

ASPF messages

This section contains ASPF messages.

ASPF_IPV4_DNS

Message text	SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];DomainName(1099)=[STRING];Action(1053)=[STRING];Reason(1056)=[STRING].
Variable fields	$1: Source IPv4 address. $2: Destination IPv4 address. $3: VPN instance name. $4: Local address of a DS-Lite tunnel. $5: Domain name. $6: Action on the detected illegal packets: · drop—Drops illegal packets. · logging—Generates log messages. · none—Does not process the packets and allows illegal packets to pass. $7: Reason why the message was generated: · Invalid DNS RR. · Failed to check DNS header flag. · Failed to check DNS header ID.
Severity level	6
Example	ASPF/6/ASPF_IPV4_DNS:SrcIPAddr(1003)=1.1.1.3;DstIPAddr(1007)=2.1.1.2;RcvVPNInstance(1042)=vpn;RcvDSLiteTunnelPeer(1040)=dstunnel1;DomainName(1099)=www.h3c.com;Action(1053)=drop,logging;Reason(1056)=Check DNS RR invalid.
Explanation	ASPF inspection for DNS is configured. The device takes a specific action on IPv4 packets that are determined to be illegal for a reason.
Recommended action	No action is required.

ASPF_IPV6_DNS

Message text	SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];DomainName(1099)=[STRING];Action(1053)=[STRING];Reason(1056)=[STRING].
Variable fields	$1: Source IPv6 address. $2: Destination IPv6 address. $3: VPN instance name. $4: Domain name. $5: Action on the detected illegal packets: · drop—Drops illegal packets. · logging—Generates log messages. · none—Does not process the packet and allows illegal packets to pass. $6: Reason why the message was generated: · Invalid DNS RR. · Failed to check DNS header flag. · Failed to check DNS header ID.
Severity level	6
Example	ASPF/6/ASPF_IPV6_DNS:SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=3001::1;RcvVPNInstance(1042)=vpn;DomainName(1099)=www.h3c.com;Action(1053)=drop,logging;Reason(1056)=Check DNS RR invalid.
Explanation	ASPF inspection for DNS is configured. The device takes a specific action on IPv6 packets that are determined to be illegal for a reason.
Recommended action	No action is required.

ATK messages

This section contains attack detection and prevention messages.

ATK_ICMP_ADDRMASK_REQ

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ:IcmpType(1062)=17;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP address mask request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_REQ_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW:IcmpType(1062)=17;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL:IcmpType(1062)=18;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP address mask reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW:IcmpType(1062)=18;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL:IcmpType(1062)=0;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL_RAW:IcmpType(1062)=0;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ:IcmpType(1062)=8;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1004)=[UINT16];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Destination port number. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ_RAW:IcmpType(1062)=8;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;DstPort(1004)=22;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP echo request is received.
Recommended action	No action is required.

ATK_ICMP_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ:IcmpType(1062)=15;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP information request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ_RAW:IcmpType(1062)=15;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP information request is received.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL:IcmpType(1062)=16;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP information reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL_RAW:IcmpType(1062)=16;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP information reply is received.
Recommended action	No action is required.

ATK_ICMP_LARGE

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_LARGE:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when large ICMP packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_LARGE_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_LARGE_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM:IcmpType(1062)=12;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM_RAW:IcmpType(1062)=12;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_ICMP_REDIRECT

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT:IcmpType(1062)=5;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP redirect logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_REDIRECT_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT_RAW:IcmpType(1062)=5;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.
Recommended action	No action is required.

ATK_ICMP_SMURF

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides.
Recommended action	No action is required.

ATK_ICMP_SMURF_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time a request is received.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH:IcmpType(1062)=4;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP source quench logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH_RAW:IcmpType(1062)=4;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED:IcmpType(1062)=11;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED_RAW:IcmpType(1062)=11;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_TRACEROUTE:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_TRACEROUTE_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ:IcmpType(1062)=13;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP timestamp logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ_RAW:IcmpType(1062)=13;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL:IcmpType(1062)=14;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP timestamp reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL_RAW:IcmpType(1062)=14;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received.
Recommended action	No action is required.

ATK_ICMP_TYPE

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE:IcmpType(1062)=38;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMP packets.
Recommended action	No action is required.

ATK_ICMP_TYPE_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE_RAW:IcmpType(1062)=38;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE:IcmpType(1062)=3;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE_RAW

Message text	IcmpType(1062)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE_RAW:IcmpType(1062)=3;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH:Icmpv6Type(1064)=133;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH_RAW

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH_RAW:Icmpv6Type(1064)=133;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ:Icmpv6Type(1064)=128;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ_RAW

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ_RAW:Icmpv6Type(1064)=128;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL:Icmpv6Type(1064)=129;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL_RAW

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL_RAW:Icmpv6Type(1064)=129;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received.
Recommended action	No action is required.

ATK_ICMPV6_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMPV6_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPv6Addr(1007)=2002::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY:Icmpv6Type(1064)=130;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener query logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY_RAW

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY_RAW:Icmpv6Type(1064)=130;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION:Icmpv6Type(1064)=132;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener done logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION_RAW

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION_RAW:Icmpv6Type(1064)=132;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT:Icmpv6Type(1064)=131;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener report logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT_RAW

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT_RAW:Icmpv6Type(1064)=131;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received.
Recommended action	No action is required.

ATK_ICMPV6_LARGE

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_LARGE:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when large ICMPv6 packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_LARGE_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMPV6_LARGE_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG:Icmpv6Type(1064)=136;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 packet too big logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG_RAW

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG_RAW:Icmpv6Type(1064)=136;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM:Icmpv6Type(1064)=135;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM_RAW

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM_RAW:Icmpv6Type(1064)=135;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED:Icmpv6Type(1064)=134;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED_RAW

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED_RAW:Icmpv6Type(1064)=134;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_TRACEROUTE:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_TRACEROUTE_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMPV6_TYPE

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE:Icmpv6Type(1064)=38;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMPv6 packets.
Recommended action	No action is required.

ATK_ICMPV6_TYPE_RAW

Message text	Icmpv6Type(1064)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE_RAW:Icmpv6Type(1064)=38;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received.
Recommended action	No action is required.

ATK_IP4_ACK_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_ACK_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_DIS_PORTSCAN

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Actions against the attack. $5: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DIS_PORTSCAN:RcvIfName(1023)=Ethernet0/0/2;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=vpn1;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_DNS_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DNS_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_FIN_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_FIN_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_FRAGMENT

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_FRAGMENT:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP4_FRAGMENT_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_FRAGMENT_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_HTTP_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_HTTP_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_IPSWEEP

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IPSWEEP:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.5;SndDSLiteTunnelPeer(1041)=--;RcvVPNInstance(1042)=vpn1;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009060657.
Explanation	This message is sent when an IPv4 sweep attack is detected.
Recommended action	No action is required.

ATK_IP4_PORTSCAN

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];RcvVPNInstance(1042)=[STRING];DstIPAddr(1007)=[IPADDR];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Name of the receiving VPN instance. $5: Destination IP address. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_PORTSCAN:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.5;SndDSLiteTunnelPeer(1041)=--;RcvVPNInstance(1042)=vpn1;DstIPAddr(1007)=6.1.1.5;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_RST_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_RST_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYN_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYN_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYNACK_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYNACK_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_LAND

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets whose source IP address is the same as the destination IP address.
Recommended action	No action is required.

ATK_IP4_TCP_LAND_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv4 land attack. The attack uses IPv4 TCP packets whose source IP address is the same as the destination IP address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=4.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=5.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TEARDROP

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 overlapping fragments.
Recommended action	No action is required.

ATK_IP4_TEARDROP_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received. If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TINY_FRAGMENT:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=6.
Explanation	This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TINY_FRAGMENT_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=11.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_ACK_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_ACK_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_DIS_PORTSCAN

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Actions against the attack. $5: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DIS_PORTSCAN:RcvIfName(1023)=Ethernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009100928.
Explanation	This message is sent when an IPv6 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_DNS_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DNS_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_FIN_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_FIN_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_FRAGMENT

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_FRAGMENT:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging;BeginTime_c(1011)=20131011103335;EndTime_c(1012)=20131011103835;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP6_FRAGMENT_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_FRAGMENT_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging.
Explanation	This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_HTTP_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_HTTP_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging;BeginTime_c(1011)=20131011103335;EndTime_c(1012)=20131011103835;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging.
Explanation	This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_IPSWEEP

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Name of the receiving VPN instance. $4: Actions against the attack. $5: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IPSWEEP:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::5;RcvVPNInstance(1042)=;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009100639.
Explanation	This message is sent when an IPv6 sweep attack is detected.
Recommended action	No action is required.

ATK_IP6_PORTSCAN

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];RcvVPNInstance(1042)=[STRING];DstIPv6Addr(1037)=[IPADDR];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Name of the receiving VPN instance. $4: Destination IPv6 address. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_PORTSCAN:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::5;RcvVPNInstance(1042)=;DstIPv6Addr(1037)=2::2;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009100455.
Explanation	This message is sent when an IPv6 port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_RST_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_RST_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYN_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYN_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYNACK_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYNACK_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_LAND

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_TCP_LAND_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv6 land attack. The attack uses IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_FLOOD

Message text	RcvIfName(1023)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Receiving interface name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FLOOD:RcvIfName(1023)=Ethernet0/0/2;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP_OPTION

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IP_OPTION:IPOptValue(1061)=38;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with a user-defined IP option.
Recommended action	No action is required.

ATK_IP_OPTION_RAW

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IP_OPTION_RAW:IPOptValue(1061)=38;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011072002;EndTime_c(1012)=20131011072502;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with more than two IP options.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL_RAW

Message text	RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Receiving interface name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL_RAW:RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	This message is for packets that each has more than two IP options. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)= [UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE:IPOptValue(1061)=131;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 131.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE_RAW

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE_RAW:IPOptValue(1061)=131;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE:IPOptValue(1061)=7;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 7.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE_RAW

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE_RAW:IPOptValue(1061)=7;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT:IPOptValue(1061)=148;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 148.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT_RAW

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT_RAW:IPOptValue(1061)=148;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received.
Recommended action	No action is required.

ATK_IPOPT_SECURITY

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY:IPOptValue(1061)=130;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131009091022;EndTime_c(1012)=20131009091522;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for packets with IP option 130.
Recommended action	No action is required.

ATK_IPOPT_SECURITY_RAW

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY_RAW:IPOptValue(1061)=130;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received.
Recommended action	No action is required.

ATK_IPOPT_STREAMID

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID:IPOptValue(1061)=136;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 136.
Recommended action	No action is required.

ATK_IPOPT_STREAMID_RAW

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID_RAW:IPOptValue(1061)=136;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE:IPOptValue(1061)=137;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 137.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE_RAW

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE_RAW:IPOptValue(1061)=137;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP:IPOptValue(1061)=68;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 68.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP_RAW

Message text	IPOptValue(1061)=[UINT32];RcvIfName(1023)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP_RAW:IPOptValue(1061)=68;RcvIfName(1023)=Ethernet0/0/2;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER

Message text	IPv6ExtHeader(1060)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IPv6 extension header value. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER:IPv6ExtHeader(1060)=43;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER _RAW

Message text	IPv6ExtHeader(1060)=[UINT32];RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IPv6 extension header value. $2: Receiving interface name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER_RAW:IPv6ExtHeader(1060)=43;RcvIfName(1023)=Ethernet0/0/2;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_REQ_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ_SZ:IcmpType(1062)=17;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP address mask request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_REQ_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_REQ_RAW_SZ:IcmpType(1062)=17;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP address mask request is received.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL_SZ:IcmpType(1062)=18;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP address mask reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ADDRMASK_RPL_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ADDRMASK_RPL_RAW_SZ:IcmpType(1062)=18;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP address mask replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP address mask reply is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL_SZ:IcmpType(1062)=0;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_RPL_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_RPL_RAW_SZ:IcmpType(1062)=0;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP echo reply is received.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ_SZ:IcmpType(1062)=8;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_ECHO_REQ_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1004)=[UINT16];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Destination port number. $7: Name of the receiving VPN instance. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_ECHO_REQ_RAW_SZ:IcmpType(1062)=8;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;DstPort(1004)=22;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP echo request is received.
Recommended action	No action is required.

ATK_ICMP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Receiving interface name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ_SZ:IcmpType(1062)=15;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP information request logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_INFO_REQ_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_REQ_RAW_SZ:IcmpType(1062)=15;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP information requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMP information request is received.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL_SZ:IcmpType(1062)=16;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP information reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_INFO_RPL_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_INFO_RPL_RAW_SZ:IcmpType(1062)=16;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP information replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP information reply is received.
Recommended action	No action is required.

ATK_ICMP_LARGE_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_LARGE_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when large ICMP packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_LARGE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_LARGE_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for large ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM_SZ:IcmpType(1062)=12;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_PARAPROBLEM_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_PARAPROBLEM_RAW_SZ:IcmpType(1062)=12;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP packets larger than 65535 bytes with the MF flag set to 0.
Recommended action	No action is required.

ATK_ICMP_PINGOFDEATH_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_PINGOFDEATH_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the ping of death attack. The attack uses ICMP packets larger than 65535 bytes with the MF flag set to 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_ICMP_REDIRECT_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT_SZ:IcmpType(1062)=5;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP redirect logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_REDIRECT_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_REDIRECT_RAW_SZ:IcmpType(1062)=5;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP redirect packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP redirect packet is received.
Recommended action	No action is required.

ATK_ICMP_SMURF_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP echo requests whose destination IP address is one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides.
Recommended action	No action is required.

ATK_ICMP_SMURF_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_SMURF_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the smurf attack. The attack uses ICMP echo requests with the destination IP address being one of the following addresses: · A broadcast or network address of A, B, or C class. · An IP address of D or E class. · The broadcast or network address of the network where the receiving interface resides. If log aggregation is enabled, for requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time a request is received.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH_SZ:IcmpType(1062)=4;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP source quench logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_SOURCEQUENCH_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_SOURCEQUENCH_RAW_SZ:IcmpType(1062)=4;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP source quench packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP source quench packet is received.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED_SZ:IcmpType(1062)=11;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TIMEEXCEED_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TIMEEXCEED_RAW_SZ:IcmpType(1062)=11;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMP_TRACEROUTE_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMP time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMP_TRACEROUTE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMP_TRACEROUTE_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ_SZ:IcmpType(1062)=13;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP timestamp logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_REQ_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_REQ_RAW_SZ:IcmpType(1062)=13;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp packet is received.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL_SZ:IcmpType(1062)=14;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP timestamp reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_TSTAMP_RPL_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TSTAMP_RPL_RAW_SZ:IcmpType(1062)=14;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP timestamp replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMP timestamp reply is received.
Recommended action	No action is required.

ATK_ICMP_TYPE_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE_SZ:IcmpType(1062)=38;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMP packets.
Recommended action	No action is required.

ATK_ICMP_TYPE_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_TYPE_RAW_SZ:IcmpType(1062)=38;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMP packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMP packet is received.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE_SZ:IcmpType(1062)=3;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011091319;EndTime_c(1012)=20131011091819;AtkTimes(1054)=2.
Explanation	This message is sent when ICMP destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMP_UNREACHABLE_RAW_SZ

Message text	IcmpType(1062)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMP message type. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMP_UNREACHABLE_RAW_SZ:IcmpType(1062)=3;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMP destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMP destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH_SZ:Icmpv6Type(1064)=133;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 destination unreachable logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_DEST_UNREACH_RAW_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_DEST_UNREACH_RAW_SZ:Icmpv6Type(1064)=133;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 destination unreachable packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 destination unreachable packet is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ_SZ:Icmpv6Type(1064)=128;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 echo request logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_REQ_RAW_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_REQ_RAW_SZ:Icmpv6Type(1064)=128;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo requests of the same attributes, this message is sent only when the first request is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo request is received.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL_SZ:Icmpv6Type(1064)=129;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 echo reply logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_ECHO_RPL_RAW_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_ECHO_RPL_RAW_SZ:Icmpv6Type(1064)=129;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 echo replies of the same attributes, this message is sent only when the first reply is received. If log aggregation is disabled, this message is sent every time an ICMPv6 echo reply is received.
Recommended action	No action is required.

ATK_ICMPV6_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_ICMPV6_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1007)=2002::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of ICMPv6 packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY_SZ:Icmpv6Type(1064)=130;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener query logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPQUERY_RAW_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPQUERY_RAW_SZ:Icmpv6Type(1064)=130;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener queries of the same attributes, this message is sent only when the first query is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener query is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION_SZ:Icmpv6Type(1064)=132;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener done logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREDUCTION_RAW_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREDUCTION_RAW_SZ:Icmpv6Type(1064)=132;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener done packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener done packet is received.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT_SZ:Icmpv6Type(1064)=131;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 multicast listener report logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_GROUPREPORT_RAW_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_GROUPREPORT_RAW_SZ:Icmpv6Type(1064)=131;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 multicast listener reports of the same attributes, this message is sent only when the first report is received. If log aggregation is disabled, this message is sent every time an ICMPv6 multicast listener report is received.
Recommended action	No action is required.

ATK_ICMPV6_LARGE_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_LARGE_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when large ICMPv6 packet logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_LARGE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_ICMPV6_LARGE_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for large ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a large ICMPv6 packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG_SZ:Icmpv6Type(1064)=136;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 packet too big logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PACKETTOOBIG_RAW_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PACKETTOOBIG_RAW_SZ:Icmpv6Type(1064)=136;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 packet too big packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 packet too big packet is received.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM_SZ:Icmpv6Type(1064)=135;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 parameter problem logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_PARAPROBLEM_RAW_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_PARAPROBLEM_RAW_SZ:Icmpv6Type(1064)=135;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 parameter problem packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 parameter problem packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED_SZ:Icmpv6Type(1064)=134;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when ICMPv6 time exceeded logs are aggregated.
Recommended action	No action is required.

ATK_ICMPV6_TIMEEXCEED_RAW_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TIMEEXCEED_RAW_SZ:Icmpv6Type(1064)=134;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet is received.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_TRACEROUTE_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for ICMPv6 time exceeded packets of code 0.
Recommended action	No action is required.

ATK_ICMPV6_TRACEROUTE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_ICMPV6_TRACEROUTE_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435.
Explanation	If log aggregation is enabled, for ICMPv6 time exceeded packets of code 0 of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an ICMPv6 time exceeded packet of code 0 is received.
Recommended action	No action is required.

ATK_ICMPV6_TYPE_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE_SZ:Icmpv6Type(1064)=38;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011100935;EndTime_c(1012)=20131011101435;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for user-defined ICMPv6 packets.
Recommended action	No action is required.

ATK_ICMPV6_TYPE _RAW_SZ

Message text	Icmpv6Type(1064)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: ICMPv6 message type. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_ICMPV6_TYPE_RAW_SZ:Icmpv6Type(1064)=38;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=5600::12;DstIPv6Addr(1037)=1200:0:3400:0:5600:0:7800:0;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for user-defined ICMPv6 packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a user-defined ICMPv6 packet is received.
Recommended action	No action is required.

ATK_IP4_ACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_ACK_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_DIS_PORTSCAN_SZ

Message text	SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Actions against the attack. $5: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DIS_PORTSCAN_SZ:SrcZoneName(1025)=Trust;Protocol(1001)=TCP;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=vpn1;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_DNS_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_DNS_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_FIN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_FIN_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_FRAGMENT_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_FRAGMENT_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP4_FRAGMENT_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_FRAGMENT_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 fragment attack. The attack uses IPv4 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_HTTP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_HTTP_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 packets whose source IPv4 address is the same as the destination IPv4 address.
Recommended action	No action is required.

ATK_IP4_IMPOSSIBLE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IMPOSSIBLE_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 impossible packet attack. The attack uses IPv4 packets whose source IPv4 address is the same as the destination IPv4 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_IPSWEEP_SZ

Message text	SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_IPSWEEP_SZ:SrcZoneName(1025)=Trust;Protocol(1001)=TCP;SrcIPAddr(1003)=9.1.1.5;SndDSLiteTunnelPeer(1041)=--;RcvVPNInstance(1042)=vpn1;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009060657.
Explanation	This message is sent when an IPv4 sweep attack is detected.
Recommended action	No action is required.

ATK_IP4_PORTSCAN_SZ

Message text	SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];RcvVPNInstance(1042)=[STRING];DstIPAddr(1007)=[IPADDR];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Name of the receiving VPN instance. $5: Destination IP address. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_PORTSCAN_SZ:SrcZoneName(1025)=Trust;Protocol(1001)=TCP;SrcIPAddr(1003)=9.1.1.5;SndDSLiteTunnelPeer(1041)=--;RcvVPNInstance(1042)=vpn1;DstIPAddr(1007)=6.1.1.5;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009052955.
Explanation	This message is sent when an IPv4 port scan attack is detected.
Recommended action	No action is required.

ATK_IP4_RST_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_RST_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Name of the receiving VPN instance. $4: Rate limit. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYN_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_SYNACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_SYNACK_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP4_TCP_ALLFLAGS_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_ALLFLAGS_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP4_TCP_FINONLY_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_FINONLY_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_INVALIDFLAGS_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_LAND_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets whose source IP address is the same as the destination IP address.
Recommended action	No action is required.

ATK_IP4_TCP_LAND_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_LAND_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv4 land attack. The attack uses IPv4 TCP packets whose source IP address is the same as the destination IP address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=4.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP4_TCP_NULLFLAG_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_NULLFLAG_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP4_TCP_SYNFIN_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_SYNFIN_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=5.
Explanation	This message is sent when logs are aggregated for IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP4_TCP_WINNUKE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TCP_WINNUKE_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv4 WinNuke attack. The attack uses IPv4 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_TEARDROP_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for IPv4 overlapping fragments.
Recommended action	No action is required.

ATK_IP4_TEARDROP_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TEARDROP_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for IPv4 overlapping fragments of the same attributes, this message is sent only when the first overlapping fragment is received. If log aggregation is disabled, this message is sent every time an IPv4 overlapping fragment is received.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_TINY_FRAGMENT_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=6.
Explanation	This message is sent when logs are aggregated for IPv4 packets with a datagram smaller than 68 bytes and the MF flag set.
Recommended action	No action is required.

ATK_IP4_TINY_FRAGMENT_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_TINY_FRAGMENT_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=TCP;Action(1053)=logging.
Explanation	This message is for the IPv4 tiny fragment attack. The attack uses IPv4 packets with a datagram smaller than 68 bytes and the MF flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header.
Recommended action	No action is required.

ATK_IP4_UDP_BOMB_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_BOMB_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP bomb attack. The attack uses IPv4 UDP packets in which the length value in the IP header is larger than the IP header length plus the length in the UDP header. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IP address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPAddr(1007)=6.1.1.5;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009093351.
Explanation	This message is sent when the number of IPv4 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=11.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP4_UDP_FRAGGLE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_FRAGGLE_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP fraggle attack. The attack uses IPv4 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131011074913;EndTime_c(1012)=20131011075413;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv4 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IP4_UDP_SNORK_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP4_UDP_SNORK_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv4 UDP snork attack. The attack uses IPv4 UDP packets with source port 7, 19, or 135, and destination port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_ACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_ACK_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_DIS_PORTSCAN_SZ

Message text	SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Name of the receiving VPN instance. $4: Actions against the attack. $5: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DIS_PORTSCAN_SZ:SrcZoneName(1025)=Trust;Protocol(1001)=TCP;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009100928.
Explanation	This message is sent when an IPv6 distributed port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_DNS_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_DNS_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 DNS queries sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_FIN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_FIN_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 FIN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_FRAGMENT_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_FRAGMENT_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging;BeginTime_c(1011)=20131011103335;EndTime_c(1012)=20131011103835;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with an offset smaller than 5 but bigger than 0.
Recommended action	No action is required.

ATK_IP6_FRAGMENT_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_FRAGMENT_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging.
Explanation	This message is for the IPv6 fragment attack. The attack uses IPv6 packets with an offset smaller than 5 but bigger than 0. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_HTTP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_HTTP_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 HTTP Get packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging;BeginTime_c(1011)=20131011103335;EndTime_c(1012)=20131011103835;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_IMPOSSIBLE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Protocol type. $6: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IMPOSSIBLE_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=1::1;RcvVPNInstance(1042)=;Protocol(1001)=IPv6-ICMP;Action(1053)=logging.
Explanation	This message is for the IPv6 impossible packet attack. The attack uses IPv6 packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_IPSWEEP_SZ

Message text	SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Name of the receiving VPN instance. $4: Actions against the attack. $5: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_IPSWEEP_SZ:SrcZoneName(1025)=Trust;Protocol(1001)=TCP;SrcIPv6Addr(1036)=1::5;RcvVPNInstance(1042)=;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009100639.
Explanation	This message is sent when an IPv6 sweep attack is detected.
Recommended action	No action is required.

ATK_IP6_PORTSCAN_SZ

Message text	SrcZoneName(1025)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];RcvVPNInstance(1042)=[STRING];DstIPv6Addr(1037)=[IPADDR];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Name of the receiving VPN instance. $4: Destination IPv6 address. $5: Actions against the attack. $6: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_PORTSCAN_SZ:SrcZoneName(1025)=Trust;Protocol(1001)=TCP;SrcIPv6Addr(1036)=1::5;RcvVPNInstance(1042)=;DstIPv6Addr(1037)=2::2;Action(1053)=logging,block-source;BeginTime_c(1011)=20131009100455.
Explanation	This message is sent when an IPv6 port scan attack is detected.
Recommended action	No action is required.

ATK_IP6_RST_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_RST_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 RST packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYN_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYN_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_SYNACK_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_SYNACK_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 SYN-ACK packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have all flags set.
Recommended action	No action is required.

ATK_IP6_TCP_ALLFLAGS_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_ALLFLAGS_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have all flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have only the FIN flag set.
Recommended action	No action is required.

ATK_IP6_TCP_FINONLY_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_FINONLY_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have only the FIN flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set.
Recommended action	No action is required.

ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_INVALIDFLAGS_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have invalid flag settings. Invalid flag settings include: · The RST and FIN flags are both set. · The RST and SYN flags are both set. · The RST, FIN, and SYN flags are all set. · The PSH, RST, and FIN flags are all set. · The PSH, RST, and SYN flags are all set. · The PSH, RST, SYN, and FIN flags are all set. · The ACK, RST, and FIN flags are all set. · The ACK, RST, and SYN flags are all set. · The ACK, RST, SYN, and FIN flags are all set. · The ACK, PSH, SYN, and FIN flags are all set. · The ACK, PSH, RST, and FIN flags are all set. · The ACK, PSH, RST, and SYN flags are all set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_LAND_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address.
Recommended action	No action is required.

ATK_IP6_TCP_LAND_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_LAND_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv6 land attack. The attack uses IPv6 TCP packets whose source IPv6 address is the same as the destination IPv6 address. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have no flag set.
Recommended action	No action is required.

ATK_IP6_TCP_NULLFLAG_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_NULLFLAG_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have no flag set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets that have SYN and FIN flags set.
Recommended action	No action is required.

ATK_IP6_TCP_SYNFIN_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_SYNFIN_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=2000::1;DstIPv6Addr(1037)=2003::200;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 TCP packets that have SYN and FIN flags set. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer.
Recommended action	No action is required.

ATK_IP6_TCP_WINNUKE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_TCP_WINNUKE_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for the IPv6 WinNuke attack. The attack uses IPv6 TCP packets with destination port 139, the URG flag set, and a nonzero Urgent Pointer. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_FLOOD_SZ

Message text	SrcZoneName(1025)=[STRING];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];UpperLimit(1049)=[UINT32];Action(1053)=[STRING];BeginTime_c(1011)=[STRING].
Variable fields	$1: Source security zone name. $2: Destination IPv6 address. $3: Destination port number. $4: Name of the receiving VPN instance. $5: Rate limit. $6: Actions against the attack. $7: Start time of the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FLOOD_SZ:SrcZoneName(1025)=Trust;DstIPv6Addr(1037)=2::2;DstPort(1008)=22;RcvVPNInstance(1042)=;UpperLimit(1049)=10;Action(1053)=logging;BeginTime_c(1011)=20131009100434.
Explanation	This message is sent when the number of IPv6 UDP packets sent to a destination per second exceeds the rate limit.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7 and destination port 19.
Recommended action	No action is required.

ATK_IP6_UDP_FRAGGLE_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_FRAGGLE_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 UDP fraggle attack. The attack uses IPv6 UDP packets with source port 7 and destination port 19. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack. $6: Start time of the attack. $7: End time of the attack. $8: Attack times.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 UDP packets with source port 7, 19, or 135, and destination port 135.
Recommended action	No action is required.

ATK_IP6_UDP_SNORK_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IPv6 address. $3: Destination IPv6 address. $4: Name of the receiving VPN instance. $5: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IP6_UDP_SNORK_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	This message is for IPv6 UDP snork attack. The attack uses IPv6 UDP packets with source port 7, 19, or 135, and port 135. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet is received.
Recommended action	No action is required.

ATK_IP_OPTION_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IP_OPTION_SZ:IPOptValue(1061)=38;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with a user-defined IP option.
Recommended action	No action is required.

ATK_IP_OPTION_RAW_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IP_OPTION_RAW_SZ:IPOptValue(1061)=38;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with a user-defined IP option and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with a user-defined IP option is received.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack. $8: Start time of the attack. $9: End time of the attack. $10: Attack times.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011072002;EndTime_c(1012)=20131011072502;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with more than two IP options.
Recommended action	No action is required.

ATK_IPOPT_ABNORMAL_RAW_SZ

Message text	SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source security zone name. $2: Source IP address. $3: IP address of the peer DS-Lite tunnel interface. $4: Destination IP address. $5: Name of the receiving VPN instance. $6: Protocol type. $7: Actions against the attack.
Severity level	3
Example	ATK/3/ATK_IPOPT_ABNORMAL_RAW_SZ:SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	This message is for packets that each has more than two IP options. If log aggregation is enabled, for packets of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with more than two IP options is received.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)= [UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE_SZ:IPOptValue(1061)=131;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 131.
Recommended action	No action is required.

ATK_IPOPT_LOOSESRCROUTE_RAW_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_LOOSESRCROUTE_RAW_SZ:IPOptValue(1061)=131;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 131 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 131 is received.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE_SZ:IPOptValue(1061)=7;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 7.
Recommended action	No action is required.

ATK_IPOPT_RECORDROUTE_RAW_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_RECORDROUTE_RAW_SZ:IPOptValue(1061)=7;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 7 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 7 is received.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT_SZ:IPOptValue(1061)=148;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 148.
Recommended action	No action is required.

ATK_IPOPT_ROUTEALERT_RAW_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_ROUTEALERT_RAW_SZ:IPOptValue(1061)=148;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 148 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 148 is received.
Recommended action	No action is required.

ATK_IPOPT_SECURITY_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY_SZ:IPOptValue(1061)=130;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131009091022;EndTime_c(1012)=20131009091522;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for packets with IP option 130.
Recommended action	No action is required.

ATK_IPOPT_SECURITY_RAW_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_SECURITY_RAW_SZ:IPOptValue(1061)=130;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 130 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 130 is received.
Recommended action	No action is required.

ATK_IPOPT_STREAMID_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID_SZ:IPOptValue(1061)=136;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 136.
Recommended action	No action is required.

ATK_IPOPT_STREAMID_RAW_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STREAMID_RAW_SZ:IPOptValue(1061)=136;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 136 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 136 is received.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE_SZ:IPOptValue(1061)=137;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 137.
Recommended action	No action is required.

ATK_IPOPT_STRICTSRCROUTE_RAW_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_STRICTSRCROUTE_RAW_SZ:IPOptValue(1061)=137;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 137 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 137 is received.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack. $9: Start time of the attack. $10: End time of the attack. $11: Attack times.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP_SZ:IPOptValue(1061)=68;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging;BeginTime_c(1011)=20131011063123;EndTime_c(1012)=20131011063623;AtkTimes(1054)=3.
Explanation	This message is sent when logs are aggregated for packets with IP option 68.
Recommended action	No action is required.

ATK_IPOPT_TIMESTAMP_RAW_SZ

Message text	IPOptValue(1061)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPAddr(1003)=[IPADDR];SndDSLiteTunnelPeer(1041)=[STRING];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1042)=[STRING];Protocol(1001)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IP option value. $2: Source security zone name. $3: Source IP address. $4: IP address of the peer DS-Lite tunnel interface. $5: Destination IP address. $6: Name of the receiving VPN instance. $7: Protocol type. $8: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPOPT_TIMESTAMP_RAW_SZ:IPOptValue(1061)=68;SrcZoneName(1025)=Trust;SrcIPAddr(1003)=9.1.1.1;SndDSLiteTunnelPeer(1041)=--;DstIPAddr(1007)=6.1.1.1;RcvVPNInstance(1042)=;Protocol(1001)=RAWIP;Action(1053)=logging.
Explanation	If log aggregation is enabled, for packets with IP option 68 and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time a packet with IP option 68 is received.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER_SZ

Message text	IPv6ExtHeader(1066)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING];BeginTime_c(1011)=[STRING];EndTime_c(1012)=[STRING];AtkTimes(1054)=[UINT32].
Variable fields	$1: IPv6 extension header value. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack. $7: Start time of the attack. $8: End time of the attack. $9: Attack times.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER_SZ:IPv6ExtHeader(1060)=43;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging;BeginTime_c(1011)=20131009103631;EndTime_c(1012)=20131009104131;AtkTimes(1054)=2.
Explanation	This message is sent when logs are aggregated for IPv6 packets with a user-defined extension header.
Recommended action	No action is required.

ATK_IPV6_EXT_HEADER_RAW_SZ

Message text	IPv6ExtHeader(1066)=[UINT32];SrcZoneName(1025)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1042)=[STRING];Action(1053)=[STRING].
Variable fields	$1: IPv6 extension header value. $2: Source security zone name. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Name of the receiving VPN instance. $6: Actions against the attack.
Severity level	5
Example	ATK/5/ATK_IPV6_EXT_HEADER_RAW_SZ:IPv6ExtHeader(1060)=43;SrcZoneName(1025)=Trust;SrcIPv6Addr(1036)=1::1;DstIPv6Addr(1037)=2::11;RcvVPNInstance(1042)=;Action(1053)=logging.
Explanation	If log aggregation is enabled, for IPv6 packets with a user-defined extension header and of the same attributes, this message is sent only when the first packet is received. If log aggregation is disabled, this message is sent every time an IPv6 packet with a user-defined extension header is received.
Recommended action	No action is required.

ATM

This section contains ATM messages.

ATM_PVCDOWN

Message text	Interface [STRING] PVC [UINT16]/[UINT16] status is down.
Variable fields	$1: Name of the interface to which the PVC belongs. $2: VPI value of the PVC. $3: VCI value of the PVC.
Severity level	5
Example	ATM/5/ATM_PVCDOWN: Interface ATM2/0/2 PVC 0/100 status is down.
Explanation	The PVC state became down. Possible reasons include the following: · The ATM interface to which the PVC belongs went down. · The OAM state of the PVC became down. · The PVC had been manually shut down.
Recommended action	Use the display atm pvc-info command to display detailed information about the PVC and take relevant actions: · If the interface state is down, take the following actions: ¡ Make sure both the local and remote ATM interfaces are up by using the display interface atm command. If the interfaces have been manually shut down, execute the undo shutdown command in interface view to bring them up. ¡ Make sure the two interfaces are correctly connected. · If the OAM state is down, take the following actions: ¡ Make sure the VPI/VCI value of the remote PVC is the same as the VPI/VCI value of the local PVC. ¡ Make sure the OAM configuration of the remote PVC is consistent with the OAM configuration of the local PVC. For example, if one end is configured as the OAM CC cell sink, the other end must be configured as the OAM CC cell source. ¡ Make sure the remote PVC is up. If the remote PVC has been manually shut down, execute the undo shutdown command in PVC view to bring it up. ¡ Make sure the two ends are correctly connected. ¡ If the two routers are connected through an ATM network, in addition to the previous check items, you must check the forwarding rule of the ATM network. If the ATM network cannot reach the PVC, the PVC cannot come up. · If the PVC state is down, check if the local PVC has been manually shut down. To bring up the PVC, execute the undo shutdown command in PVC view.

ATM_PVCUP

Message text	Interface [STRING] PVC [UINT16]/[UINT16] status is up.
Variable fields	$1: Name of the interface to which the PVC belongs. $2: VPI value of the PVC. $3: VCI value of the PVC.
Severity level	5
Example	ATM/5/ATM_PVCUP: Interface ATM2/0/2 PVC 0/100 status is up.
Explanation	The PVC state became up.
Recommended action	No action is required.

BFD messages

This section contains BFD messages.

BFD_CHANGE_FSM

Message text	Sess[STRING], Ver, Sta: [STRING]->[STRING], Diag: [STRING]
Variable fields	$1: Source address, destination address, interface, and message type of the BFD session. $2: Name of FSM before changing. $3: Name of FSM after changing. $4: Diagnostic information: · 0 (No Diagnostic). · 1 (Control Detection Time Expired)—A control-mode BFD session goes down, because local detection times out. · 2 (Echo Function Failed)—An echo-mode BFD session goes down, because local detection times out or the source IP address of echo packets is deleted. · 3 (Neighbor Signaled Session Down)—The remote end notifies the local end of BFD session down. · 7 (Administratively Down)—The BFD session is shut down administratively on the local end.
Severity level	5
Example	BFD/5/BFD_CHANGE_FSM:Sess[20.0.4.2/20.0.4.1,LD/RD:533/532, Interface:Vlan204, SessType:Ctrl, LinkType:INET], Ver.1, Sta: INIT->UP, Diag: 0 (No Diagnostic).
Explanation	The FSM of the BFD session has been changed. This informational message appears when a BFD session comes up or goes down. Unexpected session loss might indicate high error or packet loss rates in the network.
Recommended action	Check for incorrect BFD configuration or network congestion.

BFD_REACHED_UPPER_LIMIT

Message text	The total number of BFD sessions [ULONG] reached the upper limit. Can’t create a new session.
Variable fields	$1: Total number of BFD sessions.
Severity level	5
Example	BFD/5/BFD_REACHED_UPPER_LIMIT: The total number of BFD session 100 reached upper limit.
Explanation	The total number of BFD sessions has reached the upper limit.
Recommended action	Check the BFD session configuration.

BGP messages

This section contains BGP messages.

BGP_EXCEED_ROUTE_LIMIT

Message text	BGP.[STRING]: The number of routes from peer [STRING] ([STRING]) exceeds the limit [UINT32].
Variable fields	$1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Address family of the BGP peer. $4: Maximum number of routes.
Severity level	4
Example	BGP/4/BGP_EXCEED_ROUTE_LIMIT: BGP.vpn1: The number of routes from peer 1.1.1.1 (IPv4-UNC) exceeds the limit 100.
Explanation	The number of routes received from a peer exceeded the maximum number of routes that can be received from the peer.
Recommended action	Determine whether it is caused by attacks: · If yes, configure the device to defend against the attacks. · If not, increase the maximum number of routes.

BGP_REACHED_THRESHOLD

Message text	BGP.[STRING]: The proportion of prefixes received from peer [STRING] ([STRING]) to maximum allowed prefixes reached the threshold value ([UINT32]%).
Variable fields	$1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Address family of the BGP peer. $4: Percentage of received routes to the maximum allowed routes.
Severity level	5
Example	BGP/5/BGP_REACHED_THRESHOLD: BGP.vpn1: The proportion of prefixes received from peer 1.1.1.1 (IPv4-UNC) to maximum allowed prefixes reached the threshold value (60%).
Explanation	The percentage of received routes to the maximum allowed routes reached the threshold.
Recommended action	Determine whether it is caused by attacks: · If yes, configure the device to defend against the attacks. · If not, increase the threshold value or the maximum number of routes that can be received from the peer.

BGP_MEM_ALERT

Message text	BGP process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm, stop and start.
Severity level	5
Example	BGP/5/BGP_MEM_ALERT: BGP process received system memory alert start event.
Explanation	BGP received a memory alarm.
Recommended action	If BGP received a system memory alert start event, check the system memory and try to free some memory by adjusting modules that occupied too much memory.

BGP_PEER_LICENSE_REACHED

Message text	Number of peers in Established state reached the license limit.
Variable fields	N/A
Severity level	5
Example	BGP/5/BGP_PEER_LICENSE_REACHED: Number of peers in Established state reached the license limit.
Explanation	The number of peers in Established state reached the license limit.
Recommended action	Determine whether a new license is required.

BGP_ROUTE_LICENSE_REACHED

Message text	Number of [STRING] routes reached the license limit.
Variable fields	$1: BGP address family: · IPv4-UNC public—IPv4 unicast routes for the public network. · IPv6-UNC public—IPv6 unicast routes for the public network. · IPv4 private—IPv4 unicast routes, VPNv4 routes, and nested VPN routes for the private network. · IPv6 private—IPv6 unicast routes and VPNv6 routes for the private network.
Severity level	5
Example	BGP/5/BGP_ROUTE_LICENSE_REACHED: Number of IPv4-UNC public routes reached the license limit.
Explanation	The number of routes in the specified address family reached the license limit.
Recommended action	Determine whether a new license is required. After the number of routes in the specified family falls below the license limit or the license limit increases, you must manually restore the discarded routes.

BGP_STATE_CHANGED

Message text	BGP.[STRING]: [STRING] state has changed from [STRING] to [STRING].
Variable fields	$1: VPN instance name. This field is blank for the public network. $2: IP address of the BGP peer. $3: Name of FSM before the state change. $4: Name of FSM after the state change.
Severity level	5
Example	BGP/5/BGP_STATE_CHANGED: BGP.vpn1:192.99.0.2 state has changed from ESTABLISHED to IDLE.
Explanation	The FSM of a BGP peer has changed. This informational message appears when a BGP peer comes up or goes down.
Recommended action	If a peer goes down unexpectedly, determine whether an error or packet loss occurs.

BLS messages

This section contains blacklist messages.

BLS_ENTRY_ADD

Message text	SrcIPAddr(1003)=[IPADDR]; SndDSLiteTunnelPeer(1041)=[STRING]; RcvVPNInstance(1042)=[STRING]; TTL(1055)=[STRING]; Reason(1056)=[STRING].
Variable fields	$1: Blacklisted IP address. $2: Peer address of the DS-Lite tunnel. $3: VPN instance name. $4: TTL of a blacklist entry. $5: Reason why the blacklist entry was added.
Severity level	5
Example	BLS/5/BLS_ENTRY_ADD: -Context=1; SrcIPAddr(1003)=1.1.1.6; SndDSLiteTunnelPeer(1041)=--; RcvVPNInstance(1042)=; TTL(1055)=; Reason(1056)=Configuration. BLS/5/BLS_ENTRY_ADD: -Context=1; SrcIPAddr(1003)=9.1.1.5; SndDSLiteTunnelPeer(1041)=--; RcvVPNInstance(1042)=vpn1; TTL(1055)=10; Reason(1056)=Scan behavior detected.
Explanation	A blacklist entry was added. The message is sent when a blacklist entry is manually configured or dynamically created according to the scanning result.
Recommended action	No action is required.

BLS_ENTRY_DEL

Message text	SrcIPAddr(1003)=[IPADDR]; SndDSLiteTunnelPeer(1041)=[STRING]; RcvVPNInstance(1042)=[STRING]; Reason(1056)=[STRING].
Variable fields	$1: Blacklisted IP address. $2: Peer address of the DS-Lite tunnel. $3: VPN instance name. $4: Reason why the blacklist entry was deleted.
Severity level	5
Example	BLS/5/BLS_ENTRY_DEL: -Context=1; SrcIPAddr(1003)=1.1.1.3; SndDSLiteTunnelPeer(1041)=--; RcvVPNInstance(1042)=; Reason(1056)=Configuration. BLS/5/BLS_ENTRY_DEL: -Context=1; SrcIPAddr(1003)=9.1.1.5; SndDSLiteTunnelPeer(1041)=--; RcvVPNInstance(1042)=vpn1; Reason(1056)=Aging.
Explanation	A blacklist entry was deleted. The message is sent when a blacklist entry is manually deleted or dynamically deleted due to the aging.
Recommended action	No action is required.

BLS_IPV6_ENTRY_ADD

Message text	SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1042)=[STRING]; TTL(1055)=[STRING]; Reason(1056)=[STRING].
Variable fields	$1: Blacklisted IPv6 address. $2: VPN instance name. $3: TTL of a blacklist entry. $4: Reason why the blacklist entry was added.
Severity level	5
Example	BLS/5/BLS_IPV6_ENTRY_ADD: -Context=1; SrcIPv6Addr(1036)=2::2; RcvVPNInstance(1042)=; TTL(1055)=; Reason(1056)=Configuration. BLS/5/BLS_IPV6_ENTRY_ADD: -Context=1; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1042)=; TTL(1055)=10; Reason(1056)=Scan behavior detected.
Explanation	A blacklist entry was added. The message is sent when a blacklist entry is manually configured or dynamically created according to the scanning result.
Recommended action	No action is required.

BLS_IPV6_ENTRY_DEL

Message text	SrcIPv6Addr(1036)=[IPADDR]; RcvVPNInstance(1042)=[STRING]; Reason(1056)=[STRING].
Variable fields	$1: Blacklisted IPv6 address. $2: VPN instance name. $3: Reason why the blacklist entry was deleted.
Severity level	5
Example	BLS/5/BLS_IPV6_ENTRY_DEL: -Context=1; SrcIPv6Addr(1036)=2::2; RcvVPNInstance(1042)=; Reason(1056)=Configuration. BLS/5/BLS_IPV6_ENTRY_DEL: -Context=1; SrcIPv6Addr(1036)=1::5; RcvVPNInstance(1042)=; Reason(1056)= Aging.
Explanation	A blacklist entry was deleted. The message is sent when a blacklist entry is manually deleted or dynamically deleted due to the aging.
Recommended action	No action is required.

BLS_ENTRY_USER_ADD

Message text	User(1098)=[STRING]; TTL(1055)=[STRING]; Reason(1056)=[STRING]; DomainName(1099) =[STRING].
Variable fields	$1: Username in the user blacklist entry. $2: User blacklist entry aging time. $3: Reason why the user blacklist entry was added. $4: Name of the user identification domain to which the user belongs.
Severity level	5
Example	BLS/5/BLS_ENTRY_USER_ADD: User(1098)=user1; TTL(1055)=10; Reason(1056)=Configuration; DomainName(1099)=domain1.
Explanation	A user blacklist entry was added. The message is sent when a user blacklist entry is manually added.
Recommended action	No action is required.

BLS_ENTRY_USER_DEL

Message text	User(1098)=[STRING]; Reason(1056)=[STRING]; DomainName(1099) =[STRING].
Variable fields	$1: Username in the user blacklist entry. $2: Reason why the blacklist entry was deleted: · Configuration—Manual deletion. · Aging—Ageout. $3: Name of the user identification domain to which the user belongs.
Severity level	5
Example	BLS/5/BLS_ENTRY_USER_DEL: User(1098)=user1; Reason(1056)=Configuration; DomainName(1099)=domain1. BLS/5/BLS_ENTRY_USER_DEL: User(1098)=user1; Reason(1056)=Aging; DomainName(1099)=domain1.
Explanation	A user blacklist entry was deleted. The message is sent when a user blacklist entry is manually deleted or dynamically deleted due to the aging.
Recommended action	No action is required.

CFD messages

This section contains CFD messages.

CFD_CROSS_CCM

Message text	MEP [UINT16] in SI [INT32] received a cross-connect CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING].
Variable fields	$1: Service instance ID. $2: Local MEP ID. $3: Source MAC address. $4: Sequence number. $5: Remote MEP ID. $6: MD ID. If no MD ID is available, "without ID" is displayed. $7: MA ID.
Severity level	6
Example	CFD/6/CFD_CROSS_CCM: MEP 13 in SI 10 received a cross-connect CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 78, RMEP is 12, MD ID is without ID, MA ID is 0.
Explanation	A MEP received a cross-connect CCM containing a different MA ID or MD ID.
Recommended action	Check the configurations of MEPs on both ends. Make sure the MEPs have consistent configurations, including MD, MA, and level.

CFD_ERROR_CCM

Message text	MEP [UINT16] in SI [INT32] received an error CCM. It’s SrcMAC is [MAC], SeqNum is [INT32], RMEP is [UINT16], MD ID is [STRING], MA ID is [STRING].
Variable fields	$1: Service instance ID. $2: Local MEP ID. $3: Source MAC address. $4: Sequence number. $5: Remote MEP ID. $6: MD ID. If no MD ID is available, "without ID" is displayed. $7: MA ID.
Severity level	6
Example	CFD/6/CFD_ERROR_CCM: MEP 2 in SI 7 received an error CCM. Its SrcMAC is 0011-2233-4401, SeqNum is 21, RMEP is 2, MD ID is 7, MA ID is 1.
Explanation	A MEP received an error CCM containing an unexpected MEP ID or lifetime.
Recommended action	Check the CCM configuration. Make sure the CCM intervals are consistent on both ends, and the remote MEP ID is included in the MEP list of the local end.

CFD_REACH_LOWERLIMIT

Message text	[STRING] reached or fell below the lower limit [STRING] on MEP [UINT16] in service instance [INT32].
Variable fields	$1: Monitored indicator: ¡ Bit error ratio. ¡ Far-end frame loss ratio. ¡ Near-end frame loss ratio. ¡ Frame delay. $2: Threshold. $3: Local MEP ID. $4: Service instance ID.
Severity level	6
Example	CFD/6/ CFD_REACH_LOWERLIMIT: Bit error ratio reached or fell below the lower limit 4% on MEP 2 in service instance 3.
Explanation	This message is generated when a monitored indicator reaches or falls below the lower limit.
Recommended action	No action is required.

CFD_REACH_UPPERLIMIT

Message text	[STRING] reached or exceeded the upper limit [STRING] on MEP [UINT16] in service instance [INT32].
Variable fields	$1: Monitored indicator: ¡ Bit error ratio. ¡ Far-end frame loss ratio. ¡ Near-end frame loss ratio. ¡ Frame delay. $2: Threshold. $3: Local MEP ID. $4: Service instance ID.
Severity level	6
Example	CFD/6/ CFD_REACH_UPPERLIMIT: Bit error ratio reached or exceeded the upper limit 80% on MEP in service instance 3.
Explanation	This message is generated when a monitored indicator reaches or exceeds the upper limit.
Recommended action	No action is required.

CFD_LOST_CCM

Message text	MEP [UINT16] in SI [INT32] failed to receive CCMs from RMEP [UINT16].
Variable fields	$1: Local MEP ID. $2: Service instance ID. $3: Remote MEP ID.
Severity level	6
Example	CFD/6/CFD_LOST_CCM: MEP 1 in SI 7 failed to receive CCMs from RMEP 2.
Explanation	A MEP failed to receive CCMs within 3.5 sending intervals because the link is faulty or the remote MEP does not send CCM within 3.5 sending intervals.
Recommended action	Check the link status and the configuration of the remote MEP. If the link is down or faulty (becomes unidirectional, for example), restore the link. If the remote MEP is configured with the same service instance, make sure the CCM sending intervals are consistent on both ends.

CFD_RECEIVE_CCM

Message text	MEP [UINT16] in SI [INT32] received CCMs from RMEP [UINT16]
Variable fields	$1: Local MEP ID. $2: Service instance ID. $3: Remote MEP ID.
Severity level	6
Example	CFD/6/CFD_RECEIVE_CCM: MEP 1 in SI 7 received CCMs from RMEP 2.
Explanation	A MEP received CCMs from a remote MEP.
Recommended action	No action is required.

CFGLOG messages

This section contains configuration log messages.

CFGLOG_CFGOPERATE

Message text	-Client=[STRING]-User=[STRING]-IPAddr=[STRING]-Role=[STRING];Config in [STRING] changed: -Old setting=[STRING]; -New setting=[STRING];
Variable fields	$1: Configuration method. The supported configuration methods include CLI, NETCONF, SNMP, CWMP, and Web. $2: Name of the user that changed the configuration. This field displays two asterisks () if the user does not use scheme authentication, which requires a username for login. $3: IP address of the user that changed the configuration. This field displays two asterisks () if the user logged in to the device through the console port. $4: User role of the user that changed the configuration. $5: Configuration change location. $6: Old setting. $7: New setting. If one operation causes multiple settings to change, the $5, $6, and $7 fields might be displayed one time for each setting change.
Severity level	6
Example	CFGLOG/6/CFGLOG_CFGOPERATE: -Client=CLI-User=-IPAddr=-Role=network-admin; Config in system changed: -Old setting=sysname Device -New setting=sysname Test.
Explanation	A user changed the configuration on the device.
Recommended action	No action is required.

CFGMAN messages

This section contains configuration management messages.

CFGMAN_CFGCHANGED

Message text	-EventIndex=[INT32]-CommandSource=[INT32]-ConfigSource=[INT32]-ConfigDestination=[INT32]; Configuration changed.
Variable fields	$1: Event index in the range of 1 to 2147483647. $2: Configuration change source: ¡ cli—The configuration change came from the CLI. ¡ snmp—The configuration change came from the MIB. ¡ other—The configuration change came from other sources. $3: Source configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective. $4: Destination configuration: ¡ erase—Deleting or renaming a configuration file. ¡ running—Saving the running configuration. ¡ commandSource—Copying a configuration file. ¡ startup—Saving the running configuration to the next-startup configuration file. ¡ local—Saving the running configuration to a local file. ¡ networkFtp—Using FTP to transfer and save a configuration file to the device as the running configuration or next-startup configuration file. ¡ hotPlugging—A card hot swapping caused the configuration to be deleted or become ineffective.
Severity level	5
Example	CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[6]-CommandSource=[snmp]-ConfigSource=[startup]-ConfigDestination=[running]; Configuration changed.
Explanation	The running configuration changed in the past 10 minutes.
Recommended action	No action is required.

CFGMAN_OPTCOMPLETION

Message text	-OperateType=[INT32]-OperateTime=[INT32]-OperateState=[INT32]-OperateEndTime=[INT32]; Operation completed.
Variable fields	$1: Operation type: ¡ running2startup—Saves the running configuration to the next-startup configuration file. ¡ startup2running—Loads the configuration in the next-startup configuration file. ¡ running2net—Saves the running configuration to a host on the network. ¡ net2running—Transfers a configuration file from a host on the network and loads the configuration. ¡ net2startup—Transfers a configuration file from a host on the network and specifies the file as the next-startup configuration file. ¡ startup2net—Copies the next-startup configuration file to a host on the network. $2: Operation start time. $3: Operation status: ¡ InProcess—Operation is in progress. ¡ success—Operation succeeded. ¡ InvalidOperation—Invalid operation. ¡ InvalidProtocol—Invalid protocol. ¡ InvalidSource—Invalid source file name. ¡ InvalidDestination—Invalid destination file name. ¡ InvalidServer—Invalid server address. ¡ DeviceBusy—The device is busy. ¡ InvalidDevice—Invalid device address. ¡ DeviceError—An error occurred on the device. ¡ DeviceNotWritable—The storage medium on the device is write protected. ¡ DeviceFull—The device does not have enough free storage space for the file. ¡ FileOpenError—Failed to open the file. ¡ FileTransferError—Failed to transfer the file. ¡ ChecksumError—File checksum error. ¡ LowMemory—The memory space is not sufficient. ¡ AuthFailed—User authentication failed. ¡ TransferTimeout—Transfer timed out. ¡ UnknownError—An unknown error occurred. ¡ invalidConfig—Invalid configuration. $4: Operation end time.
Severity level	5
Example	CFGMAN/5/CFGMAN_OPTCOMPLETION: -OperateType=[running2startup]-OperateTime=[248]-OperateState=[success]-OperateEndTime=[959983]; Operation completed.
Explanation	The device is performing or has completed an operation.
Recommended action	If the operation is not successful, locate and resolve the problem.

CGROUP messages

This section contains interface collaboration messages.

CGROUP_STATUS_CHANGE

Message text	The status of collaboration group [UINT32] is [STRING].
Variable fields	$1: Collaboration group ID. $2: Collaboration group state: down or up.
Severity level	6
Example	CGROUP/6/CGROUP_STATUS_CHANGE: The status of collaboration group 1 is up.
Explanation	The status of collaboration group 1 is up or down.
Recommended action	Check the links.

CONNLMT messages

This section contains connection limit messages.

CONNLMT_IPV4_OVERLOAD

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV4_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeded upper threshold;
Explanation	The number of concurrent connections exceeded the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV4_RECOVER

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IP address. $4: Destination IP address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV4_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Dropped below lower threshold;
Explanation	The number of concurrent connections dropped below the lower threshold from the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV6_OVERLOAD

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];UpperLimit(1049)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper threshold. $10: Rule ID. $11: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV6_OVERLOAD: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPv6Addr(1036)=2001::1;DstIPv6Addr(1037)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;UpperLimit(1049)=1000;LimitRuleNum(1051)=1;Event(1048)=Exceeded upper threshold;
Explanation	The number of concurrent connections exceeded the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV6_RECOVER

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];DropPktCount(1052)=[UINT32];LowerLimit(1050)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Number of dropped packets. $10: Lower threshold. $11: Rule ID. $12: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV6_RECOVER: RcvIfName(1023)=Global;Protocol(1001)=;SrcIPAddr(1003)=2001::1;DstIPAddr(1007)=;ServicePort(1071)=;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;DropPktCount(1052)=306004;LowerLimit(1050)=10;LimitRuleNum(1051)=1;Event(1048)=Dropped below lower threshold;
Explanation	The number of concurrent connections dropped below the lower threshold from the upper threshold.
Recommended action	No action is required.

CONNLMT_IPV4_RATELIMIT

Message text	RcvIfName(1023)=[STRING];Protocol(1001)=[STRING];SrcIPAddr(1036)=[IPADDR];DstIPAddr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];LimitRate(1073)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv4 address. $4: Destination IPv4 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper rate limit. $10: Rule ID. $11: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV4_RATELIMIT: -MDC=1; RcvIfName(1023)=M-GigabitEthernet0/0/0;Protocol(1001)=;SrcIPAddr(1003)=;DstIPAddr(1007)=;ServicePort(1071)=; RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;LimitRate(1073)=10;LimitRuleNum(1051)=1;Event(1048)=Exceeded rate limit;
Explanation	Connections are established at a rate higher than the rate limit. The message is output only at the first time if the event takes place consecutively.
Recommended action	No action is required.

CONNLMT_IPV6_RATELIMIT

Message text	RcvIfName(1023)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];ServicePort(1071)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];LimitRate(1073)=[UINT32];LimitRuleNum(1051)=[UINT16];Event(1048)=[STRING];
Variable fields	$1: Global, or interface name. $2: Transport layer protocol type. $3: Source IPv6 address. $4: Destination IPv6 address. $5: Service port number. $6: Source VPN instance name. $7: Destination VPN instance name. $8: Peer tunnel ID. $9: Upper rate limit. $10: Rule ID. $11: Event message.
Severity level	6
Example	CONNLMT/6/CONNLMT_IPV6_RATELIMIT: -MDC=1; RcvIfName(1023)=M-GigabitEthernet0/0/0;Protocol(1001)=;SrcIPAddr(1003)=;DstIPAddr(1007)=;ServicePort(1071)=; RcvVPNInstance(1042)=;SndVPNInstance(1043)=;SndDSLiteTunnelPeer(1041)=;LimitRate(1073)=10;LimitRuleNum(1051)=1;Event(1048)=Exceeded rate limit;
Explanation	Connections are established at a rate higher than the rate limit. The message is output only at the first time if the event takes place consecutively.
Recommended action	No action is required.

DAC

This section contains data analysis center (DAC) messages.

DAC_STORE_STATE_STOREFULL

Message text	DPI/4/DAC_STORE_STATE_STOREFULL: Stopped saving data because the total storage usage reached 98%.
Severity level	4
Example	DPI/4/DAC_STORE_STATE_STOREFULL: Stopped saving data because the total storage usage reached 98%.
Explanation	The data analysis center stopped saving data because the total storage usage reached 98%.
Recommended action	No action is required.

DAC_STORE_STATE_FULL

Message text	DPI/4/DAC_STORE_STATE_FULL: The [STRING] alarm threshold (AlarmThreshold(1121)=[STRING]) set for StoreName(1119)=[STRING] was exceeded.
Variable fields	$1: Threshold type: ¡ storage time-based. ¡ storage space-based. $2: Threshold value. $3: Service name: ¡ AUDIT—Audit service. ¡ TRAFFIC—Traffic service. ¡ THREAT—Threat service. ¡ URL—URL filtering service. ¡ FILEFILTER—File filtering service.
Severity level	4
Example	DPI/4/DAC_STORE_STATE_FULL: The storage space-based alarm threshold (AlarmThreshold(1121)=80%) set for StoreName(1119)=Audit was exceeded. DPI/4/DAC_STORE_STATE_FULL: The storage time-based alarm threshold (AlarmThreshold(1121)=30 days) set for StoreName(1119)=Audit was exceeded.
Explanation	The data analysis center checks the data of each service to determine if the storage time- or storage space-based threshold is exceed on an per hour basis. A log is generated if the storage time- or storage space-based threshold of a service is exceeded.
Recommended action	No action is required.

DAC_STORE_DELETE_FILE

Message text	DPI/4/DAC_STORE_DELETE_FILE: Deleted files from the storage space of the [STRING] service because the [STRING] alarm threshold was exceeded.
Variable fields	$1: Service name: ¡ AUDIT—Audit service. ¡ TRAFFIC—Traffic service. ¡ THREAT—Threat service. ¡ URL—URL filtering service. ¡ FILEFILTER—File filtering service. $2: Threshold type: ¡ storage time-based. ¡ storage space-based.
Severity level	4
Example	DPI/4/DAC_STORE_DELETE_FILE: Deleted files from the storage space of the AUDIT service because the storage time-based alarm threshold was exceeded.
Explanation	This message is sent when one of the following events occur: · The expired files of a service were deleted when the storage time-based threshold was exceeded。 · The earliest files were deleted when the storage space-based threshold was exceeded.
Recommended action	No action is required.

DAC_HDD_FULL

Message text	DPI/4/DAC_HDD_FULL: New logs will be saved in memory because less than 1 GB of free space is left in the disk.
Variable fields	N/A
Severity level	4
Example	DPI/4/DAC_OP_REPORT: New logs will be saved in memory because less than 1 GB of free space is left in the disk.
Explanation	The data analysis center will save new service data in memory because less than 1 GB of free space was left in the disk.
Recommended action	No action is required.

DEV messages

This section contains device management messages.

BOARD_REBOOT

Message text	Board is rebooting on [STRING].
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	DEV/5/BOARD_REBOOT: Board is rebooting on slot 1.
Explanation	A card was manually or automatically rebooted.
Recommended action	If an unexpected automatic reboot occurred, perform the following tasks: 28. Execute the display version command after the card starts up. 29. Check the Last reboot reason field for the reboot reason. 30. If an exception caused the reboot, contact HP Support.

BOARD_REMOVED

Message text	Board was removed from [STRING], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Card type.
Severity level	3
Example	DEV/3/BOARD_REMOVED: Board was removed from slot 1, type is LSQ1FV48SA.
Explanation	An LPU or a standby MPU was removed from a member device, causing the device to leave the IRF fabric.
Recommended action	If the LPU or MPU was not manually removed, perform the following tasks: 31. Verify that the card is securely seated. 32. Replace the card if the message persists. 33. Reboot the device to make it join the IRF fabric. 34. If the problem persists, contact HP Support.

BOARD_STATE_FAULT

Message text	Board state changed to Fault on [STRING], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Card type.
Severity level	2
Example	DEV/2/BOARD_STATE_FAULT: Board state changed to Fault on slot 1, type is LSQ1FV48SA.
Explanation	The card was starting up (initializing or loading software) or was not operating correctly.
Recommended action	· If the card was newly installed, wait for the card to start up. The required startup time varies by card model and software version and is typically less than 10 minutes. · If the card was not newly installed, contact HP Support.

BOARD_STATE_NORMAL

Message text	Board state changed to Normal on [STRING], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Card type.
Severity level	5
Example	DEV/5/BOARD_STATE_NORMAL: Board state changed to Normal on slot 1, type is LSQ1FV48SA.
Explanation	A newly installed LPU or standby MPU completed initialization (on a single-CPU card) or the main CPU completed initialization (on a multi-CPU card).
Recommended action	No action is required.

CFCARD_INSERTED

Message text	CF card was inserted in [STRING] CF card slot [INT32].
Variable fields	$1: Chassis number and slot number or slot number. $2: CF card slot number.
Severity level	4
Example	DEV/4/CFCARD_INSERTED: CF card was inserted in slot 1 CF card slot 1.
Explanation	A CF card was installed.
Recommended action	No action is required.

CFCARD_REMOVED

Message text	CF card was removed from [STRING] CF card slot [INT32].
Variable fields	$1: Chassis number and slot number or slot number. $2: CF card slot number.
Severity level	3
Example	DEV/3/CFCARD_REMOVED: CF card was removed from slot 1 CF card slot 1.
Explanation	A CF card was removed.
Recommended action	If the CF card was not manually removed, perform the following tasks: 35. Verify that the card is securely seated. 36. Replace the card if the message persists. 37. If the problem persists, contact HP Support.

CHASSIS_REBOOT

Message text	Chassis [INT32] is rebooting now.
Variable fields	$1: Chassis number.
Severity level	5
Example	DEV/5/CHASSIS_REBOOT: Chassis 1 is rebooting now.
Explanation	The chassis was manually or automatically rebooted.
Recommended action	If an unexpected automatic reboot occurs, perform the following tasks: 38. Execute the display version command after the chassis starts up. 39. Check the Last reboot reason field for the reboot reason. 40. If an exception caused the reboot, contact HP Support.

DEV_CLOCK_CHANGE

Message text	-User=[STRING]-IPAddr=[IPADDR]; System clock changed from [STRING] to [STRING].
Variable fields	$1: Username of the login user. $2: IP address of the login user. $3: Old time. $4: New time.
Severity level	5
Example	DEV/5/DEV_CLOCK_CHANGE: -User=admin-IPAddr=192.168.1.2; System clock changed from 15:49:52 01/02/2013 to 15:50:00 01/02/2013.
Explanation	The system time changed.
Recommended action	No action is required.

DEV_FAULT_TOOLONG

Message text	Card in [STRING] is still in Fault state for [INT32] minutes.
Variable fields	$1: Chassis number and slot number or slot number. $2: Time duration during which the card stayed in Fault state.
Severity level	4
Example	DEV/4/DEV_FAULT_TOOLONG: Card in slot 1 is still in Fault state for 60 minutes.
Explanation	A card stayed in Fault state for a long period of time.
Recommended action	41. Reboot the card. 42. If the problem persists, contact HP Support.

FAN_ABSENT

Message text	Pattern 1: Fan [INT32] is absent. Pattern 2: Chassis [INT32] fan [INT32] is absent.
Variable fields	Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number.
Severity level	3
Example	DEV/3/FAN_ABSENT: Fan 2 is absent.
Explanation	A fan tray was not in place.
Recommended action	43. Check the fan tray slot: ¡ If the fan tray slot is empty, the temperature might have increased and the system recommends that you install a fan tray. ¡ If a fan tray is present, verify that the fan tray is securely seated. 44. Replace the fan tray if the message persists. 45. If the problem persists, contact HP Support.

FAN_DIRECTION_NOT_PREFERRED

Message text	Fan [INT32] airflow direction is not preferred on [STRING], please check it.
Variable fields	$1: Fan tray number. $2: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/FAN_DIRECTION_NOT_PREFERRED: Fan 1 airflow direction is not preferred on slot 1, please check it.
Explanation	The airflow direction of the fan tray is different from the airflow direction setting.
Recommended action	46. Verify that the airflow direction setting is correct. 47. Verify that the fan tray model provides the same airflow direction as the configured setting. 48. If the problem persists, contact HP Support.

FAN_FAILED

Message text	Pattern 1: Fan [INT32] failed. Pattern 2: Chassis [INT32] fan [INT32] failed.
Variable fields	Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number.
Severity level	2
Example	DEV/2/FAN_FAILED: Fan 2 failed.
Explanation	The fan tray stopped because of an exception.
Recommended action	Replace the fan tray.

FAN_RECOVERED

Message text	Pattern 1: Fan [INT32] recovered. Pattern 2: Chassis [INT32] fan [INT32] recovered.
Variable fields	Pattern 1: $1: Fan tray number. Pattern 2: $1: Chassis number. $2: Fan tray number.
Severity level	5
Example	DEV/5/FAN_RECOVERED: Fan 2 recovered.
Explanation	The fan tray started to operate correctly after it was installed.
Recommended action	No action is required.

MAD_ DETECT

Message text	Multi-active devices detected, please fix it.
Variable fields	N/A
Severity level	1
Example	DEV/1/MAD_DETECT: Multi-active devices detected, please fix it.
Explanation	Multiple member devices were found active.
Recommended action	49. Use the display irf command to view which member devices have left the original IRF fabric. 50. Use the display irf link command to locate the IRF link with problems. 51. Fix the IRF link in DOWN state.

POWER_ABSENT

Message text	Pattern 1: Power [INT32] is absent. Pattern 2: Chassis [INT32] power [INT32] is absent.
Variable fields	Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number.
Severity level	3
Example	DEV/3/POWER_ABSENT: Power 1 is absent.
Explanation	A power supply was removed.
Recommended action	52. Check the power supply slot. ¡ If the power supply slot is empty, install a power supply. ¡ If a power supply is present, verify that the power supply is securely seated. 53. If the problem persists, replace the power supply. 54. If the problem persists, contact HP Support.

POWER_FAILED

Message text	Pattern 1: Power [INT32] failed. Pattern 2: Chassis [INT32] power [INT32] failed.
Variable fields	Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number.
Severity level	2
Example	DEV/2/POWER_FAILED: Power 1 failed.
Explanation	A power supply failed.
Recommended action	Replace the power supply.

POWER_MONITOR_ABSENT

Message text	Pattern 1: Power monitor unit [INT32] is absent. Pattern 2: Chassis [INT32] power monitor unit [INT32] is absent.
Variable fields	Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number.
Severity level	3
Example	DEV/3/POWER_MONITOR_ABSENT: Power monitor unit 1 is absent.
Explanation	A power monitoring module was removed.
Recommended action	55. Check the power monitoring module slot. ¡ If the power monitoring module slot is empty, install a power monitoring module. ¡ If a power monitoring module is present, verify that the power monitoring module is securely seated. 56. If the problem persists, replace the power monitoring module. 57. If the problem persists, contact HP Support.

POWER_MONITOR_FAILED

Message text	Pattern 1: Power monitor unit [INT32] failed. Pattern 2: Chassis [INT32] power monitor unit [INT32] failed.
Variable fields	Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number.
Severity level	2
Example	DEV/2/POWER_MONITOR_FAILED: Power monitor unit 1 failed.
Explanation	A power monitoring module failed.
Recommended action	Replace the power monitoring module.

POWER_MONITOR_RECOVERED

Message text	Pattern 1: Power monitor unit [INT32] recovered. Pattern 2: Chassis [INT32] power monitor unit [INT32] recovered.
Variable fields	Pattern 1: $1: Power monitoring module number. Pattern 2: $1: Chassis number. $2: Power monitoring module number.
Severity level	5
Example	DEV/5/POWER_MONITOR_RECOVERED: Power monitor unit 1 recovered.
Explanation	The power monitoring module started to operate correctly after it was installed.
Recommended action	No action is required.

POWER_RECOVERED

Message text	Pattern 1: Power [INT32] recovered. Pattern 2: Chassis [INT32] power [INT32] recovered.
Variable fields	Pattern 1: $1: Power supply number. Pattern 2: $1: Chassis number. $2: Power supply number.
Severity level	5
Example	DEV/5/POWER_RECOVERED: Power 1 recovered.
Explanation	The power supply started to operate correctly after it was installed.
Recommended action	No action is required.

RPS_ABSENT

Message text	Pattern 1: RPS [INT32] is absent. Pattern 2: Chassis [INT32] RPS [INT32] is absent.
Variable fields	Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number.
Severity level	3
Example	DEV/3/RPS_ABSENT: RPS 1 is absent.
Explanation	An RPS was removed.
Recommended action	58. Check the RPS slot. ¡ If the RPS slot is empty, install an RPS. ¡ If an RPS is present, verify that the RPS is securely seated. 59. If the problem persists, replace the RPS. 60. If the problem persists, contact HP Support.

RPS_NORMAL

Message text	Pattern 1: RPS [INT32] is normal. Pattern 2: Chassis [INT32] RPS [INT32] is normal.
Variable fields	Pattern 1: $1: RPS number. Pattern 2: $1: Chassis number. $2: RPS number.
Severity level	5
Example	DEV/5/RPS_NORMAL: RPS 1 is normal.
Explanation	The RPS started to operate correctly after it was installed.
Recommended action	No action is required.

SUBCARD_FAULT

Message text	Subcard state changed to Fault on [STRING] subslot [INT32], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type.
Severity level	2
Example	DEV/2/SUBCARD_FAULT: Subcard state changed to Fault on slot 1 subslot 1, type is MIM-1ATM-OC3SML.
Explanation	The subcard failed, or its status changed to Fault after it was rebooted.
Recommended action	Track the status of the subcard. · If the status of the subcard changes to Normal later, no action is required. · If the status is always Fault, replace the subcard.

SUBCARD_INSERTED

Message text	Subcard was inserted in [STRING] subslot [INT32], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type.
Severity level	4
Example	DEV/4/SUBCARD_INSERTED: Subcard was inserted in slot 1 subslot 1, type is MIM-1ATM-OC3SML.
Explanation	A subcard was installed.
Recommended action	No action is required.

SUBCARD_REBOOT

Message text	Subcard is rebooting on [STRING] subslot [INT32].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number.
Severity level	5
Example	DEV/5/SUBCARD_REBOOT: Subcard is rebooting on slot 1 subslot 1.
Explanation	The subcard was manually or automatically rebooted.
Recommended action	· If the subcard operates correctly after it starts up, no action is required. · If you want to know the reboot reason or the subcard keeps rebooting, contact HP Support.

SUBCARD_REMOVED

Message text	Subcard was removed from [STRING] subslot [INT32], type is [STRING].
Variable fields	$1: Chassis number and slot number or slot number. $2: Subslot number. $3: Subcard type.
Severity level	3
Example	DEV/3/SUBCARD_REMOVED: Subcard was removed from slot 1 subslot 1, type is MIM-1ATM-OC3SML.
Explanation	A subcard was removed.
Recommended action	If the subcard was not manually removed, perform the following tasks: 61. Verify that the subcard is securely seated. 62. Replace the subcard if the message persists. 63. If the problem persists, contact HP Support.

SYSTEM_REBOOT

Message text	System is rebooting now.
Variable fields	N/A
Severity level	5
Example	DEV/5/SYSTEM_REBOOT: System is rebooting now.
Explanation	The system was manually or automatically rebooted.
Recommended action	If an unexpected automatic reboot occurred, perform the following tasks: 64. Execute the display version command after the system starts up. 65. Check the Last reboot reason field for the reboot reason. 66. If an exception caused the reboot, contact HP Support.

TEMPERATURE_ALARM

Message text	Pattern 1: Temperature is greater than the high-temperature alarming threshold on sensor [STRING] [USHOT]. Current temperature is [INT32] degrees centigrade. Pattern 2: Temperature is greater than the high-temperature alarming threshold on [STRING] sensor [STRING] [USHOT]. Current temperature is [INT32] degrees centigrade. Pattern 3: Temperature is greater than the high-temperature alarming threshold on [STRING] [STRING] sensor [STRING] [USHOT]. Current temperature is [INT32] degrees centigrade.
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. $3: Current temperature in centigrade. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. $4: Current temperature in centigrade. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. $5: Current temperature in centigrade.
Severity level	4
Example	DEV/4/TEMPERATURE_ALARM: Temperature is greater than the high-temperature alarming threshold on slot 1 sensor inflow 1. Current temperature is 80 degrees centigrade.
Explanation	A sensor's temperature exceeded the high-temperature alarming threshold. The ambient temperature was too high or the fan tray was not operating correctly.
Recommended action	67. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 68. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

TEMPERATURE_LOW

Message text	Pattern 1: Temperature is less than the low-temperature threshold on sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade. Pattern 2: Temperature is less than the low-temperature threshold on [STRING] sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade. Pattern 3: Temperature is less than the low-temperature threshold on [STRING] [STRING] sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade.
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. $3: Current temperature in centigrade. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. $4: Current temperature in centigrade. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. $5: Current temperature in centigrade.
Severity level	4
Example	DEV/4/TEMPERATURE_LOW: Temperature is less than the low-temperature threshold on slot 1 sensor inflow 1. Current temperature is -10 degrees centigrade.
Explanation	A sensor's temperature fell below the low-temperature threshold.
Recommended action	Adjust the ambient temperature higher.

TEMPERATURE_NORMAL

Message text	Pattern 1: Temperature changed to normal on sensor [STRING] [INT32]. Pattern 2: Temperature changed to normal on [STRING] sensor [STRING] [INT32]. Pattern 3: Temperature changed to normal on [STRING] [STRING] sensor [STRING] [INT32].
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number.
Severity level	5
Example	DEV/5/TEMPERATURE_NORMAL: Temperature changed to normal on slot 1 sensor inflow 1.
Explanation	A sensor's temperature was normal (between the low-temperature threshold and the high-temperature warning threshold).
Recommended action	No action is required.

TEMPERATURE_SHUTDOWN

Message text	Pattern 1: Temperature is greater than the high-temperature shutdown threshold on sensor [STRING] [INT32]. The slot will be powered off automatically. Current temperature is [INT32] degrees centigrade. Pattern 2: Temperature is greater than the high-temperature shutdown threshold on [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. Current temperature is [INT32] degrees centigrade. Pattern 3: Temperature is greater than the high-temperature shutdown threshold on [STRING] [STRING] sensor [STRING] [INT32]. The slot will be powered off automatically. Current temperature is [INT32] degrees centigrade.
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. $3: Current temperature in centigrade. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. $4: Current temperature in centigrade. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. $5: Current temperature in centigrade.
Severity level	2
Example	DEV/2/TEMPERATURE_SHUTDOWN: Temperature is greater than the high-temperature shutdown threshold on slot 1 sensor inflow 1. The slot will be powered off automatically. Current temperature is 60 degrees centigrade.
Explanation	A sensor's temperature exceeded the high-temperature shutdown threshold. The ambient temperature was too high or the fan tray was not operating correctly.
Recommended action	69. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 70. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

TEMPERATURE_WARNING

Message text	Pattern 1: Temperature is greater than the high-temperature warning threshold on sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade. Pattern 2: Temperature is greater than the high-temperature warning threshold on [STRING] sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade. Pattern 3: Temperature is greater than the high-temperature warning threshold on [STRING] [STRING] sensor [STRING] [INT32]. Current temperature is [INT32] degrees centigrade.
Variable fields	Pattern 1: $1: Sensor type. $2: Sensor number. $3: Current temperature in centigrade. Pattern 2: $1: Slot number. $2: Sensor type. $3: Sensor number. $4: Current temperature in centigrade. Pattern 3: $1: Chassis number. $2: Slot number. $3: Sensor type. $4: Sensor number. $5: Current temperature in centigrade.
Severity level	4
Example	DEV/4/TEMPERATURE_WARNING: Temperature is greater than the high-temperature warning threshold on slot 1 sensor inflow 1. Current temperature is 50 degrees centigrade.
Explanation	A sensor's temperature exceeded the high-temperature warning threshold. The ambient temperature was too high or the fan tray was not operating correctly.
Recommended action	71. Verify that the ambient temperature is normal and the ventilation system is operating correctly. 72. Use the display fan command to verify that the fan trays are in position and operating correctly. If a fan tray is missing, install the fan tray. If a fan tray does not operate correctly, replace it.

VCHK_VERSION_INCOMPATIBLE

Message text	Software version of [STRING] is incompatible with that of the MPU.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	1
Example	DEV/1/VCHK_VERSION_INCOMPATIBLE: Software version of slot 1 is incompatible with that of the MPU.
Explanation	A PEX that was starting up detected that its software version is incompatible with the parent device's software version.
Recommended action	Specify a set of startup software images for the PEX. Make sure the images are compatible with the parent device's software images.

DFILTER messages

This section contains data filtering messages.

DFILTER_IPV4_LOG

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];DataDirection(1081)=[STRING];RuleName(1080)=[STRING];PolicyName(1079)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZone(1025)=[STRING];DstZone(1035)= [STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Data direction. Available values are: ¡ Upload. ¡ Download. ¡ Both. $4: Rule name. $5: Policy name. $6: Source IP address. $7: Source port number. $8: Destination IP address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Name of the identity user. $13: Action applied to the packet. Available actions are: ¡ Permit. ¡ Drop.
Severity level	6
Example	DFILTER/6/DFILTER_IPV4_LOG: -MDC=1; Protocol(1001)=TCP;Application(1002)=SMTP;DataDirection(1081)=upload;RuleName(1080)=ruletest;PolicyName(1079)=policytest;SrcIPAddr(1003)=21.22.23.20;SrcPort(1004)=51396;DstIPAddr(1007)=25.26.27.20;DstPort(1008)=25;SrcZone(1025)=in;DstZone(1035)=in;UserName(1113)=abc;Action(1053)=drop;
Explanation	An IPv4 packet matched a data filtering rule.
Recommended action	No action is required.

DFILTER_IPV6_LOG

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];DataDirection(1081)=[STRING];RuleName(1080)=[STRING];PolicyName(1079)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZone(1025)=[STRING];DstZone(1035)= [STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Data direction. Available values are: ¡ Upload. ¡ Download. ¡ Both. $4: Rule name. $5: Policy name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Username. $13:Action applied to the packet. Available actions are: ¡ Permit. ¡ Drop.
Severity level	6
Example	DFILTER/6/DFILTER_IPV6_LOG:-MDC=1; Protocol(1001)=TCP;Application(1002)=SMTP;DataDirection(1081)=upload;RuleName(1080)=ruletest;PolicyName(1079)=policytest;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZone(1025)=in;DstZone(1035)=in;UserName(1113)=aaa;Action(1053)=drop;
Explanation	An IPv6 packet matched a data filtering rule.
Recommended action	No action is required.

DHCP

This section contains DHCP messages.

DHCP_NOTSUPPORTED

Message text	Failed to apply filtering rules for DHCP packets because some rules are not supported.
Variable fields	N/A
Severity level	3
Example	DHCP/3/DHCP_NOTSUPPORTED: Failed to apply filtering rules for DHCP packets because some rules are not supported.
Explanation	The system failed to apply filtering rules for DHCP packets because some rules are not supported on the device.
Recommended action	No action is required.

DHCP_NORESOURCES

Message text	Failed to apply filtering rules for DHCP packets because hardware resources are insufficient.
Variable fields	N/A
Severity level	3
Example	DHCP/3/DHCP_NORESOURCES: Failed to apply filtering rules for DHCP packets because hardware resources are insufficient.
Explanation	The system failed to apply filtering rules for DHCP packets because the hardware resources are insufficient.
Recommended action	Release hardware resources and then apply the rules again.

DHCPS messages

This section contains DHCP server messages.

DHCPS_ALLOCATE_IP

Message text	DHCP server received a DHCP client's request packet on interface [STRING], and allocated an IP address [IPADDR](lease [UINT32] seconds) for the DHCP client(MAC [MAC]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCP server is configured. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client. $5: Name of the address pool to which the assigned IPv4 address belongs.
Severity level	5
Example	DHCPS/5/DHCPS_ALLOCATE_IP: DHCP server received a DHCP client’s request packet on interface Ethernet0/2, and allocated an IP address 1.0.0.91(lease 86400 seconds) for the DHCP client(MAC 0000-0000-905a) from p1 pool.
Explanation	The DHCP server assigned an IPv4 address with a lease to a DHCP client.
Recommended action	No action is required.

DHCPS_CONFLICT_IP

Message text	A conflict IP [IPADDR] from [STRING] pool was detected by DHCP server on interface [STRING].
Variable fields	$1: IPv4 address that is in conflict. $2: Name of the address pool to which the conflicting IPv4 address belongs. $3: Name of the interface on which DHCP server is configured.
Severity level	5
Example	DHCPS/5/DHCPS_CONFLICT_IP: A conflict IP 100.1.1.1 from p1 pool was detected by DHCP server on interface Ethernet0/2.
Explanation	The DHCP server deleted a conflicting IPv4 address from an address pool.
Recommended action	No action is required.

DHCPS_EXTEND_IP

Message text	DHCP server received a DHCP client's request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IP [IPADDR], MAC [MAC]).
Variable fields	$1: Name of the interface on which DHCP server is configured. $2: Name of the address pool to which the client's IPv4 address belongs. $3: IPv4 address of the DHCP client. $4: MAC address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_EXTEND_IP: DHCP server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IP 1.0.0.91, MAC 0000-0000-905a).
Explanation	The DHCP server extended the lease for a DHCP client.
Recommended action	No action is required.

DHCPS_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPS/4/DHCPS_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCP server failed to back up DHCP bindings to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPS_RECLAIM_IP

Message text	DHCP server reclaimed a [STRING] pool’s lease(IP [IPADDR], lease [UINT32] seconds), which is allocated for the DHCP client (MAC [MAC]).
Variable fields	$1: Name of the address pool to which the assigned IPv4 address belongs. $2: IPv4 address assigned to the DHCP client. $3: Lease duration of the assigned IPv4 address. $4: MAC address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_RECLAIM_IP: DHCP server reclaimed a p1 pool’s lease(IP 1.0.0.91, lease 86400 seconds), which is allocated for the DHCP client (MAC 0000-0000-905a).
Explanation	The DHCP server reclaimed the IPv4 address assigned to a DHCP client.
Recommended action	No action is required.

DHCPS_VERIFY_CLASS

Message text	Illegal DHCP client-PacketType=[STRING]-ClientAddress=[MAC];
Variable fields	$1: Type of the packet. $2: Hardware address of the DHCP client.
Severity level	5
Example	DHCPS/5/DHCPS_VERIFY_CLASS: Illegal DHCP client-PacketType= DHCPDISCOVER-ClientAddress=0000-5e01-0104;
Explanation	The DHCP server verified that the DHCP client was not on the user class whitelist.
Recommended action	Check the validity of the DHCP client.

DHCPS6 messages

This section contains DHCPv6 server messages.

DHCPS6_ALLOCATE_ADDRESS

Message text	DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 address [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 address belongs.
Severity level	5
Example	DHCPS6/5/DHCPS6_ALLOCATE_ADDRESS: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 address 2000::3(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool.
Explanation	The DHCPv6 server assigned an IPv6 address with a lease to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_ALLOCATE_PREFIX

Message text	DHCPv6 server received a DHCPv6 client’s request packet on interface [STRING], and allocated an IPv6 prefix [IPADDR] (lease [UINT32] seconds) for the DHCP client(DUID [HEX], IAID [HEX]) from [STRING] pool.
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client. $6: Name of the address pool to which the assigned IPv6 prefix belongs.
Severity level	5
Example	DHCPS6/5/DHCPS6_ALLOCATE_PREFIX: DHCPv6 server received a DHCPv6 client’s request packet on interface Ethernet0/2, and allocated an IPv6 prefix 2000::(lease 60 seconds) for the DHCP client(DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f) from p1 pool.
Explanation	The DHCPv6 server assigned an IPv6 prefix with a lease to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_CONFLICT_ADDRESS

Message text	A conflict IPv6 address [IPADDR] from [STRING] pool was detected by DHCPv6 server on interface [STRING].
Variable fields	$1: IPv6 address that is in conflict. $2: Name of the address pool to which the conflicting IPv6 address belongs. $3: Name of the interface on which DHCPv6 server is configured.
Severity level	5
Example	DHCPS6/5/DHCPS6_CONFLICT_ADDRESS: A conflict IPv6 address 33::1 from p1 pool was detected by DHCPv6 server on interface Ethernet0/2.
Explanation	The DHCPv6 server deleted a conflicting IPv6 address from an address pool.
Recommended action	No action is required.

DHCPS6_EXTEND_ADDRESS

Message text	DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 address [IPADDR], DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 address belongs. $3: IPv6 address of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_EXTEND_ADDRESS: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 address 2000::3, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server extended the address lease for a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_EXTEND_PREFIX

Message text	DHCPv6 server received a DHCP client’s request packet on interface [STRING], and extended lease from [STRING] pool for the DHCP client (IPv6 prefix [IPADDR], DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the interface on which DHCPv6 server is configured. $2: Name of the address pool to which the client's IPv6 prefix belongs. $3: IPv6 prefix of the DHCPv6 client. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_EXTEND_PREFIX: DHCPv6 server received a DHCP client’s request packet on interface Ethernet0/2, and extended lease from p1 pool for the DHCP client (IPv6 prefix 2000::, DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server extended the prefix lease for a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPS6/4/DHCPS6_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCPv6 server failed to back up DHCPv6 bindings to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPS6_RECLAIM_ADDRESS

Message text	DHCPv6 server reclaimed a [STRING] pool's lease(IPv6 address [IPADDR], lease [UINT32] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the address pool to which the assigned IPv6 address belongs. $2: IPv6 address assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 address. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_RECLAIM_ADDRESS: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 address 2000::3, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server reclaimed the IPv6 address assigned to a DHCPv6 client.
Recommended action	No action is required.

DHCPS6_RECLAIM_PREFIX

Message text	DHCPv6 server reclaimed a [STRING] pool’s lease(IPv6 prefix [IPADDR], lease [INTEGER] seconds), which is allocated for the DHCPv6 client (DUID [HEX], IAID [HEX]).
Variable fields	$1: Name of the address pool to which the assigned IPv6 prefix belongs. $2: IPv6 prefix assigned to the DHCPv6 client. $3: Lease duration of the assigned IPv6 prefix. $4: DUID of the DHCPv6 client. $5: IAID of the DHCPv6 client.
Severity level	5
Example	DHCPS6/5/DHCPS6_RECLAIM_PREFIX: DHCPv6 server reclaimed a p1 pool’s lease(IPv6 prefix 2000::, lease 60 seconds), which is allocated for the DHCPv6 client (DUID 0001000118137c37b4b52facab5a, IAID 10b4b52f).
Explanation	The DHCPv6 server reclaimed the IPv6 prefix assigned to a DHCPv6 client.
Recommended action	No action is required.

DHCPSP4

This section contains DHCP snooping messages.

DHCPSP4_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPSP4/4/DHCPSP4_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCP snooping device failed to back up DHCP snooping entries to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DHCPSP6

This section contains DHCPv6 snooping messages.

DHCPSP6_FILE

Message text	Failed to save DHCP client information due to lack of storage resources.
Variable fields	N/A
Severity level	4
Example	DHCPSP6/4/DHCPSP6_FILE: Failed to save DHCP client information due to lack of storage resources.
Explanation	The DHCPv6 snooping device failed to back up DHCPv6 snooping entries to the backup file due to lack of storage resources.
Recommended action	Delete unnecessary files to release resources.

DIAG messages

This section contains diagnostic messages.

CORE_EXCEED_THRESHOLD

Message text	Usage threshold [STRING] exceeded on [STRING].
Variable fields	$1: Number of the CPU and number of the CPU core. $2: Usage threshold in percentage.
Severity level	1
Example	DIAG/1/CORE_EXCEED_THRESHOLD: Usage threshold CPU 0 core 2 exceeded on 80%.
Explanation	The system samples CPU core usage at an interval of 1 minute and generates this message if the sample is greater than the CPU core usage threshold.
Recommended action	If this message appears frequently, perform the tasks: 73. Execute the display cpu-usage configuration command to display the CPU core usage threshold settings. 74. Use the monitor cpu-usage threshold command to adjust the CPU core usage threshold settings as required.

CPU_USAGE_LASTMINUTE

Message text	CPU usage was [STRING] in last minute.
Variable fields	$1: CPU usage in percentage.
Severity level	5
Example	DIAG/5/CPU_USAGE_LASTMINUTE: CPU usage was 10% in last minute.
Explanation	Average CPU usage in last minute.
Recommended action	No action is required.

DIAG_STORAGE_BELOW_THRESHOLD

Message text	The usage of [STRING] ([UINT32]%) has dropped below the threshold of [UINT32]%.
Variable fields	$1: Name of the storage medium, for example, flash. $2: Usage of the storage medium. $3: Usage threshold of the storage medium.
Severity level	1
Example	DIAG/1/DIAG_STORAGE_BELOW_THRESHOLD: The usage of flash (90%) has dropped below the threshold of 95%.
Explanation	The usage of the storage medium was below or equal to the threshold.
Recommended action	No action is required.

DIAG_STORAGE_EXCEED_THRESHOLD

Message text	The usage of [STRING] ([UINT32]%) exceeded the threshold of [UINT32]%.
Variable fields	$1: Name of the storage medium, for example, flash. $2: Usage of the storage medium. $3: Usage threshold of the storage medium.
Severity level	1
Example	DIAG/1/DIAG_STORAGE_EXCEED_THRESHOLD: The usage of flash (96%) exceeded the threshold of 95%.
Explanation	The usage of the storage medium exceeded the threshold.
Recommended action	Back up the files that are not used for a long time to the PC and then delete the files, or delete the files directly. The files include logs and software packages for earlier versions.

MEM_ALERT

Message text	system memory info: total used free shared buffers cached Mem: [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] [ULONG] -/+ buffers/cache: [ULONG] [ULONG] Swap: [ULONG] [ULONG] [ULONG] Lowmem: [ULONG] [ULONG] [ULONG]
Variable fields	· Mem—Memory information of the whole system: ¡ $1: Total size of allocatable physical memory. The system physical memory contains allocatable physical memory and unallocatable physical memory. Unallocatable physical memory is mainly used for kernel code storage, kernel management, and running of basic functions. Allocatable physical memory is used for such tasks as running service modules and storing files. The size of unallocatable physical memory is automatically calculated based on the system operation requirements. The size of allocatable physical memory is the total physical memory size minus the unallocatable physical memory size. ¡ $2: Size of the physical memory used by the system. ¡ $3: Size of free physical memory of the system. ¡ $4: Total size of physical memory shared by processes. ¡ $5: Size of physical memory used for buffers. ¡ $6: Size of physical memory used for caches. · -/+ buffers/cache—Memory usage information of applications: ¡ $7: -/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the size of physical memory used by applications. ¡ $8: -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the size of physical memory available for applications. · Swap—Swap memory usage information: ¡ $9: Total size of swap memory. ¡ $10: Size of used swap memory. ¡ $11: Size of free swap memory. · Lowmem—Low memory usage information: ¡ $12: Total size of low memory. ¡ $13: Size of used low memory. ¡ $14: Size of free low memory.
Severity level	4
Example	DIAG/4/MEM_ALERT: system memory info: total used free shared buffers cached Mem: 1784424 920896 863528 0 0 35400 -/+ buffers/cache: 885496 898928 Swap: 0 0 0 Lowmem: 735848 637896 97952
Explanation	A memory alarm was generated, displaying memory usage information. The system generates this message when the used memory is greater than or equal to the minor, severe, or critical threshold of memory usage.
Recommended action	You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes, or replace the device with a higher-performance device.

MEM_BELOW_THRESHOLD

Message text	Memory usage has dropped below [STRING] threshold.
Variable fields	$1: Memory usage threshold name: minor, severe, or critical.
Severity level	1
Example	DIAG/1/MEM_BELOW_THRESHOLD: Memory usage has dropped below critical threshold.
Explanation	A memory alarm was removed. The message is sent when the system free memory is greater than a memory alarm recovery threshold.
Recommended action	No action is required.

MEM_EXCEED_THRESHOLD

Message text	Memory [STRING] threshold has been exceeded.
Variable fields	$1: Memory usage threshold name: minor, severe, or critical.
Severity level	1
Example	DIAG/1/MEM_EXCEED_THRESHOLD: Memory minor threshold has been exceeded.
Explanation	A memory alarm was notified. When the used memory size is greater than or equal to the minor, severe, or critical threshold of memory usage, the system generates this message and notifies services modules to perform auto repair, such as releasing memory and stopping requesting memory.
Recommended action	You can perform the following tasks to help remove the alarm: · Verify that appropriate alarm thresholds are set. To view the alarm thresholds, use the display memory-threshold command. Then you can use the memory-threshold command to modify the alarm thresholds if required. · Verify that the device is not under attack by checking the ARP table and routing table. · Examine and optimize the network, for example, reduce the number of routes or replace the device with a higher-performance device.

MEM_USAGE

Message text	Current memory usage is [STRING].
Variable fields	$1: Memory usage in percentage.
Severity level	5
Example	DIAG/5/MEM_USAGE: Current memory usage is 10%.
Explanation	Current memory usage of the device.
Recommended action	No action is required.

DLDP messages

This section contains DLDP messages.

DLDP_AUTHENTICATION_FAILED

Message text	The DLDP packet failed the authentication because of unmatched [STRING] field.
Variable fields	$1: Authentication field. · AUTHENTICATION PASSWORD—Authentication password mismatch. · AUTHENTICATION TYPE—Authentication type mismatch. · INTERVAL—Advertisement interval mismatch.
Severity level	5
Example	DLDP/5/DLDP_AUTHENTICATION_FAILED: The DLDP packet failed the authentication because of unmatched INTERVAL field.
Explanation	The packet authentication failed. Possible reasons include unmatched authentication type, unmatched authentication password, and unmatched advertisement interval.
Recommended action	Check the DLDP authentication type, authentication password, and advertisement interval are consistent with peer end.

DLDP_LINK_BIDIRECTIONAL

Message text	DLDP detected a bidirectional link on interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	DLDP/6/DLDP_LINK_BIDIRECTIONAL: DLDP detected a bidirectional link on interface Ethernet1/1.
Explanation	DLDP detected a bidirectional link on an interface.
Recommended action	No action is required.

DLDP_LINK_UNIDIRECTIONAL

Message text	DLDP detected a unidirectional link on interface [STRING]. [STRING].
Variable fields	$1: Interface name. $2: Action according to the port shutdown mode: · DLDP automatically blocked the interface. · Please manually shut down the interface.
Severity level	3
Example	DLDP/3/DLDP_LINK_UNIDIRECTIONAL: DLDP detected a unidirectional link on interface Ethernet1/1. DLDP automatically blocked the interface.
Explanation	DLDP detected a unidirectional link on an interface.
Recommended action	Check for incorrect cable connection, cable falloff, or other problems.

DLDP_NEIGHBOR_AGED

Message text	A neighbor on interface [STRING] was deleted because the neighbor was aged. The neighbor's system MAC is [MAC], and the port index is [UINT16].
Variable fields	$1: Interface name. $2: MAC address. $3: Port index.
Severity level	5
Example	DLDP/5/DLDP_NEIGHBOR_AGED: A neighbor on interface Ethernet1/1 was deleted because the neighbor was aged. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.
Explanation	The interface deleted an aged neighbor.
Recommended action	No action is required.

DLDP_NEIGHBOR_CONFIRMED

Message text	A neighbor was confirmed on interface [STRING]. The neighbor's system MAC is [MAC], and the port index is [UINT16].
Variable fields	$1: Interface name. $2: MAC address. $3: Port index.
Severity level	6
Example	DLDP/6/DLDP_NEIGHBOR_CONFIRMED: A neighbor was confirmed on interface Ethernet1/1. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.
Explanation	The interface detected a confirmed neighbor.
Recommended action	No action is required.

DLDP_NEIGHBOR_DELETED

Message text	A neighbor on interface [STRING] was deleted because a [STRING] packet arrived. The neighbor's system MAC is [MAC], and the port index is [UINT16].
Variable fields	$1: Interface name. $2: Packet type, DISABLE or LINKDOWN. $3: MAC address. $4: Port index.
Severity level	5
Example	DLDP/5/DLDP_NEIGHBOR_DELETED: A neighbor on interface Ethernet1/1 was deleted because a DISABLE packet arrived. The neighbor's system MAC is 000f-e269-5f21, and the port index is 1.
Explanation	The interface deleted a confirmed neighbor because it received a DISABLE or LINKDOWN packet.
Recommended action	No action is required.

DOT1X messages

This section contains 802.1X messages.

DOT1X_NOTENOUGH_EADFREEIP_RES

Message text	Failed to assign a rule for Free IP [IPADDR] on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Free IP. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADFREEIP_RES: Failed to assign a rule for Free IP 1.1.1.0 on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	The device failed to assign an ACL rule to permit a free IP on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_EADFREERULE_RES

Message text	Failed to assign a rule for permitting DHCP and DNS packets on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADFREERULE_RES: Failed to assign a rule for permitting DHCP and DNS packets on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	The device failed to assign an ACL rule to permit DHCP and DNS packets on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_EADPORTREDIR_RES

Message text	Failed to assign a rule for redirecting HTTP packets on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADPORTREDIR_RES: Failed to assign a rule for redirecting HTTP packets on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	The device failed to assign an ACL rule to redirect HTTP packets on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_EADMACREDIR_RES

Message text	Failed to issue a rule for redirecting HTTP packets with source MAC address [MAC] on interface [STRING].
Variable fields	$1: Source MAC address of HTTP packets. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_EADMACREDIR_RES: Failed to issue a rule for redirecting HTTP packets with source MAC address 00e0-fc00-5915 on interface Ethernet3/1/2.
Explanation	The device failed to redirect HTTP packet with the designated source MAC on an interface because of ACL resource shortage.
Recommended action	No action is required.

DOT1X_NOTENOUGH_ENABLEDOT1X_RES

Message text	Failed to enable 802.1X feature on interface [STRING] due to lack of ACL resources.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTENOUGH_ENABLEDOT1X_RES: Failed to enable 802.1X feature on interface Ethernet3/1/2 due to lack of ACL resources.
Explanation	Failed to enable 802.1X on an interface because of ACL resource shortage.
Recommended action	Disable 802.1X on the interface, and then re-enable 802.1X.

DOT1X_NOTSUPPORT_EADFREEIP_RES

Message text	Failed to assign a rule for free IP [IPADDR] on interface [STRING]: EAD assistant was not supported.
Variable fields	$1: IP address. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTSUPPORT_EADFREEIP_RES: Failed to assign a rule for free IP 1.1.1.0 on interface Ethernet3/1/2: EAD assistant was not supported.
Explanation	The device failed to assign an ACL rule to permit a free IP on an 802.1X-enabled interface because EAD assistant was not supported.
Recommended action	No action is required.

DOT1X_NOTSUPPORT_EADFREERULE_RES

Message text	Failed to assign a rule for permitting DHCP and DNS packets on interface [STRING]: EAD assistant was not supported.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTSUPPORT_EADFREERULE_RES: Failed to assign a rule for permitting DHCP and DNS packets on interface Ethernet3/1/2: EAD assistant was not supported.
Explanation	The device failed to assign an ACL rule to permit DHCP and DNS packets on an 802.1X-enabled interface because EAD assistant was not supported.
Recommended action	No action is required.

DOT1X_NOTSUPPORT_EADMACREDIR_RES

Message text	Failed to assign a rule for redirecting HTTP packets with source MAC address [MAC] on interface [STRING]: EAD assistant was not supported.
Variable fields	$1: Source MAC address of HTTP packets. $2: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTSUPPORT_EADMACREDIR_RES: Failed to assign a rule for redirecting HTTP packets with source MAC address 00e0-fc00-5915 on interface Ethernet3/1/2: EAD assistant was not supported.
Explanation	The device failed to assign an ACL rule to redirect HTTP packets with a specific source MAC address on an 802.1X-enabled interface because EAD assistant was not supported.
Recommended action	No action is required.

DOT1X_NOTSUPPORT_EADPORTREDIR_RES

Message text	Failed to assign a rule for redirecting HTTP packets on interface [STRING]: EAD assistant was not supported.
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_NOTSUPPORT_EADPORTREDIR_RES: Failed to assign a rule for redirecting HTTP packets on interface Ethernet3/1/2: EAD assistant was not supported.
Explanation	The device failed to assign an ACL rule to redirect HTTP packets on an 802.1X-enabled interface because EAD assistant was not supported.
Recommended action	No action is required.

DOT1X_UNICAST_NOT_EFFECTIVE

Message text	The unicast trigger feature is enabled but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	DOT1X/3/DOT1X_UNICAST_NOT_EFFECTIVE: The unicast trigger feature is enabled but is not effective on interface Ethernet3/1/2.
Explanation	The unicast trigger setting does not take effect on an interface, because the interface does not support unicast trigger.
Recommended action	75. Reconnect the 802.1X clients to another interface that supports the unicast trigger feature. 76. Enable the unicast trigger feature on the new interface.

DOT1X_WLAN_LOGIN_FAILURE

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]; A user failed 802.1X authentication. Reason: [STRING].
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP with which the client is associated. $5: ID of the radio with which the client is associated. $6: VLAN ID. $7: Reason that causes the authentication failure: · AAA processed authentication request and returned error code code. The values for code include: ¡ 4—Represents the error of nonexistent authentication domain. ¡ 8—Represents one of the following errors: Configuration error exists in the authentication domain, the preshared key configured on the authentication server is different from the preshared key configured on the device, authentication port 1812 is unavailable, or the authentication server and the device cannot reach each other. ¡ 26—Represents one of the following errors: The username or password is incorrect, the authentication type is incorrect, the device IP address is not added to the authentication server, or the authentication domain is not correctly configured on the service template. · AAA processed authorization request and returned error code code. The value for code is 8, which indicates that the server and the device cannot reach each other. · Received logoff request from the client. · Client timeout timer expired. · Server timeout timer expired. · Received logoff request while authenticating the client. · Received user security information and kicked off the client. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Received nonexistent authorization VLAN group. · Unknown reason.
Severity level	5
Example	DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE:-Username=Dot1X-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11; A user failed 802.1X authentication. Reason: AAA processed authentication request and returned error code 26.
Explanation	The client failed to pass 802.1X authentication for a specific reason.
Recommended action	To resolve the problem: 77. Troubleshoot errors according to the returned failure reason. 78. If the problem persists, contact H3C Support.

DOT1X_WLAN_LOGIN_SUCC

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]; A user passed 802.1X authentication and came online.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP with which the client is associated. $5: ID of the radio with which the client is associated. $6: VLAN ID.
Severity level	6
Example	DOT1X/6/DOT1X_WLAN_LOGIN_SUCC:-Username=Dot1X-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11; A user passed 802.1X authentication and came online.
Explanation	The client came online after passing 802.1X authentication.
Recommended action	No action is required.

DOT1X_WLAN_LOGOFF

Message text	Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]; Session for an 802.1X user was terminated. Reason: [STRING].
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP with which the client is associated. $5: ID of the radio with which the client is associated. $6: VLAN ID. $7: Reason that causes the client logoff. · AAA processed authentication request and returned error code code. The values for code include: ¡ 4—Represents the error of nonexistent authentication domain. ¡ 8—Represents one of the following errors: Configuration error exists in the authentication domain, the preshared key configured on the authentication server is different from the preshared key configured on the device, authentication port 1812 is unavailable, or the authentication server and the device cannot reach each other. ¡ 26—Represents one of the following errors: The username or password is incorrect, the authentication type is incorrect, the device IP address is not added to the authentication server, or the authentication domain is not correctly configured on the service template. · AAA processed authorization request and returned error code code. The value for code is 8, which indicates that the server and the device cannot reach each other. · AAA processed accounting-start request and returned error code code. The value for code is 8, which indicates that the server and the device cannot reach each other. · AAA processed accounting-update request and returned error code code. The value for code is 8, which indicates that the server and the device cannot reach each other. · Received logoff request from the client. · User timer expired. · Server timer expired. · Received logoff request while authenticating the client. · Received user security information and kicked off the client. · Lost in shaking hands. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Unknown reason.
Severity level	6
Example	DOT1X/6/DOT1X_WLAN_LOGOFF:-Username=Dot1X-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11; Session for an 802.1X user was terminated. Reason: Received logoff request from the client.
Explanation	The 802.1X authenticated client was logged off for a specific reason.
Recommended action	To resolve the problem: 79. Check the debugging information to locate the logoff cause and remove the problem. If the logoff was requested by the client, no action is required. 80. If the problem persists, contact H3C Support.

EDEV messages

This section contains messages for extended-device management.

EDEV_FAILOVER_GROUP_STATE_CHANGE

Message text	Status of stateful failover group [STRING] with ID [UINT32] changed to [STRING].
Variable fields	$1: Failover group name. $2: Failover group ID. $3: Failover group state.
Severity level	5
Example	EDEV/5/EDEV_FAILOVER_GROUP_STATE_CHANGE: Status of stateful failover group 123 with ID 0 changed to primary.
Explanation	The status of a failover group changed.
Recommended action	No action is required.

EIGRP messages

This section contains EIGRP messages.

RID_CHANGE

Message text	EIGRP [UINT32]: New elected router ID will take effect after EIGRP address family is reset.
Variable fields	$1: EIGRP process ID.
Severity level	5
Example	EIGRP/5/RID_CHANGE: EIGRP 1: New elected router ID will take effect after EIGRP address family is reset.
Explanation	A change of interface IP address causes the change of router ID for the EIGRP router. You must restart the EIGRP IPv4 address family to make the new router ID take effect.
Recommended action	Execute the reset eigrp process command to make the new router ID take effect.

PEER_CHANGE

Message text	EIGRP [UINT32]: Neighbor [STRING] ([STRING]) is [STRING]: [STRING].
Variable fields	$1: EIGRP process ID. $2: IP address of the neighbor router. $3: Interface that is connected to the neighbor router. $4: Neighbor state, Up or Down. $5: Reason for the EIGRP neighbor state change. For information about the neighbor state change reasons, see Table 6.
Severity level	5
Example	EIGRP/5/PEER_CHANGE: EIGRP 2: Neighbor 100.100.10.2 (GigabitEthernet1/0/1) is Up: New neighbor.
Explanation	The EIGRP neighbor state changed for a specific reason.
Recommended action	Take an action according to the neighbor state change reason. For more information, see Table 6.

Table 6 Neighbor state change reasons and recommended actions

Reason	Remarks	Recommended action
New neighbor	N/A	No action is required.
Interface down	N/A	Check the network connectivity.
Reset operation	The reset eigrp process or reset eigrp peer command was executed.	No action is required.
Delete operation	The process or address family was deleted.	No action is required.
Hold timer expired	N/A	Check the network status or check whether the hold timer is appropriate.
Maximum retransmission times reached	N/A	Check the network status.
Inconsistent K values	N/A	Check whether the K values are consistent on both ends.
Neighbor restart	N/A	Check the network status and check whether an operation that affects neighbor relationship has been performed on the neighbor router.
Stuck in active	N/A	Check the network status and CPU usage on the neighbor router.
Peer termination	The neighbor actively terminated the neighbor relationship.	Check whether an operation that affects neighbor relationship has been performed on the neighbor router.
Configuration changed	N/A	Check whether the configuration is correct.
Process switchover	EIGRP process switchover occurred.	No action is required.
Insufficient memory	The memory threshold was reached.	Check system memory and release available memory by adjusting the modules that occupy too much memory.

ERPS messages

This section contains ERPS messages.

ERPS_STATE_CHANGED

Message text	Ethernet ring [UINT16] instance [UINT16] changed state to [STRING]
Variable fields	$1: ERPS ring ID. $2: ERPS instance ID. $3: ERPS instance status.
Severity level	6
Example	ERPS/4/ERPS_STATE_CHANGED: Ethernet ring 1 instance 1 changed state to Idle.
Explanation	The status of the ERPS instance changed.
Recommended action	No action is required.

ETHOAM messages

This section contains Ethernet OAM messages.

ETHOAM_CONNECTION_FAIL_DOWN

Message text	The link is down on interface [string] because a remote failure occurred on peer interface.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_CONNECTION_FAIL_DOWN: The link is down on interface Ethernet1/0/1 because a remote failure occurred on peer interface.
Explanation	The link goes down because a remote failure occurred on the peer interface.
Recommended action	Check the link status or the OAM status on the peer.

ETHOAM_CONNECTION_FAIL_TIMEOUT

Message text	Interface [string] removed the OAM connection because it received no Information OAMPDU before the timer times out.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_CONNECTION_FAIL_TIMEOUT: Interface Ethernet1/0/1 removed the OAM connection because it received no Information OAMPDU before the timer times out.
Explanation	The interface removed the OAM connection because it had not received Information OAMPDUs before the timer timed out.
Recommended action	Check the link status or the OAM status on the peer.

ETHOAM_CONNECTION_FAIL_UNSATISF

Message text	Interface [string] failed to establish an OAM connection because the peer doesn’t match the capacity of the local interface.
Variable fields	$1: Interface name.
Severity level	3
Example	ETHOAM/3/ETHOAM_CONNECTION_FAIL_UNSATISF: Interface Ethernet1/0/1 failed to establish an OAM connection because the peer doesn’t match the capacity of the local interface.
Explanation	Failed to establish an OAM connection because the peer does not match the OAM protocol state of the local interface.
Recommended action	Check the State field of the OAMPDUs sent from both ends.

ETHOAM_CONNECTION_SUCCEED

Message text	An OAM connection is established on interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_CONNECTION_SUCCEED: An OAM connection is established on interface Ethernet1/0/1.
Explanation	An OAM connection is established.
Recommended action	No action is required.

ETHOAM_DISABLE

Message text	Ethernet OAM is now disabled on interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_DISABLE: Ethernet OAM is now disabled on interface Ethernet1/0/1.
Explanation	Ethernet OAM is disabled.
Recommended action	No action is required.

ETHOAM_DISCOVERY_EXIT

Message text	OAM interface [string] quit the OAM connection.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_DISCOVERY_EXIT: OAM interface Ethernet1/0/1 quit the OAM connection.
Explanation	The local interface ended the OAM connection.
Recommended action	No action is required.

ETHOAM_ENABLE

Message text	Ethernet OAM is now enabled on interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_ENABLE: Ethernet OAM is now enabled on interface Ethernet1/0/1.
Explanation	Ethernet OAM is enabled.
Recommended action	No action is required.

ETHOAM_ENTER_LOOPBACK_CTRLLED

Message text	The local OAM entity enters remote loopback as controlled DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_ENTER_LOOPBACK_CTRLLED: The local OAM entity enters remote loopback as controlled DTE on OAM interface Ethernet1/0/1.
Explanation	The local OAM entity enters remote loopback as controlled DTE after you enable OAM loopback on the peer end.
Recommended action	No action is required.

ETHOAM_ENTER_LOOPBACK_CTRLLING

Message text	The local OAM entity enters remote loopback as controlling DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_ENTER_LOOPBACK_CTRLLING: The local OAM entity enters remote loopback as controlling DTE on OAM interface Ethernet1/0/1.
Explanation	The local OAM entity enters remote loopback as controlling DTE after you enable OAM loopback on the interface.
Recommended action	No action is required.

ETHOAM_LOCAL_DYING_GASP

Message text	A local Dying Gasp event has occurred on [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOCAL_DYING_GASP: A local Dying Gasp event occurred on interface Ethernet1/0/1.
Explanation	A local Dying Gasp event occurs when you reboot the local device or shut down the interface.
Recommended action	Do not use the link until it recovers.

ETHOAM_LOCAL_ERROR_FRAME

Message text	An errored frame event occurred on local interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME: An errored frame event occurred on local interface Ethernet1/0/1.
Explanation	An errored frame event occurred on the local interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_LOCAL_ERROR_FRAME_PERIOD

Message text	An errored frame period event occurred on local interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_PERIOD: An errored frame period event occurred on local interface Ethernet1/0/1.
Explanation	An errored frame period event occurred on the local interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_LOCAL_ERROR_FRAME_SECOND

Message text	An errored frame seconds event occurred on local interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOCAL_ERROR_FRAME_SECOND: An errored frame seconds event occurred on local interface Ethernet1/0/1.
Explanation	An errored frame seconds event occurred on the local interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_LOCAL_LINK_FAULT

Message text	A local Link Fault event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOCAL_LINK_FAULT: A local Link Fault event occurred on interface Ethernet1/0/1.
Explanation	A local Link Fault event occurred when the local link goes down.
Recommended action	Re-connect the Rx end of the fiber on the local interface.

ETHOAM_LOOPBACK_EXIT

Message text	OAM interface [string] quit remote loopback.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOOPBACK_EXIT: OAM interface Ethernet1/0/1 quit remote loopback.
Explanation	The OAM interface ended remote loopback after remote loopback was disabled on the interface and the OAM connection was torn down.
Recommended action	No action is required.

ETHOAM_LOOPBACK_EXIT_ERROR_STATU

Message text	OAM interface [string] quit remote loopback due to incorrect multiplexer or parser status.
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_LOOPBACK_EXIT_ERROR_STATU: OAM interface Ethernet1/0/1 quit remote loopback due to incorrect multiplexer or parser status.
Explanation	OAM interface Ethernet1/0/1 ended remote loopback due to incorrect multiplexer or parser status.
Recommended action	Disable and then re-enable Ethernet OAM on the OAM entity.

ETHOAM_LOOPBACK_NO_RESOURCE

Message text	OAM interface [string] can’t enter remote loopback due to insufficient resources.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOOPBACK_NO_RESOURCE: OAM interface Ethernet1/0/1 can’t enter remote loopback due to insufficient resources.
Explanation	The OAM interface cannot enter remote loopback due to insufficient resources when you execute the oam remote-loopback start command on the local or remote OAM entity.
Recommended action	To enable remote loopback on an interface, you must set the hardware forwarding resources on the interface. Enabling remote loopback on a large number of interfaces might cause insufficient resources. Disable remote loopback on other interfaces, and execute the oam remote-loopback start command on the interface again.

ETHOAM_LOOPBACK_NOT_SUPPORT

Message text	OAM interface [string] can’t enter remote loopback because the operation is not supported.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_LOOPBACK_NOT_SUPPORT: OAM interface Ethernet1/0/1 can't enter remote loopback because the operation is not supported.
Explanation	The OAM interface cannot enter remote loopback because the operation is not supported on the device.
Recommended action	No action is required.

ETHOAM_QUIT_LOOPBACK_CTRLLED

Message text	The local OAM entity quit remote loopback as controlled DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_QUIT_LOOPBACK_CTRLLED: The local OAM entity quit remote loopback as controlled DTE on OAM interface Ethernet1/0/1.
Explanation	As the Loopback Control OAMPDUs receiving end, the local end quit remote loopback after you disabled OAM loopback on the peer end.
Recommended action	No action is required.

ETHOAM_QUIT_LOOPBACK_CTRLLING

Message text	The local OAM entity quit remote loopback as controlling DTE on OAM interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_QUIT_LOOPBACK_CONTROLLING: The local OAM entity quit remote loopback as controlling DTE on OAM interface Ethernet1/0/1.
Explanation	The local end quit remote loopback after you disabled OAM loopback on the local interface.
Recommended action	No action is required.

ETHOAM_REMOTE_CRITICAL

Message text	A remote Critical event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_REMOTE_CRITICAL: A remote Critical event occurred on interface Ethernet1/0/1.
Explanation	A remote critical event occurred.
Recommended action	Do not use the link until it recovers.

ETHOAM_REMOTE_DYING_GASP

Message text	A remote Dying Gasp event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_REMOTE_DYING_GASP: A remote Dying Gasp event occurred on interface Ethernet1/0/1.
Explanation	A remote Dying Gasp event occurred when you reboot the remote device and shut down the interface.
Recommended action	Do not use this link until it recovers.

ETHOAM_REMOTE_ERROR_FRAME

Message text	An errored frame event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME: An errored frame event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored frame event occurred on the peer.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_ERROR_FRAME_PERIOD

Message text	An errored frame period event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_PERIOD: An errored frame period event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored frame period event occurred on the peer interface.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_ERROR_FRAME_SECOND

Message text	An errored frame seconds event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_FRAME_SECOND: An errored frame seconds event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored frame seconds event occurred on the peer.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_ERROR_SYMBOL

Message text	An errored symbol event occurred on the peer interface [string].
Variable fields	$1: Interface name.
Severity level	6
Example	ETHOAM/6/ETHOAM_REMOTE_ERROR_SYMBOL: An errored symbol event occurred on the peer interface Ethernet1/0/1.
Explanation	An errored symbol event occurred on the peer.
Recommended action	Check the link between the local and peer ends.

ETHOAM_REMOTE_EXIT

Message text	OAM interface [string] quit OAM connection because Ethernet OAM is disabled on the peer interface.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_REMOTE_EXIT: OAM interface Ethernet1/0/1 quit OAM connection because Ethernet OAM is disabled on the peer interface.
Explanation	The local interface ended the OAM connection because Ethernet OAM was disabled on the peer interface.
Recommended action	No action is required.

ETHOAM_REMOTE_FAILURE_RECOVER

Message text	Peer interface [string] recovered.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_REMOTE_FAILURE_RECOVER: Peer interface Ethernet1/0/1 recovered.
Explanation	The Link fault was cleared from the peer interface and the OAM connection was restored.
Recommended action	No action is required.

ETHOAM_REMOTE_LINK_FAULT

Message text	A remote Link Fault event occurred on interface [string].
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_REMOTE_LINK_FAULT: A remote Link Fault event occurred on interface Ethernet1/0/1.
Explanation	A remote Link Fault event occurred when the remote link went down.
Recommended action	Reconnect the Rx end of the fiber on the remote interface.

ETHOAM_NO_ENOUGH_RESOURCE

Message text	The configuration failed on OAM interface [string] because of insufficient resources.
Variable fields	$1: Interface name.
Severity level	4
Example	ETHOAM/4/ETHOAM_NO_ENOUGH_RESOURCE: The configuration failed on OAM interface Ethernet1/0/1 because of insufficient resources.
Explanation	The configuration failed on the OAM interface because of insufficient system resources.
Recommended action	Remove useless configurations to release the resources, and execute the command again.

ETHOAM_NOT_CONNECTION_TIMEOUT

Message text	Interface [string] quit Ethernet OAM because it received no Information OAMPDU before the timer times out.
Variable fields	$1: Interface name.
Severity level	5
Example	ETHOAM/5/ETHOAM_NOT_CONNECTION_TIMEOUT: Interface Ethernet1/0/1 quit Ethernet OAM because it received no Information OAMPDU before the timer times out.
Explanation	The local interface ended Ethernet OAM because it had not received Information OAMPDUs before the timer timed out.
Recommended action	Check the link status and the OAM status on the peer.

EVB messages

This section contains EVB messages.

EVB_AGG_FAILED

Message text	Remove port [STRING] from aggregation group [STRING]. Otherwise, the EVB feature does not take effect.
Variable fields	$1: Port name. $2: Aggregation port name.
Severity level	6
Example	EVB/6/EVB_AGG_FAILED: Remove port GigabitEthernet5/0/5 from aggregation group Bridge-Aggregation5. Otherwise, the EVB feature does not take effect.
Explanation	EVB bridge fails to process a port in an aggregation group.
Recommended action	Remove the port from the aggregation group.

EVB_LICENSE_EXPIRE

Message text	The EVB feature's license will expire in [UINT32] days.
Variable fields	$1: Number of days.
Severity level	6
Example	EVB/6/EVB_LICENSE_EXPIRE: The EVB feature's license will expire in 15 days.
Explanation	The license for EVB will expire in the specified number of days.
Recommended action	Purchase and register a new license for the EVB feature.

EVB_VSI_OFFLINE

Message text	VSI [STRING] went offline.
Variable fields	$1: VSI interface/VSI aggregate interface name.
Severity level	6
Example	EVB/6/EVB_VSI_OFFLINE: VSI Schannel-Aggregation1:2.0 went offline.
Explanation	The VSI interface or VSI aggregate interface is deleted when either of the following events occurs: · The EVB bridge receives a VDP packet from the EVB station. · The EVB bridge has not received an acknowledgement after a VDP packet times out.
Recommended action	No action is required.

EVB_VSI_ONLINE

Message text	VSI [STRING] came online, status is [STRING].
Variable fields	$1: VSI interface/VSI aggregate interface name. $2: VSI status.
Severity level	6
Example	EVB/6/EVB_VSI_ONLINE: VSI Schannel-Aggregation1:2.0 came online, status is association.
Explanation	The EVB bridge receives a VDP packet and creates a VSI interface or VSI aggregate interface successfully.
Recommended action	No action is required.

EVIISIS messages

This section contains EVI IS-IS messages.

EVIISIS_LICENSE

Message text	The EVIISIS feature has [STRING] license.
Variable fields	$1: License state: ¡ available—A valid license was found. ¡ no available—The current license became invalid, or no valid license was found.
Severity level	5
Example	EVIISIS/5/EVIISIS_LICENSE: The EVIISIS feature has available license.
Explanation	This message is generated when EVI IS-IS license status changes. For example, an EVI IS-IS license is installed or becomes invalid.
Recommended action	Install a valid EVI IS-IS license if the current EVI IS-IS license is invalid or no license is available.

EVIISIS_NBR_CHG

Message text	EVIISIS [UINT32], [STRING] adjacency [STRING] ([STRING]), state changed to: [STRING].
Variable fields	$1: EVI IS-IS process ID. $2: EVI IS-IS neighbor level. $3: Neighbor system ID. $4: Interface name. $5: Adjacency state: ¡ up—Adjacency was set up. ¡ initializing—Neighbor state was initializing. ¡ down—Adjacency was lost.
Severity level	5
Example	EVIISIS/5/EVIISIS_NBR_CHG: EVIISIS 1, Level-1 adjacency 0011.2200.1501 (Evi-Link0), state changed to: down.
Explanation	The EVI IS-IS adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes to down or initializing on an interface, check for EVI IS-IS configuration errors or loss of network connectivity.

FCLINK messages

This section contains FC link messages.

FCLINK_FDISC_REJECT_NORESOURCE

Message text	VSAN [UINT16], Interface [STRING]: An FDISC was rejected because the hardware resource is not enough.
Variable fields	$1: VSAN ID. $2: Interface name.
Severity level	4
Example	FCLINK/4/FCLINK_FDISC_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FDISC was rejected because the hardware resource is not enough.
Explanation	An FDISC is received when the hardware resources are insufficient.
Recommended action	Reduce the number of nodes.

FCLINK_FLOGI_REJECT_NORESOURCE

Message text	VSAN [UINT16], Interface [STRING]: An FLOGI was rejected because the hardware resource is not enough.
Variable fields	$1: VSAN ID. $2: Interface name.
Severity level	4
Example	FCLINK/4/FCLINK_FLOGI_REJECT_NORESOURCE: VSAN 1, Interface FC2/0/1: An FLOGI was rejected because the hardware resource is not enough.
Explanation	An FLOGI is received when the hardware resources are insufficient.
Recommended action	Reduce the number of nodes.

FCOE messages

This section contains FCoE messages.

FCOE_INTERFACE_NOTSUPPORT_FCOE

Message text	Because the aggregate interface [STRING] has been bound to a VFC interface, assigning the interface [STRING] that does not support FCoE to the aggregate interface might cause incorrect processing.
Variable fields	$1: Aggregate interface name. $2: Ethernet interface name.
Severity level	4
Example	FCOE/4/FCOE_INTERFACE_NOTSUPPORT_FCOE: Because the aggregate interface Bridge-Aggregation 1 has been bound to a VFC interface, assigning the interface Ten-GigabitEthernet 2/0/1 that does not support FCoE to the aggregate interface might cause incorrect processing.
Explanation	This message is generated when an interface that does not support FCoE is assigned to an aggregate interface that has been bound to a VFC interface.
Recommended action	Assign an interface that supports FCoE to the aggregate interface, or remove the binding from the VFC interface.

FCZONE messages

This section contains FC zone messages.

FCZONE_HARDZONE_DISABLED

Message text	-VSAN=[UINT16]: No enough hardware resource for zone rule, switched to soft zoning.
Variable fields	$1: VSAN ID.
Severity level	4
Example	FCZONE/4/FCZONE_HARDZONE_DISABLED: -VSAN=2: No enough hardware resource for zone rule, switched to soft zoning.
Explanation	Insufficient hardware resources.
Recommended action	Activate a smaller zone set.

FCZONE_HARDZONE_ENABLED

Message text	-VSAN=[UINT16]: Hardware resource for zone rule is restored, switched to hard zoning.
Variable fields	$1: VSAN ID.
Severity level	6
Example	FCZONE/6/FCZONE_HARDZONE_ENABLED: -VSAN=2: Hardware resource for zone rule is restored, switched to hard zoning.
Explanation	Hard zoning is enabled in a VSAN because the hardware resources are restored.
Recommended action	No action is required.

FCZONE_ISOLATE_NEIGHBOR

Message text	-VSAN=[UINT16]; All the E ports connected to a neighbor were isolated because of merge failure, and the neighbor’s switch WWN is [STRING].
Variable fields	$1: VSAN ID. $2: Neighbor's switch WWN.
Severity level	4
Example	FCZONE/4/FCZONE_ISOLATE_NEIGHBOR: -VSAN=2; All the E ports connected to a neighbor were isolated because of merge failure, and the neighbor’s switch WWN is 10:00:00:11:22:00:0d:01.
Explanation	All E_Ports connected to a neighbor were isolated because a merge operation with the neighbor failed.
Recommended action	To resolve the problem: 81. Use the display current-configuration command on the local switch and the neighbor switch to view their zoning configurations. 82. Modify those noncompliant configurations on both switches to be compliant with merge rules. 83. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation.

FCZONE_ISOLATE_ALLNEIGHBOR

Message text	-VSAN=[UINT16]; The E ports connected to all neighbors were isolated, because the length of the locally generated MR packet exceeded the limit.
Variable fields	$1: VSAN ID.
Severity level	4
Example	FCZONE/4/FCZONE_ISOLATE_ALLNEIGHBOR: -VSAN=2; The E ports connected to all neighbors were isolated, because the length of the locally generated MR packet exceeded the limit.
Explanation	E_Ports connected to all neighbors were isolated because the length of the locally generated MR packet exceeded the limit.
Recommended action	To resolve the problem: 84. Use the display current-configuration command on the local switch to view the zoning configuration. 85. Delete unnecessary zoning configuration of the active zone set. 86. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation. Or 87. Activate a smaller zone set. 88. Execute the shutdown and undo shutdown command sequence on those isolated E_Ports to trigger a new merge operation.

FCZONE_ISOLATE_CLEAR_VSAN

Message text	-Interface=[STRING]-VSAN=[UINT16]; Isolation status was cleared.
Variable fields	$1: Interface name. $2: VSAN ID.
Severity level	6
Example	FCZONE/6/FCZONE_ISOLATE_CLEAR_VSAN: -Interface=Fc0/2/7-VSAN=2; Isolation status was cleared.
Explanation	The isolation status of an interface was cleared in a VSAN.
Recommended action	No action is required.

FCZONE_ISOLATE_CLEAR_ALLVSAN

Message text	-Interface=[STRING]; Isolation status was cleared in all supported VSANs.
Variable fields	$1: Interface name.
Severity level	6
Example	FCZONE/6/FCZONE_ISOLATE_CLEAR_ALLVSAN: -Interface=Fc0/2/7; Isolation status was cleared in all supported VSANs.
Explanation	The isolation status of an interface was cleared in all supported VSANs.
Recommended action	No action is required.

FCZONE_DISTRIBUTE_FAILED

Message text	-VSAN=[UINT16]; Zone distribution failed. The zoning configurations might consequently be inconsistent across the fabric.
Variable fields	$1: VSAN ID.
Severity level	4
Example	FCZONE/4/FCZONE_DISTRIBUTE_FAILED: -VSAN=2; Zone distribution failed. The zoning configurations might consequently be inconsistent across the fabric.
Explanation	A distribution operation failed. Consequently, the zoning configurations might be inconsistent across the fabric.
Recommended action	To resolve the problem if the distribution operation is triggered by using the zoneset activate command: 89. Verify that the contents of the active zone set are consistent on all switches by using the display current-configuration command. 90. Reactivate the zone set and distribute it to the entire fabric by using the zoneset activate command. To resolve the problem if the distribution operation is triggered by using the zoneset distribute command: 91. Verify that the contents of the active zone set and zone database are consistent on all switches by using the display current-configuration command. 92. Trigger a new complete distribution by using the zoneset distribute command. To resolve the problem if the distribution operation is triggered by a zoning mode switchover: 93. Verify that the zoning mode is the same on all switches by using the display zone status command. 94. Trigger a new complete distribution by using the zoneset distribute command.

File filtering messages

This section contains file filtering messages.

FFILTER_IPV4_LOG

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];DataDirection(1081)=[STRING];RuleName(1080)=[STRING];PolicyName(1079)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZone(1025)=[STRING];DstZone(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Data direction. Available values are: ¡ Upload. ¡ Download. ¡ Both. $4: Rule name. $5: Policy name. $6: Source IP address. $7: Source port number. $8: Destination IP address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Identity username. $13: Action applied to on the packet. Available actions are: ¡ Permit. ¡ Drop.
Severity level	6
Example	FFILTER/6/FFILTER_IPV4_LOG: -MDC=1; Protocol(1001)=TCP;Application(1002)=SMTP;DataDirection(1081)=upload;RuleName(1080)=ruletest;PolicyName(1079)=policytest;SrcIPAddr(1003)=21.22.23.20;SrcPort(1004)=51396;DstIPAddr(1007)=25.26.27.20;DstPort(1008)=25;SrcZone(1025)=in;DstZone(1035)=in;UserName(1113)=abc;Action(1053)=drop;
Explanation	An IPv4 packet matched a file filtering rule.
Recommended action	No action is required.

FFILTER_IPV6_LOG

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];DataDirection(1081)=[STRING];RuleName(1080)=[STRING];PolicyName(1079)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZone(1025)=[STRING];DstZone(1035)=[STRING];UserName(1113)=[STRING];action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Data direction. Available values are: ¡ Upload. ¡ Download. ¡ Both. $4: Rule name. $5: Policy name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Identity username. $13: Action applied to on the packet. Available actions are: ¡ Permit. ¡ Drop.
Severity level	6
Example	FFILTER/6/FFILTER_IPV6_LOG: -MDC=1; Protocol(1001)=TCP;Application(1002)=SMTP;DataDirection(1081)=upload;RuleName(1080)=ruletest;PolicyName(1079)=policytest;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZone(1025)=in;DstZone(1035)=in;UserName(1113)=aaa;Action(1053)=drop;
Explanation	An IPv6 packet matched a file filtering rule.
Recommended action	No action is required.

FILTER messages

This section contains filter messages.

FILTER_EXECUTION_ICMP

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];Type(1067)=[STRING];Acl(1068)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];IcmpType(1062)=[STRING]([UINT16]);IcmpCode(1063)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Source IP address. $8: Destination IP address. $9: ICMP message type. $10: ICMP message code. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_EXECUTION_ICMP: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;Type(1067)=IPv4;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;DstIPAddr(1007)=200.1.1.1;IcmpType(1062)=Echo(8);IcmpCode(1063)=0;MatchCount(1069)=1000;Event(1048)=Permit;
Explanation	ICMP packets matched the packet filter. This message is sent when the first ICMP packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_EXECUTION_ICMPV6

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];Type(1067)=[STRING];Acl(1068)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];Icmpv6Type(1064)=[STRING]([UINT16]);Icmpv6Code(1065)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Source IPv6 address. $8: Destination IPv6 address. $9: ICMPv6 message type. $10: ICMPv6 message code. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_EXECUTION_ICMP: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;Type(1067)=IPv4;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;DstIPAddr(1007)=200.1.1.1;IcmpType(1062)=Echo(8);IcmpCode(1063)=0;MatchCount(1069)=1000;Event(1048)=Permit;
Explanation	ICMPv6 packets matched the packet filter. This message is sent when the first ICMPv6 packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_IPV4_EXECUTION

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];Type(1067)=[STRING];Acl(1068)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IP address. $9: Source port. $10: Destination IP address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_IPV4_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;Type(1067)=IPv4;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=Permit;
Explanation	Packets other than ICMP packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_IPV6_EXECUTION

Message text	RcvIfName(1023)=[STRING];Direction(1070)=[STRING];Type(1067)=[STRING];Acl(1068)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Receiving interface name. $2: Direction. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IPv6 address. $9: Source port number. $10: Destination IPv6 address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_IPV6_EXECUTION: RcvIfName(1023)=GigabitEthernet2/0/2;Direction(1070)=inbound;Type(1067)=IPv6;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3001::1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=Permit;
Explanation	Packets other than ICMPv6 packets matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and it will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV4_EXECUTION

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];ObjectPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Type of the object policy. $4: Name of the object policy. $5: ID of the object policy rule. $6: Layer 4 protocol name. $7: Application name. $8: Source IP address. $9: Source port number. $10: Destination IP address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV4_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;ObjectPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched an object policy. This message is sent when the first packet of a flow matches the object policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV4_EXECUTION

Message text	SrcZoneName(1025)=zone1;DstZoneName(1035)=[STRING];Type(1067)=[STRING];Acl(1068)=[UINT16];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IP address. $9: Source port number. $10: Destination IP address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV4_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV4_EXECUTION

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];SecurityPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];SrcMacAddr(1021)=[STRING];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Security policy type. $4: Security policy name. $5: Security policy rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IP address. $9: Source port number. $10: Source MAC address. $11: Destination IP address. $12: Destination port number. $13: Match count. $14: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV4_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;SecurityPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;SrcMacAddr(1021)=000f-e267-76eb;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched the security policy. This message is sent when the first packet of a flow matches the security policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV6_EXECUTION

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];ObjectPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Type of the object policy. $4: Name of the object policy. $5: ID of the object policy rule. $6: Layer 4 protocol name. $7: Application name. $8: Source IPv6 address. $9: Source port number. $10: Destination IPv6 address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV6_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;ObjectPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched an object policy. This message is sent when the first packet of a flow matches the object policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV6_EXECUTION

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];Acl(1068)=[UINT16];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IPv6 address. $9: Source port number. $10: Destination IPv6 address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV6_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched the packet filter. This message is sent when the first packet of a flow matches the packet filter, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_IPV6_EXECUTION

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];SecurityPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Security policy type. $4: Security policy name. $5: Security policy rule ID. $6: Layer 4 protocol name. $7: Application name. $8: Source IPv6 address. $9: Source port number. $10: Destination IPv6 address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_IPV6_EXECUTION: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=TCP;Application(1002)=ftp;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	A flow matched the security policy. This message is sent when the first packet of a flow matches the security policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMP

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];ObjectPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Type of the object policy. $4: Name of the object policy. $5: ID of the object policy rule. $6: Layer 4 protocol name. $7: Source IP address. $8: Source port number. $9: Destination IP address. $10: Destination port number. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMP: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;ObjectPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMP packets matched an object policy. This message is sent when the first ICMP packet of a flow matches the object policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMP

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];Acl(1068)=[UINT16];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Source IP address. $8: Source port number. $9: Destination IP address. $10: Destination port number. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMP: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMP packets matched the packet filter. This message is sent when the first ICMP packet of a flow matches the packet filter, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMP

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];SecurityPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPAddr(1003)=[STRING];SrcPort(1004)=[UINT16];SrcMacAddr(1021)=[STRING];DstIPAddr(1007)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Security policy type. $4: Security policy name. $5: Security policy rule ID. $6: Layer 4 protocol name. $7: Source IP address. $8: Source port number. $9: Source MAC address. 10: Destination IP address. $11: Destination port number. $12: Match count. $13: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMP: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv4;SecurityPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=ICMP;SrcIPAddr(1003)=100.1.1.1;SrcPort(1004)=1025;SrcMacAddr(1021)=dc4a-3e7d-91b1;DstIPAddr(1007)=200.1.1.1;DstPort(1008)=1026;MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMP packets matched the security policy. This message is sent when the first ICMP packet of a flow matches the security policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMPV6

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];ObjectPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Type of the object policy. $4: Name of the object policy. $5: ID of the object policy rule. $6: Layer 4 protocol name. $7: Source IPv6 address. $8: Source port number. $9: Destination IPv6 address. $10: Destination port number. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMPV6: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;ObjectPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=ICMPV6;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026; MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMPv6 packets matched an object policy. This message is sent when the first ICMPv6 packet of a flow matches the object policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMPV6

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];Acl(1068)=[UINT16];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: ACL type. $4: ACL number or name. $5: ACL rule ID. $6: Layer 4 protocol name. $7: Source IPv6 address. $8: Source port number. $9: Destination IPv6 address. $10: Destination port number. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMPV6: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;Acl(1068)=3000;RuleID(1078)=0;Protocol(1001)=ICMPV6;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026; MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMPv6 packets matched the packet filter. This message is sent when the first ICMPv6 packet of a flow matches the packet filter, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FILTER_ZONE_EXECUTION_ICMPV6

Message text	SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];Type(1067)=[STRING];SecurityPolicy(1072)=[STRING];RuleID(1078)=[UINT32];Protocol(1001)=[STRING];SrcIPv6Addr(1036)=[STRING];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[STRING];DstPort(1008)=[UINT16];MatchCount(1069)=[UINT32];Event(1048)=[STRING];
Variable fields	$1: Source security zone. $2: Destination security zone. $3: Security policy type. $4: Security policy name. $5: Security policy rule ID. $6: Layer 4 protocol name. $7: Source IPv6 address. $8: Source port number. $9: Destination IPv6 address. $10: Destination port number. $11: Match count. $12: Event information.
Severity level	6
Example	FILTER/6/FILTER_ZONE_EXECUTION_ICMPV6: SrcZoneName(1025)=zone1;DstZoneName(1035)=zone2;Type(1067)=IPv6;SecurityPolicy(1072)=policy1;RuleID(1078)=0;Protocol(1001)=ICMPV6;SrcIPv6Addr(1036)=2001::1;SrcPort(1004)=1025;DstIPv6Addr(1037)=3000::1;DstPort(1008)=1026; MatchCount(1069)=1000;Event(1048)=permit;
Explanation	ICMPv6 packets matched the security policy. This message is sent when the first ICMPv6 packet of a flow matches the security policy, and the message will be sent regularly for the flow.
Recommended action	No action is required.

FIPSNG messages

This section contains FIP snooping messages.

FIPSNG_HARD_RESOURCE_NOENOUGH

Message text	No enough hardware resource for FIP snooping rule.
Variable fields	N/A
Severity level	4
Example	FIPSNG/4/FIPSNG_HARD_RESOURCE_NOENOUGH: No enough hardware resource for FIP snooping rule.
Explanation	Hardware resources are insufficient.
Recommended action	No action is required.

FIPSNG_HARD_RESOURCE_RESTORE

Message text	Hardware resource for FIP snooping rule is restored.
Variable fields	N/A
Severity level	6
Example	FIPSNG/6/FIPSNG_HARD_RESOURCE_RESTORE: Hardware resource for FIP snooping is restored.
Explanation	Hardware resources for FIP snooping rules are restored.
Recommended action	No action is required.

FS messages

This section contains file system messages.

FS_UNFORMATTED_PARTITION

Message text	Partition [%s] is not formatted yet. Please format the partition first.
Variable fields	$1: Partition name.
Severity level	4
Example	FS/4/FS_UNFORMATED_PARTITION: Partition usba0: is not formatted yet. Please format the partition first.
Explanation	The partition is not formatted. You must format a partition before you can perform other operations on the partition.
Recommended action	Format the specified partition.

FTPD messages

This section contains File Transfer Protocol daemon messages.

FTP_ACL_DENY

Message text	The FTP Connection request from [IPADDR]([STRING]) was denied by ACL rule (rule ID=[INT32])
Variable fields	$1: IP address of the FTP client. $2: VPN instance to which the FTP client belongs. $3: ID of the rule that denied the FTP client. If an FTP client does not match created ACL rules, the device denies the client based on the default ACL rule.
Severity level	5
Example	FTP/5/FTP_ACL_DENY: The FTP connection request from 181.1.1.10 was denied by ACL rule (rule ID=20). FTP/5/FTP_ACL_DENY: The FTP connection request from 181.1.1.10 was denied by ACL rule (default rule).
Explanation	FTP access control ACLs control which FTP clients can access the FTP service on the device. The device sends this log message when it denies an FTP client.
Recommended action	No action is required.

FTPD_REACH_SESSION_LIMIT

Message text	FTP client $1 failed to log in. The current number of FTP sessions is [NUMBER]. The maximum number allowed is ([NUMBER]).
Variable fields	$1: IP address of the FTP client. $2: Current number of FTP sessions. $3: Maximum number of FTP sessions allowed by the device.
Severity level	6
Example	FTPD/6/FTPD_REACH_SESSION_LIMIT: FTP client 1.1.1.1 failed to log in. The current number of FTP sessions is 10. The maximum number allowed (10).
Explanation	The number of FTP connections reached the limit.
Recommended action	95. Use the display current-configuration \| include session-limit command to view the current limit for FTP connections. If the command does not display the limit, the device is using the default setting. 96. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

GLB messages

This section contains GLB messages.

GLB_SYNCGROUP_CMD_DENY

Message text	Configuration deployment is not allowed because of configuration conflicts on default synchronization group member devices. Please choose one device to execute the command: loadbalance default-syncgroup sync config.
Variable fields	None
Severity level	5
Example	H3C GLB/5/GLB_SYNCGROUP_CMD_DENY: Configuration deployment is not allowed because of configuration conflicts on default synchronization group member devices. Please choose one device to execute the command: loadbalance default-syncgroup sync config.
Explanation	Configuration deployment is not allowed because of configuration conflicts on default synchronization group members.
Recommended action	Execute the loadbalance default-syncgroup sync config command on any of the default synchronization group members.

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] disconnected from [STRING] due to configuration changes.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT: The default synchronization group member site1 disconnected from site2 due to configuration changes.
Explanation	A connection between default synchronization group members disconnected due to configuration changes.
Recommended action	Check whether member communication capability is enabled and check the IP address and other settings.

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] disconnected from [STRING] due to timeout.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT:The default synchronization group member site1 disconnected from site2 due to timeout.
Explanation	A connection between default synchronization group members disconnected due to timeout.
Recommended action	Check the member configuration and network connectivity..

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] disconnected from [STRING] due to a disconnect message.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT:The default synchronization group member site1 disconnected from site2 due to a disconnect message.
Explanation	A connection between default synchronization group members disconnected due to a disconnect message.
Recommended action	Check the configuration on the remote member if the connection cannot be re-established.

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] disconnected from [STRING] due to receiving an EPOLLHUP/EPOLLERR signal.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT:The default synchronization group member site1 disconnected from site2 due to receiving an EPOLLHUP/EPOLLERR signal.
Explanation	A connection between default synchronization group members disconnected due to receiving an EPOLLHUP/EPOLLERR signal.
Recommended action	Check the network connectivity if the connection cannot be automatically re-established.

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] disconnected from [STRING] due to disconnection of the TCP connection by the peer.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT:The default synchronization group member site1 disconnected from site2 due to disconnection of the TCP connection by the peer.
Explanation	A connection between default synchronization group members disconnected because the remote member closed the connection.
Recommended action	Check whether the IP address configuration is the same on the two ends.

GLB_SYNCGROUP_MEM_CONNECT

Message text	The default synchronization group member [STRING] connected to [STRING] successfully.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_CONNECT: The default synchronization group member %s connected to %s successfully.
Explanation	Two default synchronization group members established a connection..
Recommended action	No action is required.

GLB_SYNCGROUP_MEM_DISCONNECT

Message text	The default synchronization group member [STRING] failed to connect to [STRING] due to different member names.
Variable fields	$1: Default synchronization group member name. $2: Default synchronization group member name.
Severity level	5
Example	GLB/5/GLB_SYNCGROUP_MEM_DISCONNECT: The default synchronization group member %s failed to connect to %s due to different member names.
Explanation	Two default synchronization group members failed to establish a connection due to different member names.
Recommended action	Modify one member name to be the same as another member name..

GLB_SYNCGROUP_SYNC_CONFLICT

Message text	Inconsistent configuration exists on the default synchronization group member devices during connection establishment. Please choose one device to execute the command: loadbalance default-syncgroup sync config.
Variable fields	None
Severity level	5
Example	H3C GLB/5/GLB_SYNCGROUP_SYNC_CONFLICT: Inconsistent configuration exists on the default synchronization group member devices during connection establishment. Please choose one device to execute the command: loadbalance default-syncgroup sync config.
Explanation	Inconsistent configuration exists on the default synchronization group member devices during connection establishment.
Recommended action	Execute the loadbalance default-syncgroup sync config command on any of the default synchronization group members.

HA messages

This section contains HA messages.

HA_BATCHBACKUP_FINISHED

Message text	Batch backup of standby board in [STRING] has finished.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	HA/5/HA_BATCHBACKUP_FINISHED: Batch backup of standby board in slot 1 has finished.
Explanation	Batch backup from the active MPU to the standby MPU has finished.
Recommended action	No action is required.

HA_BATCHBACKUP_STARTED

Message text	Batch backup of standby board in [STRING] started.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	HA/5/HA_BATCHBACKUP_STARTED: Batch backup of standby board in slot 1 started.
Explanation	Batch backup from the active MPU to the standby MPU has started.
Recommended action	No action is required.

HA_STANDBY_NOT_READY

Message text	Standby board in [STRING] is not ready, reboot ...
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	4
Example	HA/4/HA_STANDBY_NOT_READY: Standby board in slot 1 is not ready, reboot ...
Explanation	This message appears on the standby MPU. When batch backup is not complete on the standby MPU, performing active and standby MPU switchover results in restart of the active and standby MPUs.
Recommended action	Do not perform active and standby MPU switchover before batch backup is complete on the standby MPU.

HA_STANDBY_TO_MASTER

Message text	Standby board in [STRING] changed to the master.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	5
Example	HA/5/HA_STANDBY_TO_MASTER: Standby board in slot 1 changed to the master.
Explanation	An active and standby MPU switchover occurs. The standby MPU changed to active.
Recommended action	No action is required.

HQOS messages

This section contains HQoS messages.

HQOS_DP_SET_FAIL

Message text	Failed to set drop profile [STRING] globally.
Variable fields	$1: Drop profile name.
Severity level	4
Example	HQOS/4/HQOS_DP_SET_FAIL: Failed to set drop profile b globally.
Explanation	The system failed to perform one of the following actions: · Apply a drop profile globally. · Modify a drop profile applied globally.
Recommended action	Check the drop profile settings.

HQOS_FP_SET_FAIL

Message text	Failed to set [STRING] in forwarding profile [STRING] globally.
Variable fields	$1: Policy type: · gts. · bandwidth. · queue. · drop profile. $2: Forwarding profile name.
Severity level	4
Example	HQOS/4/HQOS_FP_SET_FAIL: Failed to set gts in forwarding profile b globally.
Explanation	The system failed to perform one of the following actions: · Apply a forwarding profile globally. · Modify a forwarding profile applied globally.
Recommended action	Examine the forwarding profile, and make sure it is supported and has no conflicted contents.

HQOS_POLICY_APPLY_FAIL

Message text	Failed to apply some forwarding classes or forwarding groups in scheduler policy [STRING] to the [STRING] direction of interface [STRING].
Variable fields	$1: Scheduler policy name. $2: Policy direction: inbound or outbound. $3: Interface name.
Severity level	4
Example	HQOS/4/HQOS_POLICY_APPLY_FAIL: Failed to apply some forwarding classes or forwarding groups in scheduler policy b to the inbound direction of interface Ethernet3/1/2.
Explanation	The system failed to perform one of the following actions: · Apply a scheduler policy to a specific direction of an interface. · Modify a scheduler policy applied to a specific direction of an interface.
Recommended action	Use the display qos scheduler-policy diagnosis interface command to identify the nodes that failed to be applied and the failure causes, and modify the running configuration.

HQOS_POLICY_APPLY_FAIL

Message text	Failed to recover scheduler policy [STRING] to the [STRING] direction of interface [STRING] due to [STRING].
Variable fields	$1: Scheduler policy name. $2: Policy direction: inbound or outbound. $3: Interface name. $4: Cause.
Severity level	4
Example	HQOS/4/HQOS_POLICY_RECOVER_FAIL: Failed to recover scheduler policy b to the outbound direction of interface Ethernet3/1/2 due to conflicting with QoS configuration.
Explanation	The system failed to recover an applied scheduler policy after the card or device rebooted, because the scheduler policy conflicted with the QoS configuration on the interface.
Recommended action	Check the scheduler policy configuration according to the failure cause.

HTTPD messages

This section contains HTTP daemon messages.

HTTPD_CONNECT

Message text	[STRING] client [STRING] connected to the server successfully.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_CONNECT: HTTP client 192.168.30.117 connected to the server successfully.
Explanation	The HTTP or HTTPS server accepted the request from a client. An HTTP or HTTPS connection was set up.
Recommended action	No action is required.

HTTPD_CONNECT_TIMEOUT

Message text	[STRING] client [STRING] connection idle timeout.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_CONNECT_TIMEOUT: HTTP client 192.168.30.117 connection to server idle timeout.
Explanation	An HTTP or HTTPS connection was disconnected because the idle timeout timer expires.
Recommended action	No action is required.

HTTPD_DISCONNECT

Message text	[STRING] client [STRING] disconnected from the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_DISCONNECT: HTTP client 192.168.30.117 disconnected from the server.
Explanation	An HTTP or HTTPS client was disconnected from the server.
Recommended action	No action is required.

HTTPD_FAIL_FOR_ACL

Message text	[STRING] client [STRING] failed the ACL check and could not connect to the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_FAIL_FOR_ACL: HTTP client 192.168.30.117 failed the ACL check and cannot connect to the server.
Explanation	An HTTP or HTTPS client was filtered by the ACL.
Recommended action	No action is required.

HTTPD_FAIL_FOR_ACP

Message text	[STRING] client [STRING] was denied by the certificate access control policy and could not connect to the server.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_FAIL_FOR_ACP: HTTP client 192.168.30.117 was denied by the certificate attribute access control policy and could not connect to the server.
Explanation	An HTTP or HTTPS client was denied by the certificate access control policy.
Recommended action	No action is required.

HTTPD_REACH_CONNECT_LIMIT

Message text	[STRING] client [STRING] failed to connect to the server, because the number of connections reached the upper limit.
Variable fields	$1: Connection type, HTTP or HTTPS. $2: Client IP address.
Severity level	6
Example	HTTPD/6/HTTPD_REACH_CONNECT_LIMIT: HTTP client 192.168.30.117 failed to connect to the server, because the number of connections reached the upper limit.
Explanation	The number of connections reached the limit.
Recommended action	97. Use the display current-configuration \| include session-limit command to view the current limit for connections of the specified type. If the command does not display the limit, the device is using the default setting. 98. If you want to specify a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

Identity messages

This section contains user identification messages.

IDENTITY_CSV_IMPORT_FAILED

Message text	Failed to import identity user [STRING] to domain [STRING] from the .csv file.
Variable fields	$1: Identity username. $2: Identity domain name.
Severity level	5
Example	IDENTITY/5/IDENTITY_CSV_IMPORT_FAILED: Failed to import identity user network-us?er1 to domain system-domain from the .csv file.
Explanation	Failed to import an identity user account from a .csv file and stopped importing remaining identity user accounts.
Recommended action	99. Make sure no identity user account with the same name exists on the device. 100. Make sure the identity domain name or the identity username does not contain invalid characters.

IDENTITY_IMC_IMPORT_FAILED_NO_MEMORY

Message text	Failed to obtain data from IMC. Reason: Not enough memory.
Variable fields	N/A
Severity level	5
Example	IDENTITY/5/IDENTITY_IMC_IMPORT_FAILED_NO_MEMORY: Failed to obtain data from IMC. Reason: Not enough memory.
Explanation	Failed to import identity user accounts and online identity user information from the IMC server because of insufficient memory.
Recommended action	No action is required.

IDENTITY_LDAP_IMPORT_FAILED_NO_MEMORY

Message text	Failed to obtain data from the LDAP server specified in scheme [STRING]. Reason: Not enough memory.
Variable fields	$1: LADP scheme name.
Severity level	5
Example	IDENTITY/5/IDENTITY_LDAP_IMPORT_FAILED_NO_MEMORY: Failed to obtain data from the LDAP server specified in scheme test. Reason: Not enough memory.
Explanation	Failed to import identity users and identity groups from an LDAP server because of insufficient memory.
Recommended action	No action is required.

IDENTITY_LDAP_IMPORT_GROUP_FAILED

Message text	Failed to import identity group [STRING] to domain [STRING] from the LDAP server specified in scheme [STRING].
Variable fields	$1: Identity group name. $2: Identity domain name. $3: LADP scheme name.
Severity level	5
Example	IDENTITY/5/IDENTITY_LDAP_IMPORT_GROUP_FAILED: Failed to import identity group group-na?me1 to domain system-domain from the LDAP server specified in scheme ldap-scheme1.
Explanation	Failed to import an identity group from the LDAP server specified in an LDAP scheme.
Recommended action	101. Make sure no identity group with the same group name exists on the device. 102. Make sure the identity domain name or the identity group name does not contain invalid characters.

IDENTITY_LDAP_IMPORT_USER_FAILED

Message text	Failed to import identity user [STRING] to domain [STRING] from the LDAP server specified in scheme [STRING].
Variable fields	$1: Identity username. $2: Identity domain name. $3: LADP scheme name.
Severity level	5
Example	IDENTITY/5/IDENTITY_LDAP_IMPORT_USER_FAILED: Failed to import identity user user-na?me1 to domain system-domain from the LDAP server specified in scheme ldap-scheme1.
Explanation	Failed to import an identity user from the LDAP server specified in an LDAP scheme.
Recommended action	103. Make sure no identity user with the same name exists on the device. 104. Make sure the identity domain name or the identity username does not contain invalid characters.

IFNET messages

This section contains interface management messages.

IF_JUMBOFRAME_WARN

Message text	The specified size of jumbo frames on the aggregate interface [STRING] is not supported on the member port [STRING].
Variable fields	$1: Aggregate interface name. $2: Member port name.
Severity level	3
Example	IFNET/3/IF_JUMBOFRAME_WARN: -MDC=1-Slot=3; The specified size of jumbo frames on the aggregate interface Bridge-Aggregation1 is not supported on the member port GigabitEthernet1/0/1.
Explanation	Some member ports do not support the jumbo frame size configured on the aggregate interface.
Recommended action	105. Identity the value range for the jumbo frame size supported on member ports. 106. Specify a jumbo frame size supported by member ports for the aggregate interface.

INTERFACE_NOTSUPPRESSED

Message text	Interface [STRING] is not suppressed.
Variable fields	$1: Interface name.
Severity level	6
Example	IFNET/6/INTERFACE_NOTSUPPRESSED: Interface GigabitEthernet1/0/1 is not suppressed.
Explanation	The interface changed from suppressed state to unsuppressed state. When the interface is unsuppressed, the upper-layer services can detect the physical state changes of the interface.
Recommended action	No action is required.

INTERFACE_SUPPRESSED

Message text	Interface [STRING] was suppressed.
Variable fields	$1: Interface name.
Severity level	5
Example	IFNET/5/INTERFACE_SUPPRESSED: Interface GigabitEthernet1/0/1 was suppressed.
Explanation	The interface was suppressed because its state frequently changed. When the interface is suppressed, the upper-layer services cannot detect the physical state changes of the interface.
Recommended action	107. Check whether the network cable of the interface or peer interface is frequently plugged and unplugged. 108. Configure physical state change suppression to adjust the suppression parameters.

LINK_UPDOWN

Message text	Line protocol state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: State of link layer protocol, which can be up or down.
Severity level	5
Example	IFNET/5/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/1 changed to down.
Explanation	The link layer protocol state changed on an interface.
Recommended action	When the link layer protocol state of an interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the interface.

PHY_UPDOWN

Message text	Physical state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Link state, which can be up or down.
Severity level	3
Example	IFNET/3/PHY_UPDOWN: Physical state on the interface GigabitEthernet1/0/1 changed to down.
Explanation	The physical state changed on an interface.
Recommended action	When the interface is physically down, check whether a physical link is present or whether the link fails.

PROTOCOL_UPDOWN

Message text	Protocol [STRING] state on the interface [STRING] changed to [STRING].
Variable fields	$1: Protocol name. $2: Interface name. $3: Protocol state, which can be up or down.
Severity level	5
Example	IFNET/5/PROTOCOL_UPDOWN: Protocol IPX state on the interface GigabitEthernet1/0/1 changed to up.
Explanation	The state of a protocol has been changed on an interface.
Recommended action	When the state of a network layer protocol is down, check the network layer protocol configuration.

TUNNEL_LINK_UPDOWN

Message text	Line protocol state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Protocol state, which can be up or down.
Severity level	5
Example	IFNET/5/TUNNEL_LINK_UPDOWN: Line protocol state on the interface Tunnel1 changed to down.
Explanation	The link layer protocol state changed on a tunnel interface.
Recommended action	When the link layer protocol state of a tunnel interface is down, use the display interface command to display the link layer protocol state and locate the reason for which the link layer protocol state changed to down on the tunnel interface.

TUNNEL_PHY_UPDOWN

Message text	Physical state on the interface [STRING] changed to [STRING].
Variable fields	$1: Interface name. $2: Protocol state, which can be up or down.
Severity level	3
Example	IFNET/3/TUNNEL_PHY_UPDOWN: Physical state on the interface Tunnel1 changed to down.
Explanation	The link layer state changed on a tunnel interface.
Recommended action	When the interface is physically down, check whether a physical link is present or whether the link fails.

VLAN_MODE_CHANGE

Message text	Dynamic VLAN [INT32] has changed to a static VLAN.
Variable fields	$1: VLAN ID.
Severity level	5
Example	IFNET/5/VLAN_MODE_CHANGE: Dynamic VLAN 20 has changed to a static VLAN.
Explanation	Creating a VLAN interface for a VLAN cause the dynamic VLAN to become a static VLAN.
Recommended action	No action is required.

IKE messages

This section contains IKE messages.

IKE_P1_SA_ESTABLISH_FAIL

Message text	Failed to establish phase 1 SA in [STRING] mode [STRING] state. Reason: [STRING]. SA information: · Role: [STRING] · Local IP: [STRING] · Local ID type: [STRING] · Local ID: [STRING] · Local port: [UINT32] · Retransmissions: [UINT32] · Remote IP: [STRING] · Remote ID type: [STRING] · Remote ID: [STRING] · Remote port: [UINT32] · Recived retransmissions: [UINT32] · Inside VPN instance: [STRING] · Outside VPN instance: [STRING] · Initiator Cookie: [STRING] · Responder Cookie: [STRING] · Connection ID: [UINT32] · Tunnel ID: [UINT32] · IKE profile name: [STRING]
Variable fields	$1: Negotiation mode: main or aggressive. $2: State of the negotiation state machine. $3: Failure reason: ¡ Failed to verify the peer signature. ¡ HASH payload is missing. ¡ Failed to verify the peer HASH. Local HASH is %s. Peer HASH is %s. ¡ Signature payload is missing. ¡ Failed to get subject name from certificate. ¡ Failed to get certificate. ¡ Failed to get local certificate. ¡ Failed to get private key. ¡ Failed to verify the peer certificate (%s). ¡ Failed to get ID data for constructing ID payload. ¡ Invalid ID payload length: %d. ¡ Invalid ID payload with protocol %u and port %u. ¡ Invalid ID type (%u). ¡ Unsupported attribute %u. ¡ Attribute %s is repeated. ¡ Unsupported DOI %s. ¡ Unsupported IPsec DOI situation (%u). ¡ KE payload is missing. ¡ Invalid KE payload length (%lu). ¡ Invalid nonce payload length (%lu). ¡ No available proposal. ¡ Failed to parse the Cert Request payload. ¡ The proposal payload must be the last payload in the SA payload, but it is found followed by the %s payload. ¡ Unexpected protocol ID (%u) found in proposal payload. ¡ No transform payload in proposal payload. ¡ Transform number is not monotonically increasing. ¡ Invalid transform ID (%s). ¡ No acceptable transform. ¡ Unexpected %s payload in proposal. ¡ Invalid SPI length (%d) in proposal payload. ¡ Only one transform is permitted in one proposal, but %u transforms are found. ¡ Failed to find matching proposal in profile %s. ¡ Failed to find proposal %u in profile %s. ¡ Failed to find keychain %s in profile %s. ¡ Retransmission timeout. ¡ Incorrect configuration. ¡ Failed to construct certificate request payload. ¡ An error notification is received. ¡ Failed to add tunnel. $4: Role, initiator or responder. $5-$9: Information about the local end. $10-$14: Information about the remote end. $15: Inside VPN instance. $16: Outside VPN instance. $17-$18: Initiator cookie and responder cookie. $19: Connection ID. $20: IKE tunnel ID. The default is 4294967295. $21: IKE profile name.
Severity level	6
Example	IKE/6/IKE_P1_SA_ESTABLISH_FAIL: Failed to establish phase 1 SA in main mode IKE_P1_STATE_SEND1 state. Reason: Failed to get certificate. SA information: · Role: Initiator · Local IP: 4.4.4.4 · Local ID type: IPV4_ADDR · Local ID: 4.4.4.4 · Local port: 500 · Retransmissions: 0 · Remote IP: 4.4.4.5 · Remote ID type: IPV4_ADDR · Remote ID: 4.4.4.5 · Remote port: 500 · Recived retransmissions: 0 · Inside VPN instance: aaa · Outside VPN instance : bbb · Initiator Cookie: 4a42af47dbf0b2b1 · Responder Cookie: 8f8c1ff6645efbaf · Connection ID: 1 · Tunnel ID: 1 · IKE profile name: abc
Explanation	IKE failed to establish a phase 1 SA. This message also displays the failure reason and information about the SA.
Recommended action	Verify the IKE configuration on the local and remote ends.

IKE_P1_SA_TERMINATE

Message text	The IKE phase 1 SA was deleted. Reason: [STRING]. SA information: · Role: [STRING] · Local IP: [STRING] · Local ID type: [STRING] · Local ID: [STRING] · Local port: [UINT32] · Retransmissions: [UINT32] · Remote IP: [STRING] · Remote ID type: [STRING] · Remote ID: [STRING] · Remote port: [UINT32] · Recived retransmissions: [UINT32] · Inside VPN instance: [STRING] · Outside VPN instance: [STRING] · Initiator Cookie: [STRING] · Responder Cookie: [STRING] · Connection ID: [UINT32] · Tunnel ID: [UINT32] · IKE profile name: [STRING]
Variable fields	$1: Reason for the deletion: ¡ DPD timeout. ¡ New IKE SA had been negotiated, and the old one was deleted. ¡ The IKE SA was redundant. ¡ An IKE SA deletion message was received from peer. ¡ IKE keepalive timed out. ¡ The IKE SA expired. ¡ The reset ike sa connection-id command was executed. ¡ All IKE SAs were deleted. ¡ The IKE SA in the GDOI group was deleted. $2: Role, initiator or responder. $3-$7: Information about the local end. $8-$12: Information about the remote end. $13: Inside VPN instance. $14: Outside VPN instance. $15-$16: Initiator cookie and responder cookie. $17: Connection ID. $18: IKE tunnel ID. The default is 4294967295. $19: IKE profile name.
Severity level	6
Example	IKE/6/IKE_P1_SA_TERMINATE: The IKE phase 1 SA was deleted. Reason: DPD timeout. SA information: · Role: Responder · Local IP: 4.4.4.4 · Local ID type: IPV4_ADDR · Local ID: 4.4.4.4 · Local port: 500 · Retransmissions: 0 · Remote IP: 4.4.4.5 · Remote ID type: IPV4_ADDR · Remote ID: 4.4.4.5 · Remote port: 500 · Recived retransmissions: 0 · Inside VPN instance: aaa · Outside VPN instance: bbb · Initiator Cookie: 4a42af47dbf0b2b1 · Responder Cookie: 8f8c1ff6645efbaf · Connection ID: 1 · Tunnel ID: 1 · IKE profile name: abc
Explanation	The IKE SA established in phase 1 was deleted. This message also displays the deletion reason and information about the SA.
Recommended action	No action is required.

IKE_P2_SA_ESTABLISH_FAIL

Message text	Failed to establish phase 2 SA in [STRING] state. Reason: [STRING]. SA information: · Role: [STRING]. · Local address: [STRING]. · Remote address: [STRING]. · Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] · Dest addr: Protocol:[STRING] Port: [UINT32] Protocol: [STRING] · Inside VPN instance: [STRING]. · Outside VPN instance: [STRING]. · Inbound AH SPI: [STRING] · Outbound AH SPI: [STRING] · Inbound ESP SPI: [STRING] · Outbound ESP SPI: [STRING] · Initiator Cookie: [STRING] · Responder Cookie: [STRING]. · Message ID: [STRING]. · Connection ID: [UINT32]. · Tunnel ID: [UINT32].
Variable fields	$1: State of the negotiation state machine. $2: Failure reason: ¡ Failed to construct ID payload. ¡ Failed to calculate %s. ¡ Failed to validate %s. ¡ Failed to compute key material. ¡ Incorrect configuration. ¡ Failed to switch IPsec SA. ¡ The nonce payload doesn't exist. ¡ Invalid nonce payload length (%lu). ¡ No valid DH group description in SA payload. ¡ The KE payload doesn't exist. ¡ Too many KE payloads. ¡ The length of the KE payload doesn't match the DH group description. ¡ Failed to send message to IPsec when getting SP. ¡ Failed to send message to IPsec when getting SPI. ¡ Failed to add phase 2 SA. ¡ Retransmission of phase 2 packet timed out. ¡ Collision detected in phase 2 negotiation. ¡ No matching proposal found between the local and remote ends. ¡ Transform number is not monotonically increasing. ¡ Proposal payload has more transforms than specified in the proposal payload. ¡ Proposal payload has less transforms than specified in the proposal payload. ¡ Attribute %d is repeated in IPsec transform %d. ¡ SA_LIFE_TYPE attribute is repeated in packet. ¡ The SA_LIFE_TYPE attribute must be in front of the SA_LIFE_DURATION attribute. ¡ Unsupported IPsec attribute %s. ¡ The encapsulation mode must be specified in the IPsec transform set. ¡ Invalid SPI length (%u) in IPsec proposal. ¡ Invalid SPI (%u) in IPsec proposal. ¡ The Transform ID (%d) in transform %d doesn't match authentication algorithm %s (%u). ¡ Failed to get SPI from proposal. ¡ No transform in IPsec proposal. ¡ A proposal payload contains more than one AH proposal. ¡ Invalid next payload (%u) in proposal. ¡ No ESP or AH proposal. ¡ Unsupported DOI. ¡ Unsupported IPsec DOI situation (%u). ¡ Invalid IPsec proposal %u. ¡ Failed to get IPsec policy when renegotiating IPsec SA. ¡ Failed to get IPsec policy as phase 2 responder. $3: Role, initiator or responder. $4: Local IP address. $5: Remote IP address. $6-$11: Data flow-related parameters. $12: Inside VPN instance. $13: Outside VPN instance. $14: Inbound AH SPI. $15: Outbound AH SPI. $16: Inbound ESP SPI. $17: Outboundd ESP SPI. $18-$19: Initiator cookie and responder cookie. $20: Message ID. $21: Connection ID. $22: IKE tunnel ID. The default is 4294967295.
Severity level	6
Example	IKE/6/IKE_P2_SA_ESTABLISH_FAIL: Failed to establish phase 2 SA in IKE_P2_STATE_GETSPI state. Reason: Failed to get SPI from proposal. SA information: · Role: Responder · Local address: 2.2.2.2 · Remote address: 1.1.1.1 · Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP · Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP · Inside VPN instance: aaa · Outside VPN instance: bbb · Inbound AH SPI: 192365458 · Outbound AH SPI: 13654581 · Inbound ESP SPI: 292334583 · Outbound ESP SPI: 5923654586 · Initiator Cookie: 4a42af47dbf0b2b1 · Responder Cookie: 8f8c1ff6645efbaf · Message ID: 0xa2b11c8e · Connection ID: 1 · Tunnel ID: 1
Explanation	IKE failed to establish a phase 2 SA. This message also displays the failure reason and information about the SA.
Recommended action	Verify the IKE and IPsec configurations on the local and remote ends.

IKE_P2_SA_TERMINATE

Example	The IKE phase 2 SA was deleted. Reason: [STRING]. SA information: · Role: [STRING] · Local address: [STRING] · Remote address: [STRING] · Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] · Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] · Inside VPN instance: [STRING] · Outside VPN instance: [STRING] · Inbound AH SPI: [STRING] · Outbound AH SPI: [STRING] · Inbound ESP SPI: [STRING] · Outbound ESP SPI: [STRING] · Initiator Cookie: [STRING] · Responder Cookie: [STRING] · Message ID: [STRING] · Connection ID: [UINT32] · Tunnel ID: [UINT32]
Variable fields	$1: Reason for the deletion: ¡ The SA expired. ¡ An IPsec SA deletion message was received from peer. ¡ New P2 SA had been negotiated, and the old one was deleted. ¡ All P2 SAs were deleted. ¡ The P2 SA was deleted by SPID. ¡ The P2 SA was deleted by IFIndex. ¡ The P2 SA was deleted by SA index. $2: Role, initiator or responder. $3: Local IP address. $4: Remote IP address. $5-$10: Data flow-related parameters. $11: Inside VPN instance. $12: Outside VPN instance. $13: Inbound AH SPI. $14: Outbound AH SPI. $15: Inbound ESP SPI. $16: Outboundd ESP SPI. $17-$18: Initiator cookie and responder cookie. $19: Message ID. $20: Connection ID. $21: IKE tunnel ID. The default is 4294967295.
Severity level	6
Example	IKE/6/IKE_P2_SA_TERMINATE: The IKE phase 2 SA was deleted. Reason: An IPsec SA deletion message was received. SA information: · Role: Responder · Local address: 2.2.2.2 · Remote address: 1.1.1.1 · Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP · Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP · Inside VPN instance: aaa · Outside VPN instance: bbb · Inbound AH SPI: 192365458 · Outbound AH SPI: 13654581 · Inbound ESP SPI: 292334583 · Outbound ESP SPI: 5923654586 · Initiator Cookie: 4a42af47dbf0b2b1 · Responder Cookie: 8f8c1ff6645efbaf · Message ID: 0xa2b11c8e · Connection ID: 1 · Tunnel ID: 1
Explanation	An IKE phase 2 SA was deleted. This message also displays the deletion reason and information about the SA.
Recommended action	No action is required.

IKE_XAUTH_FAILE

Example	Failed to pass extended authentication in [STRING] mode [STRING] state. Reason: [STRING]. SA information: · Role: [STRING]. · Local IP: [STRING]. · Local ID type: [STRING]. · Local ID: [STRING]. · Local port: [UINT32]. · Retransmissions: [UINT32] · Remote IP: [STRING]. · Remote ID type: [STRING]. · Remote ID: [STRING]. · Remote port: [UINT32]. · Recived retransmissions: [UINT32] · Inside VPN instance: [STRING]. · Outside VPN instance: [STRING]. · Initiator Cookie: [STRING] · Responder Cookie: [STRING]. · Message ID: [STRING]. · Connection ID: [UINT32]
Variable fields	$1: Negotiation mode: main or aggressive. $2: State of the negotiation state machine. $3: Failure reason: ¡ Failed to verify the HASH payload. ¡ Failed to parse the attribute payload. $4: Role, initiator or responder. $5-$9: Information about the local end. $10-$14: Information about the remote end. $15: Inside VPN instance. $16: Outside VPN instance. $17-$18: Initiator cookie and responder cookie. $19: Message ID. $20: Connection ID.
Severity level	6
Example	IKE/6/IKE_XAUTU_FAILE: Failed to pass extended authentication, in main mode IKE_XAUTH_STATE_SET state. Reason: Failed to parse the attribute payload. SA information: · Role: Initiator · Local IP: 4.4.4.4 · Local ID type: IPV4_ADDR · Local ID: 4.4.4.4 · Local port: 500 · Retransmissions: 0 · Remote IP: 4.4.4.5 · Remote ID type: IPV4_ADDR · Remote ID: 4.4.4.5 · Remote port: 500 · Recived retransmissions: 0 · Inside VPN instance: aaa · Outside VPN instance: bbb · Initiator Cookie: 4a42af47dbf0b2b1 · Responder Cookie: 8f8c1ff6645efbaf · Message ID: 0xa2b11c8e · Connection ID: 1
Explanation	Extended authentication failed. This message also displays the failure reason and information about the SA.
Recommended action	No action is required.

IPADDR messages

This section contains IP addressing messages.

IPADDR_HA_EVENT_ERROR

Message text	A process failed HA upgrade because [STRING].
Variable fields	$1: HA upgrade failure reason: ¡ IPADDR failed the smooth upgrade. ¡ IPADDR failed to reupgrade to the master process. ¡ IPADDR stopped to restart the timer. ¡ IPADDR failed to upgrade to the master process. ¡ IPADDR failed to restart the upgrade. ¡ IPADDR failed to add the unicast object to the master task epoll. ¡ IPADDR failed to create an unicast object. ¡ IPADDR role switchover failed when the standby process switched to the master process. ¡ IPADDR switchover failed when the master process switched to the standby process. ¡ IPADDR HA upgrade failed. ¡ IPADDR failed to set the interface filtering criteria. ¡ IPADDR failed to register interface events. ¡ IPADDR failed to subscribe port events. ¡ IPADDR failed to add a VPN port event to the master epoll. ¡ IRDP failed to open DBM. ¡ IRDP failed to initiate a connection to the device management module. ¡ IRDP failed to add the master task epoll with the handle used to connect to the device management module. ¡ IRDP failed to register device management events. ¡ IRDP failed to subscribe port events. ¡ IRDP failed to add the master task epoll with the handle used to subscribe port events. ¡ IRDP failed to set the interface filtering criteria. ¡ IRDP failed to register interface events. ¡ IRDP failed to register network events. ¡ IRDP failed to create the interface control block storage handle. ¡ IRDP failed to create the timer. ¡ IRDP failed to add the master task epoll with the handle used to create the timer. ¡ IRDP failed to set the schedule time for the timer. ¡ IRDP failed to set the timer to unblocked status. ¡ IRDP failed to create a timer instance.
Severity level	4
Example	IPADDR/4/IPADDR_HA_EVENT_ERROR: A process failed HA upgrade because IPADDR failed the smooth upgrade.
Explanation	A process failed HA upgrade and the message was sent to show the failure reason.
Recommended action	Please contact H3C Support.

IPADDR_HA_STOP_EVENT

Message text	The device received an HA stop event.
Variable fields	None.
Severity level	4
Example	IPADDR/4/IPADDR_HA_STOP_EVENT: The device received an HA stop event.
Explanation	This message is sent when the device receives an HA stop event.
Recommended action	Please contact H3C Support.

IPS messages

This section contains IPS messages.

IPS_IPV4_INTERZONE

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=[STRING];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];AttackName(1088)=[STRING];AttackID(1089)=[UINT32];Category(1090)=[STRING];Protection(1091)=[STRING];SubProtection(1092)=[STRING];Severity(1087)=[STRING];Action(1053)=[STRING];CVE(1075)=[STRING];BID(1076)=[STRING];MSB(1077)=[STRING];HitDirection(1115)=[STRING];RealSrcIP(1100)=[STRING];SubCategory(1124)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IP address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: Source VPN instance name. $8: Source security zone name. $9: Destination security zone name. $10: Name of the identity user. $11: Policy name. $12: Attack name. $13: Attack ID. $14: Attack category. $15: Protected object type. $16: Protected object. $17: Severity level. Valid values are: · INVALID: Severity level not specified. · LOW. · MEDIUM. · HIGH. · CRITICAL. $18: Actions applied to the packet. Available actions are: · Block-Source. · Drop. · Reset. · Permit. · Redirect. · Capture. · Logging. $19: Common Vulnerabilities and Exposures (CVE). $20: Bugtraq ID (BID). $21: Microsoft Security Bulletins ( MSB). $22: Packet direction: · original. · reply. $23: Original source IP address of the packet. $24: Attack subcategory.
Severity level	4
Example	IPS/4/IPS_IPV4_INTERZONE:-Context=1;Protocol(1001)=TCP;Application(1002)=http;SrcIPAddr(1003)=100.10.10.40;SrcPort(1004)=2999;DstIPAddr(1007)=200.10.10.40;DstPort(1008)=80;RcvVPNInstance(1042)=;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;PolicyName(1079)=ips;AttackName(1088)=WEB_CLIENT_Windows_Media_ASF_File_Download_SET;AttackID(1089)=5707;Category(1090)=Other;Protection(1091)=Other;SubProtection(1092)=Other;Severity(1087)=CRITICAL;Action(1053)=Reset & Logging;CVE(1075)=CVE-2014-6277 \| CVE-2014-6278;BID(1076)=BID-22559;MSB(1077)=MS10-017;HitDirection(1115)=original;RealSrcIP(1100)=10.10.10.10,20.20.20.20;SubCategory(1124)=Other;
Explanation	An IPv4 packet matched an IPS signature.
Recommended action	No action is required.

IPS_IPV6_INTERZONE

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];RcvVPNInstance(1042)=-[ STRING];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];PolicyName(1079)=[STRING];AttackName(1088)=[STRING];AttackID(1089)=[UINT32];Category(1090)=[STRING];Protection(1091)=[STRING];SubProtection(1092)=[STRING];Severity(1087)=[STRING];Action(1053)=[STRING];CVE(1075)=[STRING];BID(1076)=[STRING];MSB(1077)=[STRING];HitDirection(1115)=[STRING];RealSrcIP(1100)=[STRING];SubCategory(1124)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IPv6 address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: Source VPN instance name. $8: Source security zone name. $9: Destination security zone name. $10: Name of the identity user. $11: Policy name. $12: Attack name. $13: Attack ID. $14: Attack category. $15: Protected object type. $16: Protected object. $17: Severity level. Valid values are: · INVALID: Severity level not specified. · LOW. · MEDIUM. · HIGH. · CRITICAL. $18: Actions applied to the packet. Available actions are: · Block-Source. · Drop. · Reset. · Permit. · Redirect. · Capture. · Logging. $19: Common Vulnerabilities and Exposures (CVE). $20: Bugtraq ID (BID). $21: Microsoft Security Bulletins ( MSB). $22: Packet direction: · original. · reply. $23: Original source IP address of the packet. $24: Attack subcategory.
Severity level	4
Example	IPS/4/IPS_IPV6_INTERZONE:-Context=1;Protocol(1001)=TCP;Application(1002)=http;SrcIPv6Addr(1036)=100::40;SrcPort(1004)=2999;DstIPv6Addr(1037)=200::40;DstPort(1008)=80;RcvVPNInstance(1042)=;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=aaa;PolicyName(1079)=ips;AttackName(1088)=WEB_CLIENT_Windows_Media_ASF_File_Download_SET;AttackID(1089)=5707;Category(1090)=Other;Protection(1091)=Other;SubProtection(1092)=Other;Severity(1087)=CRITICAL;Action(1053)=Reset & Logging;CVE(1075)=CVE-2014-6277 \| CVE-2014-6278;BID(1076)=BID-22559;MSB(1077)=MS10-017;HitDirection(1115)=reply;RealSrcIP(1100)=10::1;SubCategory(1124)=Other;
Explanation	An IPv6 packet matched an IPS signature.
Recommended action	No action is required.

IPS_WARNING

Message text	Updated the IPS signature library successfully.
Variable fields	None.
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Updated the IPS signature library successfully.
Explanation	The IPS signature library was updated successfully through a manual offline update or triggered online update.
Recommended action	No action is required.

IPS_WARNING

Message text	Rolled back the IPS signature library successfully.
Variable fields	None.
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Rolled back the IPS signature library successfully.
Explanation	The IPS signature library was rolled back to the previous or factory default version successfully.
Recommended action	No action is required.

IPS_WARNING

Message text	Failed to update the IPS signature library because no valid license was found for the IPS feature.
Variable fields	None.
Severity level	4
Example	IPS/4/IPS_WARNING: -Context=1; Failed to update the IPS signature library because no valid license was found for the IPS feature.
Explanation	Failed to update the IPS signature library through immediate online update, local offline update, or scheduled online update, because no valid license can be found. For local offline update failures, this message is displayed only for operations performed on the Web interface.
Recommended action	No action is required.

IPSEC messages

This section contains IPsec messages.

IPSEC_FAILED_ADD_FLOW_TABLE

Message text	Failed to add flow-table due to [STRING].
Variable fields	$1: Reason for the failure.
Severity level	4
Example	IPSEC/4/IPSEC_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource.
Explanation	Failed to add the flow table.
Recommended action	If the failure is caused by not enough hardware resources, contact H3C Support.

IPSEC_PACKET_DISCARDED

Message text	IPsec packet discarded, Src IP:[STRING], Dst IP:[STRING], SPI:[UINT32], SN:[UINT32], Cause:[STRING].
Variable fields	$1: Source IP address. $2: Destination IP address. $3: Security parameter index (SPI). $4: Sequence number of the packet. $5: Reason for dropping this packet: · Anti-replay checking failed. · AH authentication failed. · ESP authentication failed. · Invalid SA. · ESP decryption failed. · Source address of packet does not match the SA. · No ACL rule matched.
Severity level	6
Example	IPSEC/6/IPSEC_PACKET_DISCARDED: IPsec packet discarded, Src IP:1.1.1.2, Dest IP:1.1.1.4, SPI:1002, SN:0, Cause:ah authentication failed
Explanation	An IPsec packet was dropped.
Recommended action	No action is required.

IPSEC_SA_ESTABLISH

Message text	IPsec SA was established. · Role: [STRING] · Local address: [STRING] · Remote address: [STRING] · Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] · Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] · Inside VPN instance: [STRING] · Outside VPN instance: [STRING] · Inbound AH SPI: [STRING] · Outbound AH SPI: [STRING] · Inbound ESP SPI: [STRING] · Outbound ESP SPI: [STRING] · ACL number: [UINT32] · ACL name: [STRING]
Variable fields	$1: Role, initiator or responder. $2: Local IP address. $3: Remote IP address. $4-$9: Data flow related parameters. $10: Inside VPN instance. $11: Outside VPN instance. $12: Inbound AH SPI. $13: Outbound AH SPI. $14: Inbound ESP SPI. $15: Outbound ESP SPI. $16: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $17: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_ESTABLISH: IPsec SA was established. Role: Responder Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101
Explanation	An IPsec SA was established.
Recommended action	No action is required.

IPSEC_SA_ESTABLISH_FAIL

Message text	Failed to establish IPsec SA. Reason: [STRING]. SA information: Role: [STRING] Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] Inbound AH SPI: [STRING] Outbound AH SPI: [STRING] Inbound ESP SPI: [STRING] Outbound ESP SPI: [STRING] ACL number: [UINT32] ACL name: [STRING]
Variable fields	$1: Failure reason: · Get SP: Required configuration is missing in the SP. SP ID=%u. · Get SP: The SP's local address doesn't match the local address configured in the IKE profile. SP ID=%u, SP's local address=%s, p2policy's local address=%s. · Get SP: The remote address doesn't exist. SP ID=%u, hostname=%s. · Get SP: The SP's remote address doesn't match the remote address configured in the IKE profile. SP ID=%u, SP's remote address=%s, p2policy's remote address=%s. · Get SP: SP's mode [%d] is not IPSEC_PLCMODE_ISAKMP/ISAKMPTEMPLATE. · Get SP: The SP contains incomplete flow matching configuration. · Get SP: Failed to get the SP. · The policy contains incorrect ACL or IKE profile configuration. PolicyName=%s, Seqnum=%d. · Get SP: The SP doesn't have an IPsec transform set. · Get SP: Failed to create larval SA. · Create SA: Failed to fill the SA. · Create SA: Failed to create SA. · Create SA: Can't find SP. · Failed to create tunnel because a tunnel with the same index and sequence number already exists. Tunnel index=%d, tunnel seq=%d. · Failed to switch SA because the inbound SA can't be found. SPI=%u. · Failed to switch SA because the SA state is incorrect. · Failed to switch SA because the outbound SA can't be found. · Failed to switch SA because the outbound SA using another security protocol can't be found. · Failed to switch SA in kernel. · Failed to notify kernel of the link state change. · Number of IPsec tunnels reached the crypto capacity of the device. · Maximum number of IPsec tunnels already reached. · Failed to add IPsec tunnel. · Failed to add IPsec tunnel to kernel. $2: Role, initiator or responder. $3: Local IP address. $4: Remote IP address. $5-$10: Data flow related parameters. $11: Inside VPN instance. $12: Outside VPN instance. $13: Inbound AH SPI. $14: Outbound AH SPI. $15: Inbound ESP SPI. $16: Outbound ESP SPI. $17: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $18: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_ESTABLISH_FAIL: Failed to establish IPsec SA Reason: Failed to add IPsec tunnel. SA information: Role: Responder Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101
Explanation	Failed to establish an IPsec SA.
Recommended action	Verify the IPsec configurations on the local and peer devices.

IPSEC_SA_INITIATION

Message text	Began to establish IPsec SA. Local address: [STRING] Remote address: [STRING] Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] Inside VPN instance: [STRING] Outside VPN instance: [STRING] ACL number: [UINT32] ACL name: [STRING]
Variable fields	$1: Local IP address. $2: Remote IP address. $3-$8: Data flow related parameters. $9: Inside VPN instance. $10: Outside VPN instance. $11: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $12: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_INITIATION: Began to establish IPsec SA. Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb ACL number: 3101
Explanation	An IPsec SA was to be established.
Recommended action	No action is required.

IPSEC_SA_TERMINATE

Message text	The IPsec SA was deleted. Reason: [STRING] SA information: · Role: [STRING] · Local address: [STRING] · Remote address: [STRING] · Sour addr: [STRING] Port: [UINT32] Protocol: [STRING] · Dest addr: [STRING] Port: [UINT32] Protocol: [STRING] · Inside VPN instance: [STRING] · Outside VPN instance: [STRING] · Inbound AH SPI: [STRING] · Outbound AH SPI: [STRING] · Inbound ESP SPI: [STRING] · Outbound ESP SPI: [STRING] · ACL number: [UINT32] · ACL name: [STRING]
Variable fields	$1: Reason for the deletion: · SA idle timeout · The reset command was executed · Internal event · Configuration change · An IKE SA deletion message was received $2: Role, initiator or responder. $3: Local IP address. $4: Remote IP address. $5-$10: Data flow related parameters. $11: Inside VPN instance. $12: Outside VPN instance. $13: Inbound AH SPI $14: Outbound AH SPI $15: Inbound ESP SPI $16: Outbound ESP SPI $17: ACL number. The default is 4294967295. This field is not displayed if the ACL name is displayed. $18: ACL name. This field is not displayed if the ACL number is displayed.
Severity level	6
Example	IPSEC/6/IPSEC_SA_TERMINATE: The IPsec SA was deleted. Reason: SA idle timeout. SA information: Role: initiator Local address: 2.2.2.2 Remote address: 1.1.1.1 Sour addr: 192.168.2.0/255.255.255.0 Port: 0 Protocol: IP Dest addr: 192.168.1.0/255.255.255.0 Port: 0 Protocol: IP Inside VPN instance: aaa Outside VPN instance: bbb Inbound AH SPI: 192365458 Outbound AH SPI: 13654581 Inbound ESP SPI: 292334583 Outbound ESP SPI: 5923654586 ACL number: 3101
Explanation	An IPsec SA was deleted.
Recommended action	No action is required.

IPSEC_ANTI-REPLAY_WINDOWS_ERROR

Message text	Anti-replay dropped a packet: src=[STRING]; time-sent=[STRING], [UINT32] [STRING] [UINT32] [UINT32]:[UINT32]:[UINT32] [UINT32]us; time-received=[STRING], [UINT32] [STRING] [UINT32] [UINT32]:[UINT32]:[UINT32] [UINT32]us; time-diff=[UINT32]us; window-size= +-[FLOAT]ms.
Variable fields	$1: Source IP address of the packet. $2: Day of the week on which the packet was sent. $3: Day of the month on which the packet was sent. $4: Month in which the packet was sent. $5: Year in which the packet was sent. $6: Hour at which the packet was sent. $7: Minute at which the packet was sent. $8: Second at which the packet was sent. $9: Microsecond at which the packet was sent. $10: Day of the week on which the packet was received. $11: Day of the month on which the packet was received. $12: Month in which the packet was received. $13: Year in which the packet was received. $14: Hour at which the packet was received. $15: Minute at which the packet was received. $16: Second at which the packet was received. $17: Microsecond at which the packet was received. $18: Interval between the time the packet was sent and the time it was received, in microseconds. $19: Half the anti-replay window size, in milliseconds.
Severity level	6
Example	IPSEC/6/IPSEC_ANTI-REPLAY_WINDOWS_ERROR: Anti-replay dropped a packet: src=192.168.58.178;time-sent=Sat, 23 Apr 2016 11:17:29 594565us; time-received =Sat, 23 Apr 2016 11:17:26 707866us; time-diff=2886699us; window-size =+-2500ms.
Explanation	A packet was dropped. Possible reasons include: · The interval between the time the packet was sent and the time it was received exceeds the anti-replay window size. · Anti-replay is enabled on the receiving IPsec tunnel end but the received packet does not have an anti-replay header. · In tunnel mode, anti-replay is not enabled but the received packet has an anti-replay header.
Recommended action	No action is required.

IPSG messages

This section contains IPSG messages.

IPSG_ADDENTRY_ERROR

Message text	Failed to add an IP source guard binding (IP [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING].
Variable fields	$1: IP address. If you do not specify an IP address, this field displays N/A. $2: MAC address. If you do not specify a MAC address, this field displays N/A. $3: VLAN ID. If you do not specify a VLAN, this field displays 65535. $4: Interface name. If you do not specify an interface, this field displays N/A. $5: Failure reasons. Available options include: ¡ Feature not supported ¡ Resources not sufficient ¡ Unknown error
Severity level	6
Example	IPSG/6/IPSG_ADDENTRY_ERROR: Failed to add an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Resources not sufficient.
Explanation	IPSG failed to issue a static or dynamic IPSG binding. The message is sent in any of the following situations: · The IPSG feature is not supported. · The hardware resources are not sufficient for the operation. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Clear the memory to release hardware resources when the failure is caused by insufficient hardware resources. · Add the IPSG binding again if you are adding a static binding. · Contact H3C Support if the failure is caused by an unknown error.

IPSG_DELENTRY_ERROR

Message text	Failed to delete an IP source guard binding (IP [STRING], MAC [STRING], and VLAN [UINT16]) on interface [STRING]. [STRING].
Variable fields	$1: IP address. If you do not specify an IP address, this field displays N/A. $2: MAC address. If you do not specify a MAC address, this field displays N/A. $3: VLAN ID. If you do not specify a VLAN, this field displays 65535. $4: Interface name. If you do not specify an interface, this field displays N/A. $5: Failure reason. Available options include: ¡ Feature not supported ¡ Unknown error
Severity level	6
Example	IPSG/6/IPSG_DELENTRY_ERROR: Failed to delete an IP source guard binding (IP 1.1.1.1, MAC 0001-0001-0001, and VLAN 1) on interface Vlan-interface1. Unknown error.
Explanation	IPSG failed to delete a global static IPSG binding. The message is sent in any of the following situations: · The IPSG feature is not supported. · An unknown error occurs.
Recommended action	To resolve the problem, you can perform the following tasks: · Delete the global static IPSG binding again. · Contact H3C Support if the failure is caused by an unknown error.

IRDP messages

This section contains IRDP messages.

IRDP_EXCEED_ADVADDR_LIMIT

Message text	The number of advertisement addresses on interface [STRING] exceeded the limit 255.
Variable fields	$1: Interface name.
Severity level	6
Example	IRDP/6/IRDP_EXCEED_ADVADDR_LIMIT: The number of advertisement addresses on interface Ethernet1/1/0/2 exceeded the limit 255.
Explanation	The number of addresses to be advertised on an interface exceeds the upper limit.
Recommended action	Remove unused addresses on the interface.

IRF

This section contains IRF messages.

IRF_LINK_BLOCK

Message text	IRF port went blocked.
Variable fields	N/A
Severity level	2
Example	IRF/2/IRF_LINK_BLOCK: IRF port went blocked.
Explanation	The IRF port was blocked. A blocked IRF port cannot send and receive service packets, but it can send and receive IRF protocol packets. For example, this message appears on the member device that has the lower priority when an IRF member ID conflict is detected for member devices.
Recommended action	Check the IRF member ID on each member device for any conflict, and change the IRF member IDs of member devices to be unique.

IRF_LINK_DOWN

Message text	IRF port went down.
Variable fields	N/A
Severity level	3
Example	IRF/3/IRF_LINK_DOWN: IRF port went down.
Explanation	The IRF port went down.
Recommended action	Verify the following items: · Network interfaces have been bound to the IRF port. · The IRF network interfaces and the peer interfaces have Layer 2 connectivity.

IRF_LINK_UP

Message text	IRF port came up.
Variable fields	N/A
Severity level	6
Example	IRF/6/IRF_LINK_UP: IRF port came up.
Explanation	The IRF port came up.
Recommended action	No action is required.

IRF_MEMBER_LEFT

Message text	Member [STRING] left the IRF fabric.
Variable fields	$1: IRF member ID of the device.
Severity level	4
Example	IRF/4/IRF_MEMBER_LEFT: Member 2 left the IRF fabric.
Explanation	This message occurs when a member device left the IRF fabric.
Recommended action	No action is required.

IRF_MEMBERID_CONFLICT

Message text	IRF member ID conflict occurred. The ID [UINT32] has been used for another device with CPU-Mac: [STRING].
Variable fields	$1: IRF member ID of the device. $2: CPU MAC address of the device.
Severity level	4
Example	IRF/4/IRF_MEMBERID_CONFLICT:-slot = 5; IRF member ID conflict occurred, The ID 5 has been used for another device with CPU-Mac: 000c-29d7-c1ae.
Explanation	This message occurs when the device detects that it has the same IRF member ID as another device in the same broadcast domain.
Recommended action	Check the IRF member IDs and change the IRF member ID of a device. Make sure the member devices use unique member IDs.

IRF_MEMBERID_CONFLICT_REBOOT

Message text	IRF member ID conflict. For the device to join the IRF fabric,please change the device member ID to a unique one among all the IRF member devices and reboot the device.
Variable fields	N/A
Severity level	4
Example	IRF/4/IRF_MEMBERID_CONFLICT_REBOOT: IRF member ID conflict. For the device to join the IRF fabric,please change the device member ID to a unique one among all the IRF member devices and reboot the device.
Explanation	This message occurs if the device fails to join an IRF fabric because it is using the same member ID as another IRF member device. In this situation, the network ports on the device will be blocked until it re-joins the IRF fabric with a unique member ID.
Recommended action	109. Log in to the device that displayed this message. 110. Change the member ID of the device to a unique one. 111. Reboot the device to re-join the IRF fabric.

IRF_MERGE

Message text	IRF merge occurred.
Variable fields	N/A
Severity level	4
Example	IRF/4/IRF_MERGE: IRF merge occurred.
Explanation	IRF merge occurred.
Recommended action	No action is required.

IRF_MERGE_NEED_REBOOT

Message text	IRF merge occurred. This IRF system needs a reboot.
Variable fields	N/A
Severity level	4
Example	IRF/4/IRF_MERGE_NEED_REBOOT: IRF merge occurred. This IRF system needs a reboot.
Explanation	IRF merge occurred. This IRF fabric needs a reboot to complete the IRF merge because the master of this IRF fabric failed the master election for IRF merge.
Recommended action	Reboot the IRF fabric to complete the IRF merge.

IRF_MERGE_NOT_NEED_REBOOT

Message text	IRF merge occurred. This IRF system does not need to reboot.
Variable fields	N/A
Severity level	5
Example	IRF/5/IRF_MERGE_NOT_NEED_REBOOT: IRF merge occurred. This IRF system does not need to reboot.
Explanation	IRF merge occurred. This IRF fabric does not need to reboot because the master of this IRF fabric won the master election for IRF merge.
Recommended action	No action is required.

IRF_NEWMEMBER_JOIN

Message text	Member [STRING] joined the IRF fabric.
Variable fields	$1: IRF member ID of the device.
Severity level	4
Example	IRF/4/IRF_NEWMEMBER_JOIN: Member 2 joined the IRF fabric.
Explanation	This message occurs when a member device joined the IRF fabric.
Recommended action	No action is required.

ISIS messages

This section contains IS-IS messages.

ISIS_MEM_ALERT

Message text	ISIS Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	ISIS/5/ISIS_MEM_ALERT: ISIS Process received system memory alert start event.
Explanation	IS-IS received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

ISIS_NBR_CHG

Message text	IS-IS [UINT32], [STRING] adjacency [STRING] [STRING], state changed to [STRING].
Variable fields	$1: IS-IS process ID. $2: Neighbor level. $3: Neighbor ID. $4: Interface name. $5: Current adjacency state.
Severity level	5
Example	ISIS/5/ISIS_NBR_CHG: IS-IS 1, Level-1 adjacency 0000.0000.8888 (Eth1/4/1/3), state changed to DOWN.
Explanation	The IS-IS adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes to down on an interface, check for IS-IS configuration errors and loss of network connectivity.

ISSU messages

This section contains ISSU messages.

ISSU_ROLLBACKCHECKNORMAL

Message text	The rollback might not be able to restore the previous version for [STRING] because the status is not normal.
Variable fields	$1: Chassis number and slot number or slot number.
Severity level	4
Example	ISSU/4/ISSU_ROLLBACKCHECKNORMAL: The rollback might not be able to restore the previous version for chassis 1 slot 2 because the state is not normal.
Explanation	While an ISSU was in switching state, a user executed the issu rollback command or the ISSU automatic-rollback timer expired. However, the status of the MPU was not normal.
Recommended action	No action is required.

KDNS messages

This section contains KDNS messages.

KDNS_BIND_PORT_ALLOCETED

Message text	Failed to bind UDP [STRING] connection port [NUMBER] to VPN instance [STRING] for the DNS listener because the port has already been allocated.
Variable fields	$1: UDP port type: · IPv4 · IPv6 $2: UDP port number. $3: VPN instance name.
Severity level	3
Example	KDNS/3KDNS_BIND_PORT_ALLOCETED: -MDC=1; Failed to bind UDP IPv4 connection port 53 to VPN instance vpn1 for the DNS listener because the port has already been allocated.
Explanation	The system failed to bind a UDP port to a DNS listener because the port has been used.
Recommended action	Bind a UDP port that has not been used.

KHTTP messages

This section contains KHTTP messages.

KHTTP_BIND_PORT_ALLOCETED

Message text	Failed to bind TCP connection [STRING]/[UINT32] to VPN instance [UINT32] because the port was already allocated.
Variable fields	$1: IP address. $2: Port number. $3: Index of a VPN instance.
Severity level	3
Example	KHTTP/3/KHTTP_BIND_PORT_ALLOCETED: Failed to bind TCP connection 192.168.30.117/10000 to VPN instance 0 because the port was already allocated.
Explanation	Failed to bind an IP address and a port number to a VPN instance because the port number was already allocated.
Recommended action	112. Display port information by executing the display tcp-proxy port-info or display ipv6 tcp-proxy port-info command. 113. Rebind the TCP connection to the VPN instance by using an available port number.

KHTTP_BIND_ADDRESS_INUSED

Message text	Failed to bind TCP connection [STRING]/[UINT32] to VPN instance [UINT32] because the address was already used.
Variable fields	$1: IP address. $2: Port number. $3: Index of a VPN instance.
Severity level	3
Example	KHTTP/3/KHTTP_BIND_ADDRESS_INUSED: Failed to bind TCP connection 192.168.30.117/10000 to VPN instance 0 because the address was already used.
Explanation	Failed to bind an IP address and a port number to a VPN instance because the IP address was already used and cannot be reused.
Recommended action	114. Display IP address information by executing the display tcp-proxy command. 115. Rebind the TCP connection to the VPN instance by using an unused or a reusable IP address.

L2PT messages

This section contains L2PT messages.

L2PT_SET_MULTIMAC_FAILED

Message text	Failed to set a tunnel destination MAC address to [MAC].
Variable fields	$1: MAC address.
Severity level	4
Example	L2PT/4/L2PT_SET_MULTIMAC_FAILED: Failed to set a tunnel destination MAC address to 010f-e200-0003.
Explanation	Failed to specify the destination multicast MAC address for tunneled packets.
Recommended action	No action is required.

L2PT_CREATE_TUNNELGROUP_FAILED

Message text	Failed to create a VLAN tunnel group for [STRING].
Variable fields	$1: Protocol name.
Severity level	4
Example	L2PT/4/L2PT_CREATE_TUNNELGROUP_FAILED: Failed to create a VLAN tunnel group for STP.
Explanation	Failed to create a VLAN tunnel group for a protocol.
Recommended action	No action is required.

L2PT_ADD_GROUPMEMBER_FAILED

Message text	Failed to add [STRING] as a member to the VLAN tunnel group for [STRING].
Variable fields	$1: Interface name. $2: Protocol name.
Severity level	4
Example	L2PT/4/L2PT_ADD_GROUPMEMBER_FAILED: Failed to add GigabitEthernet2/0/1 as a member to the VLAN tunnel group for STP.
Explanation	Failed to add an interface to a VLAN tunnel group for a protocol.
Recommended action	No action is required.

L2PT_ENABLE_DROP_FAILED

Message text	Failed to enable [STRING] packet drop on [STRING].
Variable fields	$1: Protocol name. $2: Interface name.
Severity level	4
Example	L2PT/4/L2PT_ENABLE_DROP_FAILED: Failed to enable STP packet drop on GigabitEthernet2/0/1.
Explanation	Failed to enable L2PT drop for a protocol on an interface.
Recommended action	No action is required.

L2TP messages

This section contains L2TP messages.

L2TPV2_TUNNEL_EXCEED_LIMIT

Message text	Number of L2TP tunnels exceeded the limit.
Variable fields	N/A
Severity level	4
Example	L2TPV2/4/L2TPV2_TUNNEL_EXCEED_LIMIT: Number of L2TP tunnels exceeded the limit.
Explanation	The number of established L2TP tunnels has reached the limit.
Recommended action	116. Perform one of the following tasks: ¡ Execute the reset l2tp tunnel command to disconnect an idle tunnel. ¡ Wait for the device to automatically disconnect an idle tunnel after the hello interval elapses. 117. If the problem persists, contact H3C for support.

L2TPV2_SESSION_EXCEED_LIMIT

Message text	Number of L2TP sessions exceeded the limit.
Variable fields	N/A
Severity level	4
Example	L2TPV2/4/L2TPV2_SESSION_EXCEED_LIMIT: Number of L2TP sessions exceeded the limit.
Explanation	The number of established L2TP sessions has reached the limit.
Recommended action	No action is required.

L2VPN messages

This section contains L2VPN messages.

L2VPN_BGPVC_CONFLICT_LOCAL

Message text	Remote site ID [INT32] (From [STRING], route distinguisher [STRING]) conflicts with local site.
Variable fields	$1: ID of a remote site. $2: IP address of the remote site. $3: Route distinguisher of the remote site.
Severity level	5
Example	L2VPN/5/L2VPN_BGPVC_CONFLICT_LOCAL: Remote site ID 1 (From 1.1.1.1, route distinguisher 1:1) conflicts with local site.
Explanation	A remote site ID conflicted with the local site ID. This message is generated when one of the following situations occurs: · The received remote site ID is the same as the local site ID. · The local site ID is configured the same as a received remote site ID.
Recommended action	Modify the site ID configuration on the local device or remote device. Or, configure the remote site ID in a different VPLS instance than the local site ID.

L2VPN_BGPVC_CONFLICT_REMOTE

Message text	Remote site ID [INT32] (From [STRING], route distinguisher [STRING]) conflicts with another remote site.
Variable fields	$1: ID of a remote site. $2: IP address of the remote site. $3: Route distinguisher of the remote site.
Severity level	5
Example	L2VPN/5/L2VPN_BGPVC_CONFLICT_REMOTE: Remote site ID 1 (From 1.1.1.1, route distinguisher 1:1) conflicts with another remote site.
Explanation	Two remote site IDs conflicted. This message is generated when the received remote site ID is the same as another received remote site ID.
Recommended action	Modify the site ID configuration on one remote device. Or, configure the two remote site IDs in different VPLS instances.

L2VPN_HARD_RESOURCE_NOENOUGH

Message text	No enough hardware resource for L2VPN.
Variable fields	N/A
Severity level	4
Example	L2VPN/4/L2VPN_HARD_RESOURCE_NOENOUGH: No enough hardware resource for L2VPN.
Explanation	Hardware resources for L2VPN were insufficient.
Recommended action	Check whether unnecessary VSIs, PWs, or ACs had been generated. If yes, delete them.

L2VPN_HARD_RESOURCE_RESTORE

Message text	Hardware resources for L2VPN are restored.
Variable fields	N/A
Severity level	6
Example	L2VPN/6/L2VPN_HARD_RESOURCE_RESTORE: Hardware resources for L2VPN are restored.
Explanation	Hardware resources for L2VPN were restored.
Recommended action	No action is required.

L2VPN_LABEL_DUPLICATE

Message text	Incoming label [INT32] for a static PW in [STRING] [STRING] is duplicate.
Variable fields	$1: Incoming label value. $2: Type of L2VPN, Xconnect-group or VSI. $3: Name of the Xconnect-group or VSI.
Severity level	4
Example	L2VPN/4/L2VPN_LABEL_DUPLICATE: Incoming label 1024 for a static PW in Xconnect-group aaa is duplicate.
Explanation	The incoming label of a static PW in this Xconnect-group or VSI was occupied by another configuration, for example, by a static LSP or by a static CRLSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static PW with an incoming label which is occupied by another configuration. · Enable MPLS when a static PW whose incoming label is occupied by another configuration already exists.
Recommended action	Remove this static PW, and reconfigure it with another incoming label.

LAGG messages

This section contains link aggregation messages.

LAGG_ACTIVE

Message text	Member port [STRING] of aggregation group [STRING] changed to the active state.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_ACTIVE: Member port GE1/0/1 of aggregation group BAGG1 changed to the active state.
Explanation	A member port in an aggregation group changed to the Selected state.
Recommended action	No action is required.

LAGG_INACTIVE_AICFG

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the member port and the aggregate interface have different attribute configurations.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_AICFG: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the member port and the aggregate interface have different attribute configurations.
Explanation	A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different attribute configurations.
Recommended action	Modify the attribute configurations of the member port to be consistent with the aggregate interface.

LAGG_INACTIVE_BFD

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the BFD session state of the port was down.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_BFD: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the BFD session state of the port is down.
Explanation	A member port in an aggregation group changed to the Unselected state because the BFD session on the port became down.
Recommended action	To resolve the problem, you can perform the following tasks: · Verify that link failure has occurred and troubleshoot the failure. · Modify the port information and configuration for the port to have the same operational key and attribute configuration as the reference port.

LAGG_INACTIVE_CONFIGURATION

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the aggregation configuration of the port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_CONFIGURATION: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of the port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the member port and the aggregate interface had different aggregation configuration.
Recommended action	No action is required.

LAGG_INACTIVE_DUPLEX

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the duplex mode is different between the member port and the reference port.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_DUPLEX: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the duplex mode is different between the member port and the reference port.
Explanation	A member port in an aggregation group changed to the Unselected state because the duplex mode was different between the member port and the reference port.
Recommended action	Change the duplex mode of the member port to be the same as the reference port.

LAGG_INACTIVE_HARDWAREVALUE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because of the port's hardware restriction.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_HARDWAREVALUE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because of the port's hardware restriction.
Explanation	A member port in an aggregation group changed to the Unselected state because of the port's hardware restriction.
Recommended action	No action is required.

LAGG_INACTIVE_LOWER_LIMIT

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of active ports is below the lower limit.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_LOWER_LIMIT: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the number of active ports is below the lower limit.
Explanation	A member port in an aggregation group was placed in Unselected state because the required minimum number of Selected ports was not reached.
Recommended action	Make sure the minimum number of Selected ports is met.

LAGG_INACTIVE_PARTNER

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the aggregation configuration of its peer port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_PARTNER: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the aggregation configuration of its peer port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the port's partner changed to the Unselected state.
Recommended action	No action is required.

LAGG_INACTIVE_PHYSTATE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the physical state of the port is down.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_PHYSTATE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the physical state of the port is down.
Explanation	A member port in an aggregation group changed to the Unselected state because the port went down.
Recommended action	Bring up the member port.

LAGG_INACTIVE_RESOURCE_INSUFICIE

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because all aggregate resources are occupied.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_RESOURCE_INSUFICIE: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because all aggregate resources are occupied.
Explanation	A member port in an aggregation group changed to the Unselected state because all aggregation resources were used.
Recommended action	No action is required.

LAGG_INACTIVE_SPEED

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the speed configuration of the port is incorrect.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_SPEED: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the speed configuration of the port is incorrect.
Explanation	A member port in an aggregation group changed to the Unselected state because the speed was different between the member port and the reference port.
Recommended action	Change the speed of the member port to be the same as the reference port.

LAGG_INACTIVE_UPPER_LIMIT

Message text	Member port [STRING] of aggregation group [STRING] changed to the inactive state, because the number of active ports has reached the upper limit.
Variable fields	$1: Port name. $2: Link aggregation group type and ID.
Severity level	6
Example	LAGG/6/LAGG_INACTIVE_UPPER_LIMIT: Member port GE1/0/1 of aggregation group BAGG1 changed to the inactive state, because the number of active ports has reached the upper limit.
Explanation	The number of Selected ports reached the upper limit in a dynamic aggregation group. A member port in the aggregation group changed to the Unselected state because a more eligible port joined the aggregation group.
Recommended action	No action is required.

LB messages

This section contains LB messages.

LB_CHANGE_DEFAULTLG_STATE_VS

Message text	The state of link group associated with virtual server [STRING] was changed, primary link group name is [STRING], backup link group name is [STRING], current link group name is [STRING].
Variable fields	$1: Virtual server name. $2: Primary link group name. $3: Backup link group name. $4: Current link group name.
Severity level	5
Example	LB/5/LB_CHANGE_DEFAULTLG_STATE_VS: The state of link group associated with virtual server VS was changed, primary link group name is MF, backup link group name is BF, current link group name is CF.
Explanation	The state of the link group associated with a virtual server changed.
Recommended action	Check whether the availability criteria setting for the link group is changed. If the setting is not changed, check the network environment and link state.

LB_CHANGE_DEFAULTSF_STATE_VS

Message text	The state of server farm associated with virtual server [STRING] was changed, primary server farm name is [STRING], backup server farm name is [STRING], current server farm name is [STRING].
Variable fields	$1: Virtual server name. $2: Primary server farm name. $3: Backup server farm name. $4: Current server farm name.
Severity level	5
Example	LB/5/LB_CHANGE_DEFAULTSF_STATE_VS: The state of server farm associated with virtual server VS was changed, primary server farm name is MF, backup server farm name is BF, current server farm name is CF.
Explanation	The state of the server farm associated with a virtual server changed.
Recommended action	Check whether the availability criteria setting for the server farm is changed. If the setting is not changed, check the network environment and real server state.

LB_CHANGE_LG_STATE_ACTION

Message text	The state of link group associated with action [STRING] was changed, primary link group name is [STRING], backup link group name is [STRING], current link group name is [STRING].
Variable fields	$1: LB action name. $2: Primary link group name. $3: Backup link group name. $4: Current link group name.
Severity level	5
Example	LB/5/LB_CHANGE_LG_STATE_ACTION: The state of link group associated with action ACT was changed, primary link group name is MF, backup link group name is BF, current link group name is CF.
Explanation	The state of the link group associated with an LB action changed.
Recommended action	Check whether the availability criteria setting for the link group is changed. If the setting is not changed, check the network environment and link state.

LB_CHANGE_LG_STATUS

Message text	The state of link group [STRING] was changed to [STRING].
Variable fields	$1: Link group name. $2: Link group state: Active or Inactive.
Severity level	5
Example	LB/5/LB_CHANGE_LG_STATUS: The state of link group LG was changed to Active.
Explanation	The state of a link group changed.
Recommended action	Check the network environment and link state when the state of a link group is inactive.

LB_CHANGE_LINK_BUSYSTATUS

Message text	The busy state of link [STRING] was changed to [STRING].
Variable fields	$1: Link name. $2: Link busy state: Busy or Normal.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_BUSYSTATUS: The busy state of link LINK was changed to Normal.
Explanation	The busy state of a link changed.
Recommended action	No action is required.

LB_CHANGE_LINK_CONNNUM_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of link [STRING] was [UINT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link name. $5: Number of connections on the link.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_CONNNUM_OVER: Chassis:0,Slot:1,CPU:1.The number of connections of link LINK was 100, which had reached the upper limit.
Explanation	The number of connections on a link reached the upper limit.
Recommended action	Check whether the maximum number of connections set by using the connection-limit max command is proper if this message is generated frequently. If the set value is proper, expand the link capacity.

LB_CHANGE_LINK_CONNNUM_RECOVERY

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of link [STRING] was [UINT], which had recovered to normal state.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link name. $5: Number of connections on the link.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_CONNNUM_OVER: Chassis:0,Slot:1,CPU:1.The number of connections of link LINK was 100, which had reached the upper limit.
Explanation	The number of connections on a link dropped below the upper limit.
Recommended action	No action is required.

LB_CHANGE_LINK_CONNRATE_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of link [STRING] was [UINT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link name. $5: Connection establishment rate on the link.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_CONNRATE_OVER: Chassis:0,Slot:1,CPU:1.The connection rate of link LINK was 100, which had reached the upper limit.
Explanation	The connection establishment rate on a link reached the upper limit.
Recommended action	Check whether the maximum connection establishment rate set by using the rate-limit connection command is proper if this message is generated frequently. If the set value is proper, expand the link capacity.

LB_CHANGE_LINK_CONNRATE_RECOVERY

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of link [STRING] was [UINT], which had recovered to normal state.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Link name. $5: Connection establishment rate on the link.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_CONNRATE_RECOVERY: Chassis:0,Slot:1,CPU:1.The connection rate of link LINK was 100, which had recovered to normal state.
Explanation	The connection establishment rate on a link dropped below the upper limit.
Recommended action	No action is required.

LB_CHANGE_LINK_HCSTATUS

Message text	The health state of link [STRING] was changed to [STRING]. Last state was kept for [STRING] seconds.
Variable fields	$1: Link name. $2: Health state of the link: Active or Inactive. $3: Duration for a state in seconds.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_HCSTATUS: The health state of link LINK was changed to Active. Last state was kept for 100 seconds.
Explanation	The health state of a link changed, and the link stayed in the previous state for a number of seconds.
Recommended action	Check the network environment and link state when the health state of a link is inactive.

LB_CHANGE_LINK_PROBERESULT

Message text	The probe state of link [STRING] template [STRING] was changed to [STRING].
Variable fields	$1: Link name. $2: Name of the NQA template used by the health monitoring method. $3: Health monitoring result: Succeeded or Failed.
Severity level	5
Example	LB/5/LB_CHANGE_LINK_PROBERESULT: The probe state of link CNC template ICMP was changed to Succeeded.
Explanation	The health monitoring result for a link changed.
Recommended action	Check the network environment and link state if the health monitoring result for a link is Failed.

LB_CHANGE_RS_CONNNUM_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of real server [STRING] was [UINT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Real server name. $5: Number of connections on the real server.
Severity level	5
Example	LB/5/LB_CHANGE_RS_CONNNUM_OVER: Chassis:0,Slot:1,CPU:1.The number of connections of real server RS was 100, which had reached the upper limit.
Explanation	The number of connections on a real server reached the upper limit.
Recommended action	Check whether the maximum number of connections set by using the connection-limit max command is proper if this message is generated frequently. If the set value is proper, expand the real server capacity.

LB_CHANGE_RS_CONNNUM_RECOVERY

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of real server [STRING] was [UINT], which had recovered to normal state.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Real server name. $5: Number of connections on the real server.
Severity level	5
Example	LB/5/LB_CHANGE_RS_CONNNUM_RECOVERY: Chassis:0,Slot:1,CPU:1.The number of connections of real server RS was 100, which had recovered to normal state.
Explanation	The number of connections on a real server dropped below the upper limit.
Recommended action	No action is required.

LB_CHANGE_RS_CONNRATE_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of real server [STRING] was [UINT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Real server name. $5: Connection establishment rate on the real server.
Severity level	5
Example	LB/5/LB_CHANGE_RS_CONNRATE_OVER: Chassis:0,Slot:1,CPU:1.The connection rate of real server RS was 100, which had reached the upper limit.
Explanation	The connection establishment rate on a real server reached the upper limit.
Recommended action	Check whether the maximum connection establishment rate set by using the rate-limit connection command is proper if this message is generated frequently. If the set value is proper, expand the real server capacity.

LB_CHANGE_RS_CONNRATE_RECOVERY

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of real server [STRING] was [UINT], which had recovered to normal state.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Real server name. $5: Connection establishment rate on the real server.
Severity level	5
Example	LB/5/LB_CHANGE_RS_CONNRATE_RECOVERY: Chassis:0,Slot:1,CPU:1.The connection rate of real server RS was 100, which had recovered to normal state.
Explanation	The connection establishment rate on a real server dropped below the upper limit.
Recommended action	No action is required.

LB_CHANGE_RS_HCSTATUS

Message text	The health state of real server [STRING] was changed to [STRING]. Last state was kept for [STRING] seconds.
Variable fields	$1: Real server name. $2: Health state of the real server: Active or Inactive. $3: Duration for a state in seconds.
Severity level	5
Example	LB/5/LB_CHANGE_RS_HCSTATUS: The health state of real server RS was changed to Active. Last state was kept for 100 seconds.
Explanation	The health state of a real server changed, and the real server stayed in the previous state for a number of seconds.
Recommended action	Check the network environment and real server state when the health state of a real server is inactive.

LB_CHANGE_RS_MONITORRESULT

Message text	The state of (server farm [STRING], real server [STRING], port: [UINT16]) monitored by probe template [STRING] was changed to [STRING].
Variable fields	$1: Server farm name. $2: Server farm member name. $3: Port number. $4: Probe template name. $5: Probe result: Normal, Busy, or Auto shutdown.
Severity level	5
Example	LB/5/LB_CHANGE_RS_MONITORRESULT: The state of (server farm sf, real server rs, port:1) monitored by probe template rst was changed to Auto shutdown
Explanation	The health state of a server farm member changed.
Recommended action	No action is required.

LB_CHANGE_RS_PROBERESULT

Message text	The probe result of real server [STRING] template [STRING] was changed to [STRING].
Variable fields	$1: Real server name. $2: Name of the NQA template used by the health monitoring method. $3: Health monitoring result: Succeeded or Failed.
Severity level	5
Example	LB/5/LB_CHANGE_RS_PROBERESULT: The probe state of real server RS template ICMP was changed to Succeeded.
Explanation	The health monitoring result for a real server changed.
Recommended action	Check the network environment and real server state if the health monitoring result for a real server is Failed.

LB_CHANGE_SF_STATE_ACTION

Message text	The state of link group associated with action [STRING] was changed, primary link group name is [STRING], backup link group name is [STRING], current link group name is [STRING].
Variable fields	$1: LB action name. $2: Primary link group name. $3: Backup link group name. $4: Current link group name.
Severity level	5
Example	LB/5/LB_CHANGE_SF_STATE_ACTION: The state of server farm associated with action ACT was changed, primary server farm name is MF, backup server farm name is BF, current server farm name is CF.
Explanation	The state of the server farm associated with an LB action changed.
Recommended action	Check whether the availability criteria setting for the server farm is changed. If the setting is not changed, check the network environment and real server state.

LB_CHANGE_SF_STATUS

Message text	The state of server farm [STRING] was changed to [STRING].
Variable fields	$1: Server farm name. $2: Server farm state: Active or Inactive.
Severity level	5
Example	LB/5/LB_CHANGE_SF_STATUS: The state of server farm SF was changed to Active.
Explanation	The state of a server farm changed.
Recommended action	Check the network environment and server farm state when the state of a server farm is inactive.

LB_CHANGE_VS_CONNNUM_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of virtual server [STRING] was [UINT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Virtual server name. $5: Number of connections on the virtual server.
Severity level	5
Example	LB/5/LB_CHANGE_VS_CONNNUM_OVER: Chassis:0,Slot:1,CPU:1.The number of connections of virtual server RS was 100, which had reached the upper limit.
Explanation	The number of connections on a virtual server reached the upper limit.
Recommended action	Check whether the maximum number of connections set by using the connection-limit max command is proper if this message is generated frequently. If the set value is proper, expand the capacity of real servers associated with the virtual server.

LB_CHANGE_VS_CONNNUM_RECOVERY

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The number of connections of virtual server [STRING] was [UINT], which had recovered to normal state.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Virtual server name. $5: Number of connections on the virtual server.
Severity level	5
Example	LB/5/LB_CHANGE_VS_CONNNUM_RECOVERY: Chassis:0,Slot:1,CPU:1.The number of connections of virtual server RS was 100, which had recovered to normal state.
Explanation	The number of connections on a virtual server dropped below the upper limit.
Recommended action	No action is required.

LB_CHANGE_VS_CONNRATE_OVER

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of virtual server [STRING] was [UINT], which had reached the upper limit.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Virtual server name. $5: Connection establishment rate on the virtual server.
Severity level	5
Example	LB/5/LB_CHANGE_VS_CONNRATE_OVER: Chassis:0,Slot:1,CPU:1.The connection rate of virtual server VS was 100, which had reached the upper limit.
Explanation	The connection establishment rate on a virtual server reached the upper limit.
Recommended action	Check whether the maximum connection establishment rate set by using the rate-limit connection command is proper if this message is generated frequently. If the set value is proper, expand the capacity of real servers associated with the virtual server.

LB_CHANGE_VS_CONNRATE_RECOVERY

Message text	Chassis:[ChassisID],Slot:[SlotID],CPU:[CPUID].The connection rate of virtual server [STRING] was [UINT], which had recovered to normal state.
Variable fields	$1: IRF member ID. $2: Slot number of the card. $3: CPU number. $4: Virtual server name. $5: Connection establishment rate on the virtual server.
Severity level	5
Example	LB/5/LB_CHANGE_VS_CONNRATE_RECOVERY: Chassis:0,Slot:1,CPU:1.The connection rate of virtual service VS was 100, which had recovered to normal state.
Explanation	The connection establishment rate on a virtual server dropped below the upper limit.
Recommended action	No action is required.

LB_LINK_STATE_ACTIVE

Message text	The state of link [STRING] is active.
Variable fields	$1: Link name.
Severity level	5
Example	LB/5/LB_LINK_STATE_ACTIVE: -MDC=1; The state of link lk is active.
Explanation	This message is generated after an IP address is configured, the health monitoring succeeds, or the undo shutdown command is executed.
Recommended action	No action is required.

LB_LINK_STATE_INACTIVE

Message text	The state of link [STRING] is inactive.
Variable fields	$1: Link name.
Severity level	5
Example	LB_LINK_STATE_INACTIVE: -MDC=1; The state of link lk is inactive.
Explanation	This message is generated after an IP address is removed from an interface, the health monitoring result changes, or the shutdown command is executed.
Recommended action	Check the link configuration and health monitoring configuration.

LB_NAT44_FLOW

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Source VPN instance name. $11: Destination VPN instance name.
Severity level	6
Example	LB/6/LB_NAT44_FLOW: Protocol(1001)=UDP;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=20.20.20.20;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;
Explanation	This message is generated when a source or destination IPv4 address is translated into another IPv4 address.
Recommended action	No action is required.

LB_NAT46_FLOW

Message text	Protocol(1001)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPv6Addr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPv6Addr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Source VPN instance name. $11: Destination VPN instance name.
Severity level	6
Example	LB/6/LB_NAT46_FLOW: Protocol(1001)=UDP;SrcIPAddr(1003)=20.20.20.1;SrcPort(1004)=1024;NATSrcIPv6Addr(1005)=2002::1;NATSrcPort(1006)=1024;DstIPAddr(1007)=30.30.30.1;DstPort(1008)=21;NATDstIPv6Addr(1009)=3002::1;NATDstPort(1010)=21;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;
Explanation	This message is generated when a source or destination IPv4 address is translated into an IPv6 address.
Recommended action	No action is required.

LB_NAT64_FLOW

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPv6Addr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Source VPN instance name. $11: Destination VPN instance name.
Severity level	6
Example	LB/6/LB_NAT64_FLOW: Protocol(1001)=UDP;SrcIPv6Addr(1003)=1001::1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=20.20.20.1;NATSrcPort(1006)=1024;DstIPv6Addr(1007)=3001::1;DstPort(1008)=21;NATDstIPAddr(1009)=30.30.30.1;NATDstPort(1010)=21;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;
Explanation	This message is generated when a source or destination IPv6 address is translated into an IPv4 address.
Recommended action	No action is required.

LB_NAT66_FLOW

Message text	Protocol(1001)=[STRING];SrcIPv6Addr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPv6Addr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPv6Addr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPv6Addr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];
Variable fields	$1: Protocol type. $2: Source IP address. $3: Source port number. $4: Source IP address after translation. $5: Source port number after translation. $6: Destination IP address. $7: Destination port number. $8: Destination IP address after translation. $9: Destination port number after translation. $10: Source VPN instance name. $11: Destination VPN instance name.
Severity level	6
Example	LB/6/LB_NAT66_FLOW: Protocol(1001)=UDP;SrcIPv6Addr(1003)=1001::1;SrcPort(1004)=1024;NATSrcIPv6Addr(1005)=2002::1;NATSrcPort(1006)=1024;DstIPv6Addr(1007)=3001::1;DstPort(1008)=21;NATDstIPv6Addr(1009)=3002::1;NATDstPort(1010)=21;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;
Explanation	This message is generated when a source or destination IPv6 address is translated into another IPv6 address.
Recommended action	No action is required.

LB_SLB_LICENSE_INSTALLED

Message text	The license for SLB has been installed. Server load balancing is available.
Variable fields	N/A
Severity level	5
Example	LB/5/LB_SLB_LICENSE_INSTALLED: The license for SLB has been installed. Server load balancing is available.
Explanation	The license for SLB had been installed. Server load balancing was available.
Recommended action	No action is required.

LB_SLB_LICENSE_UNINSTALLED

Message text	The license for SLB has been uninstalled. Server load balancing is not available.
Variable fields	N/A
Severity level	5
Example	LB/5/LB_SLB_LICENSE_UNINSTALLED: The license for SLB has been uninstalled. Server load balancing is not available.
Explanation	The license for SLB had been uninstalled. Server load balancing was unavailable.
Recommended action	Install a license for SLB.

LB_SLB_LICENSE_EXPIRED

Message text	The license for SLB has expired. Server load balancing is not available.
Variable fields	N/A
Severity level	5
Example	LB/5/LB_SLB_LICENSE_EXPIRED: The license for SLB has expired. Server load balancing is not available.
Explanation	The license for SLB had expired. Server load balancing was unavailable.
Recommended action	Install a license for SLB.

LDP messages

This section contains LDP messages.

LDP_MPLSLSRID_CHG

Message text	Please reset LDP sessions if you want to make the new MPLS LSR ID take effect.
Variable fields	N/A
Severity level	5
Example	LDP/5/LDP_MPLSLSRID_CHG: -MDC=1; Please reset LDP sessions if you want to make the new MPLS LSR ID take effect.
Explanation	If you configure an LDP LSR ID by using the lsr-id command in LDP view or LDP-VPN instance view, LDP uses the LDP LSR ID. Otherwise, LDP uses the MPLS LSR ID configured by the mpls lsr-id command. This message is sent when the following situations occur: · No LDP LSR ID is configured by using the lsr-id command. · The MPLS LSR ID is modified.
Recommended action	118. Execute the display mpls ldp parameter [ vpn-instance vpn-instance-name ] command to display the LSR ID. 119. Verify that the LSR ID is the same as the configured MPLS LSR ID. If they are not the same, reset LDP sessions by executing the reset mpls ldp command.

LDP_SESSION_CHG

Message text	Session ([STRING], [STRING]) is [STRING].
Variable fields	$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session, up or down. When the state is down, this field also displays the reason for the down state error. Possible reasons include: · interface not operational. · MPLS disabled on interface. · LDP disabled on interface. · LDP auto-configure disabled on interface. · VPN instance changed on interface. · LDP instance deleted. · targeted peer deleted. · L2VPN disabled targeted peer. · TE tunnel disabled targeted peer. · session protection disabled targeted peer. · process deactivated. · failed to receive the initialization message. · graceful restart reconnect timer expired. · failed to recover adjacency by NSR. · failed to upgrade session by NSR. · closed the GR session. · keepalive hold timer expired. · adjacency hold timer expired. · session reset manually. · TCP connection down. · received a fatal notification message. · internal error. · memory in critical state. · transport address changed on interface.
Severity level	5
Example	LDP/5/LDP_SESSION_CHG: Session (22.22.22.2:0, public instance) is up. LDP/5/LDP_SESSION_CHG: Session (22.22.22.2:0, VPN instance: vpn1) is down (hello hold timer expired).
Explanation	The session state changed.
Recommended action	When the session state is up, no action is required. When the session state is down, check the interface state, link state, and other configurations depending on the reason displayed.

LDP_SESSION_GR

Message text	Session ([STRING], [STRING]): ([STRING]).
Variable fields	$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session graceful restart: ¡ Start reconnection. ¡ Reconnection failed. ¡ Start recovery. ¡ Recovery completed.
Severity level	5
Example	LDP/5/LDP_SESSION_GR: Session (22.22.22.2:0, VPN instance: vpn1): Start reconnection.
Explanation	State of the session graceful restart. When a GR-capable LDP session is down, the LDP GR started. This message is generated during the GR of the LDP session, indicating the current GR state.
Recommended action	Check for the reason of session graceful restart, which can be obtained from the LDP_SESSION_CHG log message. When the graceful restart state Reconnection failed is displayed, verify the interface state, link state, and other configurations according to the reason for the session graceful restart. No action is required for other graceful restart states.

LDP_SESSION_SP

Message text	Session ([STRING], [STRING]): ([STRING]).
Variable fields	$1: Peer's LDP ID. Value 0.0.0.0:0 indicates that the peer's LDP ID cannot be obtained. $2: VPN instance's name. Value public instance indicates that the session belongs to the public network. $3: State of the session protection: ¡ Hold up the session. ¡ Session recovered successfully. ¡ Session recovery failed.
Severity level	5
Example	LDP/5/LDP_SESSION_SP: Session (22.22.22.2:0, VPN instance: vpn1): Hold up the session.
Explanation	When the last link adjacency of the session was lost, session protection started. This message is generated during the session protection process, indicating the current session protection state.
Recommended action	Verify the interface state and link state.

LLDP messages

This section contains LLDP messages.

LLDP_CREATE_NEIGHBOR

Message text	[STRING] agent new neighbor created on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	6
Example	LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent new neighbor created on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	The port received an LLDP message from a new neighbor.
Recommended action	No action is required.

LLDP_DELETE_NEIGHBOR

Message text	[STRING] agent neighbor deleted on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	6
Example	LLDP/6/LLDP_DELETE_NEIGHBOR: Nearest bridge agent neighbor deleted on port Ten-GigabitEthernet10/0/15 (IfIndex 599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	The port received a deletion message when a neighbor was deleted.
Recommended action	No action is required.

LLDP_LESS_THAN_NEIGHBOR_LIMIT

Message text	The number of [STRING] agent neighbors maintained by port [STRING] (IfIndex [UINT32]) is less than [UINT32], and new neighbors can be added.
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain.
Severity level	6
Example	LLDP/6/LLDP_LESS_THAN_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by port Ten-GigabitEthernet10/0/15 (IfIndex 599) is less than 5, and new neighbors can be added.
Explanation	New neighbors can be added for the port because the limit has not been reached.
Recommended action	No action is required.

LLDP_NEIGHBOR_AGE_OUT

Message text	[STRING] agent neighbor aged out on port [STRING] (IfIndex [UINT32]), neighbor's chassis ID is [STRING], port ID is [STRING].
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Neighbor's chassis ID. $5: Neighbor's port ID.
Severity level	5
Example	LLDP/5/LLDP_NEIGHBOR_AGE_OUT: Nearest bridge agent neighbor aged out on port Ten-GigabitEthernet10/0/15 (IfIndex599), neighbor's chassis ID is 3822-d666-ba00, port ID is GigabitEthernet6/0/5.
Explanation	This message is generated when the port failed to receive LLDPDUs from the neighbor within a certain period of time.
Recommended action	Verify the link status or the receive/transmit status of LLDP on the peer.

LLDP_NEIGHBOR_AP_RESET

Message text	The neighboring AP of the [STRING] agent on port [STRING] (IfIndex [UINT32]) was restarted due to aging.
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex.
Severity level	5
Example	LLDP/5/LLDP_NEIGHBOR_AP_RESET: The neighboring AP of the nearest bridge agent on port GigabitEthernet1/0/1 (IfIndex 599) was restarted due to aging.
Explanation	A neighboring AP aged out and was restarted.
Recommended action	No action is required.

LLDP_PVID_INCONSISTENT

Message text	PVID mismatch discovered on [STRING] (PVID [UINT32]), with [STRING] [STRING] (PVID [STRING]).
Variable fields	$1: Port name. $2: VLAN ID. $3: System name. $4: Port name. $5: VLAN ID.
Severity level	5
Example	LLDP/5/LLDP_PVID_INCONSISTENT: MDC=1; PVID mismatch discovered on Ten-GigabitEthernet0/2/6 (PVID 1), with Ten-GigabitEthernet0/2/7 (PVID 500).
Explanation	This message is generated when the PVID on the peer is different from the PVID of the local interface.
Recommended action	Configure the same PVID for the local and peer interfaces.

LLDP_REACH_NEIGHBOR_LIMIT

Message text	The number of [STRING] agent neighbors maintained by the port [STRING] (IfIndex [UINT32]) has reached [UINT32], and no more neighbors can be added.
Variable fields	$1: Agent type. $2: Port name. $3: Port ifIndex. $4: Maximum number of neighbors a port can maintain.
Severity level	5
Example	LLDP/5/LLDP_REACH_NEIGHBOR_LIMIT: The number of nearest bridge agent neighbors maintained by the port Ten-GigabitEthernet10/0/15 (IfIndex 599) has reached 5, and no more neighbors can be added.
Explanation	This message is generated when the port with its maximum number of neighbors reached received an LLDP packet.
Recommended action	No action is required.

LOAD messages

This section contains load management messages.

BOARD_LOADING

Message text	Board in chassis [INT32] slot [INT32] is loading software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	4
Example	LOAD/4/BOARD_LOADING: Board in chassis 1 slot 5 is loading software images.
Explanation	The card is loading software images during the boot process.
Recommended action	No action is required.

LOAD_FAILED

Message text	Board in chassis [INT32] slot [INT32] failed to load software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	3
Example	LOAD/3/LOAD_FAILED: Board in chassis 1 slot 5 failed to load software images.
Explanation	The card failed to load software images during the boot process.
Recommended action	120. Execute the display boot-loader command to identify the startup software images. 121. Execute the dir command to verify that the startup software images exist. If the startup software images do not exist or are damaged, re-upload the software images to the device or set another one as the startup software images. 122. If the problem persists, contract H3C Support.

LOAD_FINISHED

Message text	Board in chassis [INT32] slot [INT32] has finished loading software images.
Variable fields	$1: Chassis ID. $2: Slot ID.
Severity level	5
Example	LOAD/5/LOAD_FINISHED: Board in chassis 1 slot 5 has finished loading software images.
Explanation	The card has finished loading software images.
Recommended action	No action is required.

LOGIN messages

This section contains login messages.

LOGIN_FAILED

Message text	[STRING] failed to login from [STRING].
Variable fields	$1: Username. $2: Line name or IP address.
Severity level	5
Example	LOGIN/5/LOGIN_FAILED: TTY failed to log in from console0. LOGIN/5/LOGIN_FAILED: usera failed to log in from 192.168.11.22.
Explanation	A login attempt failed.
Recommended action	No action is required.

LOGIN_ INVALID_USERNAME_PWD

Message text	Invalid username or password from [STRING].
Variable fields	$1: User line name and user IP address.
Severity level	5
Example	LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from console0. LOGIN/5/LOGIN_INVALID_USERNAME_PWD: Invalid username or password from 192.168.11.22.
Explanation	A user entered an invalid username or password.
Recommended action	No action is required.

LPDT messages

This section contains loop detection messages.

LPDT_LOOPED

Message text	Loopback exists on [STRING].
Variable fields	$1: Port name.
Severity level	4
Example	LPDT/4/LPDT_LOOPED: Loopback exists on Ethernet 6/4/2.
Explanation	The first intra-VLAN loop was detected on a port.
Recommended action	Check the links and configuration on the device for the loop, and remove the loop.

LPDT_RECOVERED

Message text	Loopback on [STRING] recovered.
Variable fields	$1: Port name.
Severity level	5
Example	LPDT/5/LPDT_RECOVERED: Loopback on Ethernet 6/4/1 recovered.
Explanation	All intra-VLAN loops on a port were removed.
Recommended action	No action is required.

LPDT_VLAN_LOOPED

Message text	Loopback exists on [STRING] in VLAN [UINT16].
Variable fields	$1: Port name. $2: VLAN ID.
Severity level	4
Example	LPDT/4/LPDT_VLAN_LOOPED: Loopback exists on Ethernet6/4/1 in VLAN 1.
Explanation	A loop in a VLAN was detected on a port.
Recommended action	Check the links and configurations in the VLAN for the loop, and remove the loop.

LPDT_VLAN_RECOVERED

Message text	Loopback on [STRING] in VLAN [UINT16] recovered.
Variable fields	$1: Port name. $2: VLAN ID.
Severity level	5
Example	LPDT/5/LPDT_RECOVERED: Loopback on Ethernet6/4/1 in VLAN 1 recovered.
Explanation	A loop in a VLAN was removed on a port.
Recommended action	No action is required.

LS messages

This section contains Local Server messages.

LS_ADD_USER_TO_GROUP

Message text	Admin [STRING] added user [STRING] to group [STRING].
Variable fields	$1: Admin name. $2: Username. $3: User group name.
Severity level	4
Example	LS/4/LS_ADD_USER_TO_GROUP: Admin admin added user user1 to group group1.
Explanation	The administrator added a user into a user group.
Recommended action	No action is required.

LS_AUTHEN_FAILURE

Message text	User [STRING] from [STRING] failed authentication. [STRING]
Variable fields	$1: Username. $2: IP address. $3: Failure reason: ¡ User not found. ¡ Password verified failed. ¡ User not active. ¡ Access type mismatch. ¡ Binding attribute is failed. ¡ User in blacklist.
Severity level	5
Example	LS/5/LS_AUTHEN_FAILURE: User cwf@system from 192.168.0.22 failed authentication. "User not found."
Explanation	The local server rejected a user's authentication request.
Recommended action	No action is required.

LS_AUTHEN_SUCCESS

Message text	User [STRING] from [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	LS/6/LS_AUTHEN_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully.
Explanation	The local server accepted a user's authentication request.
Recommended action	No action is required.

LS_DEL_USER_FROM_GROUP

Message text	Admin [STRING] delete user [STRING] from group [STRING].
Variable fields	$1: Admin name. $2: Username. $3: User group name.
Severity level	4
Example	LS/4/LS_DEL_USER_FROM_GROUP: Admin admin delete user user1 from group group1.
Explanation	The administrator deleted a user from a user group.
Recommended action	No action is required.

LS_DELETE_PASSWORD_FAIL

Message text	Failed to delete the password for user [STRING].
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_DELETE_PASSWORD_FAIL: Failed to delete the password for user abcd.
Explanation	Failed to delete the password for a user.
Recommended action	Check the file system for errors.

LS_PWD_ADDBLACKLIST

Message text	User [STRING] was added to the blacklist due to multiple login failures, [STRING].
Variable fields	$1: Username. $2: Options include: ¡ but could make other attempts. ¡ and is permanently blocked. ¡ and was temporarily blocked for [UINT32] minutes.
Severity level	4
Example	LS/4/LS_PWD_ADDBLACKLIST: User user1 was added to the blacklist due to multiple login failures, but could make other attempts.
Explanation	A user was added to the blacklist because of multiple login failures.
Recommended action	Check the user's password.

LS_PWD_CHGPWD_FOR_AGEDOUT

Message text	User [STRING] changed the password because it was expired.
Variable fields	$1: User name.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_AGEDOUT: User aaa changed the password because it was expired.
Explanation	A user changed the password because the password expired.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_AGEOUT

Message text	User [STRING] changed the password because it was about to expire.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_AGEOUT: User aaa changed the password because it was about to expire.
Explanation	A user changed the password because the password is about to expire.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_COMPOSITION

Message text	User [STRING] changed the password because it had an invalid composition.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_COMPOSITION: User aaa changed the password because it had an invalid composition.
Explanation	A user changed the password because it had an invalid composition.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_FIRSTLOGIN

Message text	User [STRING] changed the password at the first login.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_FIRSTLOGIN: User aaa changed the password at the first login.
Explanation	A user changed the password at the first login.
Recommended action	No action is required.

LS_PWD_CHGPWD_FOR_LENGTH

Message text	User [STRING] changed the password because it was too short.
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_PWD_CHGPWD_FOR_LENGTH: User aaa changed the password because it was too short.
Explanation	A user changed the password because it was too short.
Recommended action	No action is required.

LS_PWD_FAILED2WRITEPASS2FILE

Message text	Failed to write the password records to file.
Variable fields	N/A
Severity level	4
Example	LS/4/LS_PWD_FAILED2WRITEPASS2FILE: Failed to write the password records to file.
Explanation	Failed to write the password records to file.
Recommended action	No action is required.

LS_PWD_MODIFY_FAIL

Message text	Admin [STRING] from [STRING] could not modify the password for user [STRING], because [STRING].
Variable fields	$1: Admin name. $2: IP address. $3: Username. $4: Failure reason: ¡ passwords do not match. ¡ the password history cannot be written. ¡ the password cannot be verified.
Severity level	4
Example	LS/4/LS_PWD_MODIFY_FAIL: Admin admin from 1.1.1.1 could not modify the password for user user1, because passwords do not match.
Explanation	An administrator failed to modify a user's password.
Recommended action	No action is required.

LS_PWD_MODIFY_SUCCESS

Message text	Admin [STRING] from [STRING] modify the password for user [STRING] successfully.
Variable fields	$1: Admin name. $2: IP address. $3: Username.
Severity level	6
Example	LS/6/LS_PWD_MODIFY_SUCCESS: Admin admin from 1.1.1.1 modify the password for user abc successfully.
Explanation	An administrator successfully changed a user's password.
Recommended action	No action is required.

LS_REAUTHEN_FAILURE

Message text	User [STRING] from [STRING] failed reauthentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	LS/5/LS_REAUTHEN_FAILURE: User abcd from 1.1.1.1 failed reauthentication.
Explanation	A user failed reauthentication because the old password entered for reauthentication is invalid.
Recommended action	Check the old password.

LS_UPDATE_PASSWORD_FAIL

Message text	Failed to update the password for user [STRING].
Variable fields	$1: Username.
Severity level	4
Example	LS/4/LS_UPDATE_PASSWORD_FAIL: Failed to update the password for user abc.
Explanation	Failed to update the password for a user.
Recommended action	Check the file system for errors.

LS_USER_CANCEL

Message text	User [STRING] from [STRING] cancelled inputting the password.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	LS/5/LS_USER_CANCEL: User 1 from 1.1.1.1 cancelled inputting the password.
Explanation	The user cancelled inputting the password or did not input the password in 90 seconds.
Recommended action	No action is required.

LS_USER_PASSWORD_EXPIRE

Message text	User [STRING]'s login idle timer timed out.
Variable fields	$1: Username.
Severity level	5
Example	LS/5/LS_USER_PASSWORD_EXPIRE: User 1's login idle timer timed out.
Explanation	The login idle time for a user expired.
Recommended action	No action is required.

LS_USER_ROLE_CHANGE

Message text	Admin [STRING] [STRING] the user role [STRING] for [STRING].
Variable fields	$1: Admin name. $2: Added/Deleted. $3: User role. $4: Username.
Severity level	4
Example	LS/4/LS_USER_ROLE_CHANGE: Admin admin add the user role network-admin for abcd.
Explanation	The administrator added a user role for a user.
Recommended action	No action is required.

LSPV messages

This section contains LSP verification messages.

LSPV_PING_STATIS_INFO

Message text	Ping statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packets loss, round-trip min/avg/max = [UINT32]/[UINT32]/[UINT32] ms.
Variable fields	$1: FEC. $2: Number of echo requests sent. $3: Number of echo replies received. $4: Percentage of the non-replied packets to the total requests. $5: Minimum round-trip delay. $6: Average round-trip delay. $7: Maximum round-trip delay.
Severity level	6
Example	LSPV/6/LSPV_PING_STATIS_INFO: Ping statistics for FEC 192.168.1.1/32: 5 packets transmitted, 5 packets received, 0.0% packets loss, round-trip min/avg/max = 1/2/5 ms.
Explanation	Ping statistics for an LSP tunnel or a PW. This message is generated when the ping mpls command is executed.
Recommended action	If no reply is received, verify the connectivity of the LSP tunnel or the PW.

MAC messages

This section contains MAC messages.

MAC_TABLE_FULL_GLOBAL

Message text	The number of MAC address entries exceeded the maximum number [UINT32].
Variable fields	$1: Maximum number of MAC addresses.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_GLOBAL: The number of MAC address entries exceeded the maximum number 1024.
Explanation	The number of entries in the global MAC address table exceeded the maximum number supported by the table.
Recommended action	No action is required.

MAC_TABLE_FULL_PORT

Message text	The number of MAC address entries exceeded the maximum number [UINT32] for interface [STRING].
Variable fields	$1: Maximum number of MAC addresses. $2: Interface name.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_PORT: The number of MAC address entries exceeded the maximum number 1024 for interface GigabitEthernet2/0/32.
Explanation	The number of entries in the MAC address table for an interface exceeded the maximum number supported by the table.
Recommended action	No action is required.

MAC_TABLE_FULL_VLAN

Message text	The number of MAC address entries exceeded the maximum number [UINT32] in VLAN [UINT32].
Variable fields	$1: Maximum number of MAC addresses. $2: VLAN ID.
Severity level	4
Example	MAC/4/MAC_TABLE_FULL_VLAN: The number of MAC address entries exceeded the maximum number 1024 in VLAN 2.
Explanation	The number of entries in the MAC address table for a VLAN exceeded the maximum number supported by the table.
Recommended action	No action is required.

MACA messages

This section contains MAC authentication messages.

MACA_ENABLE_NOT_EFFECTIVE

Message text	The MAC authentication feature is enabled but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	MACA/3/MACA_ENABLE_NOT_EFFECTIVE: The MAC authentication feature is enabled but is not effective on interface Ethernet3/1/2.
Explanation	MAC authentication configuration does not take effect on an interface, because the interface does not support MAC authentication.
Recommended action	123. Disable MAC authentication on the interface. 124. Reconnect the connected devices to another interface that supports MAC authentication. 125. Enable MAC authentication on the new interface.

MACSEC messages

This section contains MACsec messages.

MACSEC_MKA_KEEPALIVE_TIMEOUT

Message text	The live peer with SCI [STRING] and CKN [STRING] aged out on interface [STRING].
Variable fields	$1: SCI. $2: CKN. $3: Interface name.
Severity level	4
Example	MACSEC/4/MACSEC_MKA_KEEPALIVE_TIMEOUT: The live peer with SCI 00E00100000A0006 and CKN 80A0EA0CB03D aged out on interface GigabitEthernet1/0/1.
Explanation	A live peer aged out on an interface, because the local participant had not received any MKA packets from the peer before the keepalive timer expired. The local participant removed the peer information from the port.
Recommended action	Check the link between the local participant and the live peer for link failure. If the link is down, recover the link.

MACSEC_MKA_PRINCIPAL_ACTOR

Message text	The actor with CKN [STRING] became principal actor on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_PRINCIPAL_ACTOR: The actor with CKN 80A0EA0CB03D became principal actor on interface GigabitEthernet1/0/1.
Explanation	The actor with the highest key server priority became the principal actor.
Recommended action	No action is required.

MACSEC_MKA_SAK_REFRESH

Message text	The SAK has been refreshed on interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SAK_REFRESH: The SAK has been refreshed on interface GigabitEthernet1/0/1.
Explanation	The participant on the interface derived or received a new SAK.
Recommended action	No action is required.

MACSEC_MKA_SESSION_REAUTH

Message text	The MKA session with CKN [STRING] was re-authenticated on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SESSION_REAUTH: The MKA session with CKN 80A0EA0CB03D was re-authenticated on interface GigabitEthernet1/0/1.
Explanation	The interface performed 802.1X reauthentication. After the 802.1X reauthentication, the participants received a new CAK, and used it to re-establish the MKA session.
Recommended action	No action is required.

MACSEC_MKA_SESSION_SECURED

Message text	The MKA session with CKN [STRING] was secured on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SESSION_SECURED: The MKA session with CKN 80A020EA0CB03D was secured on interface GigabitEthernet1/0/1.
Explanation	The MKA session on the interface was secured. Packets are encrypted and transmitted in cipher text. The event occurs in the following situations: · The MKA session state changes from unsecured to secured. · The local participant and the peer negotiate a new MKA session when the following conditions exist: ¡ Both the key server and the peer support MACsec. ¡ A minimum of one participant is enabled with the MACsec desire feature.
Recommended action	No action is required.

MACSEC_MKA_SESSION_START

Message text	The MKA session with CKN [STRING] started on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	6
Example	MACSEC/6/MACSEC_MKA_SESSION_START: The MKA session with CKN 80A020EA0CB03D started on interface GigabitEthernet1/0/1.
Explanation	The MKA session negotiation was initiated. Possible reasons include: · New CAK is available after MKA is enabled. · The user re-establishes the MKA session. · The interface that failed MKA session negotiation receives an MKA packet.
Recommended action	No action is required.

MACSEC_MKA_SESSION_STOP

Message text	The MKA session with CKN [STRING] stopped on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	5
Example	MACSEC/5/MACSEC_MKA_SESSION_STOP: The MKA session with CKN 80A020EA0CB03D stopped on interface GigabitEthernet1/0/1.
Explanation	The MKA session was terminated. Possible reasons include: · The user removes or re-establishes the MKA session on the interface. · The link associated to the session is down.
Recommended action	126. Use the display mka session command to check whether the session exists: ¡ If the session has been re-established, ignore the message. ¡ If the session does not exist and is not removed by the user, check the link associated with the session for link failure. 127. Recover the link if the link is down.

MACSEC_MKA_SESSION_UNSECURED

Message text	The MKA session with CKN [STRING] was not secured on interface [STRING].
Variable fields	$1: CKN. $2: Interface name.
Severity level	5
Example	MACSEC/5/MACSEC_MKA_SESSION_UNSECURED: The MKA session with CKN 80A020EA0CB03D was not secured on interface GigabitEthernet1/0/1.
Explanation	The MKA session on the interface was not secured. Packets are transmitted in plain text. The event occurs in the following situations: · The MKA session state changes from secured to unsecured. · The local participant and the peer negotiate a new MKA session when the following conditions exist: ¡ The key server and the peer are not both MACsec capable. ¡ No participant is enabled with the MACsec desire feature.
Recommended action	To secure the MKA session, perform the following tasks: · Verify that both the key server and the peer support MACsec. · Verify that a minimum of one participant is enabled with the MACsec desire feature.

MBFD messages

This section contains MPLS BFD messages.

MBFD_TRACEROUTE_FAILURE

Message text	[STRING] is failed. ([STRING].)
Variable fields	$1: LSP information. $2: Reason for the LSP failure.
Severity level	5
Example	MBFD/5/MBFD_TRACEROUTE_FAILURE: LSP (LDP IPv4: 22.22.2.2/32, nexthop: 20.20.20.2) is failed. (Replying router has no mapping for the FEC.) MBFD/5/MBFD_TRACEROUTE_FAILURE: TE tunnel (RSVP IPv4: Tunnel1) is failed. (No label entry.)
Explanation	LSP/MPLS TE tunnel failure was detected by periodic MPLS tracert. This message is generated when the system receives an MPLS echo reply with an error return code.
Recommended action	Verify the configuration for the LSP or MPLS TE tunnel.

MBUF messages

This section contains MBUF messages.

MBUF_DATA_BLOCK_CREATE_FAIL

Message text	Failed to create an MBUF data block because of insufficient memory. Failure count: [UINT32].
Variable fields	$1: Failure count.
Severity level	2
Example	MBUF/2/MBUF_DATA_BLOCK_CREATE_FAIL: Failed to create an MBUF data block because of insufficient memory. Failure count: 128.
Explanation	The message is output when the system fails to create an MBUF data block 1 minute or more after the most recent creation failure.
Recommended action	128. Execute the display system internal kernel memory pool \| include mbuf command in probe view to view the number of the allocated MBUF data blocks. 129. Execute the display memory command in system view to display the total size of the system memory. 130. Determine whether an excessive number of MBFU data blocks are allocated by comparing the size of the allocated MBUF data blocks with that of the system memory. ¡ If it is not an excessive number, use the memory management commands to check for the memory-intensive modules. ¡ If it is an excessive number, go to step 131. 131. Execute the display system internal mbuf socket statistics command in probe view to view the number of the MBUF data blocks buffered in the socket. Determine whether a process has too many MBUF data blocks buffered in the socket buffer. ¡ If it is too many, locate the reason why the MBUF data blocks cannot be released from the socket buffer. ¡ If it is not too many, use other means to locate the reasons for excessive allocation of MBUF data blocks. 132. If the problem persists, contact H3C Support.

MDC messages

This section contains MDC messages.

MDC_CREATE_ERR

Message text	Failed to create MDC [UINT16] for insufficient resources.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_CREATE_ERR: -Slot=1; Failed to create MDC 2 for insufficient resources.
Explanation	The standby MPU did not have enough resources to create the MDC. At startup, the standby MPU obtains MDC configuration information from the active MPU. If the standby MPU does not have enough resources to create an MDC, it outputs this log message.
Recommended action	133. Use the display mdc resource command to display the CPU, memory, and disk space resources on the standby MPU. 134. Perform one of the following tasks: ¡ If the memory space is insufficient, increase the memory space. If the disk space is insufficient, delete unused files. ¡ Use the undo mdc command to delete the specified MDC. ¡ Replace the standby MPU with an MPU that has sufficient resources.

MDC_CREATE

Message text	MDC [UINT16] was created.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_CREATE: MDC 2 was created.
Explanation	An MDC was created successfully.
Recommended action	No action is required.

MDC_DELETE

Message text	MDC [UINT16] was deleted.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_DELETE: MDC 2 was deleted.
Explanation	An MDC was deleted successfully.
Recommended action	No action is required.

MDC_KERNEL_EVENT_TOOLONG

Message text	[STRING] [UINT16] kernel event in sequence [STRING] function [STRING] failed to finish within [UINT32] minutes.
Variable fields	$1: MDC ID. $2: Kernel event phase. $3: Address of the function corresponding to the kernel event. $4: Time duration.
Severity level	4
Example	MDC/4/MDC_KERNEL_EVENT_TOOLONG: Slot=1; MDC 2 kernel event in sequence 0x4fe5 function 0xff245e failed to finish within 15 minutes.
Explanation	A kernel event stayed unfinished for a long period of time.
Recommended action	135. Reboot the card in the specified slot. 136. If the problem persists, contact HP Support.

MDC_LICENSE_EXPIRE

Message text	The MDC feature's license will expire in [UINT32] days.
Variable fields	$1: Number of days, in the range of 1 to 30.
Severity level	5
Example	MDC/5/MDC_LICENSE_EXPIRE: The MDC feature’s license will expire in 5 days.
Explanation	The license for the MDC feature was about to expire.
Recommended action	Install a new license.

MDC_NO_FORMAL_LICENSE

Message text	The feature MDC has no formal license.
Variable fields	N/A
Severity level	5
Example	MDC/5/MDC_NO_FORMAL_LICENSE: The feature MDC has no formal license.
Explanation	The standby MPU became the active MPU but it did not have a formal license. The MDC feature has a free trial period. To use the feature after the period elapses, you must install a license for the standby MPU.
Recommended action	Install a formal license.

MDC_NO_LICENSE_EXIT

Message text	The MDC feature is being disabled, because it has no license.
Variable fields	N/A
Severity level	5
Example	MDC/5/MDC_NO_LICENSE_EXIT: The MDC feature is being disabled, because it has no license.
Explanation	The MDC feature was disabled because the license for the MDC feature expired or was uninstalled.
Recommended action	Install the required license.

MDC_OFFLINE

Message text	MDC [UINT16] is offline now.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_OFFLINE: MDC 2 is offline now.
Explanation	An MDC was stopped.
Recommended action	No action is required.

MDC_ONLINE

Message text	MDC [UINT16] is online now.
Variable fields	$1: MDC ID.
Severity level	5
Example	MDC/5/MDC_ONLINE: MDC 2 is online now.
Explanation	An MDC was started.
Recommended action	No action is required.

MDC_STATE_CHANGE

Message text	MDC [UINT16] status changed to [STRING].
Variable fields	$1: MDC ID. $2: MDC status: ¡ updating–The system is assigning interface cards to the MDC (executing the location command). ¡ stopping–The system is stopping the MDC (executing the undo mdc start command). ¡ inactive–The MDC is inactive. ¡ starting–The system is starting the MDC (executing the mdc start command). ¡ active–The MDC is operating correctly.
Severity level	5
Example	MDC/5/MDC_STATE_CHANGE: MDC 2 status changed to active.
Explanation	The status of an MDC changed.
Recommended action	No action is required.

MFIB messages

This section contains MFIB messages.

MFIB_MEM_ALERT

Message text	MFIB process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alert event.
Severity level	5
Example	MFIB/5/MFIB_MEM_ALERT: MFIB process receive system memory alert start event.
Explanation	The MFIB module received a memory alert event from the system.
Recommended action	137. Check the system memory to make sure the memory usage does not exceed the thresholds. 138. Release memory for the modules that occupy too many memory resources.

MGROUP messages

This section contains mirroring group messages.

MGROUP_APPLY_SAMPLER_FAIL

Message text	Failed to apply the sampler for mirroring group [UINT16], because the sampler resources are insufficient.
Variable fields	$1: Mirroring group ID.
Severity level	3
Example	MGROUP/3/MGROUP_APPLY_SAMPLER_FAIL: Failed to apply the sampler for mirroring group 1, because the sampler resources are insufficient.
Explanation	A sampler was not applied to the mirroring group because the sampler resources were insufficient.
Recommended action	No action is required.

MGROUP_RESTORE_CPUCFG_FAIL

Message text	Failed to restore configuration for mirroring CPU of [STRING] in mirroring group [UINT16], because [STRING]
Variable fields	$1: Slot number. $2: Mirroring group ID. $3: Failure reason.
Severity level	3
Example	MGROUP/3/MGROUP_RESTORE_CPUCFG_FAIL: Failed to restore configuration for mirroring CPU of chassis 1 slot 2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported.
Explanation	When the CPU of the card in the slot is the source CPU in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the source CPU configuration might fail.
Recommended action	Check for the failure reason. If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the source CPU in the mirroring group.

MGROUP_RESTORE_IFCFG_FAIL

Message text	Failed to restore configuration for interface [STRING] in mirroring group [UINT16], because [STRING]
Variable fields	$1: Interface name. $2: Mirroring group ID. $3: Failure reason.
Severity level	3
Example	MGROUP/3/MGROUP_RESTORE_IFCFG_FAIL: Failed to restore configuration for interface Ethernet3/1/2 in mirroring group 1, because the type of the monitor port in the mirroring group is not supported.
Explanation	When the interface of the card in the slot is the monitor port in the mirroring group, configuration changes after the card is removed. When the card is reinstalled into the slot, restoring the monitor port configuration might fail.
Recommended action	Check for the failure reason. If the reason is that the system does not support the changed configuration, delete the unsupported configuration, and reconfigure the monitor port in the mirroring group.

MGROUP_SYNC_CFG_FAIL

Message text	Failed to restore configuration for mirroring group [UINT16] in [STRING], because [STRING]
Variable fields	$1: Mirroring group ID. $2: Slot number. $3: Failure reason.
Severity level	3
Example	MGROUP/3/MGROUP_SYNC_CFG_FAIL: Failed to restore configuration for mirroring group 1 in chassis 1 slot 2, because monitor resources are insufficient.
Explanation	When the complete mirroring group configuration was synchronized on the card in the slot, restoring configuration failed because resources on the card were insufficient.
Recommended action	Delete the mirroring group.

MPLS messages

This section contains MPLS messages.

MPLS_HARD_RESOURCE_NOENOUGH

Message text	No enough hardware resource for MPLS.
Variable fields	N/A
Severity level	4
Example	MPLS/4/MPLS_HARD_RESOURCE_NOENOUGH: No enough hardware resource for MPLS.
Explanation	Hardware resources for MPLS were insufficient.
Recommended action	Check whether unnecessary LSPs had been generated. If yes, configure or modify the LSP generation policy, label advertisement policy, and label acceptance policy to filter out unnecessary LSPs.

MPLS_HARD_RESOURCE_RESTORE

Message text	Hardware resources for MPLS are restored.
Variable fields	N/A
Severity level	6
Example	MPLS/6/MPLS_HARD_RESOURCE_RESTORE: Hardware resources for MPLS are restored.
Explanation	Hardware resources for MPLS were restored.
Recommended action	No action is required.

MTLK messages

This section contains Monitor Link messages.

MTLK_UPLINK_STATUS_CHANGE

Message text	The uplink of monitor link group [UINT32] is [STRING].
Variable fields	$1: Monitor link group ID. $2: Monitor Link group status, up or down.
Severity level	6
Example	MTLK/6/MTLK_UPLINK_STATUS_CHANGE: The uplink of monitor link group 1 is up.
Explanation	The uplink of a monitor link group went up or down.
Recommended action	Troubleshoot the uplink when it fails.

NAT messages

This section contains NAT messages.

NAT_ADDR_BIND_CONFLICT

Message text	Failed to activate NAT configuration on interface [STRING], because global IP addresses already bound to another service card.
Variable fields	$1: Interface name.
Severity level	4
Example	NAT/4/NAT_ADDR_BIND_CONFLICT: Failed to activate NAT configuration on interface Ethernet0/0/2, because global IP addresses already bound to another service card.
Explanation	The NAT configuration did not take effect, because the global IP addresses that the interface references have been bound to another service card.
Recommended action	If multiple interfaces reference the same global IP addresses, you must specify the same service card to process NAT traffic passing through these interfaces. To resolve the problem: 139. Use the display nat all command to check the current configuration. 140. Remove the service card configuration on the interface. 141. Specify the same service card for interfaces referencing the same global IP addresses.

NAT_ADDRGRP_MEMBER_CONFLICT

Message text	The address range in address group [UINT16] overlaps with the address range in address group [UINT16].
Variable fields	$1: NAT address group ID. $2: NAT address group ID.
Severity level	4
Example	NAT/4/NAT_ADDRGRP_MEMBER_CONFLICT: The address range in address group 1 overlaps with the address range in address group 2.
Explanation	This message is sent if addresses in NAT address groups overlap.
Recommended action	Modify IP addresses in conflicting NAT address groups.

NAT_ADDRGRP_RESOURCE_EXHAUST

Message text	The address resources of [STRING] address group [INTEGER] are not enough.
Variable fields	$1: Address translation mode: · NO-PAT · EIM $2: Address group ID.
Severity level	4
Example	NAT/4/NAT_ADDRGRP_RESOURCE_EXHAUST: The address resources of NO-PAT address group 1 are not enough.
Explanation	The address resources for the No-PAT or EIM mode are not enough.
Recommended action	Please add address resources.

NAT_FAILED_ADD_FLOW_TABLE

Message text	Failed to add flow-table due to [STRING].
Variable fields	$1: Failure reason: · no enough resource. · The item already exists.
Severity level	4
Example	NAT/4/NAT_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to no enough resource.
Explanation	The system failed to add a flow table due to insufficient hardware resources or NAT address overlapping.
Recommended action	If the failure is caused by insufficient hardware resources, contact H3C Support. If the failure is caused by address overlapping, reconfigure the NAT addresses. Make sure the NAT address ranges do not overlap.

NAT_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];UserName(1113)=[STRING];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Application layer protocol name. $3: Source IP address. $4: Source port number. $5: Source IP address after translation. $6: Source port number after translation. $7: Destination IP address. $8: Destination port number. $9: Destination IP address after translation. $10: Destination port number after translation. $11: Name of identity users. $12: Total number of incoming packets. $13: Total number of incoming bytes. $14: Total number of outgoing packets. $15: Total number of outgoing bytes. $16: Source VPN instance name. $17: Destination VPN instance name. $18: Source DS-Lite tunnel. $19: Destination DS-Lite tunnel. $20: Time when the session is created. $21: Time when the session is removed. $22: Event type. $23: Event description: ¡ Session created. ¡ Active flow threshold. ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other.
Severity level	6
Example	NAT/6/NAT_FLOW: Protocol(1001)=UDP;Application(1002)=sip;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=20.20.20.20;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;UserName(1113)=abc;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03182024082546;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · A NAT session is created or removed. · Regularly during a NAT session. · The traffic threshold or aging time of a NAT session is reached.
Recommended action	No action is required.

NAT_INTERFACE_RESOURCE_EXHAUST

Message text	The address resources of Easy-IP-EIM interface [STRING] are not enough.
Variable fields	$1: Interface name.
Severity level	4
Example	NAT/4/NAT_INTERFACE_RESOURCE_EXHAUST: The address resources of EASY-IP-EIM interface Route-Aggregation1 are not enough.
Explanation	The address resources for the Easy-IP-EIM mode on the interface are not enough.
Recommended action	Please add address resources.

NAT_NOPAT_IP_USAGE_ALARM

Message text	Address group [UINT16], total IP addresses [UINT16], used IP addresses [UINT16], usage rate over [UINT16]%.
Variable fields	$1: NAT address group ID. $2: Number of total IP addresses in the NAT address group. $3: Number of used IP addresses in the NAT address group. $4: IP usage of the NAT address group.
Severity level	6
Example	NAT/6/NAT_NOPAT_IP_USAGE_ALARM: -Context=1; Address group 1, total IP addresses 10, used IP addresses 9, usage rate over 90%.
Explanation	This message is sent when the IP usage of the NAT address group in NO-PAT mode exceeded the threshold.
Recommended action	No action is required.

NAT_SERVICE_CARD_RECOVER_FAILURE

Message text	Pattern 1: Failed to recover the configuration of binding the service card on slot [UINT16] to interface [STRING], because [STRING]. Pattern 2: Failed to recover the configuration of binding the service card on chassis [UINT16] slot [UINT16] to interface [STRING], because [STRING].
Variable fields	Pattern 1: $1: Slot number. $2: Interface name. $3: Reasons why restoring the binding between the service card and the interface fails. Pattern 2: $1: Chassis number. $2: Slot number. $3: Interface name. $4: Reasons why restoring the binding between the service card and the interface fails.
Severity level	4
Example	NAT/4/NAT_SERVICE_CARD_RECOVER_FAILURE: Failed to recover the configuration of binding the service card on slot 3 to interface GigabitEthernet0/0/2, because NAT service is not supported on this service card.
Explanation	Restoring the binding between the service card and the interface failed.
Recommended action	· If the operation fails because the NAT addresses have already been bound to another service card: ¡ Use the display nat all command to check the current configuration. ¡ Specify the same service card for interfaces referencing the same NAT addresses. · Check the service card for hardware problems if the failure is caused by one of the following reasons: ¡ NAT service is not supported on this service card. ¡ The hardware resources are not enough. ¡ Unknown error.

NAT_SERVER_INVALID

Message text	The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface.
Variable fields	N/A
Severity level	4
Example	NAT/4/NAT_SERVER_INVALID: The NAT server with Easy IP is invalid because its global settings conflict with that of another NAT server on this interface.
Explanation	The NAT Server with Easy IP did not take effect because its global settings conflict with that the global settings of another NAT Server on the same interface.
Recommended action	Modify the NAT Server configuration on the interface. The combination of protocol type, global IP addresses and global ports must be unique for each NAT Server on the same interface.

NAT_FAILED_ADD_FLOW_RULE

Message text	Failed to add flow-table due to: [STRING].
Variable fields	$1: Reason for the failure.
Severity level	4
Example	NAT/4/NAT_FAILED_ADD_FLOW_TABLE: Failed to add flow-table due to: Not enough resources are available to complete the operation.
Explanation	The system failed to deploy flow entries. Possible reasons include insufficient hardware resources or memory.
Recommended action	Contact H3C Support.

NAT444_PORTBLOCK_USAGE_ALARM

Message text	Address group [UINT16], total port blocks [UINT16], active port blocks [UINT16], usage rate over [UINT16]%.
Variable fields	$1: Address group ID. $2: Number of port blocks in the address group. $3: Number of assigned port blocks in the address group. $4: Port block usage.
Severity level	6
Example	NAT/6/NAT444_PORTBLOCK_USAGE_ALARM: -Context=1; Address group 1003, total port blocks 10, active port blocks 9, usage rate over 90%.
Explanation	This message is sent when the port block usage assigned by dynamic NAT444 exceeds the specified threshold.
Recommended action	Please add port block resources.

ND messages

This section contains ND messages.

ND_CONFLICT

Message text	[STRING] is inconsistent.
Variable fields	$1: Configuration type: ¡ M_FLAG. ¡ O_FLAG. ¡ CUR_HOP_LIMIT. ¡ REACHABLE TIME. ¡ NS INTERVAL. ¡ MTU. ¡ PREFIX VALID TIME. ¡ PREFIX PREFERRED TIME.
Severity level	6
Example	ND/6/ND_CONFLICT: PREFIX VALID TIME is inconsistent
Explanation	The configuration information in the received router advertisement was not consistent with the configuration on the device. A message is sent if an inconsistency is detected.
Recommended action	Verify that the configurations on the device and the neighboring router are consistent.

ND_DUPADDR

Message text	Duplicate address: [STRING] on the interface [STRING].
Variable fields	$1: IPv6 address that is to be assigned to the interface. $2: Name of the interface.
Severity level	6
Example	ND/6/ND_DUPADDR: Duplicate address: 33::8 on interface Vlan-interface9.
Explanation	The IPv6 address that was to be assigned to the interface is being used by another device.
Recommended action	Assign another IPv6 address to the interface.

ND_HOST_IP_CONFLICT

Message text	The host [STRING] connected to interface [STRING] cannot communicate correctly, because it uses the same IPv6 address as the host connected to interface [STRING].
Variable fields	$1: IPv6 global unicast address of the host. $2: Name of the interface. $3: Name of the interface.
Severity level	4
Example	ND/4/ND_HOST_IP_CONFLICT: The host 2::2 connected to interface GigabitEthernet1/0/1 cannot communicate correctly, because it uses the same IPv6 address as the host connected to interface GigabitEthernet1/0/1.
Explanation	The IPv6 global unicast address of the host is being used by another host that connects to the same interface.
Recommended action	Disconnect the host and assign another IPv6 global unicast address to the host.

ND_MAC_CHECK

Message text	Packet received on interface [STRING] was dropped because source MAC [STRING] was inconsistent with link-layer address [STRING].
Variable fields	$1: Receiving interface of the ND packet. $2: Source MAC address in the Ethernet frame header of the ND packet. $3: Source link-layer address in the ND packet.
Severity level	6
Example	ND/6/ND_MAC_CHECK: Packet received on interface Ethernet2/0/2 was dropped because source MAC 0002-0002-0001 was inconsistent with link-layer address 0002-0002-0002.
Explanation	The device dropped an ND packet because source MAC consistency check detected that source MAC address and the source link-layer address are not the same in the packet.
Recommended action	Verify the validity of the ND packet originator.

ND_SET_PORT_TRUST_NORESOURCE

Message text	Not enough resources to complete the operation.
Variable fields	N/A
Severity level	6
Example	ND/6/ND_SET_PORT_TRUST_NORESOURCE: Not enough resources to complete the operation.
Explanation	Failed to execute the command because driver resources were not enough.
Recommended action	Release the driver resources and execute the command again.

ND_SET_VLAN_REDIRECT_NORESOURCE

Message text	Not enough resources to complete the operation.
Variable fields	N/A
Severity level	6
Example	ND/6/ND_SET_VLAN_REDIRECT_NORESOURCE: Not enough resources to complete the operation.
Explanation	Failed to execute the command because driver resources were not enough.
Recommended action	Release the driver resources and execute the command again.

ND_MAXNUM_IF

Message text	The number of dynamic neighbor entries on interface [STRING] has reached the maximum.
Variable fields	$1: Interface name.
Severity level	6
Example	The number of dynamic neighbor entries on interface GigabitEthernet3/0/1 has reached the maximum.
Explanation	The number of dynamic neighbor entries on the interface has reached the upper limit.
Recommended action	No action is required.

ND_MAXNUM_DEV

Message text	The number of dynamic neighbor entries for the device has reached the maximum.
Variable fields	N/A
Severity level	6
Example	The number of dynamic neighbor entries for the device has reached the maximum.
Explanation	The number of dynamic neighbor entries on the device has reached the upper limit.
Recommended action	No action is required.

NETCONF messages

This section contains NETCONF messages.

CLI

Message text	User ([STRING], [STRING][STRING]) performed an CLI operation: [STRING] operation result=[STRING][STRING]
Variable fields	$1: Username or user line type. · If scheme login authentication was performed for the user, this field displays the username. · If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative number. · For a Telnet or SSH user, this field displays the IP address of the user. · For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as console0. $3: ID of the NETCONF session. This field is not displayed for Web and RESTful sessions. $4: Message ID of the NETCONF request. This field is not displayed for Web and RESTful sessions. $5: Operation result, Succeeded or Failed. $6: Cause for an operation failure. This field is displayed only if the failure is caused by a known reason.
Severity level	6
Example	XMLSOAP/6/CLI: -MDC=1; User (test, 169.254.5.222, session ID=1) performed an CLI operation: message ID=101, operation result=Succeeded.
Explanation	After a CLI command is executed by using NETCONF, the device outputs this message to show the operation result.
Recommended action	No action is required.

EDIT-CONFIG

Message text	User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Succeeded. Or User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Failed. [STRING] Or User ([STRING], [STRING], session ID [UINT16]) performed an edit-config operation: message ID=[STRING], operation result=Failed, XPath=[STRING], error message=[STRING].
Variable fields	$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative line number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as console0. $3: ID of the NETCONF session. $4: Message ID of the NETCONF request. $5: Error message or XPath expression for an incorrect row. ¡ This field displays an error message if the verbose keyword is not specified in the netconf log command and the failure is caused by a known reason. ¡ This field displays an XPath expression if the verbose keyword is specified in the netconf log command. $6: Error message. This field is displayed only if the verbose keyword is specified in the netconf log command.
Severity level	6
Example	XMLSOAP/6/EDIT-CONFIG: -MDC=1; User (test, 192.168.100.20, session ID 1) performed an edit-config operation: message ID=101, operation result=Succeeded.
Explanation	The device outputs this log message for each NETCONF setting in an <edit-config> operation to show the configuration result.
Recommended action	No action is required.

EDIT-CONFIG

Message text	User ([STRING], [STRING][STRING])[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. No attributes. Or User ([STRING], [STRING],[STRING]),[STRING] operation=[STRING] [STRING] [STRING], result=[STRING]. Attributes: [STRING].
Variable fields	$1: Username or user line type. ¡ If scheme login authentication was performed for the user, this field displays the username. ¡ If no login authentication was performed or password authentication was performed, this field displays the user line type, such as VTY. $2: User IP address or user line type and relative line number. ¡ For a Telnet or SSH user, this field displays the IP address of the user. ¡ For a user who logged in through the console or AUX port, this field displays the user line type and the relative line number, such as console0. $3: ID of the NETCONF session. If there is no session ID, this field is not displayed. $4: Message ID of the NETCONF request. If there is no message ID, this field is not displayed. $5: NETCONF row operation name. $6: Module name and table name. $7: Index information enclosed in a pair of parentheses. If there is not an index, this field is not displayed. If there are multiple indexes, the indexes are separated by commas. $8: Result of the NETCONF row operation, Succeeded or Failed. $9: Attribute column information. If there is no attribute column, this field is not displayed.
Severity level	6
Example	XMLSOAP/6/EDIT-CONFIG: User (test, 192.168.100.20, session ID 1), message ID=1, operation=create Ifmgr/Interfaces (IfIndex="GigabitEthernet1/0/1"), result=Succeeded. Attributes: Description="This is Desc1", AdminDown=1, Speed=1.
Explanation	The device outputs this log message for each NETCONF row operation. Only action and set operations support this log message.
Recommended action	No action is required.

REPLY

Message text	Sent a NETCONF reply to the client: Session ID=[UINT16], Content=[STRING]. Or Sent a NETCONF reply to the client: Session ID=[UINT16], Content (partial)=[STRING].
Variable fields	$1: ID of the NETCONF session. This field displays a hyphen (-) before the NETCONF session is established. $2: NETCONF packet that the device sent to the NETCONF client.
Severity level	7
Example	XMLSOAP/7/REPLY: -MDC=1; Sent a NETCONF reply to the client: Session ID=2, Content=</env:Body></env:Envelope>.
Explanation	When sending a NETCONF packet to a client, the device outputs this log message for NETCONF debugging purposes. If a NETCONF packet cannot be sent in one log message, the device uses multiple log messages and adds the partial flag in each log message.
Recommended action	No action is required.

THREAD

Message text	Maximum number of NETCONF threads already reached.
Variable fields	N/A
Severity level	3
Example	XMLCFG/3/THREAD: -MDC=1; Maximum number of NETCONF threads already reached.
Explanation	The number of NETCONF threads already reached the upper limit.
Recommended action	Please try again later.

NetShare control messages

This section contains NetShare control messages.

NETSHARE_IPV4_LOG

Message text	SrcIPAddr(1003)=[IPADDR];UserName(1113)=[STRING];TerminalNum(1125)=[UINT16];PolicyName(1079)=[STRING];Action(1053)=[STRING];FreezeTime(1126)=[UINT16].
Variable fields	$1: Source IP address. $2: User name. $3: Number of terminals sharing the IP address. $4: NetShare control policy name. $5: Action to take on the shared IP address: Freeze. $6: Time the IP address will be frozen, in minutes.
Severity level	6
Example	NETSHARE/6/NETSHARE_IPV4_LOG:SrcIPAddr(1003)=65.1.1.100;UserName(1113)=test;TerminalNum(1125)=5;PolicyName(1079)=test;Action(1053)=Freeze;FreezeTime(1126)=120min.
Explanation	The number of terminals sharing the IPv4 address exceeded the limit set in the NetShare control policy. The IPv4 address will be frozen according to the action set in the policy.
Recommended action	No action is required.

NETSHARE_IPV4_LOG

Message text	SrcIPAddr(1003)=[IPADDR];UserName(1113)=[STRING];TerminalNum(1125)=[UINT16];PolicyName(1079)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source IP address. $2: User name. $3: Number of terminals sharing the IP address. $4: NetShare control policy name. $5: Action to take on the shared IP address: Permit.
Severity level	6
Example	NETSHARE/6/NETSHARE_IPV4_LOG:SrcIPAddr(1003)=65.1.1.100;UserName(1113)=test;TerminalNum(1125)=5;PolicyName(1079)=test;Action(1053)=Permit.
Explanation	The number of terminals sharing the IPv4 address exceeded the limit set in the NetShare control policy. The packet will be permitted to pass through according to the action set in the policy.
Recommended action	No action is required.

NETSHARE_IPV6_LOG

Message text	SrcIPv6Addr(1036)=[IPADDR];UserName(1113)=[STRING];TerminalNum(1125)=[UINT16];PolicyName(1079)=[STRING];Action(1053)=[STRING];FreezeTime(1126)=[UINT16].
Variable fields	$1: Source IP address. $2: User name. $3: Number of terminals sharing the IP address. $4: NetShare control policy name. $5: Action to take on the shared IP address: Freeze. $6: Time the IP address will be frozen, in minutes.
Severity level	6
Example	NETSHARE/6/NETSHARE_IPV6_LOG:SrcIPv6Addr(1036)=3001::2;UserName(1113)=test;TerminalNum(1125)=5;PolicyName(1079)=test;Action(1053)=Freeze;FreezeTime(1126)=120min.
Explanation	The number of terminals sharing the IPv6 address exceeded the limit set in the NetShare control policy. The IPv6 address will be frozen according to the action set in the policy.
Recommended action	No action is required.

NETSHARE_IPV6_LOG

Message text	SrcIPv6Addr(1036)=[IPADDR];UserName(1113)=[STRING];TerminalNum(1125)=[UINT16];PolicyName(1079)=[STRING];Action(1053)=[STRING].
Variable fields	$1: Source IP address. $2: User name. $3: Number of terminals sharing the IP address. $4: NetShare control policy name. $5: Action to take on the shared IP address: Permit.
Severity level	6
Example	NETSHARE/6/NETSHARE_IPV6_LOG:SrcIPv6Addr(1036)=3001::2;UserName(1113)=test;TerminalNum(1125)=5;PolicyName(1079)=test;Action(1053)=Permit.
Explanation	The number of terminals sharing the IPv6 address exceeded the limit set in the NetShare control policy. The packet will be permitted to pass through according to the action set in the policy.
Recommended action	No action is required.

NQA messages

This section contains NQA messages.

NQA_ENTRY_PROBE_RESULT

Message text	Reaction entry [STRING] of NQA entry admin-name [STRING] operation-tag [STRING]: [STRING].
Variable fields	$1: ID of the NQA reaction entry. The value range is 1 to 10. $2: Admin name of the NQA entry. $3: Operation tag of the NQA entry. $4: Test result. The value can be: ¡ Probe-pass: Succeeded. ¡ Probe-fail: Failed.
Severity level	6
Example	NQA/6/NQA_ENTRY_PROBE_RESULT Reaction entry 1 of NQA entry admin-name 1 operation-tag 1: Probe-pass.
Explanation	A change in the monitoring result of an NQA reaction entry was detected.
Recommended action	If the test result is Probe-fail, check the network environment.

NQA_LOG_UNREACHABLE

Message text	Server [STRING] unreachable.
Variable fields	$1: IP address of the NQA server.
Severity level	6
Example	NQA/6/NQA_LOG_UNREACHABLE: Server 192.168.30.117 unreachable.
Explanation	An unreachable server was detected.
Recommended action	Check the network environment.

NQA_SCHEDULE_FAILURE

Message text	NQA entry ([ STRING ]- [ STRING ]): Failed to start the scheduled NQA operation because port [ STRING] used by the operation is not available.
Variable fields	$1: Admin name of the NQA operation. $2: Operation tag of the NQA operation. $3: Port number.
Severity level	6
Example	NQA/6/NQA_SCHEDULE_FAILURE: NQA entry (admin-tag): Failed to start the scheduled NQA operation because port 10000 used by the operation is not available.
Explanation	Failed to start a scheduled NQA operation because the port number used by the operation is not available.
Recommended action	Change the port number of the NQA operation or disable the service that uses the port number.

NQA_SET_DRIVE_FAIL

Message text	NQA entry admin-name [STRING] operation-tag [STRING]: [STRING].
Variable fields	$1: Admin name of the NQA entry. $2: Operation tag of the NQA entry. $3: Reason for the failure to issue the NQA operation to driver: ¡ Operation failed due to configuration conflicts. ¡ Operation failed because the driver was not ready to perform the operation. ¡ Operation not supported. ¡ Not enough resources to complete the operation. ¡ Operation failed due to an unkonwn error.
Severity level	6
Example	NQA/6/ NQA_SET_DRIVE_FAIL NQA entry admin-name 1 operation-tag 1: Not enough resources to complete the operation.
Explanation	Failed to issue the NQA operation to driver.
Recommended action	Follow the instructions to check the configuration.

NQA_SEVER_FAILURE

Message text	Failed to enable the NQA server because listening port [ STRING ] is not available.
Variable fields	$1: Port number.
Severity level	6
Example	NQA/6/NQA_SEVER_FAILURE: Failed to enable the NQA server because listening port 10000 is not available.
Explanation	Failed to enable the NQA server because the port number specified for a listening service is not available.
Recommended action	Change the port number of the listening service or disable the service that uses the port number.

NTP messages

This section contains NTP messages.

NTP_CLOCK_CHANGE

Message text	System clock changed from [STRING] to [STRING], the NTP server's IP address is [STRING].
Variable fields	$1: Time before synchronization. $2: Time after synchronization. $3: IP address.
Severity level	5
Example	NTP/5/NTP_CLOCK_CHANGE: System clock changed from 02:12:58 12/28/2012 to 02:29:12 12/28/2012, the NTP server's IP address is 192.168.30.116.
Explanation	The NTP client has synchronized its time to the NTP server.
Recommended action	No action is required.

NTP_LEAP_CHANGE

Message text	System Leap Indicator changed from [UINT32] to [UINT32] after clock update.
Variable fields	$1: Original Leap Indicator. $2: Current Leap Indicator.
Severity level	5
Example	NTP/5/NTP_LEAP_CHANGE: System Leap Indicator changed from 00 to 01 after clock update.
Explanation	The system Leap Indicator changed. For example, the NTP status changed from unsynchronized to synchronized. NTP Leap Indicator is a two-bit code warning of an impending leap second to be inserted in the NTP timescale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rolloverinterval) in the day of insertion to be increased or decreased by one.
Recommended action	No action is required.

NTP_SOURCE_CHANGE

Message text	NTP server's IP address changed from [STRING] to [STRING].
Variable fields	$1: IP address of the original time source. $2: IP address of the new time source.
Severity level	5
Example	NTP/5/NTP_SOURCE_CHANGE: NTP server's IP address changed from 1.1.1.1 to 1.1.1.2.
Explanation	The system changed the time source.
Recommended action	No action is required.

NTP_SOURCE_LOST

Message text	Lost synchronization with NTP server with IP address [STRING].
Variable fields	$1: IP address.
Severity level	5
Example	NTP/5/NTP_SOURCE_LOST: Lost synchronization with NTP server with IP address 1.1.1.1.
Explanation	The clock source of the NTP association is in unsynchronized state or it is unreachable.
Recommended action	142. Verify the NTP server and network connection. 143. For NTP server failures: ¡ Use the ntp-service unicast-server command to specify a new NTP server. ¡ Use the ntp-service multicast-client command to configure the device to operate in NTP multicast client mode and receive NTP multicast packets from a new NTP server. 144. If the problem persists, contract H3C Support.

NTP_STRATUM_CHANGE

Message text	System stratum changed from [UINT32] to [UINT32] after clock update.
Variable fields	$1: Original stratum. $2: Current stratum.
Severity level	5
Example	NTP/5/NTP_STRATUM_CHANGE: System stratum changed from 6 to 5 after clock update.
Explanation	System stratum has changed.
Recommended action	No action is required.

OBJP messages

This section contains object policy messages.

OBJP_ACCELERATE_NO_RES

Message text	Failed to accelerate [STRING] object-policy [STRING]. The resources are insufficient.
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_ACCELERATE_NO_RES: Failed to accelerate IPv6 object-policy a. The resources are insufficient.
Explanation	Object policy acceleration failed because of insufficient hardware resources.
Recommended action	Delete unnecessary rules or disable acceleration for other object policies to release hardware resources.

OBJP_ACCELERATE_NOT_SUPPORT

Message text	Failed to accelerate [STRING] object-policy [STRING]. The operation is not supported.
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 object-policy a. The operation is not supported.
Explanation	Object policy acceleration failed because the system did not support acceleration.
Recommended action	No action is required.

OBJP_ACCELERATE_UNK_ERR

Message text	Failed to accelerate [STRING] object-policy [STRING].
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 object-policy a.
Explanation	Object policy acceleration failed because of a system failure.
Recommended action	No action is required.

OBJP_RULE_CREATE_SUCCESS

Message text	RuleName(1080)=[STRING];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule type. $3: Action for the rule.
Severity level	6
Example	OBJP/6/OBJP_RULE_CREATE_SUCCESS: RuleName(1080)=zone1-zone2;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	An object policy rule was created successfully.
Recommended action	No action is required.

OBJP_RULE_CREATE_FAIL

Message text	RuleName(1080)=[STRING];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule type. $3: Action for the rule.
Severity level	6
Example	OBJP/6/OBJP_RULE_CREATE_FAIL: RuleName(1080)=zone1-zone2;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	An object policy rule failed to be created.
Recommended action	No action is required.

OBJP_RULE_UPDATE_SUCCESS

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type. $4: Action for the rule.
Severity level	6
Example	OBJP/6/OBJP_RULE_UPDATE_SUCCESS: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	An object policy rule was modified successfully.
Recommended action	No action is required.

OBJP_RULE_UPDATE_FAIL

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type. $4: Action for the rule.
Severity level	6
Example	OBJP/6/OBJP_RULE_UPDATE_FAIL: RuleName(1080)=zone1-zone2;RuleID[1078]=1;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	An object policy rule failed to be modified.
Recommended action	No action is required.

OBJP_RULE_DELETE_SUCCESS

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type.
Severity level	6
Example	OBJP/6/OBJP_RULE_DELETE_SUCCESS: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	An object policy rule was deleted successfully.
Recommended action	No action is required.

OBJP_RULE_DELETE_FAIL

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type.
Severity level	6
Example	OBJP/6/OBJP_RULE_DELETE_FAIL: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	An object policy rule failed to be deleted.
Recommended action	No action is required.

OBJP_RULE_CLRSTAT_SUCCESS

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type.
Severity level	6
Example	OBJP/6/OBJP_RULE_CLRSTAT_SUCCESS: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	Statistics for an object policy rule were cleared successfully.
Recommended action	No action is required.

OBJP_RULE_CLRSTAT_FAIL

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type.
Severity level	6
Example	OBJP/6/OBJP_RULE_CLRSTAT_FAIL: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	Statistics for an object policy rule failed to be cleared.
Recommended action	No action is required.

OBJP_APPLY_POLICY_FAIL

Message text	Failed to apply [STRING] object policy [STRING]. The object policy does not exist.
Variable fields	$1: Object policy version. $2: Object policy name.
Severity level	4
Example	OBJP/4/OBJP_APPLY_POLICY_FAIL: Failed to apply IPv4 object policy a. The object policy does not exist.
Explanation	An object policy failed to be applied because the object policy doesn't exist.
Recommended action	No action is required.

OBJP_APPLAY_INFO

Message text	Failed to apply policy [STRING]. Reason: [STRING].
Variable fields	$1: Object policy name. $2: Failure reason.
Severity level	4
Example	OBJP/4/OBJP_APPLAY_INFO: Failed to apply policy P1. Reason: The operation is not supported.
Explanation	An object policy failed to be applied.
Recommended action	No action is required.

OFP messages

This section contains OpenFlow messages.

OFP_ACTIVE

Message text	Activate openflow instance [UINT16].
Variable fields	$1: Instance ID.
Severity level	5
Example	OFP/5/OFP_ACTIVE: Activate openflow instance 1.
Explanation	A command is received from comsh to activate an OpenFlow instance.
Recommended action	No action is required.

OFP_ACTIVE_FAILED

Message text	Failed to activate instance [UINT16].
Variable fields	$1: Instance ID.
Severity level	4
Example	OFP/4/OFP_ACTIVE_FAILED: Failed to activate instance 1.
Explanation	An OpenFlow instance cannot be activated.
Recommended action	No action is required.

OFP_CONNECT

Message text	Openflow instance [UINT16], controller [CHAR] is [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Connection status: connected or disconnected.
Severity level	5
Example	OFP/5/OFP_CONNECT: Openflow instance 1, controller 0 is connected.
Explanation	The connection status with a controller is changed in an OpenFlow instance.
Recommended action	No action is required.

OFP_FAIL_OPEN

Message text	Openflow instance [UINT16] is in fail [STRING] mode.
Variable fields	$1: Instance ID. $2: Connection interruption mode: secure or standalone.
Severity level	5
Example	OFP/5/OFP_FAIL_OPEN: Openflow instance 1 is in fail secure mode.
Explanation	An activated instance cannot connect to any controller or is disconnected from all controllers. The connection interrupt mode is also displayed.
Recommended action	No action is required.

OFP_FLOW_ADD

Message text	Openflow instance [UINT16] controller [CHAR]: add flow entry [UINT32], xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: XID. $5: Cookie of the flow entry. $6: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD: Openflow instance 1 controller 0: add flow entry 1, xid 0x1, cookie 0x0, table id 0.
Explanation	A flow entry is to be added to a flow table, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_ADD_DUP

Message text	Openflow instance [UINT16] controller [CHAR]: add duplicate flow entry [UINT32], xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: XID. $5: Cookie. $6: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD_DUP: Openflow instance 1 controller 0: add duplicate flow entry 1, xid 0x1, cookie 0x1, table id 0.
Explanation	A duplicate flow entry was added.
Recommended action	No action is required.

OFP_FLOW_ADD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add flow entry [UINT32], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Rule ID. $4: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_ADD_FAILED: Openflow instance 1 controller 0: failed to add flow entry1, table id 0.
Explanation	Failed to add a flow entry.
Recommended action	No action is required.

OFP_FLOW_ADD_TABLE_MISS

Message text	Openflow instance [UINT16] controller [CHAR]: add table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_ADD_TABLE_MISS: Openflow instance 1 controller 0: add table miss flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A table-miss flow entry is to be added to a flow table, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_ADD_TABLE_MISS_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add table miss flow entry, table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_ADD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to add table miss flow entry, table id 0.
Explanation	Failed to add a table-miss flow entry.
Recommended action	No action is required.

OFP_FLOW_DEL

Message text	Openflow instance [UINT16] controller [CHAR]: delete flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL: Openflow instance 1 controller 0: delete flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of flow entries are to be deleted, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_DEL_L2VPN_DISABLE

Message text	[UINT32] flow entries in table [UINT8] of instance [UINT16] were deleted because L2VPN was disabled.
Variable fields	$1: Number of flow entries that were deleted. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL_L2VPN_DISABLE: 5 flow entries in table 1 of instance 1 were deleted because L2VPN was disabled.
Explanation	A list of flow entries were deleted because L2VPN was disabled.
Recommended action	No action is required.

OFP_FLOW_DEL_TABLE_MISS

Message text	Openflow instance [UINT16] controller [CHAR]: delete table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL_TABLE_MISS: Openflow instance 1 controller 0: delete table miss flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of table-misses flow entries are to be deleted, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_DEL_TABLE_MISS_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to delete table miss flow entry, table id [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_DEL_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to delete table miss flow entry, table id 0.
Explanation	Failed to delete a table-miss flow entry.
Recommended action	No action is required.

OFP_FLOW_DEL_VXLAN_DEL

Message text	[UINT32] flow entries in table [UINT8] of instance [UINT16] were deleted because a tunnel (ifindex [UINT32]) in VXLAN [UINT32] was deleted.
Variable fields	$1: Number of flow entries that were deleted. $2: Table ID. $3: Instance ID. $4: Index of a tunnel interface. $5: VXLAN ID.
Severity level	5
Example	OFP/5/OFP_FLOW_DEL_VXLAN_DEL: 5 flow entries in table 1 of instance 1 were deleted because a tunnel (ifindex 1693) in VXLAN 1000 was deleted.
Explanation	A list of flow entries were deleted because a VXLAN tunnel was deleted.
Recommended action	No action is required.

OFP_FLOW_MOD

Message text	Openflow instance [UINT16] controller [CHAR]: modify flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_MOD: Openflow instance 1 controller 0: modify flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of flow entries are to be modified, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_MOD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify flow entry, table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_MOD_FAILED: Openflow instance 1 controller 0: failed to modify flow entry, table id 0.
Explanation	Failed to modify a flow entry.
Recommended action	The controller must retry to modify the flow entry. If the flow entry still cannot be modified, the controller will delete it.

OFP_FLOW_MOD_TABLE_MISS

Message text	Openflow instance [UINT16] controller [CHAR]: modify table miss flow entry, xid 0x[HEX], cookie 0x[HEX], table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: XID. $4: Cookie of the flow entry. $5: Table ID.
Severity level	5
Example	OFP/5/OFP_FLOW_MOD_TABLE_MISS: Openflow instance 1 controller 0: modify table miss flow entry, xid 0x1, cookie 0x0, table id 0.
Explanation	A list of flow entries are to be modified, according to a flow table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_FLOW_MOD_TABLE_MISS_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify table miss flow entry, table id [CHAR].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Table ID.
Severity level	4
Example	OFP/4/OFP_FLOW_MOD_TABLE_MISS_FAILED: Openflow instance 1 controller 0: failed to modify table miss flow entry, table id 0.
Explanation	Failed to modify a table-miss flow entry.
Recommended action	The controller must retry to modify the table-miss flow entry. If the entry still cannot be modified, the controller will delete it.

OFP_FLOW_RMV_GROUP

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a group_mod message.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_GROUP: The flow entry 1 in table 0 of instance 1 was deleted with a group_mod message.
Explanation	A flow entry was deleted due to a group modification message.
Recommended action	No action is required.

OFP_FLOW_RMV_HARDTIME

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted because of a hard-time expiration.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_HARDTIME: The flow entry 1 in table 0 of instance 1 was deleted because of a hard-time expiration.
Explanation	A flow entry was deleted because of a hard time expiration.
Recommended action	No action is required.

OFP_FLOW_RMV_IDLETIME

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted because of an idle-time expiration.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_IDLETIME: The flow entry 1 in table 0 of instance 1 was deleted because of an idle-time expiration.
Explanation	A flow entry was deleted because of an idle time expiration.
Recommended action	No action is required.

OFP_FLOW_RMV_METER

Message text	The flow entry [UINT32] in table [CHAR] of instance [UINT16] was deleted with a meter_mod message.
Variable fields	$1: Rule ID. $2: Table ID. $3: Instance ID.
Severity level	5
Example	OFP/5/OFP_FLOW_RMV_GROUP: The flow entry 1 in table 0 of instance1 was deleted with a meter_mod message.
Explanation	A flow entry was deleted due to a meter modification message.
Recommended action	No action is required.

OFP_GROUP_ADD

Message text	Openflow instance [UINT16] controller [CHAR]: add group [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_GROUP_ADD: Openflow instance 1 controller 0: add group 1, xid 0x1.
Explanation	A group entry is to be added to a group table, according to a group table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_GROUP_ADD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add group [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID.
Severity level	4
Example	OFP/4/OFP_GROUP_ADD_FAILED: Openflow Instance 1 controller 0: failed to add group 1.
Explanation	Failed to add a group entry.
Recommended action	No action is required.

OFP_GROUP_DEL

Message text	Openflow instance [UINT16] controller [CHAR]: delete group [STRING], xid [HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_GROUP_DEL: Openflow instance 1 controller 0: delete group 1, xid 0x1.
Explanation	A group entry is to be deleted, according to a group table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_GROUP_MOD

Message text	Openflow instance [UINT16] controller [CHAR]: modify group [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_GROUP_MOD: Openflow instance 1 controller 0: modify group 1, xid 0x1.
Explanation	A group entry is to be modified, according to a group table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_GROUP_MOD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify group [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Group ID.
Severity level	4
Example	OFP/4/OFP_GROUP_MOD_FAILED: Openflow instance 1 controller 0: failed to modify group 1.
Explanation	Failed to modify a group entry.
Recommended action	The controller must retry to modify the group. If the group still cannot be modified, the controller will delete it.

OFP_METER_ADD

Message text	Openflow instance [UINT16] controller [CHAR]: add meter [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_METER_ADD: Openflow instance 1 controller 0: add meter 1, xid 0x1.
Explanation	A meter entry is to be added to a meter table.
Recommended action	No action is required.

OFP_METER_ADD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to add meter [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID.
Severity level	4
Example	OFP/4/OFP_METER_ADD_FAILED: Openflow Instance 1 controller 0: failed to add meter 1.
Explanation	Failed to add a meter entry.
Recommended action	No action is required.

OFP_METER_DEL

Message text	Openflow instance [UINT16] controller [CHAR]: delete meter [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_METER_DEL: Openflow instance 1 controller 0: delete meter 1, xid 0x1.
Explanation	A meter entry is to be deleted, according to a meter table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_METER_MOD

Message text	Openflow instance [UINT16] controller [CHAR]: modify meter [STRING], xid 0x[HEX].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID. $4: XID.
Severity level	5
Example	OFP/5/OFP_METER_MOD: Openflow Instance 1 controller 0: modify meter 1, xid 0x1.
Explanation	A meter entry is to be modified, according to a meter table modification message that has passed the packet check.
Recommended action	No action is required.

OFP_METER_MOD_FAILED

Message text	Openflow instance [UINT16] controller [CHAR]: failed to modify meter [STRING].
Variable fields	$1: Instance ID. $2: Controller ID. $3: Meter ID.
Severity level	4
Example	OFP/4/OFP_METER_MOD_FAILED: Openflow instance 1 controller 0: failed to modify meter 1.
Explanation	Failed to modify a meter entry.
Recommended action	The controller must retry to modify the meter entry. If the meter entry still cannot be modified, the controller will delete it.

OFP_MISS_RMV_GROUP

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a group_mod message.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_GROUP: The table-miss flow entry in table 0 of instance 1 was deleted with a group_mod message.
Explanation	The table-miss flow entry was deleted due to a group modification message.
Recommended action	No action is required.

OFP_MISS_RMV_HARDTIME

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted because of a hard-time expiration.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_HARDTIME: The table-miss flow entry in table 0 of instance 1 was deleted because of a hard-time expiration.
Explanation	The table-miss flow entry was deleted because of a hard time expiration.
Recommended action	No action is required.

OFP_MISS_RMV_IDLETIME

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted because of an idle-time expiration.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_IDLETIME: The table-miss flow entry in table 0 of instance 1 was deleted because of an idle-time expiration.
Explanation	The table-miss flow entry was deleted because of an idle time expiration.
Recommended action	No action is required.

OFP_MISS_RMV_METER

Message text	The table-miss flow entry in table [CHAR] of instance [UINT16] was deleted with a meter_mod message.
Variable fields	$1: Table ID. $2: Instance ID.
Severity level	5
Example	OFP/5/OFP_MISS_RMV_METER: The table-miss flow entry in table 0 of instance 1 was deleted with a meter_mod message.
Explanation	The table-miss flow entry was deleted due to a meter modification message.
Recommended action	No action is required.

OPENSRC (RSYNC) messages

This section contains OPENSRC RSYNC messages.

Synchronization success

Message text	Rsync transfer statistics(sn=[STRING]):Src files([STRING]::[STRING]) sync transfer successfully.
Variable fields	$1: Sequence number of the device. $2: IPv4 address of the server. $3: Files or folders to be synchronized on the server.
Severity level	5
Example	OPENSRC/5/SYSLOG: -MDC=1; Rsync transfer statistics(sn=2013AYU0711103):Src files(1.1.1.13::test/dir1) sync transfer successfully.
Explanation	The file synchronization succeeded.
Recommended action	No action is required.

Synchronization failure

Message text	Rsync error(sn=[STRING]):Src files([STRING]::[STRING]) [NUMBER] files transfer failed.
Variable fields	$1: Sequence number of the device. $2: IPv4 address of the server. $3: Files or folders to be synchronized on the server. $4: Number of files that failed to be synchronized.
Severity level	5
Example	OPENSRC/5/SYSLOG: -MDC=1; Rsync transfer statistics(sn=2013AYU0711103):Src files(1.1.1.13::test/dir1) 2 files transfer failed.
Explanation	The device failed to synchronize files from the server and recorded the number of files that failed to be synchronized.
Recommended action	Take actions according to the failure reasons displayed in the synchronization error log.

Synchronization error

Message text	Rsync error(sn=[STRING]): [STRING].
Variable fields	$1: Sequence number of the device. $2: Failure reasons. Available options include: ¡ error starting client-server protocol—The RSYNC process on the device has malfunctioned and cannot provide synchronization services. ¡ error in socket IO—An error occurred to the socket for synchronization. ¡ error in file IO—An error occurred during file system reading. ¡ some files/attrs were not transferred (see previous errors)—Some files or file attributes failed to be synchronized. ¡ error allocating core memory buffers—An error occurred in memory application. ¡ timeout waiting for daemon connection—The request for connection to the server timed out.
Severity level	5
Example	OPENSRC/5/SYSLOG: -MDC=1; Rsync error(sn=2013AYU0711103): error starting client-server protocol .
Explanation	The device recorded the synchronization failure reasons.
Recommended action	To resolve the problem, you can perform the following tasks: · Verify that the rsync command syntax is correct. · Verify that the server is reachable. · Verify that the local disk is not full. · Verify that the user is authorized to perform the synchronization.

OPTMOD messages

This section contains transceiver module messages.

BIAS_HIGH

Message text	[STRING]: Bias current is high.
Variable fields	$1: Interface type and number.
Severity level	2
Example	OPTMOD/2/BIAS_HIGH: GigabitEthernet1/0/13: Bias current is high.
Explanation	The bias current of the transceiver module exceeded the high threshold.
Recommended action	145. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module has exceeded the high threshold. 146. Execute the display transceiver alarm interface command to verify that a high bias current alarm for the transceiver module has been generated and not cleared. 147. Replace the transceiver module.

BIAS_LOW

Message text	[STRING]: Bias current is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/BIAS_LOW: GigabitEthernet1/0/13: Bias current is low.
Explanation	The bias current of the transceiver module went below the low threshold.
Recommended action	148. Execute the display transceiver diagnosis interface command to verify that the bias current of the transceiver module is below the low threshold. 149. Execute the display transceiver alarm interface command to verify that a low bias current alarm for the transceiver module has been generated and not cleared. 150. Replace the transceiver module.

BIAS_NORMAL

Message text	[STRING]: Bias current is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/BIAS_NORMAL: GigabitEthernet1/0/13: Bias current is normal.
Explanation	The bias current of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

CFG_ERR

Message text	[STRING]: Transceiver type and port configuration mismatched.
Variable fields	$1: Interface type and number.
Severity level	3
Example	OPTMOD/3/CFG_ERR: GigabitEthernet1/0/13: Transceiver type and port configuration mismatched.
Explanation	The transceiver module type does not match the port configurations.
Recommended action	Check for the transceiver module type and the current port configurations. If they mismatch, replace the transceiver module or update the port configurations.

CHKSUM_ERR

Message text	[STRING]: Transceiver information checksum error.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/CHKSUM_ERR: GigabitEthernet1/0/13: Transceiver information checksum error .
Explanation	Checksum verification on the register information on the transceiver module failed.
Recommended action	Replace the transceiver module, or contact H3C Support.

FIBER_SFPMODULE_INVALID

Message text	[STRING]: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in [UINT32] days. Please replace it with a compatible one as soon as possible.
Variable fields	$1: Interface type and number. $2: Number of days that the transceiver module will be invalid.
Severity level	4
Example	OPTMOD/4/FIBER_SFPMODULE_INVALID: GigabitEthernet1/0/13: This transceiver module is not compatible with the interface card. HP does not guarantee the correct operation of the transceiver module. The transceiver module will be invalidated in 3 days. Please replace it with a compatible one as soon as possible.
Explanation	The transceiver module is not compatible with the interface card.
Recommended action	Replace the transceiver module.

FIBER_SFPMODULE_NOWINVALID

Message text	[STRING]: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers.
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/FIBER_SFPMODULE_NOWINVALID: GigabitEthernet1/0/13: This is not a supported transceiver for this platform. HP does not guarantee the normal operation or maintenance of unsupported transceivers. Please review the platform datasheet on the HP web site or contact your HP sales rep for a list of supported transceivers.
Explanation	The system does not support the transceiver module.
Recommended action	Replace the transceiver module.

IO_ERR

Message text	[STRING]: The transceiver information I/O failed.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/IO_ERR: GigabitEthernet1/0/13: The transceiver information I/O failed.
Explanation	The device failed to access the register information of the transceiver module.
Recommended action	Execute the display transceiver diagnosis interface and display transceiver alarm interface commands. If both commands fail to be executed, the transceiver module is faulty. Replace the transceiver module.

MOD_ALM_OFF

Message text	[STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: Fault type.
Severity level	5
Example	OPTMOD/5/MOD_ALM_OFF: GigabitEthernet1/0/13: Module_not_ready was removed..
Explanation	A fault was removed from the transceiver module.
Recommended action	No action is required.

MOD_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: Fault type.
Severity level	5
Example	OPTMOD/5/MOD_ALM_ON: GigabitEthernet1/0/13: Module_not_ready wasdetected.
Explanation	A fault was detected on the transceiver module.
Recommended action	151. Execute the display transceive alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 152. Replace the transceiver module.

MODULE_IN

Message text	[STRING]: The transceiver is [STRING].
Variable fields	$1: Interface type and number. $2: Type of the transceiver module.
Severity level	4
Example	OPTMOD/4/MODULE_IN: GigabitEthernet1/0/13: The transceiver is 1000_BASE_T_AN_SFP.
Explanation	When a transceiver module is inserted, the OPTMOD module generates the message to display the transceiver module type.
Recommended action	No action is required.

MODULE_OUT

Message text	[STRING]: Transceiver absent.
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/MODULE_OUT: GigabitEthernet1/0/13: The transceiver is absent.
Explanation	The transceiver module was removed.
Recommended action	No action is required.

PHONY_MODULE

Message text	[STRING]: This transceiver is not sold by H3C. H3C does not guarantee the correct operation of the module or assume maintenance responsibility.
Variable fields	$1: Interface type and number.
Severity level	4
Example	OPTMOD/4/PHONY_MODULE: GigabitEthernet1/0/13: This transceiver is not sold by H3C. H3C does not guarantee the correct operation of the module or assume maintenance responsibility.
Explanation	The transceiver module is not sold by H3C.
Recommended action	Replace the transceiver module.

RX_ALM_OFF

Message text	STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: RX fault type.
Severity level	5
Example	OPTMOD/5/RX_ALM_OFF: GigabitEthernet1/0/13: RX_not_ready was removed.
Explanation	An RX fault was removed from the transceiver module.
Recommended action	No action is required.

RX_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: RX fault type.
Severity level	5
Example	OPTMOD/5/RX_ALM_ON: GigabitEthernet1/0/13: RX_not_ready was detected.
Explanation	An RX fault was detected on the transceiver module.
Recommended action	153. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 154. Replace the transceiver module.

RX_POW_HIGH

Message text	[STRING]: RX power is high.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_HIGH: GigabitEthernet1/0/13: RX power is high.
Explanation	The RX power of the transceiver module exceeded the high threshold.
Recommended action	155. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module has exceeded the high threshold. 156. Execute the display transceiver alarm interface command to verify that a high RX power alarm for the transceiver module has been generated and not cleared. 157. Replace the transceiver module.

RX_POW_LOW

Message text	[STRING]: RX power is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_LOW: GigabitEthernet1/0/13: RX power is low.
Explanation	The RX power of the transceiver module went below the low threshold.
Recommended action	158. Execute the display transceiver diagnosis interface command to verify that the RX power of the transceiver module is below the low threshold. 159. Execute the display transceiver alarm interface command to verify that a low RX power alarm for the transceiver module has been generated and not cleared. 160. Replace the transceiver module.

RX_POW_NORMAL

Message text	[STRING]: RX power is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/RX_POW_NORMAL: GigabitEthernet1/0/13: RX power is normal.
Explanation	The RX power of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TEMP_HIGH

Message text	[STRING]: Temperature is high.
Variable fields	$1: Interface type and number
Severity level	5
Example	OPTMOD/5/TEMP_HIGH: GigabitEthernet1/0/13: Temperature is high.
Explanation	The temperature of the transceiver module exceeded the high threshold.
Recommended action	161. Verify that the fan trays are operating correctly. ¡ If there are no fan trays, install fan trays. ¡ If the fan trays fail, replace the fan trays. 162. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to lower the temperature. 163. Replace the transceiver module.

TEMP_LOW

Message text	[STRING]: Temperature is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TEMP_LOW: GigabitEthernet1/0/13: Temperature is low.
Explanation	The temperature of the transceiver module went below the low threshold.
Recommended action	164. Verify that the ambient temperature is in the acceptable range. If it is out of the acceptable range, take measures to raise the temperature. 165. Replace the transceiver module.

TEMP_NORMAL

Message text	[STRING]: Temperature is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TEMP_NORMAL: GigabitEthernet1/0/13: Temperature is normal.
Explanation	The temperature of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TX_ALM_OFF

Message text	[STRING]: [STRING] was removed.
Variable fields	$1: Interface type and number. $2: TX fault type.
Severity level	5
Example	OPTMOD/5/TX_ALM_OFF: GigabitEthernet1/0/13: TX_fault was removed.
Explanation	A TX fault was removed from the transceiver module.
Recommended action	No action is required.

TX_ALM_ON

Message text	[STRING]: [STRING] was detected.
Variable fields	$1: Interface type and number. $2: TX fault type.
Severity level	5
Example	OPTMOD/5/TX_ALM_ON: GigabitEthernet1/0/13: TX_fault was detected.
Explanation	A TX fault was detected on the transceiver module.
Recommended action	166. Execute the display transceiver alarm interface command to verify that a corresponding alarm for the fault has been generated and not cleared. 167. Replace the transceiver module.

TX_POW_HIGH

Message text	[STRING]: TX power is high.
Variable fields	$1: Interface type and number.
Severity level	2
Example	OPTMOD/2/TX_POW_HIGH: GigabitEthernet1/0/13: TX power is high.
Explanation	The TX power of the transceiver module exceeded the high threshold.
Recommended action	168. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module has exceeded the high threshold. 169. Execute the display transceiver alarm interface command to verify that a high TX power alarm for the transceiver module has been generated and not cleared. 170. Replace the transceiver module.

TX_POW_LOW

Message text	[STRING]: TX power is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TX_POW_LOW: GigabitEthernet1/0/13: TX power is low.
Explanation	The TX power of the transceiver module went below the low threshold.
Recommended action	171. Execute the display transceiver diagnosis interface command to verify that the TX power of the transceiver module is below the low threshold. 172. Execute the display transceiver alarm interface command to verify that a low TX power alarm for the transceiver module has been generated and not cleared. 173. Replace the transceiver module.

TX_POW_NORMAL

Message text	[STRING]: TX power is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/TX_POW_NORMAL: GigabitEthernet1/0/13: TX power is normal.
Explanation	The TX power of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

TYPE_ERR

Message text	[STRING]: The transceiver type is not supported by port hardware.
Variable fields	$1: Interface type and number.
Severity level	3
Example	OPTMOD/3/TYPE_ERR: GigabitEthernet1/0/13: The transceiver type is not supported by port hardware.
Explanation	The transceiver module is not supported by the port.
Recommended action	Replace the transceiver module.

VOLT_HIGH

Message text	[STRING]: Voltage is high.
Variable fields	$1: Interface type and number
Severity level	5
Example	OPTMOD/5/VOLT_HIGH: GigabitEthernet1/0/13: Voltage is high.
Explanation	The voltage of the transceiver module exceeded the high threshold.
Recommended action	174. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module has exceeded the high threshold. 175. Execute the display transceiver alarm interface command to verify that a high voltage alarm for the transceiver module has been generated and not cleared. 176. Replace the transceiver module.

VOLT_LOW

Message text	[STRING]: Voltage is low.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/VOLT_LOW: GigabitEthernet1/0/13: Voltage is low.
Explanation	The voltage of the transceiver module went below the low threshold.
Recommended action	177. Execute the display transceiver diagnosis interface command to verify that the voltage of the transceiver module is below the low threshold. 178. Execute the display transceiver alarm interface command to verify that a low voltage alarm for the transceiver module has been generated and not cleared. 179. Replace the transceiver module.

VOLT_NORMAL

Message text	[STRING]: Voltage is normal.
Variable fields	$1: Interface type and number.
Severity level	5
Example	OPTMOD/5/VOLT_NORMAL: GigabitEthernet1/0/13: Voltage is normal.
Explanation	The voltage of the transceiver module returned to the acceptable range.
Recommended action	No action is required.

OSPF messages

This section contains OSPF messages.

OSPF_IP_CONFLICT_INTRA

Message text	OSPF [UINT16] Received newer self-originated network-LSAs. Possible conflict of IP address [IPADDR] in area [STRING] on interface [STRING].
Variable fields	$1: OSPF process ID. $2: IP address. $3: OSPF area ID. $4: Interface name.
Severity level	6
Example	OSPF/6/OSPF_IP_CONFLICT_INTRA: OSPF 1 Received newer self-originated network-LSAs. Possible conflict of IP address 11.1.1.1 in area 0.0.0.1 on interface GigabitEthernet0/0/3.
Explanation	The interfaces on two devices in the same OSPF area might have the same primary IP address. At least one of the devices is a DR.
Recommended action	Modify IP address configuration after you make sure no router ID conflict occurs in the same OSPF area.

OSPF_RTRID_CONFLICT_INTRA

Message text	OSPF [UINT16] Received newer self-originated router-LSAs. Possible conflict of router ID [STRING] in area [STRING].
Variable fields	$1: OSPF process ID. $2: Router ID. $3: OSPF area ID.
Severity level	6
Example	OSPF/6/OSPF_RTRID_CONFLICT_INTRA: OSPF 1 Received newer self-originated router-LSAs. Possible conflict of router ID 11.11.11.11 in area 0.0.0.1.
Explanation	Two indirectly connected devices in the same OSPF area might have the same router ID.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_RTRID_CONFLICT_INTER

Message text	OSPF [UINT16] Received newer self-originated ase-LSAs. Possible conflict of router ID [STRING].
Variable fields	$1: OSPF process ID. $2: Router ID.
Severity level	6
Example	OSPF/6/OSPF_RTRID_CONFILICT_INTER: OSPF 1 Received newer self-originated ase-LSAs. Possible conflict of router ID 11.11.11.11.
Explanation	Two indirectly connected devices in the same OSPF area might have the same router ID. One of the devices is an ASBR.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_DUP_RTRID_NBR

Message text	OSPF [UINT16] Duplicate router ID [STRING] on interface [STRING], sourced from IP address [IPADDR].
Variable fields	$1: OSPF process ID. $2: Router ID. $3: Interface name. $4: IP address.
Severity level	6
Example	OSPF/6/OSPF_DUP_RTRID_NBR: OSPF 1 Duplicate router ID 11.11.11.11 on interface GigabitEthernet0/0/3, sourced from IP address 11.2.2.2.
Explanation	Two directly connected devices were configured with the same router ID.
Recommended action	Modify the router ID on one device and use the reset ospf process command to make the new router ID take effect.

OSPF_LAST_NBR_DOWN

Message text	OSPF [UINT32] Last neighbor down event: Router ID: [STRING] Local address: [STRING] Remote address: [STRING] Reason: [STRING]
Variable fields	$1: OSPF process ID. $2: Router ID. $3: Local IP address. $4: Neighbor IP address. $5: Reason.
Severity level	6
Example	OSPF/6/OSPF_LAST_NBR_DOWN: OSPF 1 Last neighbor down event: Router ID: 2.2.2.2 Local address: 10.1.1.1 Remote address: 10.1.1.2 Reason: Dead Interval timer expired.
Explanation	The device records the OSPF neighbor down event caused by a specific reason.
Recommended action	· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity.

OSPF_MEM_ALERT

Message text	OSPF Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	OSPF/5/OSPF_MEM_ALERT: OSPF Process received system memory alert start event.
Explanation	OSPF received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

OSPF_NBR_CHG

Message text	OSPF [UINT32] Neighbor [STRING] ([STRING]) changed from [STRING] to [STRING].
Variable fields	$1: OSPF process ID. $2: Neighbor router ID. $3: Interface name. $4: Old adjacency state. $5: New adjacency state.
Severity level	5
Example	OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 2.2.2.2 (Vlan-interface100) changed from Full to Down.
Explanation	The OSPF adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPF configuration errors and loss of network connectivity.

OSPF_RT_LMT

Message text	OSPF [UINT32] route limit reached.
Variable fields	$1: OSPF process ID.
Severity level	4
Example	OSPF/4/OSPF_RT_LMT: OSPF 1 route limit reached.
Explanation	The number of routes of an OSPF process reached the upper limit.
Recommended action	180. Check for network attacks. 181. Reduce the number of routes.

OSPF_RTRID_CHG

Message text	OSPF [UINT32] New router ID elected, please restart OSPF if you want to make the new router ID take effect.
Variable fields	$1: OSPF process ID.
Severity level	5
Example	OSPF/5/OSPF_RTRID_CHG: OSPF 1 New router ID elected, please restart OSPF if you want to make the new router ID take effect.
Explanation	The OSPF router ID was changed because the user had changed the router ID or the interface IP address used as the router ID had changed.
Recommended action	Use the reset ospf process command to make the new router ID take effect.

OSPF_VLINKID_CHG

Message text	OSPF [UINT32] Router ID changed, reconfigure Vlink on peer
Variable fields	$1: OSPF process ID.
Severity level	5
Example	OSPF/5/OSPF_VLINKID_CHG:OSPF 1 Router ID changed, reconfigure Vlink on peer
Explanation	A new OSPF router ID takes effect.
Recommended action	Check and modify the virtual link configuration on the peer router to match the new router ID.

OSPFV3 messages

This section contains OSPFv3 messages.

OSPFV3_LAST_NBR_DOWN

Message text	OSPFv3 [UINT32] Last neighbor down event: Router ID: [STRING] Local interface ID: [UINT32] Remote interface ID: [UINT32] Reason: [STRING].
Variable fields	$1: OSPFv3 process ID. $2: Router ID. $3: Local interface ID. $4: Remote interface ID. $5: Reason.
Severity level	6
Example	OSPFV3/6/OSPFV3_LAST_NBR_DOWN: OSPFv3 1 Last neighbor down event: Router ID: 2.2.2.2 Local interface ID: 1111 Remote interface ID: 2222 Reason: Dead Interval timer expired.
Explanation	The device records the OSPFv3 neighbor down event caused by a specific reason.
Recommended action	· When a down event occurred because of configuration changes (for example, interface parameter changes), check for the configuration errors. · When a down event occurred because of dead interval expiration, check for the dead interval configuration error and loss of network connectivity. · When a down event occurred because of BFD session down, check for the BFD detection time configuration error and loss of network connectivity. · When a down event occurred because of interface status changes, check for loss of network connectivity.

OSPFV3_MEM_ALERT

Message text	OSPFV3 Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	OSPFV3/5/OSPFV3_MEM_ALERT: OSPFV3 Process received system memory alert start event.
Explanation	OSPFv3 received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

OSPFV3_NBR_CHG

Message text	OSPFv3 [UINT32] Neighbor [STRING] ([STRING]) received [STRING] and its state from [STRING] to [STRING].
Variable fields	$1: Process ID. $2: Neighbor router ID. $3: Interface name. $4: Neighbor event. $5: Old adjacency state. $6: New adjacency state.
Severity level	5
Example	OSPFV3/5/OSPFV3_NBR_CHG: OSPFv3 1 Neighbor 2.2.2.2 (Vlan100) received 1-Way and its state from Full to Init.
Explanation	The OSPFv3 adjacency state changed on an interface.
Recommended action	When the adjacency with a neighbor changes from Full to another state on an interface, check for OSPFv3 configuration errors and loss of network connectivity.

OSPFV3_RT_LMT

Message text	OSPFv3 [UINT32] route limit reached.
Variable fields	$1: Process ID.
Severity level	5
Example	OSPFV3/5/OSPFV3_RT_LMT:OSPFv3 1 route limit reached.
Explanation	The number of routes of an OSPFv3 process reached the upper limit.
Recommended action	182. Check for network attacks. 183. Reduce the number of routes.

PBB messages

This section contains PBB messages.

PBB_JOINAGG_WARNING

Message text	Because the aggregate interface [STRING] has been configured with PBB, assigning the interface [STRING] that does not support PBB to the aggregation group will cause incorrect processing.
Variable fields	$1: Aggregation group name. $2: Interface name.
Severity level	4
Example	PBB/4/PBB_JOINAGG_WARNING: Because the aggregate interface Bridge-Aggregation1 has been configured with PBB, assigning the interface Ten-GigabitEthernet9/0/30 that does not support PBB to the aggregation group will cause incorrect processing.
Explanation	Assigning an interface that does not support PBB to an aggregation group that has been configured with PBB will cause incorrect processing. If an aggregate interface is a PBB uplink port, all its members should support PBB.
Recommended action	Remove the interface from the aggregation group.

PBR messages

This section contains PBR messages.

PBR_HARDWARE_ERROR

Message text	Failed to update policy [STRING] due to [STRING].
Variable fields	$1: Policy name. $2: Hardware error reasons: ¡ The hardware resources are insufficient. ¡ The system does not support the operation. ¡ The hardware resources are insufficient and the system does not support the operation.
Severity level	4
Example	PBR/4/PBR_HARDWARE_ERROR: Failed to update policy aaa due to insufficient hardware resources and not supported operations.
Explanation	The device failed to update PBR configuration.
Recommended action	Modify the PBR policy configuration according to the failure reason.

PCAPWARE messages

This section contains PCAPWARE messages.

PCAPWARE_STOP

Message text	The packet capture stopped because [STRING].
Variable fields	$1: The packet file size exceeded the storage limit.
Severity level	5
Example	PCAPWARE/5/PCAPWARE_STOP: The packet capture stopped because the packet file size exceeded the storage limit.
Explanation	The packet capture stopped because the maximum storage space for .cap files on the device was reached.
Recommended action	Use one of the following methods: · Increase the maximum storage space for .cap files on the device. · Export the existing .cap files on the device. · Save the .cap files to a remote file server.

PCE messages

This section contains PCE messages.

PCE_PCEP_SESSION_CHG

Message text	Session ([STRING], [STRING]) is [STRING].
Variable fields	$1: Peer address of the session. $2: VPN instance name. Value unknown indicates that the VPN instance cannot be obtained. $3: State of the session, up or down. When the state is down, this field also displays the reason for the down state error. Possible reasons include: · TCP connection down. · received a close message. The device receives a close message from the peer when the peer encounters one of the following situations: ¡ No explanation provided. (The session is closed because the idle time of the session exceeds three minutes.) ¡ DeadTimer expired. ¡ Reception of a malformed PCEP message. ¡ Reception of an unacceptable number of unknown requests/replies. ¡ Reception of an unacceptable number of unrecognized PCEP messages. · reception of a malformed PCEP message. · internal error. · memory in critical state. · dead timer expired. · process deactivated. · remote peer unavailable/untriggered. · reception of an unacceptable number of unrecognized PCEP messages. · reception of an unacceptable number of unknown requests/replies. · PCE address changed. · initialization failed.
Severity level	5
Example	PCE/5/PCE_PCEP_SESSION_CHG: Session (22.22.22.2, public instance) is up. PCE/5/PCE_PCEP_SESSION_CHG: Session (22.22.22.2, public instance) is down (dead timer expired).
Explanation	The session state changed.
Recommended action	When the session state is up, no action is required. When the session state is down, verify the network and configuration according to the reason displayed.

PEX messages

This section contains PEX messages.

PEX_CONFIG_ERROR

Message text	PEX port [UINT32] discarded a REGISTER request received from [STRING] through interface [STRING]. Reason: The PEX was not assigned an ID, or the PEX was assigned an ID equal to or greater than the maximum value ([UINT32]).
Variable fields	$1: PEX port ID. $2: PEX model. $3: Name of a PEX physical interface. $4: Maximum virtual slot or chassis number for the PEX model.
Severity level	4
Example	PEX/4/PEX_CONFIG_ERROR: PEX port 1 discarded a REGISTER request received from PEX-S5120HI-S5500HI through interface Ten-GigabitEthernet10/0/31. Reason: The PEX was not assigned an ID, or the PEX was assigned an ID equal to or greater than the maximum value 130.
Explanation	This message is generated in the following situations: · The PEX is not assigned a virtual slot or chassis number. · The PEX is assigned a virtual slot or chassis number that is greater than the maximum value allowed for the PEX model.
Recommended action	Use the associate command to assign a valid virtual slot or chassis number to the PEX. Make sure the slot or chassis number is within the value range for the PEX model.

PEX_CONNECTION_ERROR

Message text	PEX port [UINT32] discarded a REGISTER request received from [STRING] through interface [STRING]. Reason: Another PEX has been registered on the PEX port.
Variable fields	$1: PEX port ID. $2: PEX model. $3: Name of a PEX physical interface.
Severity level	4
Example	PEX/4/PEX_CONNECTION_ERROR: PEX port 1 discarded a REGISTER request received from PEX-S5120HI-S5500HI through interface Ten-GigabitEthernet10/0/31. Reason: Another PEX has been registered on the PEX port.
Explanation	This message is generated if a PEX port is connected to multiple PEXs.
Recommended action	Reconnect PEXs to ensure sure that only one PEX is connected to the PEX port.

PEX_LINK_BLOCK

Message text	Status of [STRING] changed from [STRING] to blocked.
Variable fields	$1: Name of a PEX physical interface. $2: Data link status of the interface.
Severity level	4
Example	PEX/4/PEX_LINK_BLOCK: Status of Ten-GigabitEthernet2/0/1 changed from forwarding to blocked.
Explanation	Data link of the PEX physical interface has changed to blocked. The blocked state is a transitional state between forwarding and down. In blocked state, a PEX physical interface can forward protocol packets, but it cannot forward data packets. This state change occurs in one of the following situations: · Incorrect physical connection: ¡ The PEX physical links on a PEX are connected to different PEX ports on the parent device. ¡ The PEX port on the parent device contains physical links to different PEXs. · The data link is forced to the blocked state. In the startup phase, a PEX blocks the link of a PEX physical interface if the interface is physically up, but it is not used for loading startup software. · The physical state of the interface is up, but the PEX connection between the PEX and the parent device has been disconnected. The PEX and the parent device cannot receive PEX heartbeat packets from each other.
Recommended action	If a down PEX link changes from blocked to up quickly, you do not need to take action. If the link stays in blocked state, check the PEX cabling to verify that: · The PEX's all PEX physical interfaces are connected to the physical interfaces assigned to the same PEX port on the parent device. · The PEX port contains only physical links to the same PEX. If a forwarding PEX link stays in blocked state when it is changing to the down state, verify that an IRF fabric split has occurred. When an IRF fabric split occur, a PEX link is be blocked if it is connected to the Recovery-state IRF member device.

PEX_LINK_DOWN

Message text	Status of [STRING] changed from [STRING] to down.
Variable fields	$1: Name of a PEX physical interface. $2: Data link status of the interface.
Severity level	4
Example	PEX/4/PEX_LINK_DOWN: Status of Ten-GigabitEthernet2/0/1 changed from forwarding to down.
Explanation	Data link of the PEX physical interface has changed to the down state and cannot forward any packets. The following are common reasons for this state change: · Physical link fails. · The interface is shut down administratively. · The system reboots.
Recommended action	If the interface has been shut down administratively or in the down state because of a system reboot, use the undo shutdown command to bring up the interface as needed. If the interface is down because of a physical link failure, verify that the cable has been securely connected and is in good condition.

PEX_LINK_FORWARD

Message text	Status of [STRING] changed from [STRING] to forwarding.
Variable fields	$1: Name of a PEX physical interface. $2: Data link status of the interface.
Severity level	5
Example	PEX/5/PEX_LINK_FORWARD: Status of Ten-GigabitEthernet2/0/1 changed from blocked to forwarding.
Explanation	Data link of the PEX physical interface has changed to the forwarding state and can forward data packets. This link state change occurs when one of the following events occurs: · The link is detected again after it changes to the blocked state. · The PEX finishes loading startup software images from the parent device through the interface.
Recommended action	No action is required.

PEX_REG_JOININ

Message text	PEX ([STRING]) registered successfully on PEX port [UINT32].
Variable fields	$1: Virtual slot or chassis number of a PEX. $2: PEX port ID.
Severity level	5
Example	PEX/5/PEX_REG_JOININ: PEX (slot 101) registered successfully on PEX port 1.
Explanation	The PEX has been registered successfully. You can configure and manage the PEX attached to the PEX port on the parent device as if the PEX was an interface card.
Recommended action	No action is required.

PEX_REG_LEAVE

Message text	PEX ([STRING]) unregistered on PEX port [UINT32].
Variable fields	$1: Virtual slot or chassis number of a PEX. $2: PEX port ID.
Severity level	4
Example	PEX/4/PEX_REG_LEAVE: PEX (slot 101) unregistered on PEX port 1.
Explanation	The PEX has been unregistered. You cannot operate the PEX from the parent device. A PEX unregister event occurs when one of the following events occurs: · The PEX reboots. · All physical interfaces in the PEX port are down. For example, all physical interfaces are shut down administratively, or all the physical links are disconnected. · The PEX fails to start up within 30 minutes. · Link detection fails on all physical interfaces in the PEX port.
Recommended action	If the event occurs because the PEX reboots or PEX physical interfaces are shut down administratively, use the undo shutdown command to bring up the interfaces as needed. To resolve the issue that occurs for any other reasons: · Use the display device command to verify that the virtual slot or chassis number of the PEX is present and the state is correct. · Use the display pex-port command to verify that the PEX physical interfaces are configured correctly and in a correct state. · Use the display interface command to verify that the physical state of the PEX physical interfaces is up. If the Current state field displays down, check the cabling for a physical link failure.

PEX_REG_REQUEST

Message text	Received a REGISTER request on PEX port [UINT32] from PEX ([STRING]).
Variable fields	$1: PEX port ID. $2: Virtual slot or chassis number of a PEX.
Severity level	5
Example	PEX/5/PEX_REG_REQUEST: Received a REGISTER request on PEX port 1 from PEX (slot 101).
Explanation	The PEX sent a registration request to the parent device. This event occurs when the PEX starts up after PEX configuration is completed and the PEX device is connected to the patent device correctly. The parent device will allow the PEX to load startup software images after it receives a REGISTER request.
Recommended action	No action is required.

PFILTER messages

This section contains packet filter messages.

PFILTER_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply [STRING] ACL [STRING] to the [STRING] direction of user profile [STRING]. Reason: [STRING].
Variable fields	$1: User identity. $2: ACL type. $3: ACL number or name. $4: Traffic direction. $5: User profile name. $6: Failure cause.
Severity level	3
Example	PFILTER/3/ PFILTER_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply IPv4 ACL 2000 to the inbound direction of user profile u1. Reason: The resources are insufficient. PFILTER/3/ PFILTER_APPLYUSER_NO_RES: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply IPv6 ACL 2000 to the outbound direction of user profile u1. Reason: Packet filtering is not supported for user profiles.
Explanation	The system failed to apply an ACL to the user profile for packet filtering for one of the following reasons: · The resources are insufficient. · The device does not support applying an ACL to the user profile for packet filtering.
Recommended action	· If the resources are insufficient, delete some ACL rules to release resources. · If the device does not support the operation, apply the ACL to the interface on which the user comes online.

PFILTER_GLB_ RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction globally. [STRING] ACL [UINT] has already been applied globally.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: ACL type. $5: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction globally. IPv6 ACL 3000 has already been applied globally.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction globally. · Updating the ACL applied to a specific direction globally.
Recommended action	Remove the ACL of the same type.

PFILTER_GLB_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction globally. · Updating the IPv4 default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction globally. · Updating the IPv6 default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction globally.
Variable fields	$1: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction globally. · Updating the MAC default action applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_GLB_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_GLB_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_GLB_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction globally.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction.
Severity level	3
Example	PFILTER/3/PFILTER_GLB_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction globally.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction globally. · Updating an ACL rule applied to a specific direction globally.
Recommended action	No action is required.

PFILTER_IF_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions because an unknown error: · Applying the IPv4 default action to a specific direction of an interface. · Updating the IPv4 default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of an interface. · Updating the IPv6 default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of interface [STRING].
Variable fields	$1: Traffic direction. $2: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of an interface. · Updating the MAC default action applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IF_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_IF_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING]. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_NOT_SUPPORT: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_IF_RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of interface [STRING]. [STRING] ACL [UINT] has already been applied to the interface.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: Interface name. $5: ACL type. $6: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_IF_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of interface Ethernet 3/1/2. IPv6 ACL 3000 has already been applied to the interface.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of an interface. · Updating the ACL applied to a specific direction of an interface.
Recommended action	Remove the ACL of the same type.

PFILTER_IF_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of interface [STRING].
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: Interface name.
Severity level	3
Example	PFILTER/3/PFILTER_IF_UNK_ERR: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of interface Ethernet 3/1/2.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of an interface. · Updating an ACL rule applied to a specific direction of an interface.
Recommended action	No action is required.

PFILTER_IPV6_STATIS_INFO

Message text	[STRING] ([STRING]): Packet-filter IPv6 [UINT32] [STRING] [STRING] [UINT64] packet(s).
Variable fields	$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule.
Severity level	6
Example	ACL/6/PFILTER_IPV6_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter IPv6 2000 rule 0 permit source 1:1::/64 logging 1000 packet(s).
Explanation	The number of packets matching the packet-filter IPv6 ACL rule changed.
Recommended action	No action is required.

PFILTER_STATIS_INFO

Message text	[STRING] ([STRING]): Packet-filter [UINT32] [STRING] [UINT64] packet(s).
Variable fields	$1: Destination to which packet filter applies. $2: Traffic direction. $3: ACL number. $4: ID and content of an ACL rule. $5: Number of packets that matched the rule.
Severity level	6
Example	ACL/6/PFILTER_STATIS_INFO: Ethernet0/4/0 (inbound): Packet-filter 2000 rule 0 permit source 1.1.1.1 0 logging 10000 packet(s).
Explanation	The number of packets matching the packet-filter IPv4 ACL rule changed.
Recommended action	No action is required.

PFILTER_VLAN_IPV4_DACT_NO_RES

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV4_DACT_NO_RES: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_IPV4_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv4 default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV4_DACT_UNK_ERR: Failed to apply or refresh the IPv4 default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv4 default action to a specific direction of a VLAN. · Updating the IPv4 default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_IPV6_DACT_NO_RES

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV6_DACT_NO_RES: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_IPV6_DACT_UNK_ERR

Message text	Failed to apply or refresh the IPv6 default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_IPV6_DACT_UNK_ERR: Failed to apply or refresh the IPv6 default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the IPv6 default action to a specific direction of a VLAN. · Updating the IPv6 default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_MAC_DACT_NO_RES

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_MAC_DACT_NO_RES: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_MAC_DACT_UNK_ERR

Message text	Failed to apply or refresh the MAC default action to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: Traffic direction. $2: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_MAC_DACT_UNK_ERR: Failed to apply or refresh the MAC default action to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying the MAC default action to a specific direction of a VLAN. · Updating the MAC default action applied to a specific direction of a VLAN.
Recommended action	No action is required.

PFILTER_VLAN_NO_RES

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The resources are insufficient.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_NO_RES: Failed to apply or refresh IPv6 ACL 2000 rule 1 to the inbound direction of VLAN 1. The resources are insufficient.
Explanation	The system failed to perform one of the following actions because hardware resources are insufficient: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	Use the display qos-acl resource command to check hardware resource usage.

PFILTER_VLAN_NOT_SUPPORT

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16]. The ACL is not supported.
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_NOT_SUPPORT: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1. The ACL is not supported.
Explanation	The system failed to perform one of the following actions because the ACL rule is not supported: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	Verify the ACL configuration and remove the settings that are not supported.

PFILTER_VLAN_RES_CONFLICT

Message text	Failed to apply or refresh [STRING] ACL [UINT] to the [STRING] direction of VLAN [UINT16]. [STRING] ACL [UINT] has already been applied to the VLAN.
Variable fields	$1: ACL type. $2: ACL number. $3: Traffic direction. $4: VLAN ID. $5: ACL type. $6: ACL number.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_RES_CONFLICT: Failed to apply or refresh IPv6 ACL 2000 to the inbound direction of VLAN 1. IPv6 ACL 3000 has already been applied to the VLAN.
Explanation	The system failed to perform one of the following actions because an ACL of the same type (IPv4 ACL, IPv6 ACL, or MAC ACL) has already been applied: · Applying the ACL to a specific direction of a VLAN. · Updating the ACL applied to a specific direction of a VLAN.
Recommended action	Remove the ACL of the same type.

PFILTER_VLAN_UNK_ERR

Message text	Failed to apply or refresh [STRING] ACL [UINT] [STRING] to the [STRING] direction of VLAN [UINT16].
Variable fields	$1: ACL type. $2: ACL number. $3: ACL rule ID. $4: Traffic direction. $5: VLAN ID.
Severity level	3
Example	PFILTER/3/PFILTER_VLAN_UNK_ERR: Failed to apply or refresh ACL 2000 rule 1 to the inbound direction of VLAN 1.
Explanation	The system failed to perform one of the following actions due to an unknown error: · Applying an ACL rule to a specific direction of a VLAN. · Updating an ACL rule applied to a specific direction of a VLAN.
Recommended action	No action is required.

PHYD messages

This section contains PHYD messages.

DRV

Message text	-Slot=3.1; [STRING] : Detected hardware fast-forwarding status error. Info saved in [STRING]
Variable fields	$1: Slot ID. $2: Name of the file saving hardware fast-forwarding status errors.
Severity level	2
Example	PHYD/2/DRV: -Slot=3.1; chassis %d slot %d cpu 1 : Detected hardware fast-forwarding status error. Info saved in chassis(1)_slot(1)_fpga(1)_regs_dump_count_1.
Explanation	The system monitors hardware fast-forwarding status at intervals. When detecting an error, the system records the error information and displays this message.
Recommended action	Save the abnormal file and observe the card status.

Message text	-Slot=3.1; [STRING] : Detected hardware fast-forwarding status error 5 times. Rebooting now.
Variable fields	$1: Slot ID.
Severity level	2
Example	PHYD/2/DRV: -Slot=3.1; chassis %d slot %d cpu 1 : Detected hardware fast-forwarding status error 5 times. Now rebooting.
Explanation	The system monitors hardware fast-forwarding status at intervals. After detecting continuous errors for five times, the system displays this message and reboots the card.
Recommended action	After the card is rebooted, save the abnormal files and observe the service status.

Message text	-Slot=2.1; Detected receiving interface [STRING] status abnormal on hardware fast-forwarding [STRING]. Checkpoint [STRING] failed.
Variable fields	$1: Interface ID. $2: Hardware fast-forwarding engine chip ID. $3: Checkpoint ID.
Severity level	4
Example	PHYD/4/DRV: -Chassis=2-Slot=2.1; Detected receiving interface HGport[2] status abnormal on hardware fast-forwarding chip0. Checkpoint 2 failed.
Explanation	The system monitors the receiving interface status of the hardware fast forwarding at intervals. When detecting an error, the system displays this message.
Recommended action	If the services are not influenced by the error, observe the card status.

Message text	Detected sending interface [STRING] status abnormal on hardware fast-forwarding [STRING].
Variable fields	$1: Interface ID. $2: Hardware fast-forwarding engine chip ID.
Severity level	4
Example	PHYD/4/DRV: -Chassis=2-Slot=2.1; Detected sending interface HGport[1] status abnormal on hardware fast-forwarding chip0
Explanation	The system monitors the sending interface status of the hardware fast forwarding at intervals. When detecting an error, the system displays this message.
Recommended action	If the services are not influenced by the error, observe the card status.

Message text	Detected [STRING] status abnormal on hardware fast-forwarding [STRING]. Receiving status: [STRING]; sending status: [STRING].
Variable fields	$1: Interface ID. $2: Hardware fast-forwarding engine chip ID. $3: State. $4: State.
Severity level	4
Example	PHYD/4/DRV: -Chassis=2-Slot=2.1; Detected HGport[2] status abnormal on hardware fast-forwarding chip0. Receiving status:OK; sending status: ERROR.
Explanation	The system monitors the HiGig interface status of the hardware fast forwarding at intervals. When detecting an error, the system displays this message.
Recommended action	If the services are not influenced by the error, observe the card status.

Message text	-Slot=3.1; Detected uneven distribution of sessions on hardware fast-forwarding [STRING]. DDR[STRING]: [STRING] sessions (max); DDR [STRING]: [STRING] sessions (min).
Variable fields	$1: Hardware fast-forwarding engine chip ID. $2: DDR interface ID. $3: Number of sessions. $4: DDR interface ID. $5: Number of sessions.
Severity level	4
Example	PHYD/4/DRV: -Chassis=1-Slot=4.1; Detected uneven distribution of sessions on hardware fast-forwarding chip0. DDR[22]: 112022 sessions (max); DDR [28]: 10257 sessions (min).
Explanation	The system monitors the hardware fast forwarding session status at intervals. When detecting an error, the system displays this message.
Recommended action	If the services are not influenced by the error, observe the card status.

Message text	Detected [STRING] channel[STRING] ddr_mod[STRING] exintf table status abnormal
Variable fields	$1: Chip ID. $2: Channel ID. $3: DDR ID.
Severity level	4
Example	PHYD/4/DRV: -Slot=2.1; Detected chip0 channel[0] ddr mod[10] exintf table status abnormal
Explanation	The system monitors the hardware fast-forwarding entry status at intervals. When detecting an error, the system displays this message.
Recommended action	Save the abnormal file and observe the card status.

PIM messages

This section contains PIM messages.

PIM_NBR_DOWN

Message text	[STRING]: Neighbor [STRING] ([STRING]) is down.
Variable fields	$1: VPN instance name enclosed in parentheses (()). If the PIM neighbor belongs to the public network, this field is not displayed. $2: IP address of the PIM neighbor. $3: Interface name.
Severity level	5
Example	PIM/5/PIM_NBR_DOWN: Neighbor 10.1.1.1(Vlan-interface10) is down.
Explanation	A PIM neighbor went down.
Recommended action	Check the PIM configuration and network status.

PIM_NBR_UP

Message text	[STRING]: Neighbor [STRING] ([STRING]) is up.
Variable fields	$1: VPN instance name enclosed in parentheses (()). If the PIM neighbor belongs to the public network, this field is not displayed. $2: IP address of the PIM neighbor. $3: Interface name.
Severity level	5
Example	PIM/5/PIM_NBR_UP: Neighbor 10.1.1.1(Vlan-interface10) is up.
Explanation	A PIM neighbor came up.
Recommended action	No action is required.

PING messages

This section contains ping messages.

PING_STATISTICS

Message text	[STRING] statistics for [STRING]: [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms.
Variable fields	$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: Number of sent echo requests. $4: Number of received echo replies. $5: Percentage of the non-replied packets to the total request packets. $6: Minimum round-trip delay. $7: Average round-trip delay. $8: Maximum round-trip delay. $9: Standard deviation round-trip delay.
Severity level	6
Example	PING/6/PING_STATISTICS: Ping statistics for 192.168.0.115: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms.
Explanation	A user uses the ping command to identify whether a destination in the public network is reachable.
Recommended action	If there is no packet received, identify whether the interface is down.

PING_VPN_STATISTICS

Message text	[STRING] statistics for [STRING] in VPN instance [STRING] : [UINT32] packets transmitted, [UINT32] packets received, [DOUBLE]% packet loss, round-trip min/avg/max/std-dev = [DOUBLE]/[DOUBLE]/[DOUBLE]/[DOUBLE] ms.
Variable fields	$1: Ping or ping6. $2: IP address, IPv6 address, or host name for the destination. $3: VPN instance name. $4: Number of sent echo requests. $5: Number of received echo replies. $6: Percentage of the non-replied packets to the total request packets. $7: Minimum round-trip delay. $8: Average round-trip delay. $9: Maximum round-trip delay. $10: Standard deviation round-trip delay.
Severity level	6
Example	PING/6/PING_VPN_STATISTICS: Ping statistics for 192.168.0.115 in VPN instance vpn1: 5 packets transmitted, 5 packets received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms.
Explanation	A user uses the ping command to identify whether a destination in a private network is reachable.
Recommended action	If there is no packet received, identify whether the interface is down and identify whether a valid route exists in the routing table.

PKI messages

This section contains PKI messages.

REQUEST_CERT_FAIL

Message text	Failed to request [STRING] certificate of domain [STRING].
Variable fields	$1: Certificate purpose. $2: PKI domain name.
Severity level	5
Example	PKI/5/REQUEST_CERT_FAIL: Failed to request general certificate of domain abc.
Explanation	Failed to request certificate for a domain.
Recommended action	Check the configuration of the device and CA server, and the network between them.

REQUEST_CERT_SUCCESS

Message text	Request [STRING] certificate of domain [STRING] successfully.
Variable fields	$1: Certificate purpose. $2: PKI domain name.
Severity level	5
Example	PKI/5/REQUEST_CERT_SUCCESS: Request general certificate of domain abc successfully.
Explanation	Successfully requested certificate for a domain.
Recommended action	No action is required.

PKT2CPU messages

This section contains PKT2CPU messages.

PKT2CPU_NO_RESOURCE

Message text	-Interface=[STRING]-ProtocolType=[UINT32]-MacAddr=[STRING]; The resources are insufficient. -Interface=[STRING]-ProtocolType=[UINT32]-SrcPort=[UINT32]-DstPort=[UINT32]; The resources are insufficient.
Variable fields	$1: Interface type and number. $2: Protocol type. $3: MAC address or source port. $4: Destination port.
Severity level	4
Example	PKT2CPU/4/PKT2CPU_NO_RESOURCE: -Interface=Ethernet0/0/2-ProtocolType=21-MacAddr=0180-c200-0014; The resources are insufficient.
Explanation	Hardware resources were insufficient.
Recommended action	Cancel the configuration.

PKTCPT messages

This section contains packet capture messages.

PKTCPT_AP_OFFLINE

Message text	Failed to start packet capture. Reason: AP was offline.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_AP_OFFLINE: Failed to start packet capture. Reason: AP was offline.
Explanation	Packet capture failed to start because the AP configured with packet capture was offline.
Recommended action	184. Verify the AP configuration, and restart packet capture after the AP comes online. 185. If the problem persists, contact H3C Support.

PKTCPT_AREADY_EXIT

Message text	Failed to start packet capture. Reason: The AP was uploading frames captured during the previous capturing operation.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_AREADY_EXIT: Failed to start packet capture. Reason: The AP was uploading frames captured during the previous capturing operation.
Explanation	When packet capture is stopped on the AC, the fit AP might be still uploading the captured frames. This message is generated when the user restarted packet capture at that time.
Recommended action	186. Restart packet capture later. 187. If the problem persists, contact H3C Support.

PKTCPT_CONN_FAIL

Message text	Failed to start packet capture. Reason: Failed to connect to the FTP server.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_CONN_FAIL: Failed to start packet capture. Reason: Failed to connect to the FTP server.
Explanation	Packet capture failed to start because the device failed to be connected to the FTP server in the same network segment.
Recommended action	188. Verify that the URL of the FTP server is valid. Possible reasons for an invalid URL include the specified IP address does not exist or is not the FTP server address, and the specified FTP server port is disabled. 189. Verify that the domain name resolution is successful. 190. Verify that the FTP server is reachable for the device configured with packet capture. 191. Verify that the FTP server is online. 192. If the problem persists, contact H3C Support.

PKTCPT_INVALID_FILTER

Message text	Failed to start packet capture. Reason: Invalid expression for matching packets to be captured.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_INVALD_FILTER: Failed to start packet capture. Reason: Invalid expression for matching packets to be captured.
Explanation	Packet capture failed to start because the capture filter expression was invalid.
Recommended action	193. Correct the capture filter expression. 194. If the problem persists, contact H3C Support.

PKTCPT_LOGIN_DENIED

Message text	Packet capture aborted. Reason: FTP server login failure.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_LOGIN_DENIED: Packet capture aborted. Reason: FTP server login failure.
Explanation	Packet capture stopped because the user failed to log in to the FTP server.
Recommended action	195. Verify the username and password. 196. If the problem persists, contact H3C Support.

PKTCPT_MEMORY_ALERT

Message text	Packet capture aborted. Reason: Memory threshold reached.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_MEMORY_ALERT: Packet capture aborted. Reason: Memory threshold reached.
Explanation	Packet capture stopped because the memory threshold was reached.
Recommended action	N/A

PKTCPT_OPEN_FAIL

Message text	Failed to start packet capture. Reason: File for storing captured frames not opened.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_OPEN_FAIL: Failed to start packet capture. Reason: File for storing captured frames not opened.
Explanation	Packer capture failed to start because the file for storing the captured frames cannot be opened.
Recommended action	197. Verify that the user has the write permission to the file. If the user does not have the write permission, assign the permission to the user. 198. Verify that the specified file has been created and is not used by another feature. If the file is used by another feature, use another file. 199. If the problem persists, contact H3C Support.

PKTCPT_OPERATION_TIMEOUT

Message text	Failed to start or continue packet capture. Reason: Operation timed out.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_OPERATION_TIMEOUT: Failed to start or continue packet capture. Reason: Operation timed out.
Explanation	This message is generated when one of the following situations occurs: · Packet capture failed to start because the FTP server in a different network segment is not reachable and the connection timed out. · Packet capture stopped because the FTP server in a different network segment is offline and uploading the captured frames timed out.
Recommended action	200. Verify that the FTP server is reachable. 201. Verify that the FTP server is online. 202. If the problem persists, contact H3C Support.

PKTCPT_SERVICE_FAIL

Message text	Failed to start packet capture. Reason: TCP or UDP port binding faults.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_SERVICE_FAIL: Failed to start packet capture. Reason: TCP or UDP port binding faults.
Explanation	Packet capture failed to start because an error occurs during TCP or UDP port binding.
Recommended action	203. Verify that Wireshark has been closed before you start packet capture. If it is not closed, close Wireshark, and then restart packet capture. 204. Bind a new TCP or UDP port, and then restart packet capture. 205. If the problem persists, contact H3C Support.

PKTCPT_UNKNOWN_ERROR

Message text	Failed to start or continue packet capture. Reason: Unknown error.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_UNKNOWN_ERROR: Failed to start or continue the packet capture. Reason: Unknown error.
Explanation	Packet capture failed to start or packet capture stopped because of an unknown error.
Recommended action	N/A

PKTCPT_UPLOAD_ERROR

Message text	Packet capture aborted. Reason: Failed to upload captured frames.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_UPLOAD_ERROR: Packet capture aborted. Reason: Failed to upload captured frames.
Explanation	Packet capture stopped because the capture failed to upload the captured frames.
Recommended action	206. Verify that the FTP working directory is not changed. 207. Verify that the user has the write permission to the file on the FTP server. 208. Verify that the FTP server is online. 209. Verify that the FTP server is reachable. 210. Verify that the FTP server has enough memory space. 211. Verify that the packet capture is not stopped during the upload of captured frames. 212. If the problem persists, contact H3C Support.

PKTCPT_WRITE_FAIL

Message text	Packet capture aborted. Reason: Not enough space to store captured frames.
Variable fields	N/A
Severity level	6
Example	PKTCPT/6/PKTCPT_WRITE_FAIL: Packet capture aborted. Reason: Not enough space to store captured frames.
Explanation	Packet capture stopped because the memory space is not enough for storing captured frames.
Recommended action	213. Delete unnecessary files to release the space. 214. If the problem persists, contact H3C Support.

Portal messages

This section contains portal messages.

PORTAL_USER_LOGOFF

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]-Input Octets=[UINT32]-Output Octets=[UINT32]-Input Gigawords=[UINT32]-Output Gigawords=[UINT32] -SessionTime=[UINT32]; User logged off.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Reason for user offline, see Table 7. $8: Number of input octets. $9: Number of output octets. $10: Number of input gigawords. $11: Number of output gigawords
Severity level	6
Example	PORTAL/6/PORTAL_USER_LOGOFF: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=N/A-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason=User request-Input Octets=100-Output Octets=200-Input Gigawords=100-Output Gigawords=200-SessionTime=200; User logged off.
Explanation	A portal user went offline.
Recommended action	Choose the recommended action according to the reason (see Table 7).

Table 7 Reasons that a user goes offline and recommended actions

Reason	Description	Recommended action
User Request.	The user requested to be offline.	No action is required.
DHCP relay security del.	The DHCP relay agent was deleted.	Verify that the DHCP server configuration is correct.
Idle timeout.	The traffic of the user in the specified period of time does not reach the idle cut traffic threshold.	No action is required.
Session timeout.	The user's online time has reached the limit.	No action is required.
User detection failure.	The user failed online detection.	No action is required.
Session-control POD command.	The RADIUS server logged out the user.	No action is required.
Port down.	· The state of the access interface became Down or Deactive. · The access interface is a VLAN interface and a Layer 2 port left the VLAN.	· Verify that a cable is correctly inserted to the user access interface, and the access interface is not shut down by using the shutdown command. · Verify that the user access interface card or subcard operates normally. · Verify that portal roaming is enabled on the user access Layer 2 Ethernet interface.
Set Policy time timeout.	Failed to assign a user rule.	Release memory to ensure enough hardware memory space.
Failed to set user rule.	Authorization information changed for the user. For example, the authorization ACL or user profile was deleted.	No action is required.
Command cut.	The device logged out the user.	Make sure portal authentication functions normally on the user access interface.
Failed to synchronize with server.	The device failed to synchronize user information with the server.	· Make sure the user heartbeat interval configured on the portal authentication server is not greater than the user synchronization detection timeout configured on the access device. · Verify that the server is reachable.
Failed to recovery user.	User recovery failed.	· Verify that the user access interface is up. · Verify that portal authentication is enabled on the user access interface. · Verify that the session timeout timer for the user does not expire.
Failed to set rule while acl rule changed.	Authorization ACL for the online user changed.	· Verify that the authorization ACL for the user is correctly assigned. · Verify that strict checking on authorized ACLs is disabled.
Failed to set profile while profile changed.	Authorization user profile for the online user changed.	· Verify that the authorization user profile for the user is correctly assigned by using the display user profile command. · Verify that strict checking on authorized user profiles is disabled.
Failed to process rlt accounting.	Accounting update failure.	· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active.
Failed to process start accounting.	Failed to start accounting for the user.	· Verify that the device can correctly communicate with the accounting server. · Verify that the status of the accounting server is active.
Traffic reach to quota.	Traffic threshold for the user was reached.	No action is required.
Authorization VPN instance deleted.	The authorization VPN instance was deleted.	No action is required.

PORTAL_USER_LOGON_FAIL

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]-Reason=[STRING]; User failed to get online.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address. $7: Login failure reason, see Table 8.
Severity level	6
Example	PORTAL/6/PORTAL_USER_LOGON_FAIL: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601-Reason= Authentication Failed : 4; User failed to get online.
Explanation	A portal user failed to come online.
Recommended action	Choose the recommended action according to the reason, see Table 8.

Table 8 Reasons that a user fails to come online and recommended actions

Reason	Description	Recommended action
Rejected : 1.	Authorization failed, or authorization attributes deployment failed.	· Verify that the device can correctly communicate with the authorization server. · Verify that the authorization user attributes exist on the device and are correctly configured. · Verify that the device supports the authorization user attributes.
Busy : 3.	The user received a logout request from the portal server during the login process.	Verify that the device can correctly communicate with the AAA server.
Authentication Failed : 4.	Authentication failed.	· Verify that the device can correctly communicate with the authentication server. · Verify that the shared key is the same on the device and the authentication server. · Verify that the username is valid. · Verify that the password for the username is correct. · Verify that the authentication domain on the device is correct.
Other Error.	Unknown error.	N/A

PORTAL_USER_LOGON_SUCCESS

Message text	-UserName=[STRING]-IPAddr=[IPADDR]-IfName=[STRING]-OuterVLAN=[UINT16]-InnerVLAN=[UINT16]-MACAddr=[MAC]:User got online successfully.
Variable fields	$1: Username. $2: IP address. $3: Interface name. $4: Outer VLAN ID. $5: Inner VLAN ID. $6: MAC address.
Severity level	6
Example	PORTAL/6/PORTAL_USER_LOGON_SUCCESS: -UserName=abc-IPAddr=1.1.1.2-IfName=Route-Aggregation1023.4000- OuterVLAN=100-InnerVLAN=4000-MACAddr=0230-0103-5601; User got online successfully.
Explanation	A portal user came online successfully.
Recommended action	No action is required.

PORTSEC messages

This section contains port security messages.

PORTSEC_PORTMODE_NOT_EFFECTIVE

Message text	The port security mode is configured but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	PORTSEC/3/PORTSEC_PORTMODE_NOT_EFFECTIVE: The port security mode is configured but is not effective on interface Ethernet3/1/2.
Explanation	The port security mode does not take effect on an interface, because the interface does not support this mode.
Recommended action	215. Remove the problem by using one of the following methods: ¡ Change the port security mode to another mode that is supported by the interface. ¡ Reconnect the connected devices to another interface that supports this port security mode, and configure the port security mode on the new interface. 216. If the problem persists, contact H3C Support.

PORTSEC_NTK_NOT_EFFECTIVE

Message text	The NeedToKnow feature is configured but is not effective on interface [STRING].
Variable fields	$1: Interface type and number.
Severity level	3
Example	PORTSEC/3/PORTSEC_NTK_NOT_EFFECTIVE: The NeedToKnow feature is configured but is not effective on interface Ethernet3/1/2.
Explanation	The NeedToKnow mode does not take effect on an interface, because the interface does not support the NeedToKnow mode.
Recommended action	217. Remove the problem depending on the network requirements: ¡ If the NeedToKnow feature is not required, disable the NeedToKnow feature on the interface. ¡ If the NeedToKnow feature is required, reconnect the connected devices to another interface that supports the NeedToKnow mode. Then, configure the NeedToKnow mode on the new interface. 218. If the problem persists, contact H3C Support.

POSA

This section contains POSA module messages.

POSA_TCPLISTENPORT_NOT_OPEN

Message text	Failed to open TCP listening port for terminal [STRING].
Variable fields	$1: POS terminal template ID.
Severity level	3
Example	POSA/3/POSA_TCPLISTENPORT_NOT_OPEN: Failed to open TCP listening port for terminal 1.
Explanation	The device failed to open the TCP listening port for POS terminal template 1.
Recommended action	219. Delete POS terminal template 1. 220. Re-create a POS terminal template by using an unused TCP port number.

PPP messages

This section contains PPP messages.

IPPOOL_ADDRESS_EXHAUSTED

Message text	The address pool [STRING] was exhausted.
Variable fields	$1: Pool name.
Severity level	5
Example	PPP/5/IPPOOL_ADDRESS_EXHAUSTED: The address pool aaa was exhausted.
Explanation	This message is generated when the last address is assigned from the pool.
Recommended action	Add addresses to the pool.

PPPOES_MAC_THROTTLE

Message text	The MAC [STRING] triggered MAC throttle on interface [STRING].
Variable fields	$1: MAC address. $2: Interface name.
Severity level	5
Example	PPPOES/5/PPPOES_MAC_THROTTLE: -MDC=1; The MAC 001b-21a8-0949 triggered MAC throttle on interface GigabitEthernet1/0/1.
Explanation	The maximum number of PPPoE session requests from a user within the monitoring time reached the PPPoE access limit on the access interface. The access interface discarded the excessive requests.
Recommended action	221. Check the PPPoE access limit on the access interface that is configured by using the pppoe-server throttle per-mac command. 222. View the time left for the blocking user on the access interface by executing the display pppoe-server throttled-mac command. 223. If the problem persists, contact the support.

PWDCTL messages

This section contains password control messages.

ADDBLACKLIST

Message text	[STRING] was added to the blacklist for failed login attempts.
Variable fields	$1: Username.
Severity level	6
Example	PWDCTL/6/ADDBLACKLIST: hhh was added to the blacklist for failed login attempts.
Explanation	The user entered an incorrect password. It failed to log in to the device and was added to the password control blacklist.
Recommended action	No action is required.

CHANGEPASSWORD

Message text	[STRING] changed the password because [STRING].
Variable fields	$1: Username. $2: The reasons for changing password. ¡ Because it is the first login of the account. ¡ Because the password had expired. ¡ Because the password was too short. ¡ Because the password was not complex enough.
Severity level	6
Example	PWDCTL/6/CNAHGEPASSWORD: hhh changed the password because It is the first login of the account.
Explanation	The user changed the password for some reason. For example, the user changed the password because it is the first login of the user's account.
Recommended action	No action is required.

FAILEDTOWRITEPWD

Message text	Failed to write the password records to file.
Variable fields	N/A
Severity level	6
Example	PWDCTL/6/FAILEDTOWRITEPWD: Failed to write the password records to file.
Explanation	The device failed to write a password to a file.
Recommended action	Check the file system of the device for memory space insufficiency.

QOS messages

This section contains QoS messages.

QOS_CAR_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply the [STRING] CAR in [STRING] profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: Application direction. $3: Profile type. $4: Profile name. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_CAR_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2-SVLAN=100-VPN=”N/A”-Port=GigabitEthernet5/1/5; Failed to apply the inbound CAR in user profile a to the user. Reason: The resources are insufficient.
Explanation	The system failed to perform one of the following actions: · Apply a CAR policy when a user went online. · Modify a configured CAR policy or configure a new CAR policy when a user is online.
Recommended action	Delete the CAR policy from the profile or modify the parameters of the CAR policy.

QOS_CBWFQ_REMOVED

Message text	CBWFQ is removed from [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	QOS/3/QOS_CBWFQ_REMOVED: CBWFQ is removed from GigabitEthernet4/0/1.
Explanation	CBWFQ was removed from an interface because the maximum bandwidth or speed configured on the interface was below the bandwidth or speed required for CBWFQ.
Recommended action	Increase the bandwidth or speed and apply the removed CBWFQ again.

QOS_GTS_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply GTS in user profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: User profile name. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_GTS_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply GTS in user profile a to the user. Reason: The resources are insufficient.
Explanation	The system failed to perform one of the following actions: · Apply a GTS action when a user went online. · Modify a configured GTS action or configure a new GTS action when a user is online.
Recommended action	Delete the GTS action from the user profile or modify the parameters of the GTS action.

QOS_NOT_ENOUGH_BANDWIDTH

Message text	Policy [STRING] requested bandwidth [UINT32](kbps). Only [UINT32](kbps) is available on [STRING].
Variable fields	$1: Policy name. $2: Required bandwidth for CBWFQ. $3: Available bandwidth on an interface. $4: Interface name.
Severity level	3
Example	QOS/3/QOS_NOT_ENOUGH_BANDWIDTH: Policy d requested bandwidth 10000(kbps). Only 80(kbps) is available on GigabitEthernet4/0/1.
Explanation	Configuring CBWFQ on an interface failed because the maximum bandwidth on the interface was less than the bandwidth required for CBWFQ.
Recommended action	Increase the maximum bandwidth configured for the interface or set lower bandwidth required for CBWFQ.

QOS_POLICY_APPLYCOPP_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: Slot number. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYCOPP_CBFAIL: Failed to apply classifier-behavior d in policy b to the inbound direction of control plane slot 3. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a control plane. · Update a classifier-behavior association applied to a specific direction of a control plane.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYCOPP_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of control plane slot [UINT32]. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Slot number. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYCOPP_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of control plane slot 3. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a control plane. · Update a QoS policy applied to a specific direction of a control plane.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYGLOBAL_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction globally. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYGLOBAL_CBFAIL: Failed to apply classifier-behavior a in policy b to the outbound direction globally. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction globally. · Update a classifier-behavior association applied to a specific direction globally.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYGLOBAL_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction globally. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYGLOBAL_FAIL: Failed to apply or refresh QoS policy b to the inbound direction globally. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction globally. · Update a QoS policy applied to a specific direction globally.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYIF_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of interface [STRING]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Traffic direction. $4: Interface name. $5: Failure cause: ¡ The behavior is empty. ¡ The classifier is empty.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYIF_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of interface Ethernet3/1/2. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of an interface. · Update a classifier-behavior association applied to a specific direction of an interface.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYIF_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of interface [STRING]. [STRING].
Variable fields	$1: Policy name. $2: Traffic direction. $3: Interface name. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYIF_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of interface Ethernet3/1/2. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of an interface. · Update a QoS policy applied to a specific direction of an interface.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply the [STRING] QoS policy [STRING] in user profile [STRING] to the user.Reason: [STRING].
Variable fields	$1: User identity. $2: Application direction. $3: QoS policy name. $4: User profile name. $5: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-CVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply the inbound QoS policy p in user profile a to the user.Reason: The QoS policy is not supported.
Explanation	The system failed to perform one of the following actions: · Issue the settings of a QoS policy when a user went online. · Modify an applied QoS policy or apply a new QoS policy when a user is online.
Recommended action	Remove the QoS policy from the user profile or modify the parameters of the QoS policy.

QOS_POLICY_APPLYVLAN_CBFAIL

Message text	Failed to apply classifier-behavior [STRING] in policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING].
Variable fields	$1: Name of a classifier-behavior association. $2: Policy name. $3: Application direction. $4: VLAN ID. $5: Failure cause.
Severity level	4
Example	QOS/4QOS_POLICY_APPLYVLAN_CBFAIL: Failed to apply classifier-behavior b in policy b to the inbound direction of VLAN 2. The behavior is empty.
Explanation	The system failed to perform one of the following actions: · Apply a classifier-behavior association to a specific direction of a VLAN. · Update a classifier-behavior association applied to a specific direction of a VLAN.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_POLICY_APPLYVLAN_FAIL

Message text	Failed to apply or refresh QoS policy [STRING] to the [STRING] direction of VLAN [UINT32]. [STRING].
Variable fields	$1: Policy name. $2: Application direction. $3: VLAN ID. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_POLICY_APPLYVLAN_FAIL: Failed to apply or refresh QoS policy b to the inbound direction of VLAN 2. The operation is not supported.
Explanation	The system failed to perform one of the following actions: · Apply a QoS policy to a specific direction of a VLAN. · Update a QoS policy applied to a specific direction of a VLAN.
Recommended action	Modify the configuration of the QoS policy according to the failure cause.

QOS_QMPROFILE_APPLYUSER_FAIL

Message text	[STRING]; Failed to apply queue management profile [STRING] in session group profile [STRING] to the user. Reason: [STRING].
Variable fields	$1: User identity. $2: Queue scheduling profile name. $3: Session group profile name. $4: Failure cause.
Severity level	4
Example	QOS/4/QOS_QMPROFILE_APPLYUSER_FAIL: -MAC=1111-2222-3333-IP=192.168.1.2/16-SVLAN=100-Port=GigabitEthernet5/1/5; Failed to apply queue management profile b in session group profile a to the user. Reason: The QMProfile is not supported.
Explanation	The system failed to perform one of the following actions: · Issue the settings of a queue scheduling profile when a user went online. · Modify an applied queue scheduling profile or apply a new queue scheduling profile when a user is online.
Recommended action	Remove the queue scheduling profile from the session group profile or modify the parameters of the queue scheduling profile.

QOS_QMPROFILE_MODIFYQUEUE_FAIL

Message text	Failed to configure queue [UINT32] in queue management profile [STRING]. [STRING].
Variable fields	$1: Queue ID. $2: Profile name. $3: Failure cause.
Severity level	4
Example	QOS/4/QOS_QMPROFILE_MODIFYQUEUE_FAIL: Failed to configure queue 1 in queue management profile myqueue. The value is out of range.
Explanation	The system failed to modify a queue in a queue scheduling profile successfully applied to an interface because the new parameter was beyond port capabilities.
Recommended action	Remove the queue scheduling profile from the interface, and then modify the parameters for the queue.

QOS_POLICY_REMOVE

Message text	QoS policy [STRING] failed to be applied to [STRING].
Variable fields	$1: QoS policy name. $2: A hub-spoke tunnel on a tunnel interface.
Severity level	4
Example	QOS/4/QOS_POLICY_REMOVE: QoS policy p1 failed to be applied to ADVPN session Tunnel1 192.168.0.3.
Explanation	This message is generated when a QoS policy applied to a hub-spoke tunnel on a tunnel interface failed to be modified.
Recommended action	Check the configuration according to the failure cause.

QOS_POLICY_ACTIVATE

Message text	QoS policy [STRING] was successfully applied to [STRING].
Variable fields	$1: QoS policy name. $2: A hub-spoke tunnel on a tunnel interface.
Severity level	4
Example	QOS/4/QOS_POLICY_ACTIVATE: QoS policy p1 was successfully applied to ADVPN session Tunnel1 192.168.0.3.
Explanation	This message is generated when a QoS policy applied to a hub-spoke tunnel on a tunnel interface is successfully modified.
Recommended action	No action is required.

RADIUS messages

This section contains RADIUS messages.

RADIUS_AUTH_FAILURE

Message text	User [STRING] from [STRING] failed authentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	RADIUS/5/RADIUS_AUTH_FAILURE: User abc@system from 192.168.0.22 failed authentication.
Explanation	An authentication request was rejected by the RADIUS server.
Recommended action	No action is required.

RADIUS_AUTH_SUCCESS

Message text	User [STRING] from [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	RADIUS/6/RADIUS_AUTH_SUCCESS: User abc@system from 192.168.0.22 was authenticated successfully.
Explanation	An authentication request was accepted by the RADIUS server.
Recommended action	No action is required.

RADIUS_DELETE_HOST_FAIL

Message text	Failed to delete servers in scheme [STRING].
Variable fields	$1: Scheme name.
Severity level	4
Example	RADIUS/4/RADIUS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc.
Explanation	Failed to delete servers from a RADIUS scheme.
Recommended action	No action is required.

RDDC messages

This section contains RDDC messages.

RDDC_ACTIVENODE_CHANGE

Message text	Redundancy group [STRING] active node changed to [STRING], because of [STRING].
Variable fields	$1: Redundancy group name. $2: Active node information. $3: Status change reason: ¡ manual switchover ¡ group's configuration changed ¡ node's weight changed
Severity level	5
Example	RDDC/5/RDDC_ACTIVENODE_CHANGE: Redundancy group 1 active node changed to node 1 (chassis 1), because of manual switchover.
Explanation	The active node in the redundancy group changed because of manual switchover, configuration change of the group, or weight change of the node.
Recommended action	No action is required.

RIP messages

This section contains RIP messages.

RIP_MEM_ALERT

Message text	RIP Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	RIP/5/RIP_MEM_ALERT: RIP Process received system memory alert start event.
Explanation	RIP received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

RIP_RT_LMT

Message text	RIP [UINT32] Route limit reached
Variable fields	$1: Process ID.
Severity level	6
Example	RIP/6/RIP_RT_LMT: RIP 1 Route limit reached.
Explanation	The number of routes of a RIP process reached the upper limit.
Recommended action	224. Check for network attacks. 225. Reduce the number of routes.

RIPNG messages

This section contains RIPng messages.

RIPNG_MEM_ALERT

Message text	RIPng Process received system memory alert [STRING] event.
Variable fields	$1: Type of the memory alarm.
Severity level	5
Example	RIPNG/5/RIPNG_MEM_ALERT: RIPNG Process received system memory alert start event.
Explanation	RIPng received a memory alarm.
Recommended action	Check the system memory and release memory for the modules that occupy too many memory resources.

RIPNG_RT_LMT

Message text	RIPng [UINT32] Route limit reached
Variable fields	$1: Process ID
Severity level	6
Example	RIPNG/6/RIPNG_RT_LMT: RIPng 1 Route limit reached.
Explanation	The number of routes of a RIPng process reached the upper limit.
Recommended action	226. Check for network attacks. 227. Reduce the number of routes.

RM messages

This section contains RM messages.

RM_ACRT_REACH_LIMIT

Message text	Max active [STRING] routes [UINT32] reached in URT of [STRING]
Variable fields	$1: IPv4 or IPv6. $2: Maximum number of active routes. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_ACRT_REACH_LIMIT: Max active IPv4 routes 100000 reached in URT of VPN1
Explanation	The number of active routes reached the upper limit in the unicast routing table of a VPN instance.
Recommended action	Remove unused active routes.

RM_ACRT_REACH_THRESVALUE

Message text	Threshold value [UINT32] of max active [STRING] routes reached in URT of [STRING]
Variable fields	$1: Threshold of the maximum number of active routes in percentage. $2: IPv4 or IPv6. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_ACRT_REACH_THRESVALUE: Threshold value 50% of max active IPv4 routes reached in URT of vpn1
Explanation	The percentage of the maximum number of active routes was reached in the unicast routing table of a VPN instance.
Recommended action	Modify the threshold value or the route limit configuration.

RM_THRESHLD_VALUE_REACH

Message text	Threshold value [UINT32] of active [STRING] routes reached in URT of [STRING]
Variable fields	$1: Maximum number of active routes. $2: IPv4 or IPv6. $3: VPN instance name.
Severity level	4
Example	RM/4/RM_THRESHLD_VALUE_REACH: Threshold value 10000 of active IPv4 routes reached in URT of vpn1
Explanation	The number of active routes reached the threshold in the unicast routing table of a VPN instance.
Recommended action	Modify the route limit configuration.

RPR messages

This section contains RPR messages.

RPR_EXCEED_MAX_SEC_MAC

Message text	A maximum number of secondary MAC addresses exceeded defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_EXCEED_MAX_SEC_MAC: A maximum number of secondary MAC addresses exceeded defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of RPR secondary MAC addresses on the ring has reached the upper limit.
Recommended action	Disable VRRP on RPR stations.

RPR_EXCEED_MAX_SEC_MAC_OVER

Message text	A maximum number of secondary MAC addresses exceeded defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_EXCEED_MAX_SEC_MAC_OVER: A maximum number of secondary MAC addresses exceeded defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of secondary MAC addresses on the ring has dropped below the upper limit.
Recommended action	No action is required.

RPR_EXCEED_MAX_STATION

Message text	A maximum number of stations exceeded defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_EXCEED_MAX_STATION: A maximum number of stations exceeded defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of RPR stations on the ring has reached the upper limit.
Recommended action	Remove some RPR stations.

RPR_EXCEED_MAX_STATION_OVER

Message text	A maximum number of stations exceeded defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_EXCEED_MAX_STATION_OVER: A maximum number of stations exceeded defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The number of RPR stations on the ring has dropped below the upper limit.
Recommended action	No action is required.

RPR_EXCEED_RESERVED_RATE

Message text	An excess reserved rate defect is present on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_EXCEED_RESERVED_RATE: An excess reserved rate defect is present on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The reserved bandwidth for the RPR station was greater than the total bandwidth of the RPR ring.
Recommended action	Reduce the reserved bandwidth.

RPR_EXCEED_RESERVED_RATE_OVER

Message text	An excess reserved rate defect is cleared on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_EXCEED_RESERVED_RATE_OVER: An excess reserved rate defect is cleared on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The reserved bandwidth for the RPR station was smaller than the total bandwidth of the RPR ring.
Recommended action	No action is required.

RPR_IP_DUPLICATE

Message text	A duplicate IP address defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_IP_DUPLICATE: A duplicate IP address defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	Another RPR station used the same IP address.
Recommended action	Locate the RPR station, and change its IP address.

RPR_IP_DUPLICATE_OVER

Message text	A duplicate IP address defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_IP_DUPLICATE_OVER: A duplicate IP address defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The duplicate IP address defect was cleared.
Recommended action	No action is required.

RPR_JUMBO_INCONSISTENT

Message text	A jumbo configuration defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	RPR/6/RPR_JUMBO_INCONSISTENT: A jumbo configuration defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	An RPR station used different Jumbo frame configuration.
Recommended action	Locate the RPR station and change its Jumbo frame configuration.

RPR_JUMBO_INCONSISTENT_OVER

Message text	A jumbo configuration defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	6
Example	RPR/6/RPR_JUMBO_INCONSISTENT_OVER: A jumbo configuration defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The Jumbo frame configuration inconsistency defect was cleared.
Recommended action	No action is required.

RPR_MISCABLING

Message text	A miscabling defect is present on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_MISCABLING: A miscabling defect is present on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The west port of an RPR station was not connected to the east port of anther RPR station.
Recommended action	Examine the physical port connection of the two RPR stations.

RPR_MISCABLING_OVER

Message text	A miscabling defect is cleared on ringlet0/ringlet1 corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_MISCABLING_OVER: A miscabling defect is cleared on ringlet0 corresponding to RPR logical interface RPR-Router1.
Explanation	The RPR physical port connection defect was cleared.
Recommended action	No action is required.

RPR_PROTECTION_INCONSISTENT

Message text	A protection configuration defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_PROTECTION_INCONSISTENT: A protection configuration defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	An RPR station used different protection mode.
Recommended action	Locate the RPR station and change its protection mode.

RPR_PROTECTION_INCONSISTENT_OVER

Message text	A protection configuration defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_PROTECTION_INCONSISTENT_OVER: A protection configuration defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The protection mode inconsistency defect was cleared.
Recommended action	No action is required.

RPR_SEC_MAC_DUPLICATE

Message text	A duplicate secondary MAC addresses defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_SEC_MAC_DUPLICATE: A duplicate secondary MAC addresses defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	Another RPR station used the same secondary MAC address.
Recommended action	Locate the RPR station, and change its secondary MAC address.

RPR_SEC_MAC_DUPLICATE_OVER

Message text	A duplicate secondary MAC addresses defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_SEC_MAC_DUPLICATE_OVER: A duplicate secondary MAC addresses defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The duplicate secondary MAC address defect was cleared.
Recommended action	No action is required.

RPR_TOPOLOGY_INCONSISTENT

Message text	An inconsistent topology defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	3
Example	RPR/3/RPR_TOPOLOGY_INCONSISTENT: An inconsistent topology defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information collected by the ports on the PRP stations was different.
Recommended action	Execute the shutdown command and then the undo shutdown command on the ports to collect topology information again.

RPR_TOPOLOGY_INCONSISTENT_OVER

Message text	An inconsistent topology defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_TOPOLOGY_INCONSISTENT_OVER: An inconsistent topology defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information inconsistency defect was cleared.
Recommended action	No action is required.

RPR_TOPOLOGY_INSTABILITY

Message text	A topology instability defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_TOPOLOGY_INSTABILITY: A topology instability defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The RPR ring topology was unstable.
Recommended action	No action is required.

RPR_TOPOLOGY_INSTABILITY_OVER

Message text	A topology instability defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_TOPOLOGY_INSTABILITY_OVER: A topology instability defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The RPR ring topology was stable.
Recommended action	No action is required.

RPR_TOPOLOGY_INVALID

Message text	A topology invalid defect is present on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	RPR/4/RPR_TOPOLOGY_INVALID: A topology invalid defect is present on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information collected by the RPR stations was invalid.
Recommended action	Execute the shutdown command and then the undo shutdown command on the RPR stations to collect topology information again.

RPR_TOPOLOGY_INVALID_OVER

Message text	A topology invalid defect is cleared on the ring corresponding to RPR logical interface [STRING].
Variable fields	$1: Interface name.
Severity level	5
Example	RPR/5/RPR_TOPOLOGY_INVALID_OVER: A topology invalid defect is cleared on the ring corresponding to RPR logical interface RPR-Router1.
Explanation	The topology information collected by the RPR stations was valid.
Recommended action	No action is required.

RRPP messages

This section contains RRPP messages.

RRPP_RING_FAIL

Message text	Ring [UINT32] in Domain [UINT32] failed.
Variable fields	$1: Ring ID. $2: Domain ID.
Severity level	4
Example	RRPP/4/RRPP_RING_FAIL: Ring 1 in Domain 1 failed.
Explanation	A ring failure occurred in the RRPP domain.
Recommended action	Check each RRPP node to clear the network fault.

RRPP_RING_RESTORE

Message text	Ring [UINT32] in Domain [UINT32] recovered.
Variable fields	$1: Ring ID. $2: Domain ID.
Severity level	4
Example	RRPP/4/RRPP_RING_RESTORE: Ring 1 in Domain 1 recovered.
Explanation	The ring in the RRPP domain was recovered.
Recommended action	No action is required.

RTM messages

This section contains RTM messages.

RTM_TCL_NOT_EXIST

Message text	Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file was not found.
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_NOT_EXIST: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file was not found.
Explanation	The system did not find the Tcl script file for the policy while executing the policy.
Recommended action	228. Verify that the Tcl script file exists. 229. Reconfigure the policy.

RTM_TCL_MODIFY

Message text	Failed to execute Tcl-defined policy [STRING] because the policy's Tcl script file had been modified.
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_MODIFY: Failed to execute Tcl-defined policy aaa because the policy's Tcl script file had been modified.
Explanation	The Tcl script file for the policy was modified.
Recommended action	Reconfigure the policy, or modify the Tcl script to be the same as it was when it was bound with the policy.

RTM_TCL_LOAD_FAILED

Message text	Failed to load the Tcl script file of policy [STRING].
Variable fields	$1: Name of a Tcl-defined policy.
Severity level	4
Example	RTM/4/RTM_TCL_LOAD_FAILED: Failed to load the Tcl script file of policy [STRING].
Explanation	The system failed to load the Tcl script file for the policy to memory.
Recommended action	No action is required.

SCD

This section contains server connection detection (SCD) messages.

SCD_IPV4

Message text	Protocol(1001)=[STRING];ServerIPAddr(1003)=[STRING];DstIPAddr(1007)=[STRING];DstPort(1008)=[STRING]; Illegal server connection.
Variable fields	$1: Protocol type. $2: Server IP address. $3: Destination IP address of the server-initiated connection. $4: Destination port number of the server-initiated connection.
Severity level	6
Example	SCD/6/SCD_IPV4:-Context=1;Protocol(1001)=TCP;ServerIPAddr(1003)=192.168.105.1;DstIPAddr(1007)=192.168.105.111;DstPort(1008)=80; Illegal server connection.
Explanation	This message is sent when an illegal server-initiated connection is detected.
Recommended action	Check the illegal connection and decide whether to allow the connection based on your network services. For example, you can configure a security policy to block such connections.

SCM messages

This section contains SCM messages.

PROCESS_ABNORMAL

Message text	The process [STRING] exited abnormally.
Variable fields	$1: Process name.
Severity level	5
Example	SCM/5/PROCESS_ABNORMAL: The process devd exited abnormally.
Explanation	A service exited abnormally.
Recommended action	230. Use the display process command to identify whether the process exists. If the process exists, the process is recovered. 231. If the process is not recovered, collect the following information: 232. Execute the view /var/log/trace.log > trace.log command in probe view, and upload the trace.log file saved in the storage media of the device to the server through FTP or TFTP (in binary mode). 233. Execute the display process log command to display process information. If the core field displays Y, the core file was generated when the process exited. 234. Execute the display exception context command to collect process exception information, and save the information. Then, execute the display exception filepath command to display core file path and upload the core file and the file that save the process exception information through FTP or TFTP (in binary mode). 235. Send the files to H3C Support. 236. If the process has been recovered, but reasons need to be located, go to step 231.

PROCESS_ACTIVEFAILED

Message text	The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted.
Variable fields	$1: Process name.
Severity level	4
Example	SCM/4/PROCESS_ACTIVEFAILED: The standby process [STRING] failed to switch to the active process due to uncompleted synchronization, and was restarted.
Explanation	The standby process failed to switch to the active process because the active process exited abnormally when the standby process has not completed synchronization. The standby process was restarted.
Recommended action	No action is required.

SCM_ABNORMAL_REBOOT

Message text	Pattern 1: The process [STRING] can't be restored. Reboot now. Pattern 2: The process [STRING] can't be restored. Reboot [STRING] now.
Variable fields	Pattern 1: $1: Process name. Pattern 2: $1: Process name. $2: Chassis number and slot number or slot number.
Severity level	3
Example	SCM/3/SCM_ABNORMAL_REBOOT: The process ipbased can't be restored. Reboot slot 2 now.
Explanation	Pattern 1: While the device was rebooting, the specified process quitted abnormally and failed to recover after multiple automatic restart attempts. The device will reboot automatically. Pattern 2: While the specified slot was rebooting, the specified process quitted abnormally and failed to recover after multiple automatic restart attempts. The slot will restart automatically.
Recommended action	237. After the device or slot starts up, use the display process command to verify that the process has recovered. 238. If the problem persists, contact H3C Support.

SCM_ABNORMAL_REBOOTMDC

Message text	The process [STRING] in [STRING] [UINT16] can't be restored. Reboot [STRING] [UINT16] now.
Variable fields	$1: Process name. $2: Device type, MDC or context. $3: ID of the MDC or context. $4: Device type, MDC or context. $5: ID of the MDC or context.
Severity level	3
Example	SCM/3/SCM_ABNORMAL_REBOOTMDC: The process ipbased in MDC 2 can't be restored. Reboot MDC 2 now.
Explanation	The process exited abnormally during the startup of the MDC on the active MPU or the context on the main security engine in the security engine group. If the process cannot restore after multiple automatic restart attempts, the MDC or context will restart automatically. This message will be output in MDC 1 or Context 1.
Recommended action	239. Use the display process command to verify that the process has restored after the card restarts. 240. If the problem persists, contact H3C Support.

SCM_ABORT_RESTORE

Message text	The process [STRING] can't be restored, abort it.
Variable fields	$1: Process name.
Severity level	3
Example	SCM/3/SCM_ABORT_RESTORE: The process ipbased can't be restored, abort it.
Explanation	The process exited abnormally during the system operation. If the process cannot restore after multiple automatic restart attempts, the device will not restore the process.
Recommended action	241. Use the display process log command in any view to display the details about process exit. 242. Restart the card or the MDC where the process is located. 243. Provide the output from the display process log command to H3C Support.

SCM_INSMOD_ADDON_TOOLONG

Message text	Failed to finish loading [STRING] in [UINT32] minutes.
Variable fields	$1: Kernel file name. $2: File loading duration.
Severity level	4
Example	SCM/4/SCM_INSMOD_ADDON_TOOLONG: Failed to finish loading addon.ko in 30 minutes.
Explanation	Kernel file loading timed out during device startup.
Recommended action	244. Restart the card. 245. Contact H3C Support.

SCM_KERNEL_INIT_TOOLONG

Message text	Kernel init in sequence [STRING] function [STRING] failed to finish in [UINT32] minutes.
Variable fields	$1: Kernel event phase. $2: Address of the function corresponding to the kernel event. $3: Time duration.
Severity level	4
Example	SCM/4/SCM_KERNEL_INIT_TOOLONG: Kernel init in sequence 0x25e7 function 0x6645ffe2 failed to finish in 15 minutes.
Explanation	A function at a phase during kernel initialization ran too long.
Recommended action	246. Restart the card. 247. Contact H3C Support.

SCM_PROCESS_STARTING_TOOLONG

Message text	The process [STRING] on [STRING] [UINT16] has not finished starting in [UINT32] hours.
Variable fields	$1: Process name. $2: Device type, MDC or context. This field is not displayed on devices that do not support MDCs or contexts. $3: ID of the MDC or context. This field is not displayed on devices that do not support MDCs or contexts. $4: Time duration.
Severity level	4
Example	SCM/4/ SCM_PROCESS_STARTING_TOOLONG: The process ipbased on MDC 2 has not finished starting in 1 hours.
Explanation	The process initialization takes a long time and has not been finished. Too many processes have been configured or the process is abnormal.
Recommended action	248. Wait 6 hours and then verify that the process has been started. 249. Restart the card/MDC/context, and then use the display process command to verify that the process has restored. 250. Contact H3C Support.

SCM_PROCESS_STILL_STARTING

Message text	The process [STRING] on [STRING] [UINT16] is still starting for [UINT32] minutes.
Variable fields	$1: Process name. $2: Device type, MDC or context. This field is not displayed on devices that do not support MDCs or contexts. $3: ID of the MDC or context. This field is not displayed on devices that do not support MDCs or contexts. $4: Time duration.
Severity level	6
Example	SCM/6/SCM_PROCESS_STILL_STARTING: The process ipbased on MDC 2 is still starting for 20 minutes.
Explanation	A process is always in startup state.
Recommended action	No action is required.

SCM_SKIP_PROCESS

Message text	The process [STRING] was skipped because it failed to start within 6 hours.
Variable fields	$1: Process name.
Severity level	4
Example	SCM/4/SCM_SKIP_PROCESS: The process ipbased was skipped because it failed to start within 6 hours.
Explanation	A process has not completed its startup within six hours during the card/MDC/context startup, skip this process and go on with the startup.
Recommended action	251. Restart the card/MDC/context. 252. Use the display process command to verify that the process has restored. 253. Provide the output from the display process log command to H3C Support.

SCM_SKIP_PROCESS

Message text	The process [STRING] on [STRING] [UINT16] was skipped because it failed to start within 6 hours.
Variable fields	$1: Process name. $2: Device type, MDC or context. This field is not displayed on devices that do not support MDCs or contexts. $3: ID of the MDC or context. This field is not displayed on devices that do not support MDCs or contexts.
Severity level	3
Example	SCM/3/SCM_SKIP_PROCESS: The process ipbased on MDC 2 was skipped because it failed to start within 6 hours.
Explanation	A process failed to start within 6 hours. The device will skip this process and continue to start.
Recommended action	254. Restart the card/MDC/context, and then use the display process command to verify that the process has restored. 255. Contact H3C Support.

SCRLSP messages

This section contains static CRLSP messages.

SCRLSP_LABEL_DUPLICATE

Message text	Incoming label [INT32] for static CRLSP [STRING] is duplicate.
Variable fields	$1: Incoming label value. $2: Static CRLSP name.
Severity level	4
Example	SCRLSP/4/SCRLSP_LABEL_DUPLICATE: Incoming label 1024 for static CRLSP aaa is duplicate.
Explanation	The incoming label of a static CRLSP was occupied by another configuration, for example, by a static PW or by a static LSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static CRLSP with an incoming label which is occupied by another configuration. · Enable MPLS when a static CRLSP whose incoming label is occupied by another configuration already exists.
Recommended action	Remove this static CRLSP, and reconfigure it with another incoming label.

SecDiag

This section contains security diagnosis messages.

MONITOR_CONCURRENCY_EXCEED

Message text	Number of concurrent sessions reached the threshold [STRING] on [STRING]
Variable fields	$1: Threshold for the number of concurrent sessions. $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $2: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	1
Example	SECDIAG/1/MONITOR_CONCURRENCY_EXCEED: Number of concurrent sessions reached the threshold 3000 on slot 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The number of concurrent sessions exceeded the configured threshold.
Recommended action	Decrease the number of concurrent sessions or add new devices to share the load.

MONITOR_CONCURRENCY_BELOW

Message text	Number of concurrent sessions dropped below the threshold on [STRING].
Variable fields	$1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $1: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	1
Example	SECDIAG/1/MONITOR_CONCURRENCY_BELOW:Session Number of concurrent sessions dropped below the threshold on slot 3 CPU 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The number of concurrent sessions decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_CONNECTION_EXCEED

Message text	Session establishment rate reached the threshold [STRING] on [STRING].
Variable fields	$1: Session establishment rate threshold. $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $2: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	1
Example	SECDIAG/1/MONITOR_CONNECTION_EXCEED: Session establishment rate reached the threshold 600 on slot 3 CPU 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The session establishment rate exceeded the configured threshold.
Recommended action	Decrease the session establishment rate or add new devices to share the load.

MONITOR_CONNECTION_BELOW

Message text	Session establishment rate dropped below the threshold on [STRING].
Variable fields	$1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $1: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	1
Example	SECDIAG/1/MONITOR_CONNECTION_BELOW: Session establishment rate dropped below the threshold on slot 3 CPU 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The session establishment rate decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_SECP_IPV4_EXCEED

Message text	Number of IPv4 security policy rules reached the threshold [STRING].
Variable fields	$1: IPv4 security policy rule threshold.
Severity level	1
Example	SECDIAG/1/MONITOR_SECP_IPV4_EXCEED: Number of IPv4 security policy rules reached the threshold 500.
Explanation	The number of IPv4 security policy rules exceeded the configured threshold.
Recommended action	Decrease the number of IPv4 security policy rules or add new devices to provide higher rule capacity.

MONITOR_SECP_IPV4_BELOW

Message text	Number of IPv4 security policy rules dropped below the threshold.
Variable fields	N/A
Severity level	1
Example	SECDIAG/1/MONITOR_SECP_IPV4_BELOW: Number of IPv4 security policy rules dropped below the threshold.
Explanation	The number of IPv4 security policy rules decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_SECP_IPV6_EXCEED

Message text	Number of IPv6 security policy rules reached the threshold [STRING].
Variable fields	$1: IPv6 security policy rule threshold.
Severity level	1
Example	SECDIAG/1/MONITOR_SECP_IPV6_EXCEED: Number of IPv6 security policy rules reached the threshold 200.
Explanation	The number of IPv6 security policy rules exceeded the configured threshold.
Recommended action	Decrease the number of IPv6 security policy rules or add new devices to provide higher rule capacity.

MONITOR_SECP_IPV6_BELOW

Message text	Number of IPv6 security policy rules dropped below the threshold.
Variable fields	N/A
Severity level	1
Example	SECDIAG/1/MONITOR_SECP_IPV6_BELOW: Number of IPv6 security policy rules dropped below the threshold.
Explanation	The number of IPv6 security policy rules decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_CONTEXT_EXCEED

Message text	Number of contexts reached the threshold [STRING].
Variable fields	$1: Context usage threshold.
Severity level	1
Example	SECDIAG/1/MONITOR_CONTEXT_EXCEED: Number of contexts reached the threshold 60.
Explanation	The number of contexts exceeded the configured threshold.
Recommended action	Decrease the number of contexts or add new devices to share the load.

MONITOR_CONTEXT_BELOW

Message text	Number of created contexts dropped below the threshold.
Variable fields	N/A
Severity level	1
Example	SECDIAG/1/MONITOR_CONTEXT_BELOW: Number of created contexts dropped below the threshold.
Explanation	The number of contexts decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_NAT_EXCEED

Message text	Number of NAT server mappings and static NAT mappings reached the threshold [STRING].
Variable fields	$1: NAT mapping threshold.
Severity level	1
Example	SECDIAG/1/MONITOR_NAT_EXCEED: Number of NAT server mappings and static NAT mappings reached the threshold 200.
Explanation	The number of NAT mappings exceeded the configured threshold.
Recommended action	Decrease the number of NAT mappings or add new devices to provide higher NAT mapping capacity.

MONITOR_NAT_BELOW

Message text	Number of NAT server mappings and static NAT mappings dropped below the threshold.
Variable fields	N/A
Severity level	1
Example	SECDIAG/1/MONITOR_NAT_BELOW: Number of NAT server mappings and static NAT mappings dropped below the threshold.
Explanation	The number of NAT mappings decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_BAGG_EXCEED

Message text	Number of Layer 2 aggregate interfaces reached the threshold [STRING].
Variable fields	$1: Layer 2 aggregate interface usage threshold.
Severity level	1
Example	SECDIAG/1/MONITOR_BAGG_EXCEED: Number of Layer 2 aggregate interfaces reached the threshold 20.
Explanation	The number of Layer 2 aggregate interfaces exceeded the configured threshold.
Recommended action	Decrease the number of Layer 2 aggregate interfaces or add new devices to share the load.

MONITOR_BAGG_BELOW

Message text	Number of Layer 2 aggregate interfaces dropped below the threshold.
Variable fields	N/A
Severity level	1
Example	SECDIAG/1/MONITOR_BAGG_BELOW: Number of Layer 2 aggregate interfaces dropped below the threshold.
Explanation	The number of Layer 2 aggregate interfaces decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_RAGG_EXCEED

Message text	Number of Layer 3 aggregate interfaces reached the threshold [STRING].
Variable fields	$1: Layer 3 aggregate interface usage threshold.
Severity level	1
Example	SECDIAG/1/MONITOR_RAGG_EXCEED: Number of Layer 3 aggregate interfaces reached the threshold 10.
Explanation	The number of Layer 3 aggregate interfaces exceeded the configured threshold.
Recommended action	Decrease the number of Layer 3 aggregate interfaces or add new devices to share the load.

MONITOR_RAGG_BELOW

Message text	Number of Layer 3 aggregate interfaces dropped below the threshold.
Variable fields	N/A
Severity level	1
Example	SECDIAG/1/MONITOR_RAGG_BELOW: Number of Layer 3 aggregate interfaces dropped below the threshold.
Explanation	The number of Layer 3 aggregate interfaces decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_BLADE_THROUGHPUT_EXCEED

Message text	Total throughput of blade interfaces reached the threshold [STRING] on [STRING].
Variable fields	$1: Inner interface throughput threshold. $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $2: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $2: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	1
Example	SECDIAG/1/MONITOR_BLADE_THROUGHPUT_EXCEED: Total throughput of blade interfaces reached the threshold 1500 on slot 3 CPU 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The inner interface throughput exceeded the configured threshold.
Recommended action	Decrease the inner interface throughput or add new devices to share the load.

MONITOR_BLADE_THROUGHPUT_BELOW

Message text	Total throughput of blade interfaces dropped below the threshold on [STRING].
Variable fields	$1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in standalone mode.) $1: Slot ID in the slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Centralized IRF devices.) $1: Chassis ID and slot ID in the chassis xx slot xx cpu xx format. If only one CPU is available, the cpu xx section is not displayed. (Distributed devices in IRF mode.)
Severity level	1
Example	SECDIAG/1/MONITOR_BLADE_THROUGHPUT_BELOW: Total throughput of blade interfaces dropped below the threshold on slot 3 CPU 1. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The inner interface throughput decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_QACL_EXCEED

Message text	QACL usage reached the threshold [STRING] on [STRING]: Total slices=[STRING], Remaining single slices=[STRING], Remaining double slices=[STRING], Remaining MQC entries=[STRING], Remaining OpenFlow entries=[STRING].
Variable fields	$1: QACL resource usage threshold. $2: Slot ID in the slot xx cpu xx core xx format. (Distributed devices in standalone mode.) $2: Slot ID in the slot xx cpu xx core xx format. (Centralized IRF devices.) $2: Chassis ID and slot ID in the chassis xx slot xx cpu xx core xx format. (Distributed devices in IRF mode.)
Severity level	1
Example	SECDIAG/1/MONITOR_QACL_EXCEED: QACL usage reached the threshold 80 on slot 5 CPU 1 core 2: Total slices=10. Remaining single slices=1. Remaining double slices=0. Remaining MQC entries=512. Remaining OpenFlow entries=256. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The QACL resource usage exceeded the configured threshold.
Recommended action	Decrease the QACL resource usage or add new devices to share the load.

MONITOR_QACL_BELOW

Message text	QACL usage dropped below the threshold on [STRING].
Variable fields	$1: Slot ID in the slot xx cpu xx core xx format. (Distributed devices in standalone mode.) (Centralized IRF devices.) $1: Chassis ID and slot ID in the chassis xx slot xx cpu xx core xx format. (Distributed devices in IRF mode.)
Severity level	1
Example	SECDIAG/1/MONITOR_QACL_BELOW: QACL usage dropped below the threshold on slot 5 CPU 1 core 2. (Distributed devices in standalone mode.) (Centralized IRF devices.)
Explanation	The QACL resource usage decreased below the configured threshold.
Recommended action	No action is required.

MONITOR_BANDWIDTH_EXCEED

Message text	Inbound traffic exceeded the total bandwidth usage threshold [STRING] Mbps.
Variable fields	$1: Inbound bandwidth usage threshold.
Severity level	1
Example	SECDIAG/1/MONITOR_BANDWIDTH_EXCEED: Inbound traffic exceeded the total bandwidth usage threshold 100 Mbps
Explanation	The total inbound bandwidth was equal to or greater than the threshold within a period.
Recommended action	Decrease the total inbound traffic or add new devices to share the load.

MONITOR_BANDWIDTH_BELOW

Message text	Inbound traffic dropped below total bandwidth usage threshold.
Variable fields	N/A
Severity level	1
Example	SECDIAG/1/MONITOR_BANDWIDTH_BELOW: Inbound traffic dropped below total bandwidth usage threshold.
Explanation	After the device sent bandwidth usage alarms, the total inbound bandwidth decreased below the inbound bandwidth usage threshold.
Recommended action	No action is required.

SECP messages

This section contains security policy messages.

SECP_ACCELERATE_NO_RES

Message text	Failed to accelerate [STRING] security-policy. The resources are insufficient.
Variable fields	$1: Security policy version.
Severity level	4
Example	SECP/4/SECP_ACCELERATE_NO_RES: Failed to accelerate IPv6 security-policy. The resources are insufficient.
Explanation	Security policy rule matching acceleration failed because of insufficient hardware resources.
Recommended action	Delete unnecessary rules or disable acceleration for the security policy of the other version to release hardware resources.

SECP_ACCELERATE_NOT_SUPPORT

Message text	Failed to accelerate [STRING] security-policy. The operation is not supported.
Variable fields	$1: Security policy version.
Severity level	4
Example	SECP/4/SECP_ACCELERATE_NOT_SUPPORT: Failed to accelerate IPv6 security-policy. The operation is not supported.
Explanation	Security policy rule matching acceleration failed because the system does not support acceleration.
Recommended action	No action is required.

SECP_ACCELERATE_UNK_ERR

Message text	Failed to accelerate [STRING] security-policy.
Variable fields	$1: Security policy version.
Severity level	4
Example	SECP/4/SECP_ACCELERATE_UNK_ERR: Failed to accelerate IPv6 security-policy.
Explanation	Security policy rule matching acceleration failed because of a system failure.
Recommended action	No action is required.

SECP_RULE_CREATE_SUCCESS

Message text	RuleName(1080)=[STRING];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule type: · IPv4. · IPv6. $3: Action for the rule: · Permit. · Deny.
Severity level	6
Example	SECP/6/SECP_RULE_CREATE_SUCCESS: RuleName(1080)=zone1-zone2;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	A security policy rule was created successfully.
Recommended action	No action is required.

SECP_RULE_CREATE_FAIL

Message text	RuleName(1080)=[STRING];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule type: · IPv4. · IPv6. $3: Action for the rule: · Permit. · Deny.
Severity level	6
Example	SECP/6/SECP_RULE_CREATE_FAIL: RuleName(1080)=zone1-zone2;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	A security policy rule failed to be created.
Recommended action	No action is required.

SECP_RULE_UPDATE_SUCCESS

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type: · IPv4. · IPv6. $4: Action for the rule: · Permit. · Deny.
Severity level	6
Example	SECP/6/SECP_RULE_UPDATE_SUCCESS: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	A security policy rule was modified successfully.
Recommended action	No action is required.

SECP_RULE_UPDATE_FAIL

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type: · IPv4. · IPv6. $4: Action for the rule: · Permit. · Deny.
Severity level	6
Example	SECP/6/SECP_RULE_UPDATE_FAIL: RuleName(1080)=zone1-zone2;RuleID[1078]=1;Type(1067)=IPv4;Action(1053)=Permit;
Explanation	A security policy rule failed to be modified.
Recommended action	No action is required.

SECP_RULE_DELETE_SUCCESS

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type: · IPv4. · IPv6.
Severity level	6
Example	SECP/6/SECP_RULE_DELETE_SUCCESS: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	A security policy rule was deleted successfully.
Recommended action	No action is required.

SECP_RULE_DELETE_FAIL

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type: · IPv4. · IPv6.
Severity level	6
Example	SECP/6/SECP_RULE_DELETE_FAIL: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	A security policy rule failed to be deleted.
Recommended action	No action is required.

SECP_RULE_CLRSTAT_SUCCESS

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type: · IPv4. · IPv6.
Severity level	6
Example	SECP/6/SECP_RULE_CLRSTAT_SUCCESS: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	Statistics for a security policy rule were cleared successfully.
Recommended action	No action is required.

SECP_RULE_CLRSTAT_FAIL

Message text	RuleName(1080)=[STRING];RuleID(1078)=[UINT32];Type(1067)=[STRING];
Variable fields	$1: Rule name. $2: Rule ID. $3: Rule type: · IPv4. · IPv6.
Severity level	6
Example	SECP/6/SECP_RULE_CLRSTAT_FAIL: RuleName(1080)=zone1-zone2;RuleID(1078)=1;Type(1067)=IPv4;
Explanation	Statistics for a security policy rule failed to be cleared.
Recommended action	No action is required.

SESSION messages

This section contains session messages.

SESSION_IPV4_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];UserName(1113)=[STRING];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];RcvDSLiteTunnelPeer(1040)=[STRING];SndDSLiteTunnelPeer(1041)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IP address. $4: Source port number. $5: Source IP address after translation. $6: Source port number after translation. $7: Destination IP address. $8: Destination port number. $9: Destination IP address after translation. $10: Destination port number after translation. $11: Name of the identity user. $12: Total number of inbound packets. $13: Total number of inbound bytes. $14: Total number of outbound packets. $15: Total number of outbound bytes. $16: Source VPN instance name. $17: Destination VPN instance name. $18: Source DS-Lite tunnel. $19: Destination DS-Lite tunnel. $20: Time when the session is created. $21: Time when the session is removed. $22: Event type. $23: Event description: ¡ Session created. ¡ Active flow threshold. ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other.
Severity level	6
Example	SESSION/6/SESSION_IPV4_FLOW:Protocol(1001)=UDP;Application(1002)=sip;SrcIPAddr(1003)=10.10.10.1;SrcPort(1004)=1024;NATSrcIPAddr(1005)=10.10.10.1;NATSrcPort(1006)=1024;DstIPAddr(1007)=20.20.20.1;DstPort(1008)=21;NATDstIPAddr(1009)=20.20.20.1;NATDstPort(1010)=21;UserName(1113)=abc;InitPktCount(1044)=1;InitByteCount(1046)=50;RplyPktCount(1045)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;RcvDSLiteTunnelPeer(1040)=;SndDSLiteTunnelPeer(1041)=;BeginTime_e(1013)=03182024082546;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · An IPv4 session is created or removed. · Periodically during an IPv4 session. · The traffic-based or time-based threshold of an IPv4 session is reached.
Recommended action	No action is required.

SESSION_IPV6_FLOW

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];UserName(1113)=[STRING];InitPktCount(1044)=[UINT32];InitByteCount(1046)=[UINT32];RplyPktCount(1045)=[UINT32];RplyByteCount(1047)=[UINT32];RcvVPNInstance(1042)=[STRING];SndVPNInstance(1043)=[STRING];BeginTime_e(1013)=[STRING];EndTime_e(1014)=[STRING];Event(1048)=([UNIT16])[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Source IPv6 address. $4: Source port number. $5: Destination IP address. $6: Destination port number. $7: Name of the identity user. $8: Total number of inbound packets. $9: Total number of inbound bytes. $10: Total number of outbound packets. $11: Total number of outbound bytes. $12: Source VPN instance name. $13: Destination VPN instance name. $14: Time when the session is created. $15: Time when the session is removed. $16: Event type. $17: Event description: ¡ Session created. ¡ Active flow threshold. ¡ Normal over. ¡ Aged for timeout. ¡ Aged for reset or config-change. ¡ Other.
Severity level	6
Example	SESSION/6/SESSION_IPV6_FLOW: Protocol(1001)=UDP;Application(1002)=sip;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=1024;DstIPv6Addr(1037)=3001::2;DstPort(1008)=53;UserName(1113)=abc;InitPktCount(1044)=1;InitByteCount(1046)=110;RplyPktCount(1047)=0;RplyByteCount(1047)=0;RcvVPNInstance(1042)=;SndVPNInstance(1043)=;BeginTime_e(1013)=03182024082901;EndTime_e(1014)=;Event(1048)=(8)Session created;
Explanation	This message is sent in one of the following conditions: · An IPv6 session is created or removed. · Periodically during an IPv6 session. · The traffic-based or time-based threshold of an IPv6 session is reached.
Recommended action	No action is required.

SESSION_IPV4_DNS

Message text	SrcIPAddr(1003)=[IPADDR];DstIPAddr(1007)=[IPADDR];RcvVPNInstance(1041)=[STRING];DSLiteTunnelPeer(1040)=[STRING];DomainName(1076)=[STRING];Action(1049)=[STRING];Reason(1052)=[STRING].
Variable fields	$1: Source IPv4 address. $2: Destination IPv4 address. $3: Source VPN instance name. $4: Source DS-Lite tunnel. $5: Domain name. $6: Action: ¡ Drop. ¡ None. $7: Reason for the failure: ¡ Invalid DNS domain name. ¡ Invalid DNS RR. ¡ Invalid DNS header flag. ¡ Invalid DNS header ID.
Severity level	6
Example	SESSION/6/SESSION_IPV4_DNS: SrcIPAddr(1003)=10.10.10.1;DstIPAddr(1007)=20.20.20.1;RcvVPNInstance(1041)=;DSLiteTunnelPeer(1040)=;DomainName(1076)=dnsproxy_test.com;Action(1049)=Drop;Reason(1052)=Invalid DNS domain name.
Explanation	This message is sent when ASPF inspection for DNS fails. For this message to be sent, enable ALG logging for sessions.
Recommended action	No action is required.

SESSION_IPV6_DNS

Message text	SrcIPv6Addr(1036)=[IPADDR];DstIPv6Addr(1037)=[IPADDR];RcvVPNInstance(1041)=[STRING];DomainName(1076)=[STRING];Action(1049)=[STRING];Reason(1052)= [STRING].
Variable fields	$1: Source IPv6 address. $2: Destination IPv6 address. $3: Source VPN instance name. $4: Domain name. $5: Action: ¡ Drop. ¡ None. $6: Reason for the failure: ¡ Invalid DNS domain name. ¡ Invalid DNS RR. ¡ Invalid DNS header flag. ¡ Invalid DNS header ID.
Severity level	6
Example	SESSION/6/SESSION_IPV6_DNS:SrcIPv6Addr(1036)=2001::2;DstIPv6Addr(1037)=3001::2;RcvVPNInstance(1042)=;DomainName(1043)=dnsproxy_test.com;Action(1013)=Drop;Reason(1014)=Invalid DNS domain name.
Explanation	This message is sent when ASPF inspection for DNS fails. For this message to be sent, enable ALG logging for sessions.
Recommended action	No action is required.

SFLOW messages

This section contains sFlow messages.

SFLOW_HARDWARE_ERROR

Message text	Failed to [STRING] on interface [STRING] due to [STRING].
Variable fields	$1: Configuration item: update sampling mode $2: Interface name. $3: Failure reason: not supported operation
Severity level	4
Example	SFLOW/4/SFLOW_HARDWARE_ERROR: Failed to update sampling mode on interface GigabitEthernet1/0/1 due to not supported operation.
Explanation	The configuration failed because the device does not support the fixed flow sampling mode.
Recommended action	Specify the random flow sampling mode.

SHELL messages

This section contains shell messages.

SHELL_CMD

Message text	-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command is [STRING]
Variable fields	$1: User line type and number. If there is not user line information, this field displays . $2: IP address. If there is not IP address information, this field displays . $3: Username. If there is not username information, this field displays **. $4: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMD: -Line=aux0-IPAddr=-User=; Command is quit
Explanation	A command was successfully executed.
Recommended action	No action is required.

SHELL_CMD_CONFIRM

Message text	Confirm option of command [STRING] is [STRING].
Variable fields	$1: Command string. $2: Confirm option.
Severity level	6
Example	SHELL/6/SHELL_CMD_CONFIRM: Confirm option of command save is no.
Explanation	A user selected a confirmation option for a command.
Recommended action	No action is required.

SHELL_CMD_EXECUTEFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be executed.
Variable fields	$1: Username. $2: IP address. $3: Command string. $4: Command view.
Severity level	4
Example	SHELL/4/SHELL_CMD_EXECUTEFAIL: -User=**-IPAddr=192.168.62.138; Command save in view system failed to be executed.
Explanation	A command failed to be executed.
Recommended action	No action is required.

SHELL_CMD_INPUT

Message text	Input string for the [STRING] command is [STRING].
Variable fields	$1: Command string. $2: String entered by the user.
Severity level	6
Example	SHELL/6/SHELL_CMD_INPUT: Input string for the save command is startup.cfg. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is CTRL_C. SHELL/6/SHELL_CMD_INPUT: Input string for the save command is the Enter key.
Explanation	A user responded to the input requirement of a command.
Recommended action	No action is required.

SHELL_CMD_INPUT_TIMEOUT

Message text	Operation timed out: Getting input for the [STRING] command.
Variable fields	$1: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMD_INPUT_TIMEOUT: Operation timed out: Getting input for the fdisk command.
Explanation	The user did not respond to the input requirement of a command before the timeout timer expired.
Recommended action	No action is required.

SHELL_CMD_MATCHFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command [STRING] in view [STRING] failed to be matched.
Variable fields	$1: Username. $2: IP address. $3: Command string. $4: Command view.
Severity level	4
Example	SHELL/4/SHELL_CMD_MATCHFAIL: -User=**-IPAddr=192.168.62.138; Command description 10 in view system failed to be matched.
Explanation	The command string has errors, or the view does not support the command.
Recommended action	Enter the correct command string. Make sure the command is supported in the view.

SHELL_CMDDENY

Message text	-Line=[STRING]-IPAddr=[STRING]-User=[STRING]; Command=[STRING] is denied.
Variable fields	$1: User line type and number. If there is not user line information, this field displays . $2: IP address. If there is not IP address information, this field displays . $3: Username. If there is not username information, this field displays **. $4: Command string.
Severity level	5
Example	SHELL/5/SHELL_CMDDENY: -Line=vty0-IPAddr=192.168.62.138-User=**; Command vlan 10 is permission denied.
Explanation	The user did not have the right to execute the command.
Recommended action	No action is required.

SHELL_CMDFAIL

Message text	Command [STRING] failed to restore the configuration.
Variable fields	$1: Command string.
Severity level	6
Example	SHELL/6/SHELL_CMDFAIL: The “save” command failed to restore the configuration.
Explanation	The command failed to restore the configuration.
Recommended action	No action is required.

SHELL_COMMIT

Message text	The configuration has been committed.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT: The configuration has been committed.
Explanation	The commit operation succeeded.
Recommended action	No action is required.

SHELL_COMMIT_DELAY

Message text	A configuration rollback will be performed in [INT32] minutes.
Variable fields	$1: Configuration commit delay timer.
Severity level	5
Example	SHELL/5/SHELL_COMMIT_DELAY: A configuration rollback will be performed in 3 minutes.
Explanation	The configuration commit delay timer was set successfully.
Recommended action	Complete and commit the configuration before the timer expires. If you cannot complete the configuration, execute the configuration commit delay command again to delay the expiration.

SHELL_COMMIT_REDELAY

Message text	The commit delay has been reset, a configuration rollback will be performed in [INT32] minutes.
Variable fields	$1: Configuration commit delay timer reconfigured.
Severity level	5
Example	SHELL/5/SHELL_COMMIT_REDELAY: The commit delay has been reset, a configuration rollback will be performed in 3 minutes.
Explanation	The configuration commit delay timer was reconfigured before the timer expires.
Recommended action	No action is required.

SHELL_COMMIT_ROLLBACK

Message text	The configuration commit delay is overtime, a configuration rollback will be performed.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_ROLLBACK: The configuration commit delay is overtime, a configuration rollback will be performed.
Explanation	The configuration commit delay timer expired. A configuration rollback will occur.
Recommended action	Stop configuring the device and wait for the rollback to finish.

SHELL_COMMIT_ROLLBACKDONE

Message text	The configuration rollback has been performed.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_ROLLBACKDONE: The configuration rollback has been performed.
Explanation	The configuration rollback was finished.
Recommended action	You can continue to configure the device as required.

SHELL_COMMIT_ROLLBACKFAILED

Message text	Settings for some commands were not rolled back upon expiration of the configuration commit delay timer. Reason: Configuration rollback is not supported for those commands.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_ROLLBACKFAILED: Settings for some commands were not rolled back upon expiration of the configuration commit delay timer. Reason: Configuration rollback is not supported for those commands.
Explanation	A configuration rollback occurred when the configuration commit delay timer expired. However, some commands were not rolled back.
Recommended action	Read SHELL log messages to identify the commands that failed to be rolled back.

SHELL_COMMIT_WILLROLLBACK

Message text	A configuration rollback will be performed in 1 minute. To retain the configuration you have made after executing the configuration commit delay command, execute the commit command.
Variable fields	N/A
Severity level	5
Example	SHELL/5/SHELL_COMMIT_WILLROLLBACK: A configuration rollback will be performed in 1 minute. To retain the configuration you have made after executing the configuration commit delay command, execute the commit command.
Explanation	A configuration rollback will be performed in 1 minute.
Recommended action	Complete the configuration within 1 minute and commit the configuration, or execute the configuration commit delay command again to delay the expiration.

SHELL_CRITICAL_CMDFAIL

Message text	-User=[STRING]-IPAddr=[STRING]; Command=[STRING] .
Variable fields	$1: Username. $2: IP address. $3: Command string.
Severity level	6
Example	SHELL/6/SHELL_CRITICAL_CMDFAIL: -User=admin-IPAddr=169.254.0.7; Command is save.
Explanation	A command failed to be executed or was canceled.
Recommended action	No action is required.

SHELL_LOGIN

Message text	[STRING] logged in from [STRING].
Variable fields	$1: Username. $2: User line type and number.
Severity level	5
Example	SHELL/5/SHELL_LOGIN: Console logged in from console0.
Explanation	A user logged in.
Recommended action	No action is required.

SHELL_LOGOUT

Message text	[STRING] logged out from [STRING].
Variable fields	$1: Username. $2: User line type and number.
Severity level	5
Example	SHELL/5/SHELL_LOGOUT: Console logged out from console0.
Explanation	A user logged out.
Recommended action	No action is required.

SLSP messages

This section contains static LSP messages.

SLSP_LABEL_DUPLICATE

Message text	Incoming label [INT32] for static LSP [STRING] is duplicate.
Variable fields	$1: Incoming label value. $2: Static LSP name.
Severity level	4
Example	SLSP/4/SLSP_LABEL_DUPLICATE: Incoming label 1024 for static LSP aaa is duplicate.
Explanation	The incoming label of a static LSP was occupied by another configuration, for example, by a static PW or by a static CRLSP. This message is generated when one of the following events occurs: · When MPLS is enabled, configure a static LSP with an incoming label which is occupied by another configuration. · Enable MPLS when a static LSP whose incoming label is occupied by another configuration already exists.
Recommended action	Remove this static LSP, and reconfigure it with another incoming label.

SMLK messages

This section contains Smart Link messages.

SMLK_LINK_SWITCH

Message text	Status of port [STRING] in smart link group [UINT16] changes to active.
Variable fields	$1: Port name. $2: Smart link group ID.
Severity level	4
Example	SMLK/4/SMLK_LINK_SWITCH: Status of port GigabitEthernet0/1/4 in smart link group 1 changes to active.
Explanation	The port takes over to forward traffic after the former primary port fails.
Recommended action	Remove the network faults.

SNMP messages

This section contains SNMP messages.

SNMP_ACL_RESTRICTION

Message text	SNMP [STRING] from [STRING] is rejected due to ACL restriction.
Variable fields	$1: SNMP community/usm-user/group. $2: IP address of the NMS.
Severity level	3
Example	SNMP/3/SNMP_ACL_RESTRICTION: SNMP community public from 192.168.1.100 is rejected due to ACL restrictions.
Explanation	SNMP packets are denied because of ACL restrictions.
Recommended action	Check the ACL configuration on the SNMP agent, and check if the agent was attacked.

SNMP_AUTHENTICATION_FAILURE

Message text	Failed to authenticate SNMP message.
Variable fields	N/A
Severity level	4
Example	SNMP/4/SNMP_AUTHENTICATION_FAILURE: Failed to authenticate SNMP message.
Explanation	An NMS failed to be authenticated by the agent.
Recommended action	No action is required.

SNMP_GET

Message text	-seqNO=[UINT32]-srcIP=[STRING]-op=GET-node=[STRING]-value=[STRING]; The agent received a message.
Variable fields	$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: MIB object name and OID. $4: Value field of the request packet.
Severity level	6
Example	SNMP/6/SNMP_GET: -seqNO=1-srcIP=192.168.28.28-op=GET-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=; The agent received a message.
Explanation	SNMP received a Get request from an NMS. The system logs SNMP operations only when SNMP logging is enabled.
Recommended action	No action is required.

SNMP_NOTIFY

Message text	Notification [STRING][STRING].
Variable fields	$1: Notification name and OID. $2: Variable-binding field of notifications. ¡ If no MIB object exists, only notification name and OID are displayed. ¡ If MIB objects are included, " with " are displayed before the MIB object and OID. MIB objects are separated by semicolons (;).
Severity level	6
Example	SNMP/6/SNMP_NOTIFY: Notification hh3cLogIn(1.3.6.1.4.1.25506.2.2.1.1.3.0.1) with hh3cTerminalUserName(1.3.6.1.4.1.25506.2.2.1.1.2.1.0)=;hh3cTerminalSource(1.3.6.1.4.1.25506.2.2.1.1.2.2.0)=Console.
Explanation	The SNMP agent sent a notification. This message displays the notification content.
Recommended action	No action is required.

SNMP_SET

Message text	-seqNO=[UINT32]-srcIP=[STRING]-op=SET-errorIndex=[UINT32]-errorStatus=[STRING]-node=[STRING]-value=[STRING]; The agent received a message.
Variable fields	$1: Sequence number of an SNMP operation log. $2: IP address of the NMS. $3: Error index of the Set operation. $4: Error status of the Set operation. $5: MIB object name and OID. $6: Value of the MIB object changed by the Set operation.
Severity level	6
Example	SNMP/6/SNMP_SET: -seqNO=3-srcIP=192.168.28.28-op=SET-errorIndex=0-errorStatus=noError-node=sysLocation(1.3.6.1.2.1.1.6.0)-value=Hangzhou China; The agent received a message.
Explanation	SNMP received a Set request from an NMS. The system logs SNMP operations only when SNMP logging is enabled.
Recommended action	No action is required.

SNMP_USM_NOTINTIMEWINDOW

Message text	-User=[STRING]-IPAddr=[STRING]; SNMPv3 message is not in the time window.
Variable fields	$1: Username. $2: IP address of the NMS.
Severity level	4
Example	SNMP/4/SNMP_USM_NOTINTIMEWINDOW: -User=admin-IPAddr=169.254.0.7; SNMPv3 message is not in the time window.
Explanation	The SNMPv3 message is not in the time window.
Recommended action	No action is required.

SSHC messages

This section contains SSH client messages.

SSHC_ALGORITHM_MISMATCH

Message text	Failed to log in to SSH server [STRING] because of [STRING] algorithm mismatch.
Variable fields	$1: IP address of the SSH client. $2: Type of the algorithm, including encryption, key exchange, MAC, and public key.
Severity level	6
Example	SSHC/6/SSHC_ALGORITHM_MISMATCH: Failed to log in to SSH server 192.168.30.11 because of encryption algorithm mismatch.
Explanation	The SSH client failed to log in to the SSH server because they used different algorithms.
Recommended action	Make sure the SSH client and the SSH server use the same algorithm.

SSHS messages

This section contains SSH server messages.

SSHS_ACL_DENY

Message text	The SSH connection request from [IPADDR]([STRING]) was denied by ACL rule (rule ID=[INT16]).
Variable fields	$1: IP address of the SSH client. $2: VPN instance to which the IP address of the SSH client belongs. $3: ID of the ACL rule that denies the login of the SSH client. If the SSH client is denied by the default rule, default rule is displayed in this field.
Severity level	5
Example	SSHS/5/SSH_ACL_DENY: The SSH connection request from 181.1.1.10 was denied by ACL rule (rule ID=20). SSHS/5/SSH_ACL_DENY: The SSH connection request from 181.1.1.11 was denied by ACL rule (default rule).
Explanation	An SSH client failed to connect to the SSH server because the client's IP address matched a deny rule of the SSH login control ACL.
Recommended action	No action is required.

SSHS_ALGORITHM_MISMATCH

Message text	SSH client [STRING] failed to log in because of [STRING] algorithm mismatch.
Variable fields	$1: IP address of the SSH client. $2: Type of the algorithm, including encryption, key exchange, MAC, and public key.
Severity level	6
Example	SSHS/6/SSHS_ALGORITHM_MISMATCH: SSH client 192.168.30.117 failed to log in because of encryption algorithm mismatch.
Explanation	The SSH client failed to log in to the SSH server because they used different algorithms.
Recommended action	Make sure the SSH client and the SSH server use the same algorithm.

SSHS_AUTH_EXCEED_RETRY_TIMES

Message text	SSH user [STRING] (IP: [STRING]) failed to log in, because the number of authentication attempts exceeded the upper limit.
Variable fields	$1: User name. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_AUTH_EXCEED_RETRY_TIMES: SSH user David (IP: 192.168.30.117) failed to log in, because the number of authentication attempts exceeded the upper limit.
Explanation	The number of authentication attempts by an SSH user reached the upper limit.
Recommended action	Prompt the SSH user to use the correct login data to try again.

SSHS_AUTH_FAIL

Message text	SSH user [STRING] (IP: [STRING]) didn't pass public key authentication for [STRING].
Variable fields	$1: Username. $2: IP address of the SSH client. $3: Failure reasons: ¡ Wrong public key algorithm. ¡ Wrong public key. ¡ Wrong digital signature.
Severity level	5
Example	SSHS/5/SSHS_AUTH_FAIL: SSH user David (IP: 192.168.30.117) didn't pass public key authentication for wrong public key algorithm.
Explanation	An SSH user failed the publickey authentication.
Recommended action	Tell the SSH user to try to log in again.

SSHS_AUTH_TIMEOUT

Message text	Authentication timed out for [IPADDR].
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_AUTH_TIMEOUT: Authentication timed out for 1.1.1.1.
Explanation	The authentication timeout timer expired, and the SSH user failed the authentication.
Recommended action	Make sure the SSH user enters correct authentication information before the authentication timeout timer expires.

SSHS_CONNECT

Message text	SSH user [STRING] (IP: [STRING]) connected to the server successfully.
Variable fields	$1: Username. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_CONNECT: SSH user David (IP: 192.168.30.117) connected to the server successfully.
Explanation	An SSH user logged in to the server successfully.
Recommended action	No action is required.

SSHS_DECRYPT_FAIL

Message text	The packet from [STRING] failed to be decrypted with [STRING].
Variable fields	$1: IP address of the SSH client. $2: Encryption algorithm, such as AES256-CBC.
Severity level	5
Example	SSHS/5/SSHS_DECRYPT_FAIL: The packet from 192.168.30.117 failed to be decrypted with aes256-cbc.
Explanation	A packet from an SSH client failed to be decrypted.
Recommended action	No action is required.

SSHS_DISCONNECT

Message text	SSH user [STRING] (IP: [STRING]) disconnected from the server.
Variable fields	$1: Username. $2: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_DISCONNECT: SSH user David (IP: 192.168.30.117) disconnected from the server.
Explanation	An SSH user logged out.
Recommended action	No action is required.

SSHS_ENCRYPT_FAIL

Message text	The packet to [STRING] failed to be encrypted with [STRING].
Variable fields	$1: IP address of the SSH client. $2: Encryption algorithm, such as aes256-cbc.
Severity level	5
Example	SSHS/5/SSHS_ENCRYPT_FAIL: The packet to 192.168.30.117 failed to be encrypted with aes256-cbc.
Explanation	A packet to an SSH client failed to be encrypted.
Recommended action	No action is required.

SSHS_LOG

Message text	Authentication failed for [STRING] from [STRING] port [INT32] because of invalid username or wrong password.
Variable fields	$1: IP address of the SSH client. $2: Username. $3: Port number.
Severity level	6
Example	SSHS/6/SSHS_LOG: Authentication failed for David from 140.1.1.46 port 16266 because of invalid username or wrong password.
Explanation	An SSH user failed password authentication because the username or password was wrong.
Recommended action	No action is required.

SSHS_MAC_ERROR

Message text	SSH server received a packet with wrong message authentication code (MAC) from [STRING].
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_MAC_ERROR: SSH server received a packet with wrong message authentication code (MAC) from 192.168.30.117.
Explanation	The SSH server received a packet with a wrong MAC from a client.
Recommended action	No action is required.

SSHS_REACH_SESSION_LIMIT

Message text	SSH client [STRING] failed to log in. The number of SSH sessions is [NUMBER], and exceeded the limit ([NUMBER]).
Variable fields	$1: IP address of the SSH client. $2: Number of SSH clients that have logged in to the SSH server. $3: Maximum number of SSH clients that the SSH server supports.
Severity level	6
Example	SSHS/6/SSHS_REACH_SESSION_LIMIT: SSH client 192.168.30.117 failed to log in. The number of SSH sessions is 10, and exceeded the limit (10).
Explanation	The number of SSH sessions reached the upper limit.
Recommended action	No action is required.

SSHS_REACH_USER_LIMIT

Message text	SSH client [STRING] failed to log in, because the number of users reached the upper limit.
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_REACH_USER_LIMIT: SSH client 192.168.30.117 failed to log in, because the number of users reached the upper limit.
Explanation	The number of SSH users reached the upper limit.
Recommended action	No action is required.

SSHS_SCP_OPER

Message text	User [STRING] at [IPADDR] requested operation: [STRING].
Variable fields	$1: Username. $2: IP address of the SCP client. $3: Requested file operations: ¡ get file "name"'—Downloads the file name from the SCP server. ¡ put file "name"—Uploads the file name to the SCP server.
Severity level	6
Example	SSHS/6/SSHS_SCP_OPER: -MDC=1; User user1 at 1.1.1.1 requested operation: put file "aa".
Explanation	The SCP sever received an operation request from an SCP client.
Recommended action	No action is required.

SSHS_SFTP_OPER

Message text	User [STRING] at [IPADDR] requested operation: [STRING].
Variable fields	$1: Username. $2: IP address of the SFTP client. $3: Requested operations on a file or directory: ¡ open dir "path"—Opens the directory path. ¡ open "file" (attribute code code) in MODE mode—Opens the file file with the attribute code code in mode MODE. ¡ remove file "path"—Deletes the file path. ¡ mkdir "path" (attribute code code)—Creates a new directory path with the attribute code code. ¡ rmdir "path"—Deletes the directory path. ¡ rename old "old-name" to new "new-name"—Changes the name of a file or folder from old-name to new-name.
Severity level	6
Example	SSHS/6/SSHS_SFTP_OPER: User user1 at 1.1.1.1 requested operation: open dir "flash:/".
Explanation	The SFTP sever received an operation request from an SFTP client.
Recommended action	No action is required.

SSHS_SRV_UNAVAILABLE

Message text	The [STRING] server is disabled or the [STRING] service type is not supported.
Variable fields	$1: Service type: Stelnet, SCP, SFTP, or NETCONF.
Severity level	6
Example	SSHS/6/SSHS_SRV_UNAVAILABLE: The SCP server is disabled or the SCP service type is not supported.
Explanation	The Stelnet, SCP, SFTP, or NETCONF over SSH service was not available. The server was terminating the connection.
Recommended action	Check the service status or user configuration.

SSHS_VERSION_MISMATCH

Message text	SSH client [STRING] failed to log in because of version mismatch.
Variable fields	$1: IP address of the SSH client.
Severity level	6
Example	SSHS/6/SSHS_VERSION_MISMATCH: SSH client 192.168.30.117 failed to log in because of version mismatch.
Explanation	The SSH client failed to log in to the SSH server because they used different SSH versions.
Recommended action	Make sure the SSH client and the SSH server use the same SSH version.

SSL VPN messages

This section contains SSL VPN messages.

SSLVPN_ADD_CONTENT_TYPE

Message text	Set the content type for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_CONTENT_TYPE: Set the content type for file policy fp1 in context ctx1.
Explanation	The type of file to be rewritten was set for a file policy.
Recommended action	No action is required.

SSLVPN_ADD_CONTENT_TYPE_FAILED

Message text	Failed to set the content type for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_CONTENT_TYPE_FAILED: Failed to set the content type for file policy fp1 in context ctx1.
Explanation	Failed to set the type of file to be rewritten for a file policy.
Recommended action	No action is required.

SSLVPN_ADD_CONTEXT

Message text	Created SSL VPN context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_CONTEXT: Created SSL VPN context ctx1.
Explanation	An SSL VPN context was created.
Recommended action	No action is required.

SSLVPN_ADD_CONTEXT_FAILED

Message text	Failed to create SSL VPN context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_CONTEXT_FAILED: Failed to create SSL VPN context ctx1.
Explanation	Failed to create an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_EXCROUTEITEM

Message text	Added exclude route (IP [STRING] mask [STRING]) to route list [STRING] in context [STRING].
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_EXCROUTEITEM: Added exclude route (IP 10.0.0.0 mask 255.0.0.0) to route list rtlist in context ctx1.
Explanation	An exclude route was added to a route list in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_EXCROUTEITEM_FAILED

Message text	Failed to add exclude route (IP [STRING] mask [STRING]) to route list [STRING] in context [STRING]
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_EXCROUTEITEM_FAILED: Failed to add exclude route (IP 10.0.0.0 mask 255.0.0.0) to route list rtlist in context ctx1.
Explanation	Failed to add an exclude route to a route list in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_FILEPOLICY

Message text	Created file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_FILEPOLICY: Created file policy fp1 in context ctx1.
Explanation	A file policy was created.
Recommended action	No action is required.

SSLVPN_ADD_FILEPOLICY_FAILED

Message text	Failed to create file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_FILEPOLICY_FAILED: Failed to create file policy fp1 in context ctx1.
Explanation	Failed to create a file policy.
Recommended action	No action is required.

SSLVPN_ADD_GATEWAY

Message text	Created SSL VPN gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_GATEWAY: Created SSL VPN gateway gw1.
Explanation	An SSL VPN gateway was created.
Recommended action	No action is required.

SSLVPN_ADD_GATEWAY_FAILED

Message text	Failed to create SSL VPN gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_GATEWAY_FAILED: Failed to create SSL VPN gateway gw1.
Explanation	Failed to create an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_ADD_INCROUTEITEM

Message text	Added include route (IP [STRING] mask [STRING]) to route list [STRING] in context [STRING].
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_INCROUTEITEM: Added include route (IP 10.0.0.0 mask 255.0.0.0) to route list rtlist in context ctx1.
Explanation	An include route was added to a route list in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_INCROUTEITEM_FAILED

Message text	Failed to add include route (IP [STRING] mask [STRING]) to route list [STRING] in context [STRING]
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_INCROUTEITEM_FAILED: Failed to add include route (IP 10.0.0.0 mask 255.0.0.0) to route list rtlist in context ctx1.
Explanation	Failed to add an include route to a route list in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_IPADDRESSPOOL

Message text	Created IP address pool [STRING] start-IP [STRING] end-IP [STRING].
Variable fields	$1: Name of the IP address pool. $2: Start IP address of the address pool. $3: End IP address of the address pool.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPADDRESSPOOL: Created IP address pool pool1 start-IP 20.1.1.1 end-IP 20.1.1.100.
Explanation	An address pool was created.
Recommended action	No action is required.

SSLVPN_ADD_IPADDRESSPOOL_FAILED

Message text	Failed to create IP address pool [STRING] start-IP [STRING] end-IP [STRING]
Variable fields	$1: Name of the IP address pool. $2: Start IP address of the address pool. $3: End IP address of the address pool.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPADDRESSPOOL_FAILED: Failed to create IP address pool pool1 start-IP 20.1.1.1 end-IP 20.1.1.100.
Explanation	Failed to create an address pool.
Recommended action	Verify that the address pool to be created does not contain addresses that are already contained in existing address pools.

SSLVPN_ADD_IPTUNNELACIF

Message text	Specified SSL VPN AC interface [STRING] in context [STRING].
Variable fields	$1: Number of an SSL VPN AC interface. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPTUNNELACIF: Specified SSL VPN AC interface SSLVPN-AC1 in context ctx.
Explanation	An SSL VPN AC interface was specified in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_IPTUNNELACIF_FAILED

Message text	Failed to specify SSL VPN AC interface [STRING] in context [STRING]
Variable fields	$1: Number of an SSL VPN AC interface. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPTUNNELACIF_FAILED: Failed to specify SSL VPN AC interface SSLVPN-AC1 in context ctx.
Explanation	Failed to specify an SSL VPN AC interface in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_IPV4_RANGE

Message text	Specified IPv4 address range (start-IP [STRING] end-IP [STRING]) for SNAT pool [STRING].
Variable fields	$1: Start IPv4 address of the SSL VPN SNAT address pool. $2: End IPv4 address of the SSL VPN SNAT address pool. $3: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPV4_RANGE: Specified IPv4 address range (start-IP 192.168.1.1 end-IP 192.168.1.10) for SNAT pool sp1.
Explanation	An IPv4 address range was specified for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_ADD_IPV4_RANGE_FAILED

Message text	Failed to specify IPv4 address range (start-IP [STRING] end-IP [STRING]) for SNAT pool [STRING].
Variable fields	$1: Start IPv4 address of the SSL VPN SNAT address pool. $2: End IPv4 address of the SSL VPN SNAT address pool. $3: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPV4_RANGE_FAILED: Failed to specify IPV4 address range (start-IP 192.168.1.1 end-IP 192.168.1.10) for SNAT pool sp1.
Explanation	Failed to specify the IPv4 address range for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_ADD_IPV6_RANGE

Message text	Specified IPv6 address range (start-IP [STRING] end-IP [STRING]) for SNAT pool [STRING].
Variable fields	$1: Start IPv6 address of the SSL VPN SNAT address pool. $2: End IPv6 address of the SSL VPN SNAT address pool. $3: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPV6_RANGE: Specified IPv6 address range (start-IP 2000::1 end-IP 2000::10) for SNAT pool sp1.
Explanation	An IPv6 address range was specified for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_ADD_IPV6_RANGE_FAILED

Message text	Failed to specify IPv6 address range (start-IP [STRING] end-IP [STRING]) for SNAT pool [STRING].
Variable fields	$1: Start IPv6 address of the SSL VPN SNAT address pool. $2: End IPv6 address of the SSL VPN SNAT address pool. $3: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_IPV6_RANGE_FAILED: Failed to specify IPv6 address range (start-IP 2000::1 end-IP 2000::10) for SNAT pool sp1.
Explanation	Failed to specify the IPv6 address range for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_ADD_LOCALPORT

Message text	Added port forwarding entry local-port [STRING] local-name [STRING] remote-server [STRING] remote-port [STRING] [STRING] in port forwarding list [STRING] in context [STRING].
Variable fields	$1: Local port number. $2: Local address or local host name. $3: IP address or domain name of a TCP service on an internal server. $4: Port number of the TCP service. $5: Description of the port forwarding entry. This field is empty if no description is configured. $6: Port forwarding list name. $7: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_ADD_LOCALPORT: Added port forwarding entry local-port 80 local-name 127.0.0.1 remote-server 192.168.20.35 remote-port 80 in port forwarding list pflist1 in context ctx. · SSLVPN/6/SSLVPN_ADD_LOCALPORT: Added port forwarding entry local-port 80 local-name 127.0.0.1 remote-server 192.168.20.35 remote-port 80 description http in port forwarding list pflist1 in context ctx.
Explanation	A port forwarding entry was added to a port forwarding list.
Recommended action	No action is required.

SSLVPN_ADD_LOCALPORT_FAILED

Message text	Failed to add port forwarding entry local-port [STRING] local-name [STRING] remote-server [STRING] remote-port [STRING] [STRING] in port forwarding list [STRING] in context [STRING]
Variable fields	$1: Local port number. $2: Local address or local host name. $3: IP address or domain name of a TCP service on an internal server. $4: Port number of the TCP service. $5: Description of the port forwarding entry. This field is empty if no description is configured. $6: Port forwarding list name. $7: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_LOCALPORT_FAILED: Failed to add port forwarding entry ocal-port 80 local-name 127.0.0.1 remote-server 192.168.20.34 remote-port 80 in port forwarding list pflist1 in context ctx. SSLVPN/6/SSLVPN_ADD_LOCALPORT_FAILED: Failed to add port forwarding entry local-port 80 local-name 127.0.0.1 remote-server 192.168.20.34 remote-port 80 description http in port forwarding list pflist1 in context ctx.
Explanation	Failed to add a port forwarding entry to a port forwarding list.
Recommended action	No action is required.

SSLVPN_ADD_NEWCONTENT

Message text	Specified new content [STRING] for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: New content used to replace the old content. $2: Rewrite rule name. $3: File policy name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_NEWCONTENT: Specified new content sslvpn rewrite htmlcode(d); for rewrite rule rw in file policy fp in context ctx.
Explanation	The new content used to replace the old content was specified for a rewrite rule.
Recommended action	No action is required.

SSLVPN_ADD_NEWCONTENT_FAILED

Message text	Failed to specify new content [STRING] for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: New content used to replace the old content. $2: Rewrite rule name. $3: File policy name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_NEWCONTENT_FAILED: Failed to specify new content sslvpn rewrite htmlcode(d); for rewrite rule rw in file policy fp in context ctx.
Explanation	Failed to specify the new content used to replace the old content for a rewrite rule.
Recommended action	No action is required.

SSLVPN_ADD_OLDCONTENT

Message text	Specified old content [STRING] for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Old file content to be replaced. $2: Rewrite rule name. $3: File policy name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_OLDCONTENT: Specified old content a.b.c.innerHTML = d; for rewrite rule rw in file policy fp in context ctx.
Explanation	The old file content to be replaced was specified for a rewrite rule.
Recommended action	No action is required.

SSLVPN_ADD_OLDCONTENT_FAILED

Message text	Failed to specify old content [STRING] for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Old file content to be replaced. $2: Rewrite rule name. $3: File policy name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_OLDCONTENT_FAILED: Failed to specify old content a.b.c.innerHTML = d; for rewrite rule rw in file policy fp in context ctx.
Explanation	Failed to specify the old file content to be replaced for a rewrite rule.
Recommended action	No action is required.

SSLVPN_ADD_PORTFWD

Message text	Created port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PORTFWD: Created port forwarding list pf in context ctx1.
Explanation	A port forwarding list was created.
Recommended action	No action is required.

SSLVPN_ADD_PORTFWD_FAILED

Message text	Failed to create port forwarding list [STRING] in context [STRING]
Variable fields	$1: Port forwarding list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PORTFWD_FAILED: Failed to create port forwarding list pf in context ctx1.
Explanation	Failed to create a port forwarding list.
Recommended action	No action is required.

SSLVPN_ADD_PORTFWD_ITEM

Message text	Created port forwarding item [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PORTFWD_ITEM: Created port forwarding item pfitem in context ctx1.
Explanation	A port forwarding item was created.
Recommended action	No action is required.

SSLVPN_ADD_PORTFWD_ITEM_FAILED

Message text	Failed to create port forwarding item [STRING] in context [STRING]
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PORTFWD_ITEM_FAILED: Failed to create port forwarding item pfitem in context ctx1.
Explanation	Failed to create a port forwarding item.
Recommended action	No action is required.

SSLVPN_ADD_PYGROUP

Message text	Created policy group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PYGROUP: Created policy group pg in context ctx1.
Explanation	A policy group was created in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_PYGROUP_FAILED

Message text	Failed to create policy group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_PYGROUP_FAILED: Failed to create policy group pg in context ctx1.
Explanation	Failed to create a policy group in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_REFER_PFWDITEM

Message text	Assigned port forwarding item [STRING] to port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: Port forwarding list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFER_PFWDITEM: Assigned port forwarding item pfitem1 to port forwarding list pflist1 in context ctx1.
Explanation	A port forwarding item was assigned to a port forwarding list.
Recommended action	No action is required.

SSLVPN_ADD_REFER_PFWDITEM_FAILED

Message text	Failed to assign port forwarding item [STRING] to port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: Port forwarding list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFER_PFWDITEM_FAILED: Failed to assign port forwarding item pfitem1 to port forwarding list pflist1 in context ctx1.
Explanation	Failed to assign a port forwarding item to a port forwarding list.
Recommended action	No action is required.

SSLVPN_ADD_REFER_SCUTLIST

Message text	Assigned shortcut list [STRING] to policy group [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFER_SCUTLIST: Assigned shortcut list scutlist1 to policy group pg in context ctx1.
Explanation	A shortcut list was assigned to an SSL VPN policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERIPACL

Message text	Added IP access filter ACL [STRING] in policy group [STRING] in context [STRING].
Variable fields	$1: Advanced ACL number. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERIPACL: Added IP access filter ACL 3000 in policy group pgroup in context ctx1.
Explanation	An ACL for IP access filtering was specified in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERIPACL_FAILED

Message text	Failed to add IP access filter ACL [STRING] in policy group [STRING] in context [STRING]
Variable fields	$1: Advanced ACL number. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERIPACL_FAILED: Failed to add IP access filter ACL 3000 in policy group pgroup in context ctx1.
Explanation	Failed to specify an ACL for IP access filtering in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERPORTFWD

Message text	Specified port forwarding list [STRING] for policy-group [STRING] in context [STRING].
Variable fields	$1: Port forwarding list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERPORTFWD: Specified port forwarding list pf for policy-group pg in context ctx1.
Explanation	A port forwarding list was assigned to a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERPORTFWD_FAILED

Message text	Failed to specify port forwarding list [STRING] for policy-group [STRING] in context [STRING]
Variable fields	$1: Port forwarding list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERPORTFWD_FAILED: Failed to specify port forwarding list pf for policy-group pg in context ctx1.
Explanation	Failed to assign a port forwarding list to a policy group.
Recommended action	Make sure a port forwarding list exists before you assign it to a policy group.

SSLVPN_ADD_REFERSCUTLIST_FAILED

Message text	Failed to assign shortcut list [STRING] to policy group [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERSCUTLIST_FAILED: Failed to assign shortcut list scutlist1 to policy group pg in context ctx1.
Explanation	Failed to assign a shortcut list to an SSL VPN policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERSHORTCUT

Message text	Assigned shortcut [STRING] to shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: Shortcut list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERSHORTCUT: Assigned shortcut shortcut1 to shortcut list scutlist1 in context ctx1.
Explanation	A shortcut was assigned to a shortcut list.
Recommended action	No action is required.

SSLVPN_ADD_REFERSHORTCUT_FAILED

Message text	Failed to assign shortcut [STRING] to shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: Shortcut list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERSHORTCUT_FAILED: Failed to assign shortcut shortcut1 to shortcut list scutlist1 in context ctx1.
Explanation	Failed to assign a shortcut to a shortcut list.
Recommended action	No action is required.

SSLVPN_ADD_REFERSNATPOOL

Message text	Specified SNAT pool [STRING] for context [STRING].
Variable fields	$1: SNAT address pool name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERSNATPOOL: Specified SNAT pool sp1 for context ctx1.
Explanation	A SNAT address pool was assigned to an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_REFERSNATPOOL_FAILED

Message text	Failed to specify SNAT pool [STRING] for context [STRING].
Variable fields	$1: SNAT address pool name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERSNATPOOL_FAILED: Failed to specify SNAT pool sp1 for context ctx1.
Explanation	Failed to assign a SNAT address pool to an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_REFERTCPACL

Message text	Added TCP access filter ACL [STRING] in policy group [STRING] in context [STRING].
Variable fields	$1: Advanced ACL number. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERTCPACL: Added TCP access filter ACL 3000 in policy group pgroup in context ctx1.
Explanation	An ACL for TCP access filtering was specified in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERTCPACL_FAILED

Message text	Failed to add TCP access filter ACL [STRING] in policy group [STRING] in context [STRING]
Variable fields	$1: Advanced ACL number. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERTCPACL_FAILED: Failed to add TCP access filter ACL 3000 in policy group pgroup in context ctx1
Explanation	Failed to specify an ACL for TCP access filtering in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERURIACL

Message text	Added [STRING] access filter URI ACL [STRING] to policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN access mode. Options are: · IP access. · Web access. · TCP access. $2: URI ACL name. $3: Policy group name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERURIACL: Added IP access filter URI ACL uacl to policy group pgroup in context ctx1.
Explanation	A URI ACL was specified for IP, Web, or TCP access filtering in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERURIACL_FAILED

Message text	Failed to add [STRING] access filter URI ACL [STRING] to policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN access mode. Options are: · IP access · Web access. · TCP access. $2: URI ACL name. $3: Policy group name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERURIACL_FAILED: Failed to add IP access filter URI ACL uacl to policy group pgroup in context ctx1.
Explanation	Failed to specify a URI ACL for IP, Web, or TCP access filtering in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERURLLIST

Message text	Specified URL list [STRING] for policy-group [STRING] in context [STRING].
Variable fields	$1: URL list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERURLLIST: Specified URL list urllist for policy-group pg in context ctx1.
Explanation	A URL list was assigned to a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERURLLIST_FAILED

Message text	Failed to specify URL list [STRING] for policy-group [STRING] in context [STRING]
Variable fields	$1: URL list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERURLLIST_FAILED: Failed to specify URL list urllist for policy-group pg in context ctx1.
Explanation	Failed to assign a URL list to a policy group.
Recommended action	Verity that a URL list exists before you assign it to a policy group.

SSLVPN_ADD_REFERWEBACL

Message text	Added Web access filter ACL [STRING] in policy group [STRING] in context [STRING].
Variable fields	$1: Advanced ACL number. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERWEBACL: Added Web access filter 3000 in policy group pgroup in context ctx1.
Explanation	An ACL for Web accessing filtering was specified in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REFERWEBACL_FAILED

Message text	Failed to add Web access filter ACL [STRING] in policy group [STRING] in context [STRING]
Variable fields	$1: Advanced ACL number. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REFERWEBACL_FAILED: Failed to add Web access filter 3000 in policy group pgroup in context ctx1.
Explanation	Failed to specify an ACL for Web accessing filtering in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_REWRITE_RULE

Message text	Created rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REWRITE_RULE: Created rewrite rule rw in file policy fp in context ctx.
Explanation	A rewrite rule was created.
Recommended action	No action is required.

SSLVPN_ADD_REWRITE_RULE_FAILED

Message text	Failed to create rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_REWRITE_RULE_FAILED: Failed to create rewrite rule rw in file policy fp in context ctx.
Explanation	Failed to create a rewrite rule.
Recommended action	No action is required.

SSLVPN_ADD_ROUTELIST

Message text	Created IP-route-list [STRING] in context [STRING].
Variable fields	$1: Route list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_ROUTELIST: Created IP-route-list rtlist in context ctx1.
Explanation	A route list was created in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_ROUTELIST_FAILED

Message text	Failed to create IP-route-list [STRING] in context [STRING]
Variable fields	$1: Route list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_ROUTELIST_FAILED: Failed to create IP-route-list rtlist in context ctx1.
Explanation	Failed to create a route list in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_ROUTEREFER

Message text	Configured access-route [STRING] in policy-group [STRING] in context [STRING].
Variable fields	$1: Route to be issued to clients. Valid values are: · Route in the format of ip-address mask. · Force-all. This setting forces all traffic to be sent to the SSL VPN gateway. · Route list name in the format of ip-route-list list-name. All routes in the route list will be issued to clients. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_ADD_ROUTEREFER: Configured access-route ip-route-list rtlist in policy-group pg in context ctx. · SSLVPN/6/SSLVPN_ADD_ROUTEREFER: Configured access-route 1.0.0.0 255.240.0.0 in policy-group pg in context ctx. · SSLVPN/6/SSLVPN_ADD_ROUTEREFER: Configured access-route force-all in policy-group pg in context ctx.
Explanation	Routes to be issued to clients were specified in a policy group.
Recommended action	No action is required.

SSLVPN_ADD_ROUTEREFER_FAILED

Message text	Failed to configure access-route [STRING] in policy-group [STRING] in context [STRING]
Variable fields	$1: Route to be issued to clients. Valid values are: · Route in the format of ip-address mask. · Force-all. This setting forces all traffic to be sent to the SSL VPN gateway. · Route list name in the format of ip-route-list list-name. All routes in the route list will be issued to clients. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_ADD_ROUTEREFER_FAILED: Failed to configure access-route ip-route-list rtlist in policy-group pg in context ctx. · SSLVPN/6/SSLVPN_ADD_ROUTEREFER_FAILED: Failed to configure access-route 1.0.0.0 255.240.0.0 in policy-group pg in context ctx. · SSLVPN/6/SSLVPN_ADD_ROUTEREFER_FAILED: Failed to configure access-route force-all in policy-group pg in context ctx.
Explanation	Failed to specify a route or a route list to be issued to clients in a policy group.
Recommended action	Verify that a route list exists before you specify it in a policy group.

SSLVPN_ADD_SERVERURL

Message text	Specified URL [STRING] for URL item [STRING] in context [STRING].
Variable fields	$1: URL string. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SERVERURL: Specified URL www.abc.com for URL item item1 in context ctx1.
Explanation	Configured the URL for a URL item.
Recommended action	No action is required.

SSLVPN_ADD_SERVERURL_FAILED

Message text	Failed to specify URL [STRING] for URL item [STRING] in context [STRING].
Variable fields	$1: URL string. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SERVERURL_FAILED: Failed to specify URL www.abc.com for URL item item1 in context ctx1.
Explanation	Failed to configure the URL for a URL item.
Recommended action	No action is required.

SSLVPN_ADD_SHORTCUT

Message text	Created shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SHORTCUT: Created shortcut shortcut1 in context ctx1.
Explanation	A shortcut was created.
Recommended action	No action is required.

SSLVPN_ADD_SHORTCUT_FAILED

Message text	Failed to create shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SHORTCUT_FAILED: Failed to create shortcut shortcut1 in context ctx1.
Explanation	Failed to create a shortcut.
Recommended action	No action is required.

SSLVPN_ADD_SHORTCUTLIST

Message text	Created shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SHORTCUTLIST: Created shortcut list scutlist1 in context ctx1.
Explanation	A shortcut list was created.
Recommended action	No action is required.

SSLVPN_ADD_SHORTCUTLIST_FAILED

Message text	Failed to create shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SHORTCUTLIST_FAILED: Failed to create shortcut list scutlist1 in context ctx1.
Explanation	Failed to create a shortcut list.
Recommended action	No action is required.

SSLVPN_ADD_SNATPOOL

Message text	Created SSL VPN SNAT pool [STRING].
Variable fields	$1: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SNATPOOL: Created SSL VPN SNAT pool sp1.
Explanation	An SSL VPN SNAT address pool was created.
Recommended action	No action is required.

SSLVPN_ADD_SNATPOOL_FAILED

Message text	Failed to create SSL VPN SNAT pool [STRING].
Variable fields	$1: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_SNATPOOL_FAILED: Failed to create SSL VPN SNAT pool sp1.
Explanation	Failed to create an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_ADD_URIACL

Message text	Created URI ACL [STRING] in context [STRING].
Variable fields	$1: URI ACL name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URIACL: Created URI ACL uacl in context ctx1.
Explanation	A URI ACL was created.
Recommended action	No action is required.

SSLVPN_ADD_URIACL_FAILED

Message text	Failed to create URI ACL [STRING] in context [STRING].
Variable fields	$1: URI ACL name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URIACL_FAILED: Failed to create URI ACL uacl in context ctx1.
Explanation	Failed to create a URI ACL.
Recommended action	No action is required.

SSLVPN_ADD_URIACL_RULE

Message text	Added rule [UINT32] to URI ACL [STRING] in context [STRING].
Variable fields	$1: Rule ID. $2: URI ACL name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URIACL_RULE: Added rule 5 to URI ACL uacl in context ctx1.
Explanation	A rule was added to a URI ACL.
Recommended action	No action is required.

SSLVPN_ADD_URIACL_RULE_FAILED

Message text	Failed to add rule [UINT32] to URI ACL [STRING] in context [STRING].
Variable fields	$1: Rule ID. $2: URI ACL name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URIACL_RULE_FAILED: Failed to add rule 5 to URI ACL uacl in context ctx1.
Explanation	Failed to add a rule to a URI ACL.
Recommended action	No action is required.

SSLVPN_ADD_URL

Message text	Set URL (URL [STRING]) for file policy [STRING] in context [STRING].
Variable fields	$1: URL of the file to be rewritten. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URL: Set URL (URL http://192.168.1.1:8080/test.js) for file policy fp1 in context ctx1.
Explanation	The URL of the file to be rewritten was set for a file policy.
Recommended action	No action is required.

SSLVPN_ADD_URL_FAILED

Message text	Failed to set URL (URL [STRING]) for file policy [STRING] in context [STRING].
Variable fields	$1: URL of the file to be rewritten. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URL_FAILED: Failed to set URL (URL http://192.168.1.1:8080/test.js) for file policy fp1 in context ctx1.
Explanation	Failed to set the URL of the file to be rewritten for a file policy.
Recommended action	No action is required.

SSLVPN_ADD_URLITEM

Message text	Created URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URLITEM: Created URL item item1 in context ctx1.
Explanation	Created a URL item.
Recommended action	No action is required.

SSLVPN_ADD_URLITEM_FAILED

Message text	Failed to create URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URLITEM_FAILED: Failed to create URL item item1 in context ctx1.
Explanation	Failed to create a URL item.
Recommended action	No action is required.

SSLVPN_ADD_URLLIST

Message text	Created URL list [STRING] in context [STRING].
Variable fields	$1: URL list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URLLIST: Created URL list urllist in context ctx1.
Explanation	A URL list was created.
Recommended action	No action is required.

SSLVPN_ADD_URLLIST_FAILED

Message text	Failed to create URL list [STRING] in context [STRING]
Variable fields	$1: URL list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_URLLIST_FAILED: Failed to create URL list urllist in context ctx1.
Explanation	Failed to create a URL list.
Recommended action	No action is required.

SSLVPN_ADD_USER

Message text	Failed to create user [STRING] in context [STRING].
Variable fields	$1: Username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_USER_FAILED: Failed to create user user1 in context ctx1.
Explanation	Failed to create an SSL VPN user in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ADD_USER_FAILED

Message text	Created user [STRING] in context [STRING].
Variable fields	$1: Username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ADD_USER: Created user user1 in context ctx1.
Explanation	An SSL VPN user was created in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_AAADOMAIN

Message text	Specified AAA domain [STRING] for context [STRING].
Variable fields	$1: ISP domain name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_AAADOMAIN: Specified AAA domain myserver for context ctx1.
Explanation	An ISP domain was specified for authentication, authorization, and accounting of SSL VPN users in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_AAADOMAIN_FAILED

Message text	Failed to specify AAA domain [STRING] for context [STRING].
Variable fields	$1: ISP domain name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_AAADOMAIN_FAILED: Failed to specify AAA domain myserver for context ctx1.
Explanation	Failed to specify an ISP domain for authentication, authorization, and accounting of SSL VPN users in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_AUTHMODE

Message text	Configured authentication use [STRING] in context [STRING].
Variable fields	$1: Authentication mode, which indicates the authentication methods required for users to log in to the SSL VPN context. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_AUTHMODE: Configured authentication use all in context ctx1.
Explanation	Configured the authentication mode of an SSL VPN context. · The all mode indicates that a user must pass all enabled authentication methods to log in to the SSL VPN context. · The any-one mode indicates that a user can log in to the SSL VPN context after passing any enabled authentication method.
Recommended action	No action is required.

SSLVPN_CFG_AUTHMODE_FAILED

Message text	Failed to configure authentication use [STRING] in context [STRING].
Variable fields	$1: Authentication mode, which indicates the authentication methods required for users to log in to the SSL VPN context. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_AUTHMODE_FAILED: Failed to configure authentication use all in context ctx1.
Explanation	Failed to configure the authentication mode of an SSL VPN context. · The all mode indicates that a user must pass all enabled authentication methods to log in to the SSL VPN context. · The any-one mode indicates that a user can log in to the SSL VPN context after passing any enabled authentication method.
Recommended action	No action is required.

SSLVPN_CFG_BINDIP

Message text	Bound IP addresses [STRING] to user [STRING] in context [STRING].
Variable fields	$1: IP address list. $2: SSL VPN username. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_BINDIP: Bound IP addresses 10.1.1.1,10.1.1.3-10.1.1.5 to user user1 in context ctx1.
Explanation	IP addresses were bound to an SSL VPN user.
Recommended action	No action is required.

SSLVPN_CFG_BINDIP_FAILED

Message text	Failed to bind IP addresses [STRING] to user [STRING] in context [STRING].
Variable fields	$1: IP address list. $2: SSL VPN username. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_BINDIP_FAILED: Failed to bind IP addresses 10.1.1.1,10.1.1.3-10.1.1.5 to user user1 in context ctx1.
Explanation	Failed to bind IP addresses to an SSL VPN user.
Recommended action	No action is required.

SSLVPN_CFG_BINDIPAUTO

Message text	Set the number of IP addresses automatically bound to user [STRING] in context [STRING] to [UINT32].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name. $3: Number of IP addresses to be automatically bound to the user.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_BINDIPAUTO: Set the number of IP addresses automatically bound to user user1 in context ctx1 to 3.
Explanation	The number of IP addresses to be automatically bound to an SSL VPN user was specified.
Recommended action	No action is required.

SSLVPN_CFG_BINDIPAUTO_FAILED

Message text	Failed to set the number of IP addresses automatically bound to user [STRING] in context [STRING] to [UINT32].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name. $3: Number of IP addresses to be automatically bound to the user.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_BINDIPAUTO_FAILED: Failed to set the number of IP addresses automatically bound to user user1 in context ctx1 to 3.
Explanation	Failed to set the number of IP addresses to be automatically bound to an SSL VPN.
Recommended action	No action is required.

SSLVPN_CFG_CONNECTIONS

Message text	Set the maximum number of connections to [STRING] for each session in context [STRING].
Variable fields	$1: Maximum number of concurrent connections per session. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CONNECTIONS: Set the maximum number of connections to 50 for each session in context ctx1.
Explanation	The maximum number of concurrent connections per session was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_CONNECTIONS_FAILED

Message text	Failed to set the maximum number of connections to [STRING] for each session in context [STRING].
Variable fields	$1: Maximum number of concurrent connections per session. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CONNECTIONS_FAILED: Failed to set the maximum number of connections to 50 for each session in context ctx1.
Explanation	Failed to set the maximum number of concurrent connections per session in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_CONTEXT_USERMAXIMUM

Message text	Configured the maximum number of SSL VPN users in context [UINT32].
Variable fields	$1: Context ID.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CONTEXT_USERMAXIMUM: Configured the maximum number of SSL VPN users in context 2.
Explanation	The maximum number of SSL VPN users was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_CONTEXT_USERMAXIMUM_FAILED

Message text	Failed to configure the maximum number of SSL VPN users in context [UINT32].
Variable fields	$1: Context ID.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CONTEXT_USERMAXIMUM_FAILED: Failed to configure the maximum number of SSL VPN users in context 2.
Explanation	Failed to configure the maximum number of SSL VPN users in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_CONTEXTVPN

Message text	Associated VPN instance [STRING] with context [STRING].
Variable fields	$1: VPN instance name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CONTEXTVPN: Associated VPN instance vpn1 with context ctx1.
Explanation	An SSL VPN context was associated with a VPN instance.
Recommended action	No action is required.

SSLVPN_CFG_CONTEXTVPN_FAILED

Message text	Failed to associate VPN instance [STRING] with context [STRING]
Variable fields	$1: VPN instance name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_CONTEXTVPN_FAILED: Failed to associate VPN instance vpn1 with context ctx1.
Explanation	Failed to associate an SSL VPN context with a VPN instance.
Recommended action	No action is required.

SSLVPN_CFG_CTXGATEWAY

Message text	Configured gateway [STRING] [ domain [STRING] \| virtual-host [STRING] ] in context [STRING].
Variable fields	$1: SSL VPN gateway name. $2: Domain name. $3: Virtual host name. $4: SSL VPN context name. Parameters $2 and $3 cannot be both configured. This message displays parameter $2, $3, or neither, depending on the configuration.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_CTXGATEWAY: Configured gateway gw domain domain1 in context ctx1. · SSLVPN/6/SSLVPN_CFG_CTXGATEWAY: Configured gateway gw virtual-host myhost1 in context ctx1. · SSLVPN/6/SSLVPN_CFG_CTXGATEWAY: Configured gateway gw in context ctx1.
Explanation	An SSL VPN context was associated with an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_CTXGATEWAY_FAILED

Message text	Failed to configure gateway [STRING] [ domain [STRING] \| virtual-host [STRING] ] in context [STRING]
Variable fields	$1: SSL VPN gateway name. $2: Domain name. $3: Virtual host name. $4: SSL VPN context name. Parameters $2 and $3 cannot be both configured. This message displays parameter $2, $3, or neither, depending on the configuration.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_CTXGATEWAY_FAILED: Failed to configure gateway gw domain domain1 in context ctx1. · SSLVPN/6/SSLVPN_CFG_CTXGATEWAY_FAILED: Failed to configure gateway gw virtual-host myhost1 in context ctx1. · SSLVPN/6/SSLVPN_CFG_CTXGATEWAY_FAILED: Failed to configure gateway gw in context ctx1.
Explanation	Failed to associate an SSL VPN context with an SSL VPN gateway.
Recommended action	256. Make sure the SSL VPN gateway to be associated already exists. 257. Identify the number of SSL VPN gateways associated with the SSL VPN context. If the number reaches the maximum and you want to associate a new gateway, remove an existing gateway association.

SSLVPN_CFG_DEFAULTPGROUP

Message text	Configured default-policy-group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_DEFAULTPGROUP: Configured default-policy group pgroup in context ctx1.
Explanation	A policy group was specified as the default policy group in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_DEFAULTPGROUP_FAILED

Message text	Failed to configure default-policy-group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_DEFAULTPGROUP_FAILED: Failed to configure default-policy-group pgroup in context ctx1.
Explanation	Failed to specify a policy group as the default policy group in an SSL VPN context.
Recommended action	Verify that a policy group exists before you specify it as the default policy group in an SSL VPN context.

SSLVPN_CFG_DNSSERVER

Message text	Specified [STRING] DNS server [STRING] in context [STRING].
Variable fields	$1: DNS server type, primary or secondary. $2: IP address of the DNS server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_DNSSERVER: Specified primary DNS server 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CFG_DNSSERVER: Specified secondary DNS server 1.1.1.2 in context ctx.
Explanation	A DNS server was specified for IP access in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_DNSSERVER_FAILED

Message text	Failed to specify [STRING] DNS server [STRING] in context [STRING]
Variable fields	$1: DNS server type, primary or secondary. $2: IP address of the DNS server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_DNSSERVER_FAILED: Failed to specify primary DNS server 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CFG_DNSSERVER_FAILED: Failed to specify secondary DNS server 1.1.1.2 in context ctx.
Explanation	Failed to specify a DNS server for IP access in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_EMOSERVER

Message text	Specified EMO server address [STRING] and port [STRING] in context [STRING].
Variable fields	$1: Host name or IPv4 address of the EMO server. $2: Port number of the EMO server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_EMOSERVER: Specified EMO server address 10.10.1.1 and port 9058 in context ctx1. · SSLVPN/6/SSLVPN_CFG_EMOSERVER: Specified EMO server address host and port 9058 in context ctx1.
Explanation	An EMO server was specified for mobile clients in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_EMOSERVER_FAILED

Message text	Failed to specify EMO server address [STRING] and port [STRING] in context [STRING].
Variable fields	$1: Host name or IPv4 address of the EMO server. $2: Port number of the EMO server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_EMOSERVER_FAILED: Failed to specify EMO server address 10.10.1.1 and port 9058 in context ctx1. · SSLVPN/6/SSLVPN_CFG_EMOSERVER_FAILED: Failed to specify EMO server address host and port 9058 in context ctx1.
Explanation	Failed to specify an EMO server for mobile clients in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_GATEWAYVPN

Message text	Specify VPN instance [STRING] for gateway [STRING].
Variable fields	$1: Name of the VPN instance to which the SSL VPN gateway belongs. $2: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GATEWAYVPN: Specify VPN instance vpn1 for gateway gw1.
Explanation	A VPN instance was specified for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_GATEWAYVPN_FAILED

Message text	Failed to specify VPN instance [STRING] for gateway [STRING]
Variable fields	$1: Name of the VPN instance to which the SSL VPN gateway belongs. $2: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GATEWAYVPN_FAILED: Failed to specify VPN instance vpn1 for gateway gw1.
Explanation	Failed to specify a VPN instance for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_GWIPADDRESS

Message text	Configured IP address [STRING] and port [STRING] for gateway [STRING].
Variable fields	$1: IP address of the SSL VPN gateway. $2: Port number of the SSL VPN gateway. $3: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GWIPADDRESS: Configured IP address 10.10.1.1 and port 8000 for gateway gw1.
Explanation	An IP address and port number were specified for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_GWIPADDRESS_FAILED

Message text	Failed to configure IP address [STRING] and port [STRING] for gateway [STRING]
Variable fields	$1: IP address of the SSL VPN gateway. $2: Port number of the SSL VPN gateway. $3: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GWIPADDRESS_FAILED: Failed to configure IP address 10.10.1.1 and port 8000 for gateway gw1.
Explanation	Failed to specify the IP address and port number for an SSL VPN gateway.
Recommended action	258. Verify that the IP address specified for the SSL VPN gateway is not used by another gateway. 259. Verify that the port specified for the SSL VPN gateway is different from the HTTP-redirect port.

SSLVPN_CFG_GWIPV6ADDRESS

Message text	Configured IPv6 address [STRING] and port [STRING] for gateway [STRING].
Variable fields	$1: IPv6 address of the SSL VPN gateway. $2: Port number of the SSL VPN gateway. $3: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GWIPV6ADDRESS: Configured IPv6 address 1::1 and port 1027 for gateway gw1.
Explanation	An IPv6 address and port number were specified for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_GWIPV6ADDRESS_FAILED

Message text	Failed to configure IPv6 address [STRING] and port [STRING] for gateway [STRING].
Variable fields	$1: IPv6 address of the SSL VPN gateway. $2: Port number of the SSL VPN gateway. $3: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_GWIPV6ADDRESS_FAILED: Failed to configure IPv6 address 1::1 and port 1027 for gateway gw1.
Explanation	Failed to specify the IPv6 address and port number for an SSL VPN gateway.
Recommended action	260. Verify that the IP address specified for the SSL VPN gateway is not used by another gateway. 261. Verify that the port specified for the SSL VPN gateway is different from the HTTP-redirect port.

SSLVPN_CFG_HTTPREDIRECT

Message text	Configured HTTP-redirect port [STRING] in gateway [STRING].
Variable fields	$1: HTTP redirection port number. $2: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_HTTPREDIRECT: Configured HTTP-redirect port 8000 in gateway gw.
Explanation	HTTP redirection was enabled.
Recommended action	No action is required.

SSLVPN_CFG_HTTPREDIRECT_FAILED

Message text	Failed to configure HTTP-redirect port [STRING] in gateway [STRING]
Variable fields	$1: HTTP port number. $2: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_HTTPREDIRECT_FAILED: Failed to configure HTTP-redirect port 8000 in gateway gw.
Explanation	Failed to enable HTTP redirection for a port on an SSL VPN gateway.
Recommended action	Verify that the specified HTTP port number is not used by other redirection services.

SSLVPN_CFG_IMCADDRESS

Message text	Configured the IP address [STRING], port number [STRING], and VPN instance [STRING] of the iMC server in context [STRING].
Variable fields	$1: IP address of the IMC server for SMS message authentication. $2: Port number of the IMC server. $3: VPN instance to which the IMC server belongs. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IMCADDRESS: Configured the IP address 10.10.1.1 and port number 8080 and VPN instance vpn1 of the iMC server in context ctx1.
Explanation	An IMC server for SMS message authentication was configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IMCADDRESS_FAILED

Message text	Failed to configure the IP address [STRING], port number [STRING], and VPN instance [STRING] of the IMC server in context [STRING].
Variable fields	$1: IP address of the IMC server for SMS message authentication. $2: Port number of the IMC server for SMS message authentication. $3: VPN instance to which the IMC server belongs. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IMCADDRESS_FAILED: Failed to configure the IP address 10.10.1.1 and port number 8080 and VPN instance vpn1 of the IMC server in context ctx1.
Explanation	Failed to configure an IMC server for SMS message authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IPAC_WEBRESPUSH

Message text	Enabled automatic pushing of Web resources after IP access client login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPAC_WEBRESPUSH: Enabled automatic pushing of Web resources after IP access client login in context ctx.
Explanation	Enabled automatic webpage pushing of accessible resources after IP access client login in an SSL VPN context..
Recommended action	No action is required.

SSLVPN_CFG_IPAC_WEBRESPUSH_FAIL

Message text	Failed to enable automatic pushing of Web resources after IP access client login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPAC_WEBRESPUSH_FAIL: Failed to enable automatic pushing of Web resources after IP access client login in context ctx.
Explanation	Failed to enable automatic webpage pushing of accessible resources after IP access client login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IPCLIENT_AUTOACT

Message text	Enabled automatic IP access client startup after Web login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPCLIENT_AUTOACT: Enabled automatic IP access client startup after Web login in context ctx.
Explanation	Enabled automatic IP access client startup after Web login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IPCLIENT_AUTOACT_FAIL

Message text	Failed to enable automatic IP access client startup after Web login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPCLIENT_AUTOACT_FAIL: Failed to enable automatic IP access client startup after Web login in context ctx.
Explanation	Failed to enable automatic IP access client startup after Web login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IPTNL_RATE-LIMIT

Message text	Set the IP tunnel [STRING] rate limit to [UINT32] [STRING] in context [STRING].
Variable fields	$1: SSL VPN IP access traffic direction: · Upstream. · Downstream. $2: Rate limit value. $3: Unit of mesurement for the rate limit: · kbps. · pps. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPTNL_RATE-LIMIT: Set the IP tunnel upstream rate limit to 1000 kbps in context ctx. SSLVPN/6/SSLVPN_CFG_IPTNL_RATE-LIMIT: Set the IP tunnel downstream rate limit to 1000 pps in context ctx.
Explanation	Set a rate limit for IP access upstream or downstream traffic.
Recommended action	No action is required.

SSLVPN_CFG_IPTNL_RATE-LIMIT_FAIL

Message text	Failed to set the IP tunnel [STRING] rate limit to [UINT32] [STRING] in context [STRING].
Variable fields	$1: SSL VPN IP access traffic direction: · Upstream. · Downstream. $2: Rate limit value. $3: Unit of mesurement for the rate limit: · kbps. · pps. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPTNL_RATE-LIMIT_FAIL: Failed to set the IP tunnel upstream rate limit to 1000 kbps in context ctx. SSLVPN/6/SSLVPN_CFG_IPTNL_RATE-LIMIT_FAIL: Failed to set the IP tunnel downstream rate limit to 1000 pps in context ctx.
Explanation	Failed to set a rate limit for IP access upstream or downstream traffic.
Recommended action	No action is required.

SSLVPN_CFG_IPTUNNELPOOL

Message text	Specified address-pool [STRING] mask [STRING] in context [STRING].
Variable fields	$1: Name of the address pool. $2: Mask length or mask of the address pool. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPTUNNELPOOL: Specified address-pool pool1 mask 255.255.255.0 in context ctx.
Explanation	An address pool for IP access was specified in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_IPTUNNELPOOL_FAILED

Message text	Failed to specify address-pool [STRING] mask [STRING] in context [STRING]
Variable fields	$1: Name of the address pool. $2: Mask length or mask of the address pool. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_IPTUNNELPOOL_FAILED: Failed to specify address-pool pool1 mask 255.255.255.0 in context ctx.
Explanation	Failed to specify an address pool for IP address in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_KEEPALIVE

Message text	Configured IP Tunnel keepalive interval [STRING] seconds in context [STRING].
Variable fields	$1: Keepalive interval in seconds. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_KEEPALIVE: Configured IP Tunnel keepalive interval 50 seconds in context ctx.
Explanation	The keepalive interval for IP access was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_KEEPALIVE_FAILED

Message text	Failed to configure IP Tunnel keepalive interval [STRING] seconds in context [STRING]
Variable fields	$1: Keepalive interval in seconds. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_KEEPALIVE_FAILED: Failed to configure IP Tunnel keepalive interval 50 seconds in context ctx.
Explanation	Failed to set the keepalive interval for IP access in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_LOCALPORT

Message text	Configured port forwarding instance local-port [STRING] local-name [STRING] remote-server [STRING] remote-port [STRING] [STRING] for port forwarding item [STRING] in context [STRING].
Variable fields	$1: Local port number. $2: Local address or local host name. $3: IP address or domain name of a TCP service on an internal server. $4: Port number of the TCP service. $5: Description of the port forwarding instance. This field is not displayed if no description is configured. $6: Name of the port forwarding item for which the port forwarding instance is configured. $7: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_LOCALPORT: Configured port forwarding instance local-port 80 local-name 127.0.0.1 remote-server 192.168.20.35 remote-port 80 for port forwarding item pfitem1 in context ctx. · SSLVPN/6/SSLVPN_CFG_LOCALPORT: Configured port forwarding instance local-port 80 local-name 127.0.0.1 remote-server 192.168.20.35 remote-port 80 description http for port forwarding item pfitem1 in context ctx.
Explanation	A port forwarding instance was configured for a port forwarding item.
Recommended action	No action is required.

SSLVPN_CFG_LOCALPORT_FAILED

Message text	Failed to configure port forwarding instance local-port [STRING] local-name [STRING] remote-server [STRING] remote-port [STRING] [STRING] for port forwarding item [STRING] in context [STRING]
Variable fields	$1: Local port number. $2: Local address or local host name. $3: IP address or domain name of a TCP service on an internal server. $4: Port number of the TCP service $5: Description of the port forwarding instance. This field is not displayed if no description is configured. $6: Name of the port forwarding item for which the port forwarding instance is configured. $7: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_LOCALPORT_FAILED: Failed to configure port forwarding instance local-port 80 local-name 127.0.0.1 remote-server 192.168.20.34 remote-port 80 for port forwarding item pfitem1 in context ctx. · SSLVPN/6/SSLVPN_CFG_LOCALPORT_FAILED: Failed to configure port forwarding instance local-port 80 local-name 127.0.0.1 remote-server 192.168.20.34 remote-port 80 description http for port forwarding item pfitemt1 in context ctx.
Explanation	Failed to configure a port forwarding instance for a port forwarding item.
Recommended action	No action is required.

SSLVPN_CFG_LOGINMESSAGE

Message text	Configured SSL VPN [STRING] login message [STRING] in context [STRING].
Variable fields	$1: Language used on the login page, English or Chinese. $2: Welcome message on the login page. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_LOGINMESSAGE: Configured SSL VPN English login message Welcome in context ctx1.
Explanation	A login welcome message was configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_LOGINMESSAGE_FAILED

Message text	Failed to configure SSL VPN [STRING] login message [STRING] in context [STRING]
Variable fields	$1: Language used on the login page, English or Chinese. $2: Login welcome message on the login page. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_LOGINMESSAGE_FAILED: Failed to configure SSL VPN English login message Welcome in context ctx1.
Explanation	Failed to configure the login welcome message in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_LOGO

Message text	Configured SSL VPN logo [STRING] [STRING] in context [STRING].
Variable fields	$1: If a logo is configured, this field displays file. If no logo is configured, this field displays none. $2: Log file name. This field is not displayed if the $1 field displays none. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_LOGO: Configured SSL VPN logo file 1.jpg in context ctx1. · SSLVPN/6/SSLVPN_CFG_LOGO: Configured SSL VPN logo none in context ctx1.
Explanation	A logo to be displayed on SSL VPN webpages was specified.
Recommended action	No action is required.

SSLVPN_CFG_LOGO_FAILED

Message text	Failed to configure SSL VPN logo [STRING] [STRING] in context [STRING]
Variable fields	$1: If a logo is configured, this field displays file. If no logo is configured, this field displays none. $2: Log file name. This field is not displayed if $1 displays none. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_LOGO_FAILED: Failed to configure SSL VPN logo file 1.jpg in context ctx1. · SSLVPN/6/SSLVPN_CFG_LOGO_FAILED: Failed to configure SSL VPN logo none in context ctx1.
Explanation	Failed to specify a logo to be displayed on SSL VPN webpages.
Recommended action	Verify that the size of the logo file does not exceed the maximum file size limit.

SSLVPN_CFG_MAXONLINES

Message text	Set the maximum number of concurrent connections to [STRING] for each SSL VPN user in context [STRING].
Variable fields	$1: Maximum number of concurrent connections for each SSL VPN user. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_MAXONLINES: Set the maximum number of concurrent connections to 50 for each SSL VPN user in context ctx1.
Explanation	The maximum number of concurrent connections for each SSL VPN user was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_MAXONLINES_FAILED

Message text	Failed to set maximum number of concurrent connections to [STRING] for each SSL VPN user in context [STRING].
Variable fields	$1: Maximum concurrent connections for each SSL VPN user. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_MAXONLINES_FAILED: Failed to set maximum number of concurrent connections to 50 for each SSL VPN user in context ctx1.
Explanation	Failed to set the maximum number of concurrent connections for each SSL VPN user in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_MAXUSERS

Message text	Set the maximum number of sessions to [STRING] in context [STRING].
Variable fields	$1: Maximum number of sessions supported in an SSL VPN context. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_MAXUSERS: Set the maximum number of sessions to 500 in context ctx1.
Explanation	The maximum number of supported sessions was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_MAXUSERS_FAILED

Message text	Failed to set maximum number of sessions to [STRING] in context [STRING]
Variable fields	$1: Maximum number of sessions supported in an SSL VPN context. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_MAXUSERS_FAILED: Failed to set maximum number of sessions to 500 in context ctx1.
Explanation	Failed to set the maximum number of supported sessions in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_MSGSERVER

Message text	Specified message server address [STRING] and port [STRING] in context [STRING].
Variable fields	$1: Host name or IPv4 address of the message server. $2: Port number of the message server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_MSGSERVER: Specified message server address 10.10.1.1 and port 8000 in context ctx1. · SSLVPN/6/SSLVPN_CFG_MSGSERVER: Specified message server address host and port 8000 in context ctx1.
Explanation	A message server was specified for mobile clients in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_MSGSERVER_FAILED

Message text	Failed to specify message server address [STRING] and port [STRING] in context [STRING]
Variable fields	$1: Host name or IPv4 address of the message server. $2: Port number of the message server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_MSGSERVER_FAILED: Failed to specify message server address 10.10.1.1 and port 8000 in context ctx1. · SSLVPN/6/SSLVPN_CFG_MSGSERVER_FAILED: Failed to specify message server address host and port 8000 in context ctx1.
Explanation	Failed to specify a message server for mobile clients in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_PFWDEXECUTION

Message text	Configured script [STRING] for port forwarding item [STRING] in context [STRING].
Variable fields	$1: Script of the resource for a port forwarding item. $2: Port forwarding item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_PFWDEXECUTION: Configured script url('http://127.0.0.1') for port forwarding item pfitem1 in context ctx.
Explanation	A resource was configured for a port forwarding item.
Recommended action	No action is required.

SSLVPN_CFG_PFWDEXECUTION_FAILED

Message text	Failed to configure script [STRING] for port forwarding item [STRING] in context [STRING].
Variable fields	$1: Script of the resource for a port forwarding item. $2: Port forwarding item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_PFWDEXECUTION_FAILED: Failed to configure script url('http://127.0.0.1') for port forwarding item pfitem1 in context ctx.
Explanation	Failed to configure a resource path for a port forwarding item.
Recommended action	No action is required.

SSLVPN_CFG_SCUTEXECUTION

Message text	Configured script [STRING] for shortcut [STRING] in context [STRING].
Variable fields	$1: Script of the resource associated with a shortcut. $2: Shortcut name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SCUTEXECUTION: Configured script url('http://10.0.0.1') for shortcut shortcut1 in context ctx.
Explanation	A resource was associated with a shortcut.
Recommended action	No action is required.

SSLVPN_CFG_SCUTEXECUTION_FAILED

Message text	Failed to configure script [STRING] for shortcut [STRING] in context [STRING].
Variable fields	$1: Script of the resource associated with a shortcut. $2: Shortcut name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SCUTEXECUTION_FAILED: Failed to configure script url('http://10.0.0.1') for shortcut shortcut1 in context ctx.
Explanation	Failed to associate a resource with a shortcut.
Recommended action	No action is required.

SSLVPN_CFG_SHORTCUTDESC

Message text	Configured description [STRING] for shortcut [STRING] in context [STRING].
Variable fields	$1: Description of a shortcut. $2: Shortcut name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SHORTCUTDESC: Configured description shortcut shortcut1 for shortcut shortcut1 in context ctx.
Explanation	A description was configured for a shortcut.
Recommended action	No action is required.

SSLVPN_CFG_SHORTCUTDESC_FAILED

Message text	Failed to configure description [STRING] for shortcut [STRING] in context [STRING].
Variable fields	$1: Description of a shortcut. $2: Shortcut name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SHORTCUTDESC_FAILED: Failed to configure description shortcut shortcut1 for shortcut shortcut1 in context ctx.
Explanation	Failed to configure a description for a shortcut.
Recommended action	No action is required.

SSLVPN_CFG_SSLCLIENT

Message text	Specified SSL client policy [STRING] for context [STRING].
Variable fields	$1: SSL client policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SSLCLIENT: Specified SSL client policy ssl for context ctx1.
Explanation	An SSL client policy was specified for an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_SSLCLIENT_FAILED

Message text	Failed to specify SSL client policy [STRING] for context [STRING].
Variable fields	$1: SSL client policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SSLCLIENT_FAILED: Failed to specify SSL client policy ssl for context ctx1.
Explanation	Failed to specify an SSL client policy for an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_SSLSERVER

Message text	Specified SSL server policy [STRING] for gateway [STRING].
Variable fields	$1: SSL server policy name. $2: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SSLSERVER: Specified SSL server policy ssl for gateway gw1.
Explanation	An SSL server policy was specified for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_SSLSERVER_FAILED

Message text	Failed to specify SSL server policy [STRING] for gateway [STRING]
Variable fields	$1: SSL server policy name. $2: Name of the SSL VPN gateway.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_SSLSERVER_FAILED: Failed to specify SSL server policy ssl for gateway gw1.
Explanation	Failed to specify an SSL server policy for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CFG_TIMEOUTIDLE

Message text	Configured session idle timeout to [STRING] minutes in context [STRING].
Variable fields	$1: Idle timeout timer for SSL VPN sessions. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TIMEOUTIDLE: Configured session idle timeout to 50 minutes in context ctx1.
Explanation	The idle timeout timer for SSL VPN sessions was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_TIMEOUTIDLE_FAILED

Message text	Failed to configure session idle timeout to [STRING] minutes in context [STRING]
Variable fields	$1: Idle timeout timer for SSL VPN sessions. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TIMEOUTIDLE_FAILED: Failed to configure session idle timeout to 50 minutes in context ctx1.
Explanation	Failed to set the idle timeout timer for SSL VPN sessions in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_TITLE

Message text	Configured SSL VPN page [STRING] title [STRING] in context [STRING].
Variable fields	$1: Language used on the login page, English or Chinese. $2: Title displayed on SSL VPN webpages. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TITLE: Configured SSL VPN page English title Mytitle in context ctx1.
Explanation	The title to be displayed on SSL VPN webpages was configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_TITLE_FAILED

Message text	Failed to configure SSL VPN page [STRING] title [STRING] in context [STRING]
Variable fields	$1: Language used on the login page, English or Chinese. $2: Title displayed on SSL VPN webpages. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TITLE_FAILED: Failed to configure SSL VPN page English title Mytitle in context ctx1.
Explanation	Failed to configure the title to be displayed on SSL VPN webpages in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_TRAFFICTHRESHOLD

Message text	Set the idle-cut traffic threshold to [STRING] Kilobytes in context [STRING].
Variable fields	$1: Idle-cut traffic threshold value. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TRAFFICTHRESHOLD: Set the idle-cut traffic threshold to 100 Kilobytes in context ctx1.
Explanation	The SSL VPN session idle-cut traffic threshold was set in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_TRAFFICTHRESHOLD_FAIL

Message text	Failed to set the idle-cut traffic threshold to [STRING] Kilobytes in context [STRING].
Variable fields	$1: Idle-cut traffic threshold value. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_TRAFFICTHRESHOLD_FAIL: Failed to set the idle-cut traffic threshold to 100 Kilobytes in context ctx1.
Explanation	Failed to set the SSL VPN session idle-cut traffic threshold in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_URLLISTHEAD

Message text	Configured heading [STRING] for URL-list [STRING] in context [STRING].
Variable fields	$1: URL list heading name. $2: URL list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_URLLISTHEAD: Configured heading urlhead for URL-list urllist in context ctx1.
Explanation	A heading was configured for a URL list.
Recommended action	No action is required.

SSLVPN_CFG_URLLISTHEAD_FAILED

Message text	Failed to configure heading [STRING] for URL-list [STRING] in context [STRING]
Variable fields	$1: URL list heading name. $2: URL list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CFG_URLLISTHEAD_FAILED: Failed to configure heading urlhead for URL-list urllist in context ctx1.
Explanation	Failed to configure a heading for a URL list.
Recommended action	No action is required.

SSLVPN_CFG_WINSSERVER

Message text	Specified [STRING] WINS server [STRING] in context [STRING].
Variable fields	$1: WINS server type, primary or secondary. $2: IPv4 address of the WINS server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_WINSSERVER: Specified primary WINS server primary 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CFG_WINSSERVER: Specified secondary WINS server secondary 1.1.1.2 in context ctx.
Explanation	A WIN server for IP access was specified in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CFG_WINSSERVER_FAILED

Message text	Failed to specify [STRING] WINS server [STRING] in context [STRING]
Variable fields	$1: WINS server type, primary or secondary. $2: IPv4 address of the WINS server. $3: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CFG_WINSSERVER_FAILED: Failed to specify primary WINS server 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CFG_WINSSERVER_FAILED: Failed to specify secondary WINS server 1.1.1.2 in context ctx.
Explanation	Failed to specify a WINS server for IP access in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_AAADOMAIN

Message text	Deleted the AAA domain specified for context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_AAADOMAIN: Deleted the AAA domain specified for context ctx1.
Explanation	The ISP domain configuration was removed from an SSL VPN context. The SSL VPN context will use the default ISP domain for authentication, authorization, and accounting of SSL VPN users.
Recommended action	No action is required.

SSLVPN_CLR_AAADOMAIN_FAILED

Message text	Failed to delete the AAA domain specified for context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_AAADOMAIN_FAILED: Failed to delete the AAA domain specified for context ctx1.
Explanation	Failed to remove the ISP domain configuration from an SSL VPN context. The SSL VPN context still uses the specified ISP domain for authentication, authorization, and accounting of SSL VPN users.
Recommended action	No action is required.

SSLVPN_CLR_AUTHMODE

Message text	Configured authentication use all in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_AUTHMODE: Configured authentication use all in context 2.
Explanation	The authentication mode of an SSL VPN context was set to all. A user must pass all enabled authentication methods to log in to the SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_AUTHMODE_FAILED

Message text	Failed to configure authentication use all in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_AUTHMODE_FAILED: Failed to configure authentication use all in context 2.
Explanation	Failed to specify the authentication mode of an SSL VPN context as all, which indicates that a user must pass all enabled authentication methods to log in to the SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_BINDIP

Message text	Deleted IP address binding configuration for user [STRING] in context [STRING].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_BINDIP: Deleted IP address binding configuration for user user1 in context ctx1.
Explanation	The IP address binding configuration was deleted for an SSL VPN user.
Recommended action	No action is required.

SSLVPN_CLR_BINDIP_FAILED

Message text	Failed to delete IP address binding configuration for user [STRING] in context [STRING].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_BINDIP_FAILED: Failed to delete IP address binding configuration for user user1 in context ctx1.
Explanation	Failed to delete the IP address binding configuration for an SSL VPN user.
Recommended action	No action is required.

SSLVPN_CLR_CONTEXT_USERMAXIMUM

Message text	Deleted the maximum number of SSL VPN users in context [UINT32].
Variable fields	$1: Context ID.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CONTEXT_USERMAXIMUM: Deleted the maximum number of SSL VPN users in context 2.
Explanation	The maximum number of SSL VPN users configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_CONTEXT_USERMAXIMUM_FAILED

Message text	Failed to delete the maximum number of SSL VPN users in context [UINT32].
Variable fields	$1: Context ID.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CONTEXT_USERMAXIMUM_FAILED: Failed to delete the maximum number of SSL VPN users in context 2.
Explanation	Failed to remove the maximum number of SSL VPN users configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_CONTEXTVPN

Message text	Deleted the associated VPN instance in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CONTEXTVPN: Deleted the associated VPN instance in context ctx1.
Explanation	The association between an SSL VPN context and a VPN instance was removed.
Recommended action	No action is required.

SSLVPN_CLR_CONTEXTVPN_FAILED

Message text	Failed to delete the associated VPN instance in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CONTEXTVPN_FAILED: Failed to delete the associated VPN instance in context ctx1.
Explanation	Failed to remove the association between an SSL VPN context and a VPN instance.
Recommended action	No action is required.

SSLVPN_CLR_CTXGATEWAY

Message text	Deleted gateway in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CTXGATEWAY: Deleted gateway in context ctx1.
Explanation	An SSL VPN gateway was deleted.
Recommended action	No action is required.

SSLVPN_CLR_CTXGATEWAY_FAILED

Message text	Failed to delete gateway in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_CTXGATEWAY_FAILED: Failed to delete gateway in context ctx1.
Explanation	Failed to delete an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_DEFAULT_PGROUP

Message text	Deleted default-policy-group in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_DEFAULT_PGROUP: Deleted default-policy-group in context ctx1.
Explanation	The default policy group configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_DEFAULT_PGROUP_FAILED

Message text	Failed to delete default-policy-group in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_DEFAULT_PGROUP_FAILED: Failed to delete default-policy-group in context ctx1.
Explanation	Failed to remove the default policy group configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_DNSSERVER

Message text	Deleted [STRING] DNS server in context [STRING].
Variable fields	$1: DNS server type, primary or secondary. $2: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CLR_DNSSERVER: Deleted primary DNS server in context ctx. · SSLVPN/6/SSLVPN_CLR_DNSSERVER: Deleted secondary DNS server in context ctx.
Explanation	The DNS server configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_DNSSERVER_FAILED

Message text	Failed to delete [STRING] DNS server in context [STRING]
Variable fields	$1: DNS server type, primary or secondary. $2: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CLR_DNSSERVER_FAILED: Failed to delete primary DNS server in context ctx. · SSLVPN/6/SSLVPN_CLR_DNSSERVER_FAILED: Failed to delete secondary DNS server in context ctx.
Explanation	Failed to remove the DNS server configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_EMOSERVER

Message text	Deleted EMO server in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_EMOSERVER: Deleted emo-server in context ctx1.
Explanation	The Endpoint Mobile Office (EMO) server configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_EMOSERVER_FAILED

Message text	Failed to delete EMO server in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_EMOSERVER_FAILED: Failed to delete EMO server in context ctx1.
Explanation	Failed to remove the Endpoint Mobile Office (EMO) server configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_GATEWAYVPN

Message text	Deleted VPN instance for gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GATEWAYVPN: Deleted VPN instance for gateway gw1.
Explanation	The VPN instance configuration was removed for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_GATEWAYVPN_FAILED

Message text	Failed to delete VPN instance for gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GATEWAYVPN_FAILED: Failed to delete VPN instance for gateway gw1.
Explanation	Failed to remove the VPN instance configuration for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_GWIPADDRESS

Message text	Deleted IP address of gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GWIPADDRESS: Deleted IP address of gateway gw1.
Explanation	The IP address of an SSL VPN gateway was deleted.
Recommended action	No action is required.

SSLVPN_CLR_GWIPADDRESS_FAILED

Message text	Failed to delete IP address of gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GWIPADDRESS_FAILED: Failed to delete IP address of gateway gw1.
Explanation	Failed to delete the IP address of an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_GWIPV6ADDRESS

Message text	Deleted IPv6 address of gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GWIPV6ADDRESS: Deleted IPv6 address of gateway gw1.
Explanation	The IPv6 address of an SSL VPN gateway was deleted.
Recommended action	No action is required.

SSLVPN_CLR_GWIPV6ADDRESS_FAILED

Message text	Failed to delete IPv6 address of gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_GWIPV6ADDRESS_FAILED: Failed to delete IPv6 address of gateway gw1.
Explanation	Failed to delete the IPv6 address of an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_HTTPREDIRECT

Message text	Disabled HTTP-redirect in gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_HTTPREDIRECT: Disabled HTTP-redirect in gateway gw.
Explanation	HTTP redirection was disabled for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_HTTPREDIRECT_FAILED

Message text	Failed to disable HTTP-redirect in gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_HTTPREDIRECT_FAILED: Failed to disable HTTP-redirect in gateway gw.
Explanation	Failed to disable HTTP redirection for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_IMCADDRESS

Message text	Deleted the IP address of the IMC server in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IMCADDRESS: Deleted the IP address of the IMC server in context ctx1.
Explanation	The IMC server configuration for SMS message authentication was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IMCADDRESS_FAILED

Message text	Failed to delete the IP address of the IMC server in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IMCADDRESS_FAILED: Failed to delete the IP address of the IMC server in context ctx1.
Explanation	Failed to remove the IMC server configuration for SMS message authentication from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPAC_WEBRESPUSH

Message text	Disabled automatic pushing of Web resources after IP access client login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPAC_WEBRESPUSH: Disabled automatic pushing of Web resources after IP access client login in context ctx.
Explanation	Disabled automatic webpage pushing of accessible resources after IP access client login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPAC_WEBRESPUSH_FAIL

Message text	Failed to disable automatic pushing of Web resources after IP access client login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPAC_WEBRESPUSH_FAIL: Failed to disable automatic pushing of Web resources after IP access client login in context ctx.
Explanation	Failed to disable automatic webpage pushing of accessible resources after IP access client login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPCLIENT_AUTOACT

Message text	Disabled automatic IP access client startup after Web login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPCLIENT_AUTOACT: Disabled automatic IP access client startup after Web login in context ctx.
Explanation	Disabled automatic IP access client startup after Web login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPCLIENT_AUTOACT_FAIL

Message text	Failed to disable automatic IP access client startup after Web login in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPCLIENT_AUTOACT_FAIL: Failed to disable automatic IP access client startup after Web login in context ctx.
Explanation	Failed to disable automatic IP access client startup after Web login in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPTNL_RATE-LIMIT

Message text	Deleted the rate limit configuration for IP tunnel [STRING] traffic in context [STRING].
Variable fields	$1: SSL VPN IP access traffic direction: · Upstream. · Downstream. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPTNL_RATE-LIMIT: Deleted the rate limit configuration for IP tunnel upstream traffic in context ctx. SSLVPN/6/SSLVPN_CLR_IPTNL_RATE-LIMIT: Deleted the rate limit configuration for IP tunnel downstream traffic in context ctx.
Explanation	Deleted the rate limit setting for IP access upstream or downstream traffic.
Recommended action	No action is required.

SSLVPN_CLR_IPTNL_RATE-LIMIT_FAIL

Message text	Failed to delete the rate limit configuration for IP tunnel [STRING] traffic in context [STRING].
Variable fields	$1: SSL VPN IP access traffic direction: · Upstream. · Downstream. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPTNL_RATE-LIMIT_FAIL: Failed to delete the rate limit configuration for IP tunnel upstream traffic in context ctx. SSLVPN/6/SSLVPN_CLR_IPTNL_RATE-LIMIT_FAIL: Failed to delete the rate limit configuration for IP tunnel downstream traffic in context ctx.
Explanation	Failed to delete the rate limit setting for IP access upstream or downstream traffic.
Recommended action	No action is required.

SSLVPN_CLR_IPTUNNELPOOL

Message text	Deleted address-pool in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPTUNNELPOOL: Deleted address-pool in context ctx.
Explanation	The IP access address pool configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_IPTUNNELPOOL_FAILED

Message text	Failed to delete address-pool in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_IPTUNNELPOOL_FAILED: Failed to delete address-pool in context ctx.
Explanation	Failed to remove the IP access address pool configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_LOCALPORT

Message text	Deleted the port forwarding instance used by port forwarding item [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_LOCALPORT: Deleted the port forwarding instance used by port forwarding item pfitem1 in context ctx.
Explanation	The port forwarding instance used by a port forwarding item was deleted.
Recommended action	No action is required.

SSLVPN_CLR_LOCALPORT_FAILED

Message text	Failed to delete the port forwarding instance used by port forwarding item [STRING] in context [STRING]
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_LOCALPORT_FAILED: Failed to delete the port forwarding instance used by port forwarding item pfitem1 in context ctx.
Explanation	Failed to delete the port forwarding instance used by a port forwarding item.
Recommended action	No action is required.

SSLVPN_CLR_LOGO

Message text	Configured SSL VPN logo H3C in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_LOGO: Configured SSL VPN logo H3C in context ctx1.
Explanation	The logo to be displayed on SSL VPN webpages was set to H3C.
Recommended action	No action is required.

SSLVPN_CLR_LOGO_FAILED

Message text	Failed to configure SSL VPN logo H3C in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_LOGO_FAILED: Failed to configure SSL VPN logo H3C in context ctx1.
Explanation	Failed to set the logo to be displayed on SSL VPN webpages to H3C.
Recommended action	No action is required.

SSLVPN_CLR_MSGSERVER

Message text	Deleted message server in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_MSGSERVER: Deleted message server in context ctx1.
Explanation	The message server configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_MSGSERVER_FAILED

Message text	Failed to delete message server in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_MSGSERVER_FAILED: Failed to delete message server in context ctx1.
Explanation	Failed to remove the message server configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_PFWDEXECUTION

Message text	Deleted the script for port forwarding item [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_PFWDEXECUTION: Deleted the script for port forwarding item pfitem1 in context ctx.
Explanation	The resource specified for a port forwarding item was deleted.
Recommended action	No action is required.

SSLVPN_CLR_PFWDEXECUTION_FAILED

Message text	Failed to delete the script for port forwarding item [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_PFWDEXECUTION_FAILED: Failed to delete the script for port forwarding item pfitem1 in context ctx.
Explanation	Failed to delete the resource specified for a port forwarding item.
Recommended action	No action is required.

SSLVPN_CLR_SCUTDESCRIPTION

Message text	Deleted the description for shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SCUTDESCRIPTION: Deleted the description for shortcut shortcut1 in context ctx.
Explanation	The description configured for shortcut was deleted.
Recommended action	No action is required.

SSLVPN_CLR_SCUTDESCRIPTION_FAILED

Message text	Failed to delete the description for shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SCUTDESCRIPTION_FAILED: Failed to delete the description for shortcut shortcut1 in context ctx.
Explanation	Failed to delete the description configured for a shortcut.
Recommended action	No action is required.

SSLVPN_CLR_SCUTEXECUTION

Message text	Deleted the script for shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SCUTEXECUTION: Deleted the script for shortcut shortcut1 in context ctx.
Explanation	The association between a resource and a shortcut was deleted.
Recommended action	No action is required.

SSLVPN_CLR_SCUTEXECUTION_FAILED

Message text	Failed to delete the script for shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SCUTEXECUTION_FAILED: Failed to delete the script for shortcut shortcut1 in context ctx.
Explanation	Failed to delete the association between a resource and a shortcut.
Recommended action	No action is required.

SSLVPN_CLR_SSLCLIENT

Message text	Deleted the SSL client policy specified for context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SSLCLIENT: Deleted the SSL client policy specified for context ctx1.
Explanation	The SSL client policy configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_SSLCLIENT_FAILED

Message text	Failed to delete SSL client policy for context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SSLCLIENT_FAILED: Failed to delete SSL client policy for context ctx1.
Explanation	Failed to remove the SSL client policy configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_SSLSERVER

Message text	Deleted the SSL server policy specified for gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SSLSERVER: Deleted the SSL server policy specified for gateway gw1.
Explanation	The SSL server policy configuration was removed for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_SSLSERVER_FAILED

Message text	Failed to delete SSL server policy for gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_SSLSERVER_FAILED: Failed to delete SSL server policy for gateway gw1.
Explanation	Failed to remove the SSL server policy configuration for an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_CLR_TRAFFICTHRESHOLD

Message text	Deleted the idle-cut traffic threshold in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_TRAFFICTHRESHOLD: Deleted the idle-cut traffic threshold in context ctx1.
Explanation	Removed the SSL VPN session idle-cut traffic threshold setting in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_TRAFFICTHRESHOLD_FAIL

Message text	Failed to delete the idle-cut traffic threshold in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_CLR_TRAFFICTHRESHOLD_FAIL: Failed to delete the idle-cut traffic threshold in context ctx1.
Explanation	Failed to remove the SSL VPN session idle-cut traffic threshold setting in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_WINSSERVER

Message text	Deleted [STRING] WINS server in context [STRING].
Variable fields	$1: WINS server type, primary or secondary. $2: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CLR_WINSSERVER: Deleted primary WINS server 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CLR_WINSSERVER: Deleted secondary WINS server 1.1.1.2 in context ctx.
Explanation	The WINS server configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_CLR_WINSSERVER_FAILED

Message text	Failed to delete [STRING] WINS server in context [STRING]
Variable fields	$1: WINS server type, primary or secondary. $2: SSL VPN context name.
Severity level	6
Example	· SSLVPN/6/SSLVPN_CLR_WINSSERVER_FAILED: Failed to delete primary WINS server 1.1.1.1 in context ctx. · SSLVPN/6/SSLVPN_CLR_WINSSERVER_FAILED: Failed to delete secondary WINS server 1.1.1.2 in context ctx.
Explanation	Failed to remove the WINS server configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_CONTENT_TYPE

Message text	Deleted the content type configuration for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_CONTENT_TYPE: Deleted the content type configuration for file policy fp1 in context ctx1.
Explanation	The content type configuration was deleted for a file policy.
Recommended action	No action is required.

SSLVPN_DEL_CONTENT_TYPE_FAILED

Message text	Failed to delete the content type configuration for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_CONTENT_TYPE_FAILED: Failed to delete the content type configuration for file policy fp1 in context ctx1.
Explanation	Failed to delete the content type configuration for a file policy.
Recommended action	No action is required.

SSLVPN_DEL_CONTEXT

Message text	Deleted SSL VPN context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_CONTEXT: Deleted SSL VPN context ctx1.
Explanation	An SSL VPN context was deleted.
Recommended action	No action is required.

SSLVPN_DEL_CONTEXT_FAILED

Message text	Failed to delete SSL VPN context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_CONTEXT_FAILED: Failed to delete SSL VPN context ctx1.
Explanation	Failed to delete an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_EXCROUTEITEM

Message text	Deleted exclude route (IP [STRING] mask [STRING]) from route list [STRING] in context [STRING].
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_EXCROUTEITEM: Deleted exclude route (IP 10.0.0.0 mask 255.0.0.0) from route list rtlist in context ctx1.
Explanation	An exclude route was removed from a route list configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_EXCROUTEITEM_FAILED

Message text	Failed to delete exclude route (IP [STRING] mask [STRING]) from route list [STRING] in context [STRING]
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_EXCROUTEITEM_FAILED: Failed to delete exclude route (IP 10.0.0.0 mask 255.0.0.0) from route list rtlist in context ctx1.
Explanation	Failed to remove an exclude route from a route list configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_FILEPOLICY

Message text	Deleted file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_FILEPOLICY: Deleted file policy fp1 in context ctx1.
Explanation	A file policy was deleted.
Recommended action	No action is required.

SSLVPN_DEL_FILEPOLICY_FAILED

Message text	Failed to delete file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_FILEPOLICY_FAILED: Failed to delete file policy fp1 in context ctx1.
Explanation	Failed to delete a file policy.
Recommended action	No action is required.

SSLVPN_DEL_GATEWAY

Message text	Deleted SSL VPN gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_GATEWAY: Deleted SSL VPN gateway gw1.
Explanation	An SSL VPN gateway was deleted.
Recommended action	No action is required.

SSLVPN_DEL_GATEWAY_FAILED

Message text	Failed to delete SSL VPN gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_GATEWAY_FAILED: Failed to delete SSL VPN gateway gw1.
Explanation	Failed to delete an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_DEL_INCROUTEITEM

Message text	Deleted inlcude route (IP [STRING] mask [STRING]) from route list [STRING] in context [STRING].
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_INCROUTEITEM: Deleted include route (IP 10.0.0.0 mask 255.0.0.0) from route list rtlist in context ctx1.
Explanation	An include route was removed from a route list configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_INCROUTEITEM_FAILED

Message text	Failed to delete include route (IP [STRING] mask [STRING]) from route list [STRING] in context [STRING]
Variable fields	$1: Destination IP address of the route. $2: Subnet mask of the route. $3: Route list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_INCROUTEITEM_FAILED: Failed to delete include route (IP 10.0.0.0 mask 255.0.0.0) from route list rtlist in context ctx1.
Explanation	Failed to remove an include route from a route list configured in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_IPADDRESSPOOL

Message text	Deleted IP address pool [STRING].
Variable fields	$1: Name of the IP address pool.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPADDRESSPOOL: Deleted IP address pool pool1.
Explanation	An address pool was deleted.
Recommended action	No action is required.

SSLVPN_DEL_IPADDRESSPOOL_FAILED

Message text	Failed to delete IP address pool [STRING]
Variable fields	$1: Name of the IP address pool.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPADDRESSPOOL_FAILED: Failed to delete IP address pool pool1.
Explanation	Failed to delete an address pool.
Recommended action	No action is required.

SSLVPN_DEL_IPTUNNELACIF

Message text	Deleted SSL VPN AC interface in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPTUNNELACIF: Deleted SSL VPN AC interface in context ctx.
Explanation	The SSL VPN AC interface configuration for IP access was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_IPTUNNELACIF_FAILED

Message text	Failed to delete SSL VPN AC interface in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPTUNNELACIF_FAILED: Failed to delete SSL VPN AC interface in context ctx.
Explanation	Failed to remove the SSL VPN AC interface configuration for IP access from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_IPV4_RANGE

Message text	Deleted the IPv4 address range of SNAT pool [STRING].
Variable fields	$1: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPV4_RANGE: Deleted IPv4 address range of SNAT pool sp1.
Explanation	The IPv4 address range configuration was removed for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_DEL_IPV4_RANGE_FAILED

Message text	Failed to delete the IPv4 address range of SNAT pool [STRING].
Variable fields	$1: SNAT address pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPV4_RANGE_FAILED: Failed to delete IPv4 address range of SNAT pool sp1.
Explanation	Failed to remove the IPv4 address range configuration for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_DEL_IPV6_RANGE

Message text	Deleted IPv6 address range of SNAT pool [STRING].
Variable fields	$1: SNAT pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPV6_RANGE: Deleted IPv6 address range of SNAT pool sp1.
Explanation	The IPv6 address range configuration was removed for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_DEL_IPV6_RANGE_FAILED

Message text	Failed to delete IPv6 address range of SNAT pool [STRING].
Variable fields	$1: SNAT pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_IPV6_RANGE_FAILED: Failed to delete IPv6 address range of SNAT pool sp1.
Explanation	Failed to remove the IPv6 address range configuration for an SSL VPN SNAT address pool.
Recommended action	No action is required.

SSLVPN_DEL_LOCALPORT

Message text	Deleted port forwarding entry local-port [STRING] local-name [STRING] in port forwarding list [STRING] in context [STRING].
Variable fields	$1: Local port number. $2: Local address or local host name. $3: Port forwarding list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_LOCALPORT: Deleted port forwarding entry local-port 80 local-name 127.0.0.1 in port forwarding list pflist1 in context ctx.
Explanation	A port forwarding entry was deleted from a port forwarding list.
Recommended action	No action is required.

SSLVPN_DEL_LOCALPORT_FAILED

Message text	Failed to delete port forwarding entry local-port [STRING] local-name [STRING] in port forwarding list [STRING] in context [STRING]
Variable fields	$1: Local port number. $2: Local address or local host name. $3: Port forwarding list name. $4: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_LOCALPORT_FAILED: Failed to delete port forwarding entry local-port 80 local-name 127.0.0.1 in port forwarding list pflist1 in context ctx.
Explanation	Failed to delete a port forwarding entry from a port forwarding list.
Recommended action	No action is required.

SSLVPN_DEL_NEWCONTENT

Message text	Deleted the new content configuration for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_NEWCONTENT: Deleted the new content configuration for rewrite rule rw in file policy fp in context ctx.
Explanation	The new content configuration was deleted for a rewrite rule.
Recommended action	No action is required.

SSLVPN_DEL_NEWCONTENT_FAILED

Message text	Failed to delete the new content configuration for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_NEWCONTENT_FAILED: Failed to delete the new content configuration for rewrite rule rw in file policy fp in context ctx.
Explanation	Failed to delete the new content configuration for a rewrite rule.
Recommended action	No action is required.

SSLVPN_DEL_OLDCONTENT

Message text	Deleted the old content configuration for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_OLDCONTENT: Deleted the old content configuration for rewrite rule rw in file policy fp in context ctx.
Explanation	The old content configuration was deleted for a rewrite rule.
Recommended action	No action is required.

SSLVPN_DEL_OLDCONTENT_FAILED

Message text	Failed to delete the old content configuration for rewrite rule [STRING] in file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_OLDCONTENT_FAILED: Failed to delete the old content configuration for rewrite rule rw in file policy fp in context ctx.
Explanation	Failed to delete the old content configuration for a rewrite rule.
Recommended action	No action is required.

SSLVPN_DEL_PORTFWD

Message text	Deleted port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PORTFWD: Deleted port forwarding list pf in context ctx1.
Explanation	A port forwarding list was deleted from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_PORTFWD_FAILED

Message text	Failed to delete port forwarding list [STRING] in context [STRING]
Variable fields	$1: Port forwarding list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PORTFWD_FAILED: Failed to delete port forwarding list pf in context ctx1.
Explanation	Failed to delete a port forwarding list from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_PORTFWD_ITEM

Message text	Deleted port forwarding item [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PORTFWD_ITEM: Deleted port forwarding item pfitem in context ctx1.
Explanation	A port forwarding item was deleted.
Recommended action	No action is required.

SSLVPN_DEL_PORTFWD_ITEM_FAILED

Message text	Failed to delete port forwarding item [STRING] in context [STRING]
Variable fields	$1: Port forwarding item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PORTFWD_ITEM_FAILED: Failed to delete port forwarding item pfitem in context ctx1.
Explanation	Failed to delete a port forwarding item.
Recommended action	No action is required.

SSLVPN_DEL_PYGROUP

Message text	Deleted policy group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PYGROUP: Deleted policy group pg in context ctx1.
Explanation	An SSL VPN policy group was deleted.
Recommended action	No action is required.

SSLVPN_DEL_PYGROUP_FAILED

Message text	Failed to delete policy group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_PYGROUP_FAILED: Failed to delete policy group pg in context ctx1.
Explanation	Failed to delete an SSL VPN policy group.
Recommended action	Verify that the policy group is not being used by SSL VPN users.

SSLVPN_DEL_REFERIPACL

Message text	Deleted IP access filter in policy group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERIPACL: Deleted IP access filter in policy group pgroup in context ctx1.
Explanation	The IP access filtering configuration was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERIPACL_FAILED

Message text	Failed to delete IP access filter in policy group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERIPACL_FAILED: Failed to delete IP access filter in policy group pgroup in context ctx1
Explanation	Failed to remove the IP access filtering configuration from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERPFWDITEM

Message text	Removed port forwarding item [STRING] from port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: Port forwarding list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERPFWDITEM: Removed port forwarding item pfitem1 from port forwarding list pflist1 in context ctx1.
Explanation	A port forwarding item was removed from a port forwarding list.
Recommended action	No action is required.

SSLVPN_DEL_REFERPFWDITEM_FAILED

Message text	Failed to remove port forwarding item [STRING] from port forwarding list [STRING] in context [STRING].
Variable fields	$1: Port forwarding item name. $2: Port forwarding list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERPFWDITEM_FAILED: Failed to remove port forwarding item pfitem1 from port forwarding list pflist1 in context ctx1.
Explanation	Failed to remove a port forwarding item from a port forwarding list.
Recommended action	No action is required.

SSLVPN_DEL_REFERPORTFWD

Message text	Deleted port forwarding list used by policy-group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERPORTFWD: Deleted port forwarding list used by policy-group pg in context ctx1.
Explanation	The port forwarding list configuration was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERPORTFWD_FAILED

Message text	Failed to delete port forwarding list used by policy-group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERPORTFWD_FAILED: Failed to delete port forwarding list used by policy-group pg in context ctx1.
Explanation	Failed to remove the port forwarding list configuration from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERSCUTLIST

Message text	Removed shortcut list from policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSCUTLIST: Removed shortcut list from policy group pg in context ctx1.
Explanation	A shortcut list was removed from an SSL VPN policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERSCUTLIST_FAILED

Message text	Failed to remove shortcut list from policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSCUTLIST_FAILED: Failed to remove shortcut list from policy group pg in context ctx1.
Explanation	Failed to remove a shortcut list from an SSL VPN policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERSHORTCUT

Message text	Removed shortcut [STRING] from shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: Shortcut list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSHORTCUT: Removed shortcut shortcut1 from shortcut list scutlist1 in context ctx1.
Explanation	A shortcut was removed from a shortcut list.
Recommended action	No action is required.

SSLVPN_DEL_REFERSHORTCUT_FAILED

Message text	Failed to remove shortcut [STRING] from shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: Shortcut list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSHORTCUT_FAILED: Failed to remove shortcut shortcut1 from shortcut list scutlist1 in context ctx1.
Explanation	Failed to remove a shortcut from a shortcut list.
Recommended action	No action is required.

SSLVPN_DEL_REFERSNATPOOL

Message text	Deleted the SNAT pool used in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSNATPOOL: Deleted the SNAT pool used in context ctx1.
Explanation	The SNAT address pool configuration was removed from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_REFERSNATPOOL_FAILED

Message text	Failed to delete the SNAT pool used in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERSNATPOOL_FAILED: Failed to delete the SNAT pool used in context cxt1.
Explanation	Failed to remove the SNAT address pool configuration from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_REFERTCPACL

Message text	Deleted TCP access filter in policy group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERTCPACL: Deleted TCP access filter in policy group pgroup in context ctx1.
Explanation	The TCP access filtering configuration was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERTCPACL_FAILED

Message text	Failed to delete TCP access filter in policy group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERTCPACL_FAILED: Failed to delete TCP access filter in policy group pgroup in context ctx1.
Explanation	Failed to remove the TCP access filtering configuration from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERURIACL

Message text	Deleted [STRING] access filter URI ACL from policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN access mode. Options are: · IP access. · Web access. · TCP access. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURIACL: Deleted IP access filter URI ACL from policy group pgroup in context ctx1.
Explanation	The URI ACL used for IP, Web, or TCP access filtering was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERURIACL_FAILED

Message text	Failed to delete [STRING] access filter URI ACL from policy group [STRING] in context [STRING].
Variable fields	$1: SSL VPN access mode. Options are: · IP access. · Web access. · TCP access. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURIACL_FAILED: Failed to delete IP access filter URI ACL from policy group pgroup in context ctx1.
Explanation	Failed to remove the URI ACL used for IP, Web, or TCP access filtering from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERURLITEM

Message text	Deleted URL item [STRING] from URL list [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: URL list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURLITEM: Deleted URL item item1 from URL list list1 in context ctx1.
Explanation	Removed a URL item from a URL list.
Recommended action	No action is required.

SSLVPN_DEL_REFERURLITEM_FAILED

Message text	Failed to delete URL item [STRING] from URL list [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: URL list name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURLITEM_FAILED: Failed to delete URL item item1 from URL list list1 in context ctx1.
Explanation	Failed to remove a URL item from a URL list.
Recommended action	No action is required.

SSLVPN_DEL_REFERURLLIST

Message text	Deleted URL list [STRING] used by policy-group [STRING] in context [STRING].
Variable fields	$1: URL list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURLLIST: Deleted URL list urllist used by policy-group pg in context ctx1.
Explanation	A URL list was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERURLLIST_FAILED

Message text	Failed to delete URL list [STRING] used by policy-group [STRING] in context [STRING]
Variable fields	$1: URL list name. $2: Policy group name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERURLLIST_FAILED: Failed to delete URL list urllist used by policy-group pg in context ctx1.
Explanation	Failed to remove a URL list from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERWEBACL

Message text	Deleted Web access filter in policy group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERWEBACL: Deleted Web access filter in policy group pgroup in context ctx1.
Explanation	The Web access filtering configuration was removed from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REFERWEBACL_FAILED

Message text	Failed to delete Web access filter in policy group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REFERWEBACL_FAILED: Failed to delete Web access filter in policy group pgroup in context ctx1
Explanation	Failed to remove the Web access filtering configuration from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_REWRITE_RULE

Message text	Deleted rewrite rule [STRING] from file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REWRITE_RULE: Deleted rewrite rule rw from file policy fp in context ctx.
Explanation	A rewrite rule was deleted.
Recommended action	No action is required.

SSLVPN_DEL_REWRITE_RULE_FAILED

Message text	Failed to delete rewrite rule [STRING] from file policy [STRING] in context [STRING].
Variable fields	$1: Rewrite rule name. $2: File policy name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_REWRITE_RULE_FAILED: Failed to delete rewrite rule rw from file policy fp in context ctx.
Explanation	Failed to delete a rewrite rule.
Recommended action	No action is required.

SSLVPN_DEL_ROUTELIST

Message text	Deleted IP-route-list [STRING] in context [STRING].
Variable fields	$1: Route list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_ROUTELIST: Deleted IP-route-list rtlist in context ctx1.
Explanation	A route list was deleted from an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DEL_ROUTELIST_FAILED

Message text	Failed to delete IP-route-list [STRING] in context [STRING]
Variable fields	$1: Route list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_ROUTELIST_FAILED: Failed to delete IP-route-list rtlist in context ctx1.
Explanation	Failed to delete a route list from an SSL VPN context,
Recommended action	No action is required.

SSLVPN_DEL_ROUTEREFER

Message text	Deleted access routes in policy-group [STRING] in context [STRING].
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_ROUTEREFER: Deleted access routes in policy-group pg in context ctx.
Explanation	Access routes were deleted from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_ROUTEREFER_FAILED

Message text	Failed to delete access routes in policy-group [STRING] in context [STRING]
Variable fields	$1: Policy group name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_ROUTEREFER_FAILED: Failed to delete access routes in policy-group pg in context ctx.
Explanation	Failed to delete access routes from a policy group.
Recommended action	No action is required.

SSLVPN_DEL_SERVERURL

Message text	Deleted URL [STRING] from URL item [STRING] in context [STRING].
Variable fields	$1: URL string. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SERVERURL: Deleted URL www.abc.com from URL item item1 in context ctx1.
Explanation	Deleted the URL configuration from a URL item.
Recommended action	No action is required.

SSLVPN_DEL_SERVERURL_FAILED

Message text	Failed to delete URL [STRING] from URL item [STRING] in context [STRING].
Variable fields	$1: URL string. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SERVERURL_FAILED: Failed to delete URL www.abc.com from URL item item1 in context ctx1.
Explanation	Failed to delete the URL configuration from a URL item.
Recommended action	No action is required.

SSLVPN_DEL_SHORTCUT

Message text	Deleted shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SHORTCUT: Deleted shortcut shortcut1 in context ctx1.
Explanation	A shortcut was deleted.
Recommended action	No action is required.

SSLVPN_DEL_SHORTCUT_FAILED

Message text	Failed to delete shortcut [STRING] in context [STRING].
Variable fields	$1: Shortcut name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SHORTCUT_FAILED: Failed to delete shortcut shortcut1 in context ctx1.
Explanation	Failed to delete a shortcut.
Recommended action	No action is required.

SSLVPN_DEL_SHORTCUTLIST

Message text	Deleted shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SHORTCUTLIST: Deleted shortcut list scutlist1 in context ctx1.
Explanation	A shortcut list was deleted.
Recommended action	No action is required.

SSLVPN_DEL_SHORTCUTLIST_FAILED

Message text	Failed to delete shortcut list [STRING] in context [STRING].
Variable fields	$1: Shortcut list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SHORTCUTLIST_FAILED: Failed to delete shortcut list scutlist1 in context ctx1.
Explanation	Failed to delete a shortcut list.
Recommended action	No action is required.

SSLVPN_DEL_SNATPOOL

Message text	Deleted SSL VPN SNAT pool [STRING].
Variable fields	$1: SNAT pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SNATPOOL: Deleted SSL VPN SNAT pool sp1.
Explanation	A SNAT address pool was deleted.
Recommended action	No action is required.

SSLVPN_DEL_SNATPOOL_FAILED

Message text	Failed to delete SSL VPN SNAT pool [STRING].
Variable fields	$1: SNAT pool name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_SNATPOOL_FAILED: Failed to delete SSL VPN SNAT pool sp1.
Explanation	Failed to delete a SNAT address pool.
Recommended action	No action is required.

SSLVPN_DEL_URIACL

Message text	Deleted URI ACL [STRING] in context [STRING].
Variable fields	$1: URI ACL name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URIACL: Deleted URI ACL uacl in context ctx1.
Explanation	A URI ACL was deleted.
Recommended action	No action is required.

SSLVPN_DEL_URIACL_FAILED

Message text	Failed to delete URI ACL [STRING] in context [STRING].
Variable fields	$1: URI ACL name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URIACL_FAILED: Failed to delete URI ACL uacl in context ctx1.
Explanation	Failed to delete a URI ACL.
Recommended action	No action is required.

SSLVPN_DEL_URIACL_RULE

Message text	Deleted rule [UINT32] from URI ACL [STRING] in context [STRING].
Variable fields	$1: Rule ID. $2: URI ACL name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URIACL_RULE: Deleted rule 5 from URI ACL uacl in context ctx1.
Explanation	A rule was deleted from a URI ACL.
Recommended action	No action is required.

SSLVPN_DEL_URIACL_RULE_FAILED

Message text	Failed to delete rule [UINT32] from URI ACL [STRING] in context [STRING].
Variable fields	$1: Rule ID. $2: URI ACL name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URIACL_RULE_FAILED: Failed to delete rule 5 from URI ACL uacl in context ctx1.
Explanation	Failed to delete a rule from a URI ACL.
Recommended action	No action is required.

SSLVPN_DEL_URL

Message text	Deleted the URL configuration for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URL: Deleted the URL configuration for file policy fp1 in context ctx1.
Explanation	The file URL configuration was deleted for a file policy.
Recommended action	No action is required.

SSLVPN_DEL_URL_FAILED

Message text	Failed to delete the URL configuration for file policy [STRING] in context [STRING].
Variable fields	$1: File policy name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URL_FAILED: Failed to delete the URL configuration for file policy fp1 in context ctx1.
Explanation	Failed to delete the file URL configuration for a file policy.
Recommended action	No action is required.

SSLVPN_DEL_URLITEM

Message text	Deleted URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLITEM: Deleted URL item item1 in context ctx1.
Explanation	Deleted a URL item.
Recommended action	No action is required.

SSLVPN_DEL_URLITEM_FAILED

Message text	Failed to delete URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLITEM_FAILED: Failed to delete URL item item1 in context ctx1.
Explanation	Failed to delete a URL item.
Recommended action	No action is required.

SSLVPN_DEL_URLLIST

Message text	Deleted URL list [STRING] in context [STRING].
Variable fields	$1: URL list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLLIST: Deleted URL list urllist in context ctx1.
Explanation	A URL list was deleted.
Recommended action	No action is required.

SSLVPN_DEL_URLLIST_FAILED

Message text	Failed to delete URL list [STRING] in context [STRING]
Variable fields	$1: URL list name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLLIST_FAILED: Failed to delete URL list urllist in context ctx1.
Explanation	Failed to delete a URL list.
Recommended action	No action is required.

SSLVPN_DEL_URLMAPPING

Message text	Deleted URL mapping from URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLMAPPING: Deleted URL mapping from URL item item1 in context ctx1.
Explanation	Removed the URL mapping configuration from a URL item.
Recommended action	No action is required.

SSLVPN_DEL_URLMAPPING_FAILED

Message text	Failed to delete URL mapping from URL item [STRING] in context [STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_URLMAPPING_FAILED: Failed to delete URL mapping from URL item item1 in context ctx1.
Explanation	Failed to remove the URL mapping configuration from a URL item.
Recommended action	No action is required.

SSLVPN_DEL_USER

Message text	Deleted user [STRING] in context [STRING].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_USER: Deleted user user1 in context ctx1.
Explanation	An SSL VPN user was deleted.
Recommended action	No action is required.

SSLVPN_DEL_USER_FAILED

Message text	Failed to delete user [STRING] in context [STRING].
Variable fields	$1: SSL VPN username. $2: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DEL_USER_FAILED: Failed to delete user user1 in context ctx1.
Explanation	Failed to delete an SSL VPN user.
Recommended action	No action is required.

SSLVPN_DISABLE_CONTEXT

Message text	Disabled service in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_CONTEXT: Disabled service in context ctx1.
Explanation	An SSL VPN context was disabled.
Recommended action	No action is required.

SSLVPN_DISABLE_CONTEXT_FAILED

Message text	Failed to disable service in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_CONTEXT_FAILED: Failed to disable service in context ctx1.
Explanation	Failed to disable an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_CRTAUTH

Message text	Disabled certificate-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_CRTAUTH: Disabled certificate-authentication in context ctx1.
Explanation	Certificate authentication was disabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_CRTAUTH_FAILED

Message text	Failed to disable certificate-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_CRTAUTH_FAILED: Failed to disable certificate-authentication in context ctx1.
Explanation	Failed to disable certificate authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_DYNAMICPWD

Message text	Disabled dynamic-password in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_DYNAMICPWD: Disabled dynamic-password in context ctx1.
Explanation	Dynamic password verification was disabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_DYNAMICPWD_FAILED

Message text	Failed to disable dynamic-password in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_DYNAMICPWD_FAILED: Failed to disable dynamic-password in context ctx1.
Explanation	Failed to disable dynamic password verification in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_GATEWAY

Message text	Disabled service in gateway [STRING].
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_GATEWAY: Disabled service in gateway gw1.
Explanation	An SSL VPN gateway was disabled.
Recommended action	No action is required.

SSLVPN_DISABLE_GATEWAY_FAILED

Message text	Failed to disable service in gateway [STRING]
Variable fields	$1: SSL VPN gateway name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_GATEWAY_FAILED: Failed to disable service in gateway gw1.
Explanation	Failed to disable an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_DISABLE_GLOBAL_LOG

Message text	Disabled SSL VPN logging globally.
Variable fields	No action is required.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_GLOBAL_LOG: Disabled SSL VPN logging globally.
Explanation	The SSL VPN global logging feature was disabled.
Recommended action	No action is required.

SSLVPN_DISABLE_GLOBAL_LOG_FAILED

Message text	Failed to disable SSL VPN logging globally.
Variable fields	No action is required.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_GLOBAL_LOG_FAILED: Failed to disable SSL VPN logging globally.
Explanation	Failed to disable the SSL VPN global logging feature.
Recommended action	No action is required.

SSLVPN_DISABLE_IPTNL_LOG_FAIL

Message text	Failed to disable IP tunnel access logging in context [STRING]. Log type is [STRING].
Variable fields	$1: SSL VPN context name. $2: Log type: · CONNECTION-CLOSE. · PACKET-DROP.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_IPTNL_LOG_FAIL: Failed to disable IP tunnel access logging in context ctx1. Log type is CONNECTION-CLOSE.
Explanation	Failed to disable logging for IP access connection close events or IP access packet drop events.
Recommended action	No action is required.

SSLVPN_DISABLE_IPTNL_LOG

Message text	Disabled IP tunnel access logging in context [STRING]. Log type is [STRING].
Variable fields	$1: SSL VPN context name. $2: Log type: · CONNECTION-CLOSE. · PACKET-DROP.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_IPTNL_LOG: Disabled IP tunnel access logging in context ctx1. Log type is CONNECTION-CLOSE.
Explanation	Disabled logging for IP access connection close events or IP access packet drop events.
Recommended action	No action is required.

SSLVPN_DISABLE_PWDAUTH

Message text	Disabled password-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_PWDAUTH: Disabled password-authentication in context ctx1.
Explanation	Disabled password authention in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_PWDAUTH_FAILED

Message text	Failed to disable password-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_PWDAUTH_FAILED: Failed to disable password-authentication in context ctx1.
Explanation	Failed to disable password authention in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_SMSIMC

Message text	Disabled IMC SMS message authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_SMSIMC: Disabled IMC SMS message authentication in context ctx1.
Explanation	IMC SMS message authentication was disabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_SMSIMC_FAILED

Message text	Failed to disable IMC SMS message authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_SMSIMC_FAILED: Failed to disable IMC SMS message authentication in context ctx1.
Explanation	Failed to disable IMC SMS message authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_VERIFYCODE

Message text	Disabled code verification in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_VERIFYCODE: Disabled code verification in context ctx1.
Explanation	Code verification was disabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DISABLE_VERIFYCODE_FAILED

Message text	Failed to disable code verification in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_DISABLE_VERIFYCODE_FAILED: Failed to disable code verification in context ctx1.
Explanation	Failed to disable code verification in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_DOMAIN_URLMAPPING

Message text	Configured domain mapping for URL item [STRING] in context [STRING]: mapped domain name=[STRING], URL rewriting=[STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name. $3: Mapped domain name. $4: Whether absolute path rewriting is enabled. Options are: · enabled. · disabled.
Severity level	6
Example	SSLVPN/6/SSLVPN_DOMAIN_URLMAPPING: Configured domain mapping for URL item item1 in context ctx1: mapped domain name=www.abc.com, URL rewriting=enabled.
Explanation	Configured the domain mapping method for the URL in a URL item.
Recommended action	No action is required.

SSLVPN_DOMAIN_URLMAPPING_FAILED

Message text	Failed to configure domain mapping for URL item [STRING] in context [STRING]: mapped domain name=[STRING], URL rewriting=[STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name. $3: Mapped domain name. $4: Whether absolute path rewriting is enabled. Options are: · enabled. · disabled.
Severity level	6
Example	SSLVPN/6/SSLVPN_DOMAIN_URLMAPPING_FAILED: Failed to configure domain mapping for URL item item1 in context ctx1: mapped domain name=www.abc.com, URL rewriting=enabled.
Explanation	Failed to configure the domain mapping method for the URL in a URL item.
Recommended action	No action is required.

SSLVPN_ENABLE_CONTEXT

Message text	Enabled service in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_CONTEXT: Enabled service in context ctx1.
Explanation	An SSL VPN context was enabled.
Recommended action	No action is required.

SSLVPN_ENABLE_CONTEXT_FAILED

Message text	Failed to enable service in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_CONTEXT_FAILED: Failed to enable service in context ctx1.
Explanation	Failed to enable an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_CRTAUTH

Message text	Enabled certificate-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_CRTAUTH: Enabled certificate-authentication in context ctx1.
Explanation	Certification authentication was enabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_CRTAUTH_FAILED

Message text	Failed to enable certificate-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_CRTAUTH_FAILED: Failed to enable certificate-authentication in context ctx1.
Explanation	Failed to enable certification authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_DYNAMICPWD

Message text	Enabled dynamic-password in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_DYNAMICPWD: Enabled dynamic password verification in context ctx1.
Explanation	Dynamic password verification was enabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_DYNAMICPWD_FAILED

Message text	Failed to enable dynamic-password in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_DYNAMICPWD_FAILED: Failed to enable dynamic-password in context ctx1.
Explanation	Failed to enable dynamic password verification in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_FORCELOGOUT

Message text	Enabled force logout in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_FORCELOGOUT: Enabled force logout in context ctx1.
Explanation	The force logout feature was enabled. When a login is attempted but logins using the account reach the limit, this feature logs out a user using that account to allow the new login.
Recommended action	No action is required.

SSLVPN_ENABLE_FORCELOGOUT_FAILED

Message text	Failed to enable force logout in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_FORCELOGOUT_FAILED: Failed to enable force logout in context ctx1.
Explanation	Failed to enable the force logout feature. When a login is attempted but logins using the account reach the limit, this feature logs out a user using that account to allow the new login.
Recommended action	No action is required.

SSLVPN_ENABLE_GATEWAY

Message text	Enabled service in gateway [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_GATEWAY: Enabled service in gateway gw1.
Explanation	An SSL VPN gateway was enabled.
Recommended action	No action is required.

SSLVPN_ENABLE_GATEWAY_FAILED

Message text	Failed to enable service in gateway [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_GATEWAY_FAILED: Failed to enable service in gateway gw1.
Explanation	Failed to enable an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_ENABLE_GLOBAL_LOG

Message text	Enabled SSL VPN logging globally.
Variable fields	No action is required.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_GLOBAL_LOG: Enabled SSL VPN logging globally.
Explanation	The SSL VPN global logging feature was enabled.
Recommended action	No action is required.

SSLVPN_ENABLE_GLOBAL_LOG_FAILED

Message text	Failed to enable SSL VPN logging globally.
Variable fields	No action is required.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_GLOBAL_LOG_FAILED: Failed to enable SSL VPN logging globally.
Explanation	Failed to enable the SSL VPN global logging feature.
Recommended action	No action is required.

SSLVPN_ENABLE_IPTNL_LOG

Message text	Enabled IP tunnel access logging in context [STRING]. Log type is [STRING].
Variable fields	$1: SSL VPN context name. $2: Log type: · CONNECTION-CLOSE. · PACKET-DROP.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_IPTNL_LOG: Enabled IP tunnel access logging in context ctx1. Log type is CONNECTION-CLOSE.
Explanation	Enabled logging for IP access connection close events or IP access packet drop events.
Recommended action	No action is required.

SSLVPN_ENABLE_IPTNL_LOG_FAIL

Message text	Failed to enable IP tunnel access logging in context [STRING]. Log type is [STRING].
Variable fields	$1: SSL VPN context name. $2: Log type: · CONNECTION-CLOSE. · PACKET-DROP.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_IPTNL_LOG_FAIL: Failed to enable IP tunnel access logging in context ctx1. Log type is CONNECTION-CLOSE.
Explanation	Failed to enable logging for IP access connection close events or IP access packet drop events.
Recommended action	No action is required.

SSLVPN_ENABLE_PWDAUTH

Message text	Enabled password-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_PWDAUTH: Enabled password-authentication in context ctx1.
Explanation	Password authentication was enabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_PWDAUTH_FAILED

Message text	Failed to enable password-authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_PWDAUTH_FAILED: Failed to enable password-authentication in context ctx1.
Explanation	Failed to enable password authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_SMSIMC

Message text	Enabled IMC SMS message authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_SMSIMC: Enabled IMC SMS message authentication in context ctx1.
Explanation	IMC SMS message authentication was enabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_SMSIMC_FAILED

Message text	Failed to enable IMC SMS message authentication in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_SMSIMC_FAILED: Failed to enable IMC SMS message authentication in context ctx1.
Explanation	Failed to enable IMC SMS message authentication in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_VERIFYCODE

Message text	Enabled code verification in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_VERIFYCODE: Enabled code verification in context ctx1.
Explanation	Code verification was enabled in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_ENABLE_VERIFYCODE_FAILED

Message text	Failed to enable code verification in context [STRING]
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_ENABLE_VERIFYCODE_FAILED: Failed to enable code verification in context ctx1.
Explanation	Failed to enable code verification in an SSL VPN context.
Recommended action	No action is required.

SSLVPN_IP_RESOURCE_DENY

Message text	User [STRING] of context [STRING] from [STRING] denied to access [STRING]:[STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: IP address of the requested resource. $5: Port number of the requested resource.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IP_RESOURCE_DENY: User abc of context ctx1 from 192.168.200.130 denied to access 10.1.1.255:137.
Explanation	A user was denied access to specific IP resources, possibly caused by ACL-based access filtering.
Recommended action	Verify that access to the requested resource is not denied by the ACL rules used for IP access filtering.

SSLVPN_IP_RESOURCE_FAILED

Message text	User [STRING] of context [STRING] from [STRING] failed to access [STRING]:[STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: IP address of the requested resource. $5: Port number of the requested resource.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IP_RESOURCE_FAILED: User abc of context ctx1 from 192.168.200.130 failed to access 10.1.1.255:137.
Explanation	A user failed to access IP resources, possibly caused by network problems.
Recommended action	Verify that a route is available to reach the requested IP resource.

SSLVPN_IP_RESOURCE_PERMIT

Message text	User [STRING] of context [STRING] from [STRING] permitted to access [STRING]:[STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: IP address of the requested resource. $5: Port number of the requested resource.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IP_RESOURCE_PERMIT: User abc of context ctx1 from 192.168.200.130 permitted to access 10.1.1.255:137.
Explanation	A user accessed IP resources.
Recommended action	No action is required.

SSLVPN_IPAC_CONN_CLOSE

Message text	IP connection was [STRING]. Reason: [STRING].
Variable fields	$1: Connection close type. Options are: · closed. · aborted. $2: Reason why the connection was closed. Options are: · User logout. · Failure to find peer. · Handshake failed. · Change of IP address pool. · Failure to receive data. · Local retransmission timeout. · Local keepalive timeout. · Local probe timeout. · Received FIN from peer. · Received RST from peer. · No authorized policy group. · Allocated address was bound to another user. · Failure to update client configuration. · Deleted old peer. · Other.
Severity level	6
Example	SSLVPNK/6/SSLVPN_IPAC_CONN_CLOSE: IP connection was closed. Reason: User logout.
Explanation	The reason for the close of an IP connection was logged.
Recommended action	No action is required.

SSLVPN_IPAC_PACKET_DROP

Message text	Dropped [STRING] IP connection [STRING] packets in context [STRING]. Reason: [STRING].
Variable fields	$1: Number of dropped packets. $2: Dropped packet type: · request. · reply. $3: SSL VPN context name. $4: Reason for the packet drop: · Context rate limit. · Buffer insufficient.
Severity level	6
Example	SSLVPN/6/SSLVPN_IPAC_PACKET_DROP: Dropped 5 IP connection request packets in context ctx1. Reason: Context rate limit.
Explanation	The reason for IP access packet drop was logged.
Recommended action	No action is required.

SSLVPN_PORT_URLMAPPING

Message text	Configured port mapping for URL item [STRING] in context [STRING]: mapped gateway name=[STRING], virtual host name=[STRING], URL rewriting=[STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name. $3: Mapped SSL VPN gateway name. $4: Virtual host name. $5: Whether absolute path rewriting is enabled. Options are: · enabled. · disabled.
Severity level	6
Example	SSLVPN/6/SSLVPN_PORT_URLMAPPING: Configured port mapping for URL item item1 in context ctx1: mapped gateway name=www.abc.com, virtual host name=vhost1, URL rewriting=enabled.
Explanation	Configured the port mapping method for the URL in a URL item.
Recommended action	No action is required.

SSLVPN_PORT_URLMAPPING_FAILED

Message text	Failed to configure port mapping for URL item [STRING] in context [STRING]: mapped gateway name=[STRING], virtual host name=[STRING], URL rewriting=[STRING].
Variable fields	$1: URL item name. $2: SSL VPN context name. $3: Mapped SSL VPN gateway name. $4: Virtual host name. $5: Whether absolute path rewriting is enabled. Options are: · enabled. · disabled.
Severity level	6
Example	SSLVPN/6/SSLVPN_PORT_URLMAPPING_FAILED: Failed to configure port mapping for URL item item1 in context ctx1: mapped gateway name=gw1, virtual host name=vhost1, URL rewriting=enabled.
Explanation	Failed to configure the port mapping method for the URL in a URL item.
Recommended action	No action is required.

SSLVPN_SERVICE_UNAVAILABLE

Message text	SSL VPN service was unavailable. Reason: [STRING].
Variable fields	$1: Reason why the SSL VPN service was unavailable. Options are: · SSL VPN context not enabled. · No available SSL VPN contexts.
Severity level	6
Example	SSLVPNK/6/SSLVPN_SERVICE_UNAVAILABLE: SSL VPN service was unavailable. Reason: SSL VPN context not enabled.
Explanation	The reason for the unavailability of an SSL VPN service was logged.
Recommended action	If the reason is SSL VPN context not enabled, enter SSL VPN context view and use the service enable command to enable the context. If the reason is No available SSL VPN contexts, verify that the SSL VPN gateway to which the user is connected is associated with SSL VPN contexts.

SSLVPN_TCP_RESOURCE_DENY

Message text	User [STRING] of context [STRING] from [STRING] denied to access [STRING]:[STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: Address of the remote server. $5: Port number of the remote server. $6: IP address of the remote server. $7: Port number of the remote server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_TCP_RESOURCE_DENY: User abc of context ctx1 from 192.168.200.130 denied to access 10.1.1.255:137 (server-IP=10.1.1.255,port-number=137).
Explanation	A user was denied access to specific TCP resources, possibly caused by ACL-based access filtering.
Recommended action	Verify that access to the requested resource is not denied by the ACL rules used for TCP access filtering.

SSLVPN_TCP_RESOURCE_FAILED

Message text	User [STRING] of context [STRING] from [STRING] failed to access [STRING]:[STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: IP address of the remote server. $5: Port number of the remote server. $6: IP address of the remote server. $7: Port number of the remote server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_TCP_RESOURCE_FAILED: User abc of context ctx1 from 192.168.200.130 failed to access 10.1.1.255:137 (server-IP=10.1.1.255,port-number=137).
Explanation	A user failed to access TCP resources, possibly caused by network problems or DNS resolution failures.
Recommended action	262. Verify that a route is available to reach the requested TCP resource. 263. Verify that a DNS server is available for domain name resolution.

SSLVPN_TCP_RESOURCE_PERMIT

Message text	User [STRING] of context [STRING] from [STRING] permitted to access [STRING]:[STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: Address of the remote server. $5: Port number of the remote server. $6: IP address of the remote server. $7: Port number of the remote server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_TCP_RESOURCE_PERMIT: User abc of context ctx1 from 192.168.200.130 permitted to access 10.1.1.255:137 (server-IP=10.1.1.255,port-number=137).
Explanation	A user accessed TCP resources.
Recommended action	No action is required.

SSLVPN_UNDO_FORCELOGOUT

Message text	Disabled force logout in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_UNDO_FORCELOGOUT: Disabled force logout in context ctx1.
Explanation	The force logout feature was disabled. When a login is attempted but logins using the account reach the limit, this feature logs out a user using that account to allow the new login.
Recommended action	No action is required.

SSLVPN_UNDO_FORCELOGOUT_FAILED

Message text	Failed to disable force logout in context [STRING].
Variable fields	$1: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_UNDO_FORCELOGOUT_FAILED: Failed to disable force logout in context ctx1.
Explanation	Failed to disable the force logout feature. When a login is attempted but logins using the account reach the limit, this feature logs out a user using that account to allow the new login.
Recommended action	No action is required.

SSLVPN_URLITEM_ADD_URIACL

Message text	Specified URI ACL [STRING] for URL item [STRING] in context [STRING].
Variable fields	$1: URI ACL used by the URL item. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_URLITEM_ADD_URIACL: Specified URI ACL uriacl1 for URL item item1 in context ctx1.
Explanation	Specified a URI ACL for a URL item.
Recommended action	No action is required.

SSLVPN_URLITEM_ADD_URIACL_FAILED

Message text	Failed to specify URI ACL [STRING] for URL item [STRING] in context [STRING].
Variable fields	$1: URI ACL used by the URL item. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_URLITEM_ADD_URIACL_FAILED: Failed to specify URI ACL uriacl1 for URL item item1 in context ctx1.
Explanation	Failed to specify a URI ACL for a URL item.
Recommended action	No action is required.

SSLVPN_URLITEM_DEL_URIACL

Message text	Removed URI ACL [STRING] from URL item [STRING] in context [STRING].
Variable fields	$1: URI ACL used by the URL item. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_URLITEM_DEL_URIACL: Removed URI ACL uriacl1 from URL item item1 in context ctx1.
Explanation	Removed the URI ACL configuration from a URL item.
Recommended action	No action is required.

SSLVPN_URLITEM_DEL_URIACL_FAILED

Message text	Failed to remove URI ACL [STRING] from URL item [STRING] in context [STRING].
Variable fields	$1: URI ACL used by the URL item. $2: URL item name. $3: SSL VPN context name.
Severity level	6
Example	SSLVPN/6/SSLVPN_URLITEM_DEL_URIACL_FAILED: Failed to remove URI ACL uriacl1 from URL item item1 in context ctx1.
Explanation	Failed to remove the URI ACL configuration from a URL item.
Recommended action	No action is required.

SSLVPN_USER_LOGIN

Message text	User [STRING] of context [STRING] logged in from [STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address.
Severity level	5
Example	SSLVPN/5/SSLVPN_USER_LOGIN: User abc of context ctx logged in from 192.168.200.31.
Explanation	A user logged in to an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_USER_LOGINFAILED

Message text	User [STRING] of context [STRING] failed to log in from [STRING]. Reason: [STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: Reason for the login failure: · Authentication failed. · Authorization failed. · Accounting failed. · Number of online users exceeded the limit. · Failed to get SMS message code from iMC server. · Maximum number of concurrent online connections for the user already reached. · Login timed out. · The authentication server is not reachable. · The authorization server is not reachable. · The accounting server is not reachable. · Other.
Severity level	5
Example	SSLVPN/5/SSLVPN_USER_LOGINFAILED: User abc of context ctx failed to log in from 192.168.200.31.
Explanation	A user failed to log in to an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_USER_LOGOUT

Message text	User [STRING] of context [STRING] logged out from [STRING]. Reason: [STRING].
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: Reason for user logout: · Idle timeout. · A logout request was received from the Web browser. · A logout request was received from the client. · Forced logout. · A new login was attempted and logins using the account reach the maximum. · Accounting update failed. · Accounting session timed out. · Interface went down. · ADM request was received. · Idle cut for traffic not reach the minimum required amount.
Severity level	5
Example	SSLVPN/5/SSLVPN_USER_LOGOUT: User abc of context ctx logged out from 192.168.200.31. Reason: A logout request was received from the Web browser.
Explanation	A user logged out of an SSL VPN gateway.
Recommended action	No action is required.

SSLVPN_USER_NUMBER

Message text	The number of SSL VPN users reached the upper limit.
Variable fields	None.
Severity level	6
Example	SSLVPN/6/SSLVPN_USER_NUMBER: The number of SSL VPN users reached the upper limit.
Explanation	The number of SSL VPN users reached the upper limit.
Recommended action	No action is required.

SSLVPN_WEB_RESOURCE_DENY

Message text	User [STRING] of context [STRING] from [STRING] denied to access [STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: URL of the requested resource. $5: IP address of the Web server that provides the requested resource. $6: Port number of the Web server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_WEB_RESOURCE_DENY: User abc of context ctx1 from 192.168.200.130 denied to access http://192.168.0.2:80/ (server-IP=192.168.0.2,port-number=80).
Explanation	A user was denied access to specific Web resources, possibly caused by ACL-based access filtering.
Recommended action	Verify that access to the requested resource is not denied by the ACL rules used for Web access filtering.

SSLVPN_WEB_RESOURCE_FAILED

Message text	User [STRING] of context [STRING] from [STRING] failed to access [STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: URL of the requested resource. $5: IP address of the Web server that provides the requested resource. $6: Port number of the Web server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_WEB_RESOURCE_FAILED: User abc of context ctx1 from 192.168.200.130 failed to access http://192.168.0.2:80/ (server-IP=192.168.0.2,port-number=80).
Explanation	A user failed to access Web resources, possibly caused by network problems or DNS resolution failures.
Recommended action	264. Verify that a route is available to reach the requested Web resource. 265. Verify that a DNS server is available for domain name resolution.

SSLVPN_WEB_RESOURCE_PERMIT

Message text	User [STRING] of context [STRING] from [STRING] permitted to access [STRING] (server-IP=[STRING],port-number=[STRING]).
Variable fields	$1: Username. $2: SSL VPN context name. $3: User IP address. $4: URL of the requested resource. $5: IP address of the Web server that provides the requested resource. $6: Port number of the Web server.
Severity level	6
Example	SSLVPNK/6/SSLVPN_WEB_RESOURCE_PERMIT: User abc of context ctx1 from 192.168.200.130 permitted to access http://192.168.0.2:80/ (server-IP=192.168.0.2,port-number=80).
Explanation	A user accessed Web resources.
Recommended action	No action is required.

STAMGR messages

This section contains station management messages.

STAMGR_ADD_FAILVLAN

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]; Added a user to the Fail VLAN [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ID of the Fail VLAN.
Severity level	5
Example	STAMGR/5/STAMGR_ADD_FAILVLAN:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2; Added a user to the Fail VLAN 5.
Explanation	The client failed to pass the authentication and was assigned to the Auth-Fail VLAN.
Recommended action	No action is required.

STAMGR_ADDBAC_INFO

Message text	Add BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	STAMGR/6/STAMGR_ADDBAC_INFO: Add BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was connected to the master AC.
Recommended action	No action is required.

STAMGR_ADDSTA_INFO

Message text	Add client [STRING].
Variable fields	$1: MAC address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_ADDSTA_INFO: Add client 3ce5-a616-28cd.
Explanation	The client was connected to the BAS AC.
Recommended action	No action is required.

STAMGR_AUTHORACL_FAILURE

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]; Failed to assign an ACL [STRING]. Reason: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ACL number. $6: Reason: · The ACL doesn't exist. · This type of ACL is not supported. · The memory resource is not enough. · The ACL conflicts with other ACLs. · The ACL doesn't contain any rules. · The OpenFlow tunnel was not established. · The OpenFlow table is full. · Unknown reason. Error code code was returned.
Severity level	5
Example	STAMGR/5/STAMGR_AUTHORACL_FAILURE:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2; Failed to assign an ACL 2000. Reason: The ACL doesn’t exist.
Explanation	The authentication server failed to assign an ACL to the client.
Recommended action	No action is required.

STAMGR_AUTHORUSERPROFILE_FAILURE

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]; Failed to assign user profile [STRING]. Reason: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: Name of the authorization user profile. $6: Failure cause: · The user profile doesn’t exist. · No user profiles are created on the device. · The memory resource is not enough. · The OpenFlow tunnel was not established. · Unknown reason. Error code code was returned.
Severity level	5
Example	STAMGR/5/STAMGR_AUTHORUSERPROFILE_FAILURE:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2; Failed to assign user profile aaa. Reason: No user profiles are created on the device.
Explanation	The authentication server failed to assign a user profile to the client.
Recommended action	No action is required.

STAMGR_BSS_FAILURE

Message text	-APID=[STRING]-RadioID=[STRING]-WLANID=[STRING]-ST Name=[STRING]; The number of BSSs exceeded the upper limit.
Variable fields	$1: AP ID. $2: Radio ID. $3: WLAN ID. $4: Service template name.
Severity level	6
Example	STAMGR/6/SERVICE_BSS_FAILURE: -APID=1-RadioID=2-WLANID=3-ST Name=1; The number of BSSs exceeded the upper limit.
Explanation	The number of AP radios using this service template has exceeded the upper limit.
Recommended action	No action is required.

STAMGR_CLIENT_FAILURE

Message text	Client [STRING] failed to come online from BSS [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. Reason: [STRING].
Variable fields	$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: Reasons for the client's failure to come online. Table 9 describes the possible reasons.
Severity level	5
Example	STAMGR/6/STAMGR_CLIENT_FAILURE: Client 3303-c2af-b8d2 failed to come online from BSS 0023-12ef-78dc with SSID 1 on AP ap1 Radio ID 2. Reason: Unknown reason.
Explanation	The client failed to come online from the BSS for a specific reason.
Recommended action	To resolve the issue: 266. Check the debugging information to locate the issue and resolve it. 267. If the issue persists, contact H3C Support.

Table 9 Possible failure reasons

Possible reasons
Unknown error.
Failed to process open authentication packet from the client.
Failed to send responses when the AC successfully processed open authentication packet from the client.
Failed to create state timer when the AC received authentication packet in Unauth state.
Failed to refresh state timer when the AC received authentication packet in Unauth state.
Received association packet Unauth state.
Received deauthentication packet with reason code code in Unauth state: · 1—Unknown reason. · 3—Client is removed from BSS and is deauthenticated. · 6—Incorrect frame. · 9—Received association or reassociation request before authentication is complete. · 13—Invalid IE.
Received dissociation packet with reason code code in Unauth state: · 1—Unknown reason. · 2—Prior authentication is invalid. · 4—Inactivity timer expired. · 5—Insufficient resources. · 7—Incorrect frame. · 8—Client is removed from BSS and is disassociated. · 10—Failed to negotiate the Power Capability IE. · 11—BSS management switchover.
Received Auth failure packet in Unauth state.
Received state timer timeout in Unauth state.
Received deauthentication packet with reason code code in Auth state: · 1—Unknown reason. · 3—Client is removed from BSS and is deauthenticated. · 6—Incorrect frame. · 9—Received association or reassociation request before authentication is complete. · 13—Invalid IE.
Received authentication packet with inconsistent authentication algorithm or shared key in Auth state.
Received state timer timeout in Auth state.
Failed to process Add Mobile message when client association succeeded in Auth state.
Received inconsistent authentication algorithm or share key in Userauth state.
Failed to check association request when the AC received association packet in Userauth state.
Failed to process IE when the AC received association packet in Userauth state.
Failed to send association responses when the AC received association packet in Userauth state.
Failed to process Add Mobile message when client association succeeded in Userauth state.
Received deauthentication packet with reason code code in Userauth state: · 1—Unknown reason. · 3—Client is removed from BSS and is deauthenticated. · 6—Incorrect frame. · 9—Received association or reassociation request before authentication is complete. · 13—Invalid IE.
Received dissociation packet with reason code code in Userauth state: · 1—Unknown reason. · 2—Prior authentication is invalid. · 4—Inactivity timer expired. · 5—Insufficient resources. · 7—Incorrect frame. · 8—Client is removed from BSS and is disassociated. · 10—Failed to negotiate the Power Capability IE. · 11—BSS management switchover.
Client authentication failed in Userauth state.
Failed to get backup client data while using AP private data to upgrade client.
Failed to set kernel forwarding table while using AP private data to upgrade client.
Failed to add MAC while using AP private data to upgrade client.
Failed to create keepalive and idle timeout timers while using AP private data to upgrade client.
Failed to set kernel forwarding table while upgrading client without using AP private data.
Failed to add MAC while upgrading client without using AP private data.
Failed to activate client while upgrading client without using AP private data.
Failed to synchronize client information to configuration thread while upgrading client without using AP private data.
Failed to create keepalive and idle timeout timers while upgrading client without using AP private data.
Failed to add MAC during inter-device client smooth creation.
Failed to set kernel forwarding table during inter-device client smooth creation.
Failed to send Add Mobile message during inter-device client smooth creation.
Failed to get AP type during inter-device client smooth creation.
Failed to recover service data while recovering running client data from database.
Failed to synchronize data to service thread while recovering basic client data from database.
Failed to add MAC when hierarchy device received upstream Add Mobile message.
Failed to set kernel forwarding table when hierarchy device received upstream Add Mobile message.
Failed to synchronize upstream message when hierarchy device received upstream Add Mobile message.
Failed to create client when hierarchy device received upstream Add Mobile message.
Failed to add MAC when hierarchy device received downstream Add Mobile message.
Failed to synchronize data to service thread when hierarchy device received downstream Add Mobile message.
Failed to set kernel forwarding table when hierarchy device received downstream Add Mobile message.
Failed to send down add pbss to driver when hierarchy device received downstream Add Mobile message.
Failed to synchronize downstream message when hierarchy device received downstream Add Mobile message.
Failed to create client when hierarchy device received downstream Add Mobile message.
Failed to create interval statistics timer when hierarchy device received downstream Add Mobile message.
Failed to obtain AP private data when hierarchy device received downstream Add Mobile message.
Failed to advertise Add Mobile message.
Failed to activate client when hierarchy device received downstream client state synchronization message.
Failed to get AP type when hierarchy device received downstream client state synchronization message.
Failed to synchronize downstream message when hierarchy device received downstream client state synchronization message.
The radio was in down state when hierarchy device received downstream Add Mobile message.
Hierarchy device failed to process the upstream Add Mobile message.
Hierarchy device failed to process downstream Add Mobile message.
Failed to process service thread during inter-device client smooth creation.
Failed to create client during inter-device smooth.
Failed to process upstream client state synchronization message in Userauth state.
Failed to process downstream client state synchronization message in Userauth state.
Hierarchy device failed to process upstream client state synchronization message.
Hierarchy device failed to process downstream client state synchronization message.
AC received message for deleting the client entry.
Fit AP received message for deleting the client.
Different old and new region codes.
Failed to update IGTK.
Failed to update GTK.
Failed to generate IGTK when the first client came online.
TKIP is used to authenticate all clients.
Channel changed.
BssDelAllSta event logged off client normally.
AP down.
Radio down.
Service template disabled.
Service template unbound.
Created BSS during master AC switchover process.
Updated BSS base information when BSS was in deactive state.
Intrusion protection.
Local AC or AP deleted BSS.
BssDelAllSta event logged off client abnormally.
Received VLAN deleted event.
CM received message for logging off client from AM.
The reset wlan client command was executed to log off the client.
Deleted private data on AP: DBM database recovered.
Failed to synchronize authentication succeeded message downstream.
Client RSSI was lower than the threshold and was decreasing.
Configured whitelist for the first time or executed the reset wlan client all command.
Received client offline websocket message.
WMAC logged off all clients associated with the radio.
Timer for sending deassociation message timed out.
The client is in blacklist or deleted from whitelist.
Client was added to the dynamic blacklist.
Failed to roam out.
Implemented inter-AC roaming for the first time.
Successfully roamed to another BSS.
Failed to roam in.
Roaming process received a message for logging off the client.
Roaming process processed Down event and logged off roam-in clients.
Roaming failure.
Successfully performed roaming but failed to recover authentication data.
Roaming timed out.
Seamless roaming failed.
Logged off clients that performed inter- or intra-AC roaming.
Failed to process AccessCtrlChk. Configure permitted AP group or permitted SSID.
Synchronized client information to process and logged off client.
Failed to synchronize client state to uplink devices.
Local AC or remote AP received Add Mobile message updated BSS and logged off clients.
Upgraded HA and logged off all clients.
Synchronized BSS data during master/backup AC switchover process.
Failed to synchronize service template data during master/backup AC switchover process.
BSS aging timer timed out.
Remote AP deleted non-local forwarding BSS.
Failed to find configuration data when synchronizing data.
BSS was deleted: BSS synchronization examination failed or there was no BSS data to be updated.
Failed to get BSS by using WLAN ID.
Unbound inherited service template.
STAMGR process was down automatically or manually.
Deleted redundant clients.
Failed to process authorized doing nodes.
Authorization failed.
NSS value in Operating Mode Notification Action packet doesn't support mandatory VHT-MCS.
Number of sent SA requests exceeded the permitted threshold.
Local AC came online again and deleted all clients associated with the BSS.
Failed to upgrade hot-backup.
The illegally created BSS was deleted.
Failed to process requests when receiving UserAuth Success message.
Failed to get AP type when receiving UserAuth Successful message.
Failed to notify client of the recovery of basic client data from database.
Failed to recover basic client data from database.
Client already existed when the AC received Auth packet from the client and checked online clients.
Client already existed during FT Over-the-DS authentication.
SKA authentication failed.
Deadline timer timed out during FT authentication.
Failed to send the response for the successful shared key authentication to the client.
Failed to get FT data during FT authentication.
FT authentication was performed and BSS does not support FT.
Failed to process FT authentication-success result.
Failed to process FT authentication.
Maximum number of clients already reached when remote request message was received.
Failed to fill authorization information while processing authorization message.

STAMGR_CLIENT_OFFLINE

Message text	Client [STRING] went offline from BSS [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. State changed to Unauth. Reason [STRING]
Variable fields	$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: Reason why the client goes offline. Table 10 describes the possible reasons.
Severity level	6
Example	STAMGR/6/STAMGR_CLIENT_OFFLINE: Client 0023-8933-2147 went offline from BSS 0023-12ef-78dc with SSID abc on AP ap1 Radio ID 2. State changed to Unauth. Reason: Radio down.
Explanation	The client went offline from the BSS for a specific reason. The state of the client changed to Unauth.
Recommended action	To resolve the issue: 268. Examine whether the AP and its radios operate correctly if the client went offline abnormally. If the logoff was requested by the client, no action is required. 269. If they do not operate correctly, check the debugging information to locate the issue and resolve it. 270. If the issue persists, contact H3C Support.

Table 10 Possible logoff reasons

Possible reasons
Received disassociation frame in Run state: reason code=String.
Unknown reason.
AC received message for deleting the client entry.
Different old and new region codes.
Failed to update IGTK.
Failed to update GTK.
Failed to generate IGTK when the first client came online.
TKIP is used to authenticate all clients.
Channel changed.
BssDelAllSta event logged off client normally.
Radio down.
Service template disabled.
Service template unbound.
Created BSS during master/backup AC switchover process.
Updated BSS base information when BSS was in deactive state.
Intrusion protection.
Local AC or AP deleted BSS.
BssDelAllSta event logged off client abnormally.
Received VLAN deleted event.
CM received message for logging off client from AM.
The reset wlan client command was executed to log off the client.
DBM database failed to recover client operation data.
Deleted private data on AP: DBM database recovered.
Received deauthentication frame in Run state: reason code=String.
Failed to process (re)association request in Run state.
Unmatched authentication algorithm in received authentication message.
Idle timer timeout.
Keepalive timer timeout.
Received authentication failure message.
Failed to synchronize authentication succeeded message downstream.
Client RSSI was lower than the threshold and was marked as decreasing.
Configured whitelist for the first time or executed the reset wlan client all command.
Received client offline websocket message.
WMAC logged off all clients associated with the radio.
Timer for sending disassociation message timed out.
The client is in blacklist or deleted from whitelist.
Client was added to the dynamic blacklist.
Failed to roam out.
Implemented inter-AC roaming for the first time.
Successfully roamed to another BSS.
Failed to roam in.
Roaming process received a message for logging off the client.
Roaming process processed Down event and logged off roam-in clients.
Roaming failure.
Successfully performed roaming but failed to recover authentication data.
Roaming timed out.
Seamless roaming failed.
Logged off clients that performed inter- or intra-AC roaming.
Failed to process AccessCtrlChk when configured permitted AP group or permitted SSID.
Synchronized client information to process and logged off client in Run state.
Failed to synchronize client state to uplink/downlink devices.
Local AC or remote AP received add mobile message, updated BSS, and logged off clients in Run state.
Upgraded HA and logged off all clients.
Synchronized BSS data during master/backup AC switchover process.
Failed to synchronize service template data during master/backup AC switchover process.
BSS aging timer timed out.
Remote AP deleted non-local forwarding BSS.
Failed to find configuration data when synchronizing data.
BSS was deleted: BSS synchronization examination failed or there was no BSS data to be updated.
Failed to get BSS by using WLAN ID.
Unbound inherited service template.
STAMGR process was down automatically or manually.
Deleted redundant clients.
Failed to process authorized doing nodes.
Authorization failed.
NSS value in Operating Mode Notification Action packet doesn't support mandatory VHT-MCS.
Number of sent SA requests exceeded the permitted threshold.
Fit AP received message for deleting the client.
Local AC came online again and deleted all clients associated with the BSS.
Failed to upgrade hot backup.
The illegally created BSS was deleted.
Failed to process requests when receiving UserAuth Success message.
Failed to get AP type when receiving UserAuth Success message.
The client doesn't support mandatory rate.
Disabled access services for 802.11b clients.
The client doesn't support mandatory VHT-MCS.
Enabled the client dot11ac-only feature.
Disabled MUTxBF.
Disabled SUTxBF.
The client doesn't support mandatory MCS.
Channel bandwidth changed.
Disabled the client dot11n-only feature.
Disabled short GI.
Disabled the A-MPDU aggregation method.
Disabled the A-MSDU aggregation method.
Disabled STBC.
Disabled LDPC.
The MIMO capacity decreased, and the MCS supported by the AP can't satisfy the client's negotiated MCS.
The MIMO capacity decreased, and the VHT-MCS supported by the AP can't satisfy the client's negotiated VHT-MCS.
Hybrid capacity increased, which kicked off clients associated with other radios with lower Hybrid capacity.
Failed to add MAC address.
The roaming entry doesn't exist while the AC was processing the roaming request during client smooth reconnection.
Home AC processed the move out response message to update the roaming entry and notified the foreign AC to force the client offline during an inter-AC roaming.
The associated AC left from the mobility group and deleted roam-in entries and roaming entries of the client.
Executed the reset wlan mobility roaming command.
Kicked client because of roaming to another BSSID.
The roaming entry doesn't exist while the AC was processing the Add Preroam message during client smooth reconnection.
Deleted roaming entries of clients in the fail VLAN while processing a fail VLAN delete event.
Deleted the roaming entry of the client while processing a client delete event.

STAMGR_CLIENT_ONLINE

Message text	Client [STRING] came online from BSS [STRING] with SSID [STRING] on AP [STRING] Radio ID [STRING]. State changed to Run.
Variable fields	$1: MAC address of the client. $2: BSSID. $3: SSID defined in the service template. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client.
Severity level	6
Example	STAMGR/6/STAMGR_CLIENT_ONLINE: Client 0023-8933-2147 went online from BSS 0023-12ef-78dc with SSID abc on AP ap1 Radio ID 2. State changed to Run.
Explanation	The client came online from the BSS. The state of the client changed to Run.
Recommended action	No action is required.

STAMGR_CLIENT_SNOOPING

Message text	Detected client IP change: Client MAC: [SRTING], Current IP: [STRING], Used IP: [STRING], [STRING], [STRING], Username: [STRING], AP name: [STRING], Radio ID [UCHAR], Channel number: [UINT32], SSID: [STRING], BSSID: [STRING].
Variable fields	$1: MAC address of the client. $2: Current IP address of the client. $3: Used IP address of the client. $4: Used IP address of the client. $5: Used IP address of the client. $6: Username of the client. $7: Name of the AP associated with the client. $8: ID of the radio associated with the client. $9: ID of the channel used by the client. $10: SSID of the service template associated with the client. $11: BSSID of the service template associated with the client.
Severity level	6
Example	STAMGR_CLIENT_SNOOPING: Client MAC: 31ac-11ea-17ff, Current IP: 4.4.4.4, Used IP: 1.1.1.1, 2.2.2.2, -NA-, User name: test, AP name: ap1, Radio ID: 1, Channel number: 161, SSID: 123, BSSID: 25c8-3dd5-261a.
Explanation	IP change was detected for a specific client.
Recommended action	No action is required.

STAMGR_DELBAC_INFO

Message text	Delete BAS AC [STRING].
Variable fields	$1: MAC address of the BAS AC.
Severity level	6
Example	STAMGR/6/STAMGR_DELBAC_INFO: Delete BAS AC 3ce5-a616-28cd.
Explanation	The BAS AC was disconnected from the master AC.
Recommended action	No action is required.

STAMGR_DELSTA_INFO

Message text	Delete client [STRING].
Variable fields	$1: MAC address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_DELSTA_INFO: Delete client 3ce5-a616-28cd.
Explanation	The client was disconnected from the BAS AC.
Recommended action	No action is required.

STAMGR_MACA_LOGIN_FAILURE

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; A user failed MAC authentication. Reason: [STRING].
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address. $8: Reason for the authentication failure: · AAA processed authentication request and returned error code code. ¡ 4—Represents one of the following errors: nonexistent authentication domain, service type error, or incorrect username or password. ¡ 8—Represents one of the following errors: no IP addresses are added to the authentication server, preshared keys configured on the authentication server are different from preshared keys configured on the device, or the authentication server and the device cannot reach each other. ¡ 26—Configuration error exists in the authentication domain. · AAA processed authorization request and returned error code code. ¡ 8—The authentication server and the device cannot reach each other. · Client timeout timer expired. · Received user security information and kicked off the client. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Received nonexistent authorization VLAN group. · Unknown reason.
Severity level	5
Example	STAMGR/5/STAMGR_MACA_LOGIN_FAILURE:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11-UsernameFormat=fixed; A user failed MAC authentication. Reason: AAA processed authentication request and returned error code 8.
Explanation	The client failed to pass MAC authentication for a specific reason.
Recommended action	To resolve the issue: 271. Examine the network connection between the device and the AAA server. 272. Verify that the AAA server works correctly. 273. Verify that the AAA server is configured with the correct username and password. 274. Troubleshoot errors one by one according to the returned error code during authentication. 275. If the issue persists, contact H3C Support.

STAMGR_MACA_LOGIN_SUCC

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; A user passed MAC authentication and came online.
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address.
Severity level	6
Example	STAMGR/6/STAMGR_MACA_LOGIN_SUCC:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11-UsernameFormat=fixed; A user passed MAC authentication and came online.
Explanation	The client came online after passing MAC authentication.
Recommended action	No action is required.

STAMGR_MACA_LOGOFF

Message text	-Username=[STRING]-UserMAC=[STRING]-SSID=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]-UsernameFormat=[STRING]; Session for a MAC authentication user was terminated. Reason: [STRING].
Variable fields	$1: Username. $2: MAC address of the client. $3: SSID. $4: Name of the AP associated with the client. $5: ID of the radio associated with the client. $6: VLAN ID. $7: Username format: · fixed. · MAC address. $6: Reason why the client is logged off. · AAA processed authentication request and returned error code code. ¡ 4—Represents one of the following errors: nonexistent authentication domain, service type error, or incorrect username or password. ¡ 8—Represents one of the following errors: no IP addresses are added to the authentication server, preshared keys configured on the authentication server are different from preshared keys configured on the device, or the authentication server and the device cannot reach each other. ¡ 26—Configuration error exists in the authentication domain. · AAA processed authorization request and returned error code code. ¡ 8—The authentication server and the device cannot reach each other. · AAA processed accounting-start request and returned error code code. ¡ 8—The authentication server and the device cannot reach each other. · AAA processed accounting-update request and returned error code code. ¡ 8—The authentication server and the device cannot reach each other. · Client timeout timer expired. · Received user security information and kicked off the client. · Lost in shaking hands. · Accounting-update timer expired, and no responses were received from the server. · Kicked off the client when the idle timeout timer expired. · Authentication method error. · Kicked off the client because the server-assigned session timeout timer is 0. · Received session disconnection event. · Unknown reason.
Severity level	6
Example	STAMGR/6/STAMGR_MACA_LOGOFF:-Username=MAC-UserMAC=3ce5-a616-28cd-SSID=text-wifi-APName=ap1-RadioID=2-VLANID=11-UsernameFormat=fixed; Session for a MAC authentication user was terminated. Reason: Received user security information and kicked off the client.
Explanation	The MAC authenticated client was logged off for a specific reason.
Recommended action	To resolve the issue: 276. Check the debugging information to locate the logoff cause and remove the issue. If the logoff was requested by the client, no action is required. 277. If the issue persists, contact H3C Support.

STAMGR_ROAM_FAILED

Message text	Client [MAC] on AP [STRING] Radio ID [STRING] failed to roam with reason code [UINT32].
Variable fields	$1: MAC address of the client. $2: Name of the AP associated with the client. $3: ID of the radio associated with the client. $4: Reason code for the roaming failure: · 1—Failed to select a roaming policy. · 2—Insufficient memory resources. · 3—Network communication failures. · 4—Lack of local roaming entries. · 5—Failed to add a VLAN.
Severity level	4
Example	STAMGR/4/STAMGR_ROAM_FAILED: Client 001f-3ca8-1092 on AP ap1 Radio ID 2 failed to roam with reason code 1.
Explanation	The client failed to roam for a specific reason.
Recommended action	To resolve the issue, depending on the reason code: · 1—Use the display wlan client verbose command to verify that the authentication method has changed. · 2—Use the display process memory command to check memory resource usage for each module. · 3—Use the display wlan mobility group command to check the IACTP tunnel state. · 4—Use the display wlan mobility group command to check the IACTP tunnel state. · 5—Check the trace.log file for VLAN adding failure reason.

STAMGR_ROAM_SUCCESS

Message text	Client [MAC] roamed from BSSID [MAC] on AP [STRING] Radio ID [STRING] of AC IP [IPADDR] to BSSID [MAC] on AP [STRING] Radio ID [STRING] of AC IP [IPADDR] successfully.
Variable fields	$1: MAC address of the client. $2: BSSID of the AP associated with the client before roaming. $3: Name of the AP associated with the client before roaming. $4: ID of the radio associated with the client before roaming. $5: IP address of the AC associated with the client before roaming. $6: BSSID of the AP associated with the client after roaming. $7: Name of the AP associated with the client after roaming. $8: ID of the radio associated with the client after roaming. $9: IP address of the AC associated with the client after roaming.
Severity level	6
Example	STAMGR/6/STAMGR_ROAM_SUCCESS: Client 0021-005f-dffd roamed from BSSID 000f-e289-6ad0 on AP ap1 Radio ID 2 of AC IP 172.25.0.81 to BSSID 000f-e2ab-baf0 on AP ap2 Radio ID 2 of AC IP 172.25.0.82 successfully.
Explanation	The client roamed successfully.
Recommended action	No action is required.

STAMGR_SERVICE_FAILURE

Message text	Service failure occurred on BSS [STRING] after service template [STRING] with SSID [STRING] was bound to radio [STRING] on AP [STRING] with AP ID [STRING]. Reason: [STRING], code=0x[STRING].
Variable fields	$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name. $6: AP ID. $7: Reason for the service failure, as described in Table 11. $8: Error code.
Severity level	6
Example	STAMGR/6/SERVICE_FAILURE: Service failure occurred on BSS 0023-12ef-78dc after service template st1 with SSID st1ssid was bound to radio 1 on AP ap1 with AP ID 1. Reason: Failed to activate BSS when AP came online, code=0x61140001.
Explanation	After the AP came online, BSS activation failed for a specific reason with error code 0x61140001.
Recommended action	To resolve the issue: 278. Check the debugging information to locate the failure cause and remove the issue. 279. If the issue persists, contact H3C Support.

Table 11 Possible service failure reasons

Possible reasons
Failed to create a BSS interface during smooth BSS interface creation.
Replied with failure to transmit interface creation node during smooth BSS interface creation.
Failed to set forwarding location during smooth recovery of AP data.
Failed to initiate a series of locations during smooth recovery of AP data.
Failed to send message of creating BSS interface to worker thread during smooth recovery of AP data.
Failed to create handle during smooth recovery of AP data.
Failed to activate BSS during smooth recovery of AP data.
Failed to set kernel forwarding table during smooth recovery of AP data.
Failed to create BSS node when AP came online.
Failed to create BSS handle when AP came online.
Insufficient memory for creating BSS node when AP came online.
Failed to get radio private data while creating BSS node in general process.
Failed to initiate a series of locations while creating BSS node in general process.
Failed to set kernel forwarding table while creating BSS node in general process.
Failed to create BSS node during smooth recovery of BSS data.
Failed to get AP location while recovering BSS running data from DBM.
Failed to get radio private data while recovering BSS running data from DBM.
Failed to add BSS index to interface index while recovering BSS running data from DBM.
Failed to create BSS handle when hierarchy device received Add WLAN message.
Failed to initiate a series of locations when hierarchy device received Add WLAN message.
Failed to set forwarding location when hierarchy device received Add WLAN message.
Failed to send message to worker thread when hierarchy device received Add WLAN message.
Failed to set kernel forwarding table when hierarchy device received Add WLAN message.
Failed to activate BSS when hierarchy device received Add WLAN message.
Failed to issue Add WLAN message when hierarchy device received Add WLAN message.
Failed to activate BSS when service template was bound.
Failed to create BSS node when service template was bound.
Failed to create BSS handle when service template was bound.
Failed to add bind node to mapped radio list of the service template while recovering service template binding information for service thread from pending database.
Failed to create BSS node while recovering service template binding information for service thread from pending database.
Failed to add bind node to mapped radio list of the service template while creating BSS from Merger.
Failed to create BSS node while creating BSS from Merger.
Failed to apply for memory while creating BSS node.
Failed to calculate BSSID while creating BSS node.
Service thread received interface creation failure while creating BSS interface during smooth recovery of AP data.
Failed to add BSS index to interface index while creating BSS interface during smooth recovery of AP data.
Failed to add VLAN on the interface while creating BSS interface during smooth recovery of AP data.
Failed to set the source MAC address of the interface while creating BSS interface during smooth recovery of AP data.
Failed to set kernel forwarding table while creating BSS interface during smooth recovery of AP data.
Failed to activate BSS while creating BSS interface during smooth recovery of AP data.
Replied with failure to transmit interface creation node when hierarchy device created an interface accordingly.
Failed to create BSS interface when BSS created an interface accordingly.
Failed to add BSS index to interface index when BSS created an interface accordingly.
Failed to add VLAN on the interface when BSS created an interface accordingly.
Failed to set source MAC address of the interface when BSS created an interface accordingly.
Failed to set kernel forwarding table when BSS created an interface accordingly.
Failed to issue ADD BSS message when BSS created an interface accordingly.
Replied with failure to transmit interface creation node when hierarchy device created an interface accordingly for an invalid interface.
Created BSS rollback for failed resources while issuing ADD BSS message callback.
Failed to enable packet socket while recovering BSS running data from DBM.
Failed to create BSS node while recovering BSS running data from DBM.
Failed to initiate BSS while creating BSS node.
Failed to activate BSS when service template was enabled.
Invalid BSS interface index while upgrading BSS with AP private data.
Failed to upgrade backup BSS to real BSS while upgrading BSS with AP private data.
Failed to set kernel forwarding table while upgrading BSS with AP private data.
Failed to activate BSS while upgrading BSS with AP private data.
Invalid BSS interface index while upgrading BSS without AP private data.
Failed to set kernel forwarding table while upgrading BSS without AP private data.
Failed to activate BSS while upgrading BSS without AP private data.
Failed to create BSS interface while creating general BSS process.
Failed to activate BSS during smooth recovery of BSS data.
Failed to activate BSS while recovering service template binding information for service thread from pending database.
Failed to activate BSS while creating BSS from Merger.
Failed to activate BSS when AP came online.
Failed to activate BSS when other module sent activation request.
Failed to activate BSS when other module received activation request.
Failed to send response node of creating interface while creating interface during smooth recovery of AP data.
Failed to add BSS index to interface index when hierarchy device created an interface accordingly.
Failed to add VLAN on the interface when hierarchy device created an interface accordingly.
Failed to set source MAC address of the interface when hierarchy device created an interface accordingly.
Failed to set kernel forwarding table when hierarchy device created an interface accordingly.
Failed to activate BSS when hierarchy device created an interface accordingly.
Failed to issue Add BSS message when hierarchy device created an interface accordingly.
Insufficient memory when hierarchy device received BSS creation message.
Failed to fill BSS basic data when hierarchy device received BSS creation message.
Failed to initiate BSS service phase when hierarchy device received BSS creation message.
Failed to receive Add WLAN message when hierarchy device received BSS creation message.
Failed to get radio private data because of invalid AP ID when hierarchy device received BSS creation message.
Failed to get radio private data because of invalid radio ID when hierarchy device received BSS creation message.
Failed to get radio private data when hierarchy device received Add WLAN message.
Failed to issue message when hierarchy device received Add WLAN message.
Failed to get BSS data through WLAN ID during smooth recovery of BSS data.
Failed to issue Add WLAN message while creating BSS node in general process.
Failed to create BSS interface when hierarchy device created an interface accordingly.
Failed to create BSS interface when hierarchy device created an interface accordingly for an invalid interface.
Failed to set forwarding location while creating BSS node in general process.
Replied with failure to transmit interface creation node when BSS created an interface accordingly.
Failed to update BSS key data when hierarchy device received Add WLAN message.
Replied with failure to transmit interface creation node when BSS created an interface accordingly for an existing BSS.

STAMGR_SERVICE_OFF

Message text	BSS [STRING] was deleted after service template [STRING] with SSID [STRING] was unbound from radio [STRING] on AP [STRING]. Reason: [STRING].
Variable fields	$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name. $6: Reason for the BSS deletion. · Unknown reason. · AP down. · Deleted BSS with the Delete mark when inter-AC BSS smooth ended. · Hierarchy device received BSS delete message. · Deleted AP private data from APMGR when AP smooth ended. · WLAS was triggered, and service was shut down temporarily. · Intrusion protection was triggered, and service was shut down permanently. · Service module received Update WLAN message when BSS was inactive. · Disabled service template. · Unbound service template. · Deleted BSS with the Delete mark when inter-AC AP smooth ended. · BSS aging timer timed out. · Deleted non-local forwarding BSS when AP enabled with remote AP went offline. · Failed to find configuration data while synchronizing data. · AP did not come online or service template was disabled. · Failed to find the WLAN ID from APMGR while BSS was smoothing WLAN ID. · Unbound inherited service template. · The stamgr process became down automatically or was shut down manually. · Failed to use AP private data to upgrade backup BSS. · Failed to upgrade backup BSS. · Failed to synchronize service template data to the Merger bind list while upgrading backup data.
Severity level	6
Example	STAMGR/6/SERVICE_OFF: BSS 0023-12ef-78dc was deleted after service template st1 with SSID st1ssid was unbound from radio 1 on AP ap1. Reason: Failed to find configuration data while synchronizing data.
Explanation	The BSS was deleted for a specific reason.
Recommended action	To resolve the issue: 280. Verify that the BSS is deleted as requested. If the BSS is deleted as requested, no action is required. 281. Locate the deletion cause and remove the issue if the BSS is deleted abnormally, 282. If the issue persists, contact H3C Support.

STAMGR_SERVICE_ON

Message text	BSS [STRING] was created after service template [STRING] with SSID [STRING] was bound to radio [STRING] on AP [STRING].
Variable fields	$1: BSSID. $2: Name of the service template. $3: SSID defined in the service template. $4: Radio ID. $5: AP name.
Severity level	6
Example	STAMGR/6/SERVICE_ON: BSS 0023-12ef-78dc was created after service template st1 with SSID 1 was bound to radio 1 on AP ap1.
Explanation	The BSS was created.
Recommended action	No action is required.

STAMGR_STA_ADDMOB_LKUP_ENDOFIOCTL

Message text	APID=[UINT32]-MAC=[STRING]-BSSID=[STRING]; AC doesn't need to send client information to uplink device: Client information already arrived at the end of the IOCTL tunnel.
Variable fields	$1: ID of the AP associated with the client. $2: MAC address of the client. $3: BSSID of the service template associated with the client.
Severity level	7
Example	STAMGR/7/STAMGR_STA_ADDMOB_LKUP_ENDOFIOCTL: APID=667-MAC=d4f4-6f69-d7a1-BSSID=600b-0301-d5a0; The AC doesn't need to send client information to uplink device: Client information already arrived at the end of the IOCTL tunnel.
Explanation	The AC does not need to send client information to the uplink device because client information already arrived at the end of the IOCTL tunnel.
Recommended action	To resolve the issue depending on the network infrastructure: · Fit AP+AC network—No action is required if this message is output. If no message is output, locate the issue according to the debugging information and resolve the issue. · AC hierarchical network—No action is required if this message is output by the central AC. If this message is output by a local AC, locate the issue according to the debugging information and resolve the issue.

STAMGR_STAIPCHANGE_INFO

Message text	IP address of client [STRING] changed to [STRING].
Variable fields	$1: MAC address of the client. $2: New IP address of the client.
Severity level	6
Example	STAMGR/6/STAMGR_STAIPCHANGE_INFO: IP address of client 3ce5-a616-28cd changed to 4.4.4.4.
Explanation	The IP address of the client was updated.
Recommended action	No action is required.

STAMGR_TRIGGER_IP

Message text	-SSID=[STRING]-UserMAC=[STRING]-APName=[STRING]-RadioID=[STRING]-VLANID=[STRING]; Intrusion protection triggered. Action: [STRING].
Variable fields	$1: SSID. $2: MAC address of the client. $3: Name of the AP associated with the client. $4: ID of the radio associated with the client. $5: ID of the access VLAN. $6: Action: · Added the user to the blocked MAC address list. · Closed the user's BSS temporarily. · Closed the user's BSS permanently.
Severity level	5
Example	STAMGR/5/STAMGR_TRIGGER_IP:-SSID=text-wifi-UserMAC=3ce5-a616-28cd-APName=ap1-RadioID=2-VLANID=11; Intrusion protection triggered, the intrusion protection action: added a user to the list of Block-MAC.
Explanation	Intrusion protection was triggered and the action was displayed.
Recommended action	No action is required.

STM messages

This section contains IRF messages.

STM_AUTO_UPDATE_FAILED

Message text	Pattern 1: Slot [UINT32] auto-update failed. Reason: [STRING]. Pattern 2: Chassis [UINT32] slot [UINT32] auto-update failed. Reason: [STRING].
Variable fields	Pattern 1: $1: IRF member ID. $2: Failure reason: ¡ Timeout when loading—The IRF member device failed to complete loading software within the required time period. ¡ Wrong description when loading—The file description in the software image file does not match the current attributes of the software image. This issue might occur when the file does not exist or is corrupted. ¡ Disk full when writing to disk—The subordinate device does not have sufficient storage space. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU. $3: Failure reason: ¡ Timeout when loading—The MPU failed to complete loading software within the required time period. ¡ Wrong description when loading—The file description in the software image file does not match the current attributes of the software image. This issue might occur when the file does not exist or is corrupted. ¡ Disk full when writing to disk—The MPU does not have sufficient storage space.
Severity level	4
Example	STM/4/STM_AUTO_UPDATE_FAILED: Slot 5 auto-update failed. Reason: Timeout when loading.
Explanation	Pattern 1: Software synchronization from the master failed on a subordinate device. Pattern 2: Software synchronization from the global active MPU failed on a standby MPU.
Recommended action	283. Remove the issue depending on the failure reason: ¡ If the failure reason is Timeout when loading, verify that all IRF links are up. ¡ If the failure reason is Wrong description when loading, download the software images again. ¡ If the failure reason is Disk full when writing to disk, delete unused files to free the storage space. 284. Upgrade software manually for the device or MPU to join the IRF fabric, and then connect the device to the IRF fabric.

STM_AUTO_UPDATE_FINISHED

Message text	Pattern 1: File loading finished on slot [UINT32]. Pattern 2: File loading finished on chassis [UINT32] slot [UINT32].
Variable fields	Pattern 1: $1: IRF member ID. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU.
Severity level	5
Example	STM/5/STM_AUTO_UPDATE_FINISHED: File loading finished on slot 3.
Explanation	Pattern 1: The member device finished loading software images. Pattern 2: The MPU finished loading software images.
Recommended action	No action is required.

STM_AUTO_UPDATING

Message text	Pattern 1: Don't reboot the slot [UINT32]. It is loading files. Pattern 2: Don't reboot the chassis [UINT32] slot [UINT32]. It is loading files.
Variable fields	Pattern 1: $1: IRF member ID. Pattern 2: $1: IRF member ID. $2: Slot number of an MPU.
Severity level	5
Example	STM/5/STM_AUTO_UPDATING: Don't reboot the slot 2. It is loading files.
Explanation	Pattern 1: The member device is loading software images. To avoid software upgrade failure, do not reboot the member device. Pattern 2: The MPU is loading software images. To avoid software upgrade failure, do not reboot the MPU.
Recommended action	No action is required.

STM_LINK_DOWN

Message text	IRF port [UINT32] went down.
Variable fields	$1: IRF port name.
Severity level	3
Example	STM/3/STM_LINK_DOWN: IRF port 2 went down.
Explanation	This event occurs when all physical interfaces bound to an IRF port are down.
Recommended action	Check the physical interfaces bound to the IRF port. Make sure a minimum of one member physical interface is up.

STM_LINK_TIMEOUT

Message text	IRF port [UINT32] went down because the heartbeat timed out.
Variable fields	$1: IRF port name.
Severity level	2
Example	STM/2/STM_LINK_TIMEOUT: IRF port 1 went down because the heartbeat timed out.
Explanation	The IRF port went down because of heartbeat timeout.
Recommended action	Check the IRF link for link failure.

STM_LINK_UP

Message text	IRF port [UINT32] came up.
Variable fields	$1: IRF port name.
Severity level	6
Example	STM/6/STM_LINK_UP: IRF port 1 came up.
Explanation	An IRF port came up.
Recommended action	No action is required.

STM_MERGE

Message text	IRF merge occurred.
Variable fields	N/A
Severity level	4
Example	STM/4/STM_MERGE: IRF merge occurred.
Explanation	IRF merge occurred.
Recommended action	No action is required.

STM_MERGE_NEED_REBOOT

Message text	IRF merge occurred. This IRF system needs a reboot.
Variable fields	N/A
Severity level	4
Example	STM/4/STM_MERGE_NEED_REBOOT: IRF merge occurred. This IRF system needs a reboot.
Explanation	You must reboot the current IRF fabric for IRF merge, because it failed in the master election.
Recommended action	Log in to the IRF fabric, and use the reboot command to reboot the IRF fabric.

STM_MERGE_NOT_NEED_REBOOT

Message text	IRF merge occurred. This IRF system does not need to reboot.
Variable fields	N/A
Severity level	5
Example	STM/5/STM_MERGE_NOT_NEED_REBOOT: IRF merge occurred. This IRF system does not need to reboot.
Explanation	You do not need to reboot the current IRF fabric for IRF merge, because it was elected the master.
Recommended action	Reboot the IRF fabric that has failed in the master election to finish the IRF merge.

STM_SAMEMAC

Message text	Failed to stack because of the same bridge MAC addresses.
Variable fields	N/A
Severity level	4
Example	STM/4/STM_SAMEMAC: Failed to stack because of the same bridge MAC addresses.
Explanation	Failed to set up the IRF fabric because some member devices are using the same bridge MAC address.
Recommended action	285. Verify that IRF bridge MAC persistence is disabled on the member devices. To disable this feature, use the undo irf mac-address persistent command. 286. If the problem persists, contact H3C Support.

STM_SOMER_CHECK

Message text	Neighbor of IRF port [UINT32] cannot be stacked.
Variable fields	$1: IRF port name.
Severity level	3
Example	STM/3/STM_SOMER_CHECK: Neighbor of IRF port 1 cannot be stacked.
Explanation	The neighbor connected to the IRF port cannot form an IRF fabric with the device.
Recommended action	Check the following items: · The device models can form an IRF fabric. · The IRF settings are correct. For more information, see the IRF configuration guide for the device.

STP messages

This section contains STP messages.

STP_BPDU_PROTECTION

Message text	BPDU-Protection port [STRING] received BPDUs.
Variable fields	$1: Interface name.
Severity level	4
Example	STP/4/STP_BPDU_PROTECTION: BPDU-Protection port Ethernet1/0/4 received BPDUs.
Explanation	A BPDU-guard-enabled port received BPDUs.
Recommended action	Check whether the downstream device is a terminal and check for possible attacks from the downstream device or other devices.

STP_BPDU_RECEIVE_EXPIRY

Message text	Instance [UINT32]'s port [STRING] received no BPDU within the rcvdInfoWhile interval. Information of the port aged out.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	5
Example	STP/5/STP_BPDU_RECEIVE_EXPIRY: Instance 0's port GigabitEthernet0/4/1 received no BPDU within the rcvdInfoWhile interval. Information of the port aged out.
Explanation	The state of a non-designated port changed because the port did not receive a BPDU within the max age.
Recommended action	Check the STP status of the upstream device and possible attacks from other devices.

STP_CONSISTENCY_RESTORATION

Message text	Consistency restored on VLAN [UINT32]'s port [STRING].
Variable fields	$1: VLAN ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_CONSISTENCY_RESTORATION: Consistency restored on VLAN 10's port GigabitEthernet0/1/1.
Explanation	Port link type or PVID inconsistency was removed on a port.
Recommended action	No action is required.

STP_DETECTED_TC

Message text	[STRING] [UINT32]'s port [STRING] detected a topology change.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	6
Example	STP/6/STP_DETECTED_TC: Instance 0's port GigabitEthernet0/1/1 detected a topology change.
Explanation	The MSTP instance or VLAN to which a port belongs had a topology change, and the local end detected the change.
Recommended action	Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link.

STP_DISABLE

Message text	STP is now disabled on the device.
Variable fields	N/A
Severity level	6
Example	STP/6/STP_DISABLE: STP is now disabled on the device.
Explanation	STP was globally disabled on the device.
Recommended action	No action is required.

STP_DISCARDING

Message text	Instance [UINT32]'s port [STRING] has been set to discarding state.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_DISCARDING: Instance 0's port Ethernet1/0/2 has been set to discarding state.
Explanation	MSTP calculated the state of ports within an instance, and a port was set to the discarding state.
Recommended action	No action is required.

STP_ENABLE

Message text	STP is now enabled on the device.
Variable fields	N/A
Severity level	6
Example	STP/6/STP_ENABLE: STP is now enabled on the device.
Explanation	STP was globally enabled on the device.
Recommended action	No action is required.

STP_FORWARDING

Message text	Instance [UINT32]'s port [STRING] has been set to forwarding state.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	6
Example	STP/6/STP_FORWARDING: Instance 0's port Ethernet1/0/2 has been set to forwarding state.
Explanation	MSTP calculated the state of ports within an instance, and a port was set to the forwarding state.
Recommended action	No action is required.

STP_LOOP_PROTECTION

Message text	Instance [UINT32]'s LOOP-Protection port [STRING] failed to receive configuration BPDUs.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	4
Example	STP/4/STP_LOOP_PROTECTION: Instance 0's LOOP-Protection port Ethernet1/0/2 failed to receive configuration BPDUs.
Explanation	A loop-guard-enabled port failed to receive configuration BPDUs.
Recommended action	Check the STP status of the upstream device and possible attacks from other devices.

STP_NOT_ROOT

Message text	The current switch is no longer the root of instance [UINT32].
Variable fields	$1: Instance ID.
Severity level	5
Example	STP/5/STP_NOT_ROOT: The current switch is no longer the root of instance 0.
Explanation	The current switch is no longer the root bridge of an instance. It received a superior BPDU after it was configured as the root bridge.
Recommended action	Check the bridge priority configuration and possible attacks from other devices.

STP_NOTIFIED_TC

Message text	[STRING] [UINT32]'s port [STRING] was notified of a topology change.
Variable fields	$1: Instance or VLAN. $2: Instance ID or VLAN ID. $3: Interface name.
Severity level	6
Example	STP/6/STP_NOTIFIED_TC: Instance 0's port GigabitEthernet0/1/1 was notified of a topology change.
Explanation	The neighboring device on a port notified the current device that a topology change occurred in the instance or VLAN to which the port belongs.
Recommended action	Identify the topology change cause and handle the issue. For example, if the change is caused by a link down event, recover the link.

STP_PORT_TYPE_INCONSISTENCY

Message text	Access port [STRING] in VLAN [UINT32] received PVST BPDUs from a trunk or hybrid port.
Variable fields	$1: Interface name. $2: VLAN ID.
Severity level	4
Example	STP/4/STP_PORT_TYPE_INCONSISTENCY: Access port GigabitEthernet0/1/1 in VLAN 10 received PVST BPDUs from a trunk or hybrid port.
Explanation	An access port received PVST BPDUs from a trunk or hybrid port.
Recommended action	Check the port link type setting on the ports.

STP_PVID_INCONSISTENCY

Message text	Port [STRING] with PVID [UINT32] received PVST BPDUs from a port with PVID [UINT32].
Variable fields	$1: Interface name. $2: VLAN ID. $3: VLAN ID.
Severity level	4
Example	STP/4/STP_PVID_INCONSISTENCY: Port GigabitEthernet0/1/1 with PVID 10 received PVST BPDUs from a port with PVID 20.
Explanation	A port received PVST BPDUs from a remote port with a different PVID.
Recommended action	Verify that the PVID is consistent on both ports.

STP_PVST_BPDU_PROTECTION

Message text	PVST BPDUs were received on port [STRING], which is enabled with PVST BPDU protection.
Variable fields	$1: Interface name.
Severity level	4
Example	STP/4/STP_PVST_BPDU_PROTECTION: PVST BPDUs were received on port GigabitEthernet0/1/1, which is enabled with PVST BPDU protection.
Explanation	In MSTP mode, a port enabled with PVST BPDU guard received PVST BPDUs.
Recommended action	Identify the device that sends the PVST BPDUs.

STP_ROOT_PROTECTION

Message text	Instance [UINT32]'s ROOT-Protection port [STRING] received superior BPDUs.
Variable fields	$1: Instance ID. $2: Interface name.
Severity level	4
Example	STP/4/STP_ROOT_PROTECTION: Instance 0's ROOT-Protection port Ethernet1/0/2 received superior BPDUs.
Explanation	A root-guard-enabled port received BPDUs that are superior to the BPDUs generated by itself.
Recommended action	Check the bridge priority configuration and possible attacks from other devices.

SYSEVENT

This section contains system event messages.

EVENT_TIMEOUT

Message text	Module [UINT32]'s processing for event [UINT32] timed out. Module [UINT32]'s processing for event [UINT32] on [STRING] timed out.
Variable fields	$1: Module ID. $2: Event ID. $3: MDC MDC-ID or Context Context-ID.
Severity level	6
Example	SYSEVENT/6/EVENT_TIMEOUT: -MDC=1; Module 0x1140000's processing for event 0x20000010 timed out. SYSEVENT/6/EVENT_TIMEOUT: -Context=1; Module 0x33c0000's processing for event 0x20000010 on context 16 timed out.
Explanation	A module's processing for an event timed out. Logs generated on the default MDC or context for the default MDC or context do not include the MDC MDC-ID or Context Context-ID. Logs generated on the default MDC or context for a non-default MDC or context include the MDC MDC-ID or Context Context-ID. Logs generated on a non-default MDC or context for the local MDC or context do not include the MDC MDC-ID or Context Context-ID.
Recommended action	No action is required.

SYSLOG messages

This section contains syslog messages.

ENCODING

Message text	Set the character set encoding to [STRING] for syslog messages.
Variable fields	$1: Character set encoding, which can be UTF-8 or GB18030.
Severity level	6
Example	SYSLOG/6/ENCODING: Set the character set encoding to UTF-8 for syslog messages.
Explanation	Set the character set encoding to UTF-8 for syslog messages.
Recommended action	For the user' login terminal to correctly display Chinese characters in log messages received from the information center, make sure the information center and the terminal use the same character set encoding.

SYSLOG_LOGFILE_FULL

Message text	Log file space is full.
Variable fields	N/A
Severity level	4
Example	SYSLOG/4/SYSLOG_LOGFILE_FULL: Log file space is full.
Explanation	The log file space is full.
Recommended action	Back up the log file and remove it, and then bring up interfaces if needed.

SYSLOG_RESTART

Message text	System restarted -- [STRING] [STRING] Software.
Variable fields	$1: Company name. $2: Software name.
Severity level	6
Example	SYSLOG/6/SYSLOG_RESTART: System restarted -- H3C Comware Software
Explanation	A system restart log was created.
Recommended action	No action is required.

TACACS messages

This section contains TACACS messages.

TACACS_AUTH_FAILURE

Message text	User [STRING] from [STRING] failed authentication.
Variable fields	$1: Username. $2: IP address.
Severity level	5
Example	TACACS/5/TACACS_AUTH_FAILURE: User cwf@system from 192.168.0.22 failed authentication.
Explanation	An authentication request was rejected by the TACACS server.
Recommended action	No action is required.

TACACS_AUTH_SUCCESS

Message text	User [STRING] from [STRING] was authenticated successfully.
Variable fields	$1: Username. $2: IP address.
Severity level	6
Example	TACACS/6/TACACS_AUTH_SUCCESS: User cwf@system from 192.168.0.22 was authenticated successfully.
Explanation	An authentication request was accepted by the TACACS server.
Recommended action	No action is required.

TACACS_DELETE_HOST_FAIL

Message text	Failed to delete servers in scheme [STRING].
Variable fields	$1: Scheme name.
Severity level	4
Example	TACACS/4/TACACS_DELETE_HOST_FAIL: Failed to delete servers in scheme abc.
Explanation	Failed to delete servers from a TACACS scheme.
Recommended action	No action is required.

TELNETD messages

This section contains Telnet daemon messages.

TELNETD_ACL_DENY

Message text	The Telnet Connection request from [IPADDR]([STRING]) was denied by ACL rule (rule ID=[INT32])
Variable fields	$1: IP address of the Telnet client. $2: VPN instance to which the Telnet client belongs. $3: ID of the rule that denied the Telnet client. If a Telnet client does not match created ACL rules, the device denies the client based on the default ACL rule.
Severity level	5
Example	TELNETD/5/TELNETD_ACL_DENY:The Telnet connection request from 181.1.1.10 was denied by ACL rule (rule ID=20). TELNETD/5/TELNETD_ACL_DENY:The Telnet connection request from 181.1.1.10 was denied by ACL rule (default rule).
Explanation	Telnet login control ACLs control which Telnet clients can access the Telnet service on the device. The device sends this log message when it denies a Telnet client.
Recommended action	No action is required.

TELNETD_REACH_SESSION_LIMIT

Message text	Telnet client $1 failed to log in. The current number of Telnet sessions is [NUMBER]. The maximum number allowed is ([NUMBER]).
Variable fields	$1: IP address of the Telnet client. $2: Current number of Telnet sessions. $3: Maximum number of Telnet sessions allowed by the device.
Severity level	6
Example	TELNETD/6/TELNETD_REACH_SESSION_LIMIT: Telnet client 1.1.1.1 failed to log in. The current number of Telnet sessions is 10. The maximum number allowed is (10).
Explanation	The number of Telnet connections reached the limit.
Recommended action	287. Use the display current-configuration \| include session-limit command to view the current limit for Telnet connections. If the command does not display the limit, the device is using the default setting. 288. If you want to set a greater limit, execute the aaa session-limit command. If you think the limit is proper, no action is required.

TRILL messages

This section contains TRILL messages.

TRILL_DUP_SYSTEMID

Message text	Duplicate system ID [STRING] in [STRING] PDU sourced from RBridge 0x[HEX].
Variable fields	$1: System ID. $2: PDU type. $3: Source RBridge's nickname.
Severity level	5
Example	TRILL/5/TRILL_DUP_SYSTEMID: Duplicate system ID 0011.2200.1501 in LSP PDU sourced from RBridge 0xc758.
Explanation	The local RBridge received an LSP or IIH PDU that has the same system ID as the local RBridge. The possible reasons include: · The same system ID is assigned to the local RBridge and the remote RBridge. · The local RBridge received a self-generated LSP PDU with an old nickname.
Recommended action	Please check the RBridge system IDs on the campus network.

TRILL_INTF_CAPABILITY

Message text	The interface [STRING] does not support TRILL.
Variable fields	$1: Interface name.
Severity level	4
Example	TRILL/4/TRILL_INTF_CAPABILITY: The interface GigabitEthernet0/1/3 does not support TRILL.
Explanation	An interface that does not support TRILL is assigned to a link aggregation group.
Recommended action	Remove the interface that does not support TRILL from the link aggregation group.

TRILL_LICENSE_EXPIRED

Message text	The TRILL feature is being disabled, because its license has expired.
Variable fields	N/A
Severity level	5
Example	TRILL/5/TRILL_LICENSE_EXPIRED: The TRILL feature is being disabled, because its license has expired.
Explanation	The TRILL license has expired.
Recommended action	Check the TRILL license.

TRILL_MEM_ALERT

Message text	TRILL process receive system memory alert [STRING] event.
Variable fields	$1: Type of the memory alert event.
Severity level	5
Example	TRILL/5/TRILL_MEM_ALERT: TRILL process receive system memory alert start event.
Explanation	TRILL receives a memory alert event from the system.
Recommended action	Check the system memory.

TRILL_NBR_CHG

Message text	TRILL [UINT32], [STRING] adjacency [STRING] ([STRING]), state changed to [STRING].
Variable fields	$1: TRILL process ID. $2: Neighbor level. $3: Neighbor system ID. $4: Interface name. $5: Current neighbor state: ¡ up—The neighbor has been established, and can operate correctly. ¡ initializing—The neighbor is being initialized. ¡ down—The neighbor is down.
Severity level	5
Example	TRILL/5/TRILL_NBR_CHG: TRILL 1, Level-1 adjacency 0011.2200.1501 (GigabitEthernet0/1/3), state changed to down.
Explanation	The state of a TRILL neighbor changed.
Recommended action	When the neighbor state changed to down or initializing, please check the TRILL configuration and network status according to the reason for the neighbor state change.

TRILL_NO_LICENSE

Message text	The TRILL feature has no license.
Variable fields	N/A
Severity level	5
Example	TRILL/5/TRILL_NO_LICENSE: The TRILL feature has no license.
Explanation	The TRILL feature has no license.
Recommended action	Install a valid license for TRILL.

UFLT messages

This section contains URL filtering messages.

UFLT_MATCH_IPV4_LOG (syslog)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];URL(1093)=[STRING];URLCategory(1094)=[STRING];PolicyName(1079)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: URL content. $4: URL category name. $5: URL filtering policy name. $6: Source IP address. $7: Source port number. $8: Destination IP address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Name of the identity user. $13: Actions applied to the packet. Available actions are: · Block-Source. · Permit. · Drop. · Reset. · Redirect.
Severity level	6
Example	UFLT/6/UFLT_MATCH_IPV4_LOG:Protocol(1001)=TCP;Application(1002)=http;URL(1093)=google.com;URLCategory(1094)=Fashion&Beauty;PolicyName(1079)=policy1;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;Action(1053)=Drop;
Explanation	An IPv4 packet matched a URL filtering rule.
Recommended action	No action is required.

UFLT_MATCH_IPV6_LOG (syslog)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];URL(1093)=[STRING];URLCategory(1094)=[STRING];PolicyName(1079)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: URL content. $4: URL category name. $5: URL filtering policy name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Username. $13: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Permit. ¡ Drop. ¡ Reset. ¡ Redirect.
Severity level	6
Example	UFLT/6/UFLT_MATCH_IPV6_LOG:Protocol(1001)=TCP;Application(1002)=http;URL(1093)=google.com;URLCategory(1094)=Fashion&Beauty;PolicyName(1079)=policy1;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=aaa;Action(1053)=Drop;
Explanation	An IPv6 packet matched a URL filtering rule.
Recommended action	No action is required.

UFLT_NOT MATCH_IPV4_LOG (syslog)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];URL(1093)=[STRING];URLCategory(1094)=[STRING];PolicyName(1079)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: URL content. $4: URL category name. This field displays Unknown if no matching URL category is found for the packet. $5: URL filtering policy name. $6: Source IP address. $7: Source port number. $8: Destination IP address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Username. $13: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Permit. ¡ Drop. ¡ Reset. ¡ Redirect.
Severity level	6
Example	UFLT/6/UFLT_NOT_MATCH_IPV4_LOG:Protocol(1001)=TCP;Application(1002)=http;URL(1093)=google.com;URLCategory(1094)=Unknown;PolicyName(1079)=policy1;SrcIPAddr(1003)=1.2.3.4;SrcPort(1004)=8080;DstIPAddr(1007)=6.1.1.1;DstPort(1008)=8080;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=abc;Action(1053)=Drop;
Explanation	No matching URL filtering rule was found for an IPv4 packet.
Recommended action	No action is required.

UFLT_NOT MATCH_IPV6_LOG (syslog)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];URL(1093)=[STRING];URLCategory(1094)=[STRING];PolicyName(1079)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];UserName(1113)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: URL content. $4: URL category name. $5: URL filtering policy name. $6: Source IPv6 address. $7: Source port number. $8: Destination IPv6 address. $9: Destination port number. $10: Source security zone. $11: Destination security zone. $12: Username. $13: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Permit. ¡ Drop. ¡ Reset. ¡ Redirect.
Severity level	6
Example	UFLT/6/UFLT_NOT_MATCH_IPV6_LOG:Protocol(1001)=TCP;Application(1002)=http;URL(1093)=google.com;URLCategory(1094)=Unknown;PolicyName(1079)=policy1;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=spf;DstZoneName(1035)=spf;UserName(1113)=aaa;Action(1053)=Drop;
Explanation	No matching URL filtering rule was found for an IPv6 packet.
Recommended action	No action is required.

UFLT_MATCH_IPv4_LOG (fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];UserName(1113)=[STRING];SrcMacAddr(1021)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];URLCategory(1094)=[STRING];URL(1093)=[STRING];VistTime(1114)=[STRING];Client(1110)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Username. $4: Source MAC address. $5: Source IP address. $6: Source port number. $7: Source IP address after NAT. $8: Source port number after NAT. $9: Destination IP address. $10: Destination port number. $11: Destination IP address after NAT. $12: Destination port number after NAT. $13: Source security zone. $14: Destination security zone. $15: URL filtering policy name. $16: URL category name. $17: URL content. $18: Access time. $19: Client type. This field is not supported in the current software version. $20: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Permit. ¡ Drop. ¡ Reset. ¡ Redirect.
Severity level	6
Example	UFLT/6/UFLT_MATCH_IPv4_LOG: Protocol(1001)=TCP;Application(1002)=SouhuNews;UserName(1113)=;SrcMacAddr(1021)=08-00-27-11-93-78;SrcIPAddr(1003)=112.1.1.2;SrcPort(1004)=3887;NATSrcIPAddr(1005)=112.1.1.2;NATSrcPort(1006)=3887;DstIPAddr(1007)=114.1.1.2;DstPort(1008)=80;NATDstIPAddr(1009)=114.1.1.2;NATDstPort(1010)=80;SrcZoneName(1025)=in;DstZoneName(1035)=out;PolicyName(1079)=1;URLCategory(1094)=SearchEngines&Portals;URL(1093)=news.sohu.com/upload/itoolbar/itoolbar.index.loader.20140923.js;VistTime(1114)=1480688515;Client(1110)=;Action(1053)=Permit;
Explanation	An IPv4 packet matched a URL filtering rule.
Recommended action	No action is required.

UFLT_MATCH_IPv6_LOG (fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];UserName(1113)=[STRING];SrcMacAddr(1021)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];URLCategory(1094)=[STRING];URL(1093)=[STRING];VistTime(1114)=[STRING];Client(1110)=[STRING]; Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Username. $4: Source MAC address. $5: Source IPv6 address. $6: Source port number. $7: Destination IPv6 address. $8: Destination port number. $9: Source security zone. $10: Destination security zone. $11: URL filtering policy name. $12: URL category name. $13: URL content. $14: Access time. $15: Client type. This field is not supported in the current software version. $16: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Permit. ¡ Drop. ¡ Reset. ¡ Redirect.
Severity level	6
Example	UFLT/6/UFLT_MATCH_IPv6_LOG: Protocol(1001)=TCP;Application(1002)=SouhuNews;UserName(1113)=;SrcMacAddr(1021)=08-00-27-11-93-78;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=in;DstZoneName(1035)=out;PolicyName(1079)=1;URLCategory(1094)=SearchEngines&Portals;URL(1093)=news.sohu.com/upload/itoolbar/itoolbar.index.loader.20140923.js;VistTime(1114)=1480688515;Client(1110)=;Action(1053)=Permit;
Explanation	An IPv6 packet matched a URL filtering rule.
Recommended action	No action is required.

UFLT_NOT_MATCH_IPv4_LOG (fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];UserName(1113)=[STRING];SrcMacAddr(1021)=[STRING];SrcIPAddr(1003)=[IPADDR];SrcPort(1004)=[UINT16];NATSrcIPAddr(1005)=[IPADDR];NATSrcPort(1006)=[UINT16];DstIPAddr(1007)=[IPADDR];DstPort(1008)=[UINT16];NATDstIPAddr(1009)=[IPADDR];NATDstPort(1010)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING];PolicyName(1079)=[STRING];URLCategory(1094)=[STRING];URL(1093)=[STRING];VistTime(1114)=[STRING];Client(1110)=[STRING];Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Username. $4: Source MAC address. $5: Source IP address. $6: Source port number. $7: Source IP address after NAT. $8: Source port number after NAT. $9: Destination IP address. $10: Destination port number. $11: Destination IP address after NAT. $12: Destination port number after NAT. $13: Source security zone. $14: Destination security zone. $15: URL filtering policy name. $16: URL category name. $17: URL content. $18: Access time. $19: Client type. This field is not supported in the current software version. $20: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Permit. ¡ Drop. ¡ Reset. ¡ Redirect.
Severity level	6
Example	UFLT/6/UFLT_NOT_MATCH_IPv4_LOG: Protocol(1001)=TCP;Application(1002)=SouhuNews;UserName(1113)=;SrcMacAddr(1021)=08-00-27-11-93-78;SrcIPAddr(1003)=112.1.1.2;SrcPort(1004)=3887;NATSrcIPAddr(1005)=112.1.1.2;NATSrcPort(1006)=3887;DstIPAddr(1007)=114.1.1.2;DstPort(1008)=80;NATDstIPAddr(1009)=114.1.1.2;NATDstPort(1010)=80;SrcZoneName(1025)=in;DstZoneName(1035)=out;PolicyName(1079)=1;URLCategory(1094)=Unknown;URL(1093)=news.sohu.com/upload/itoolbar/index/toolbar_bg_130315.gif;VistTime(1114)=1480691551;Client(1110)=;Action(1053)=Permit;
Explanation	No matching URL filtering rule was found for an IPv4 packet.
Recommended action	No action is required.

UFLT_NOT_MATCH_IPv6_LOG (fast log)

Message text	Protocol(1001)=[STRING];Application(1002)=[STRING];UserName(1113)=[STRING];SrcMacAddr(1021)=[STRING];SrcIPv6Addr(1036)=[IPADDR];SrcPort(1004)=[UINT16];DstIPv6Addr(1037)=[IPADDR];DstPort(1008)=[UINT16];SrcZoneName(1025)=[STRING];DstZoneName(1035)=[STRING]; PolicyName(1079)=[STRING];URLCategory(1094)=[STRING];URL(1093)=[STRING];VistTime(1114)=[STRING];Client(1110)=[STRING]; Action(1053)=[STRING];
Variable fields	$1: Protocol type. $2: Application protocol name. $3: Username. $4: Source MAC address. $5: Source IPv6 address. $6: Source port number. $7: Destination IPv6 address. $8: Destination port number. $9: Source security zone. $10: Destination security zone. $11: URL filtering policy name. $12: URL category name. $13: URL content. $14: Access time. $15: Client type. This field is not supported in the current software version. $16: Actions applied to the packet. Available actions are: ¡ Block-Source. ¡ Permit. ¡ Drop. ¡ Reset. ¡ Redirect.
Severity level	6
Example	UFLT/6/UFLT_NOT_MATCH_IPv6_LOG: Protocol(1001)=TCP;Application(1002)=SouhuNews;UserName(1113)=;SrcMacAddr(1021)=08-00-27-11-93-78;SrcIPv6Addr(1036)=2001::2;SrcPort(1004)=51396;DstIPv6Addr(1037)=3001::2;DstPort(1008)=25;SrcZoneName(1025)=in;DstZoneName(1035)=out;PolicyName(1079)=1;URLCategory(1094)=Unknown;URL(1093)=news.sohu.com/upload/itoolbar/itoolbar.index.loader.20140923.js;VistTime(1114)=1480688515;Client(1110)=;Action(1053)=Permit;
Explanation	No matching URL filtering rule was found for an IPv6 packet.
Recommended action	No action is required.

UFLT_WARNING

Message text	Updated the URL filtering signature library successfully.
Variable fields	None.
Severity level	4
Example	UFLT/4/UFLT_WARNING: -Context=1; Updated the URL filtering signature library successfully.
Explanation	The URL filtering signature library was updated successfully through a manual offline update or triggered online update.
Recommended action	No action is required.

UFLT_WARNING

Message text	Rolled back the URL filtering signature library successfully.
Variable fields	None.
Severity level	4
Example	UFLT/4/UFLT_WARNING: -Context=1; Rolled back the URL filtering signature library successfully.
Explanation	The URL filtering signature library was rolled back to the previous or factory default version successfully.
Recommended action	No action is required.

VLAN messages

This section contains VLAN messages.

VLAN_FAILED

Message text	Failed to add interface [STRING] to the default VLAN.
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_FAILED: Failed to add interface S-Channel4/2/0/19:100 to the default VLAN.
Explanation	An S-channel interface was created when hardware resources were insufficient. The S-channel interface failed to be assigned to the default VLAN.
Recommended action	No action is required.

VLAN_VLANMAPPING_FAILED

Message text	The configuration failed because of resource insufficiency or conflicts on [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_VLANMAPPING_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0.
Explanation	Part of or all VLAN mapping configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group.
Recommended action	No action is required.

VLAN_VLANTRANSPARENT_FAILED

Message text	The configuration failed because of resource insufficiency or conflicts on [STRING].
Variable fields	$1: Interface name.
Severity level	4
Example	VLAN/4/VLAN_VLANTRANSPARENT_FAILED: The configuration failed because of resource insufficiency or conflicts on Ethernet0/0.
Explanation	Part of or all VLAN transparent transmission configurations on the interface were lost because of one of the following occurrences: · Hardware resources were insufficient for the interface. · The interface joined or left a Layer 2 aggregation group.
Recommended action	No action is required.

VRRP messages

This section contains VRRP messages.

VRRP_AUTH_FAILED

Message text	Authentication failed in [STRING] virtual router [UINT32] (configured on [STRING]): [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Error information details.
Severity level	6
Example	VRRP/6/VRRP_AUTH_FAILED: Authentication failed in IPv4 virtual router 10 (configured on Ethernet0/0): Authentication type mismatch.
Explanation	A VRRP packet was received, but did not pass the authentication examination.
Recommended action	Check the configuration of the VRRP group on the specified interface. Make sure every router in the VRRP group uses the same authentication mode and authentication key.

VRRP_CONFIG_ERROR

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) detected a VRRP configuration error: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where VRRP group is configured. $4: Error information details.
Severity level	6
Example	VRRP/6/VRRP_CONFIG_ERROR: The IPv4 virtual router 10 (configured on Ethernet0/0) detected a VRRP configuration error: Virtual IP address count mismatch.
Explanation	The VRRP group configuration is not correct. For example, the virtual IP address count of the VRRP group is not the same on the members.
Recommended action	Check the VRRP group configuration on the specified interface. Make sure every member in the VRRP group uses the same configuration.

VRRP_PACKET_ERROR

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) received an error packet: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Interface where the VRRP group is configured. $4: Error information details.
Severity level	6
Example	VRRP/6/VRRP_PACKET_ERROR: The IPv4 virtual router 10 (configured on Ethernet0/0) received an error packet: CKSUM error.
Explanation	The VRRP group received an invalid VRRP packet. For example, the checksum was not correct.
Recommended action	Check the VRRP group configuration on the specified interface.

VRRP_STATUS_CHANGE

Message text	The status of [STRING] virtual router [UINT32] (configured on [STRING]) changed from [STRING] to [STRING]: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Original status. $5: Current status. $6: Reason for status change: ¡ Interface event received—An interface event was received. ¡ IP address deleted—The virtual IP address has been deleted. ¡ The status of the tracked object changed—The status of the associated track entry changed. ¡ VRRP packet received—A VRRP advertisement was received. ¡ Current device has changed to IP address owner—The current device has become the IP address owner. ¡ Master-down-timer expired—The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. ¡ Zero priority packet received—A VRRP packet containing priority 0 was received. ¡ Preempt—Preemption occurred.
Severity level	6
Example	VRRP/6/VRRP_STATUS_CHANGE: The status of IPv4 virtual router 10 (configured on Ethernet0/0) changed (from Backup to Master): Master-down-timer expired.
Explanation	The VRRP group status changed because of the following reasons: · An interface event was received. · The virtual IP address has been deleted. · The status of the associated track entry changed. · A VRRP advertisement was received. · The current device has become the IP address owner. · The master down timer (3 × VRRP advertisement interval + Skew_Time) expired. · A VRRP packet containing priority 0 was received. · Preemption occurred.
Recommended action	Check the VRRP group status to make sure it is operating correctly.

VRRP_VF_STATUS_CHANGE

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) virtual forwarder [UINT32] detected status change (from [STRING] to [STRING]): [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: VF ID. $5: Original status of VF. $6: Current status of VF. $7: Reason for the status change.
Severity level	6
Example	VRRP/6/VRRP_VF_STATUS_CHANGE: The IPv4 virtual router 10 (configured on GigabitEthernet5/1) virtual forwarder 2 detected status change (from Active to Initialize): Weight changed.
Explanation	The status of the virtual forwarder has changed because the weight changed, the timeout timer expired, or VRRP went down.
Recommended action	Check the status of the track entry.

VRRP_VMAC_INEFFECTIVE

Message text	The [STRING] virtual router [UINT32] (configured on [STRING]) failed to add virtual MAC: [STRING].
Variable fields	$1: VRRP version. $2: VRRP group number. $3: Name of the interface where the VRRP group is configured. $4: Reason for the error.
Severity level	3
Example	VRRP/3/VRRP_VMAC_INEFFECTIVE: The IPv4 virtual router 10 (configured on Ethernet0/0) failed to add virtual MAC: Insufficient hardware resources.
Explanation	The virtual router failed to add a virtual MAC address.
Recommended action	Find out the root cause for the operation failure and fix the problem.

VSRP messages

This section contains VSRP messages.

VSRP_BIND_FAILED

Message text	Failed to bind the IP addresses and the port on VSRP peer [STRING].
Variable fields	$1: VSRP peer name.
Severity level	6
Example	VSRP/6/VSRP_BIND_FAILED: Failed to bind the IP addresses and the port on VSRP peer aaa.
Explanation	Failed to bind the IP addresses and the port when creating a TCP connection to the VSRP peer because the TCP port is in use.
Recommended action	No action is required.

VXLAN messages

This section contains VXLAN messages.

VXLAN_LICENSE_UNAVAILABLE

Message text	The VXLAN feature is disabled, because no licenses are valid.
Variable fields	N/A
Severity level	3
Example	VXLAN/3/VXLAN_LICENSE_UNAVAILABLE: The VXLAN feature is disabled, because no licenses are valid.
Explanation	VXLAN was disabled because no licenses were valid.
Recommended action	Install valid licenses for VXLAN.

WFF messages

This section contains WLAN fast forwarding (WFF) messages.

WFF_HARDWARE_INIT_FAILED

Message text	Firmware [UINT32] was set to pass-through mode because initialization failed.
Variable fields	$1: Firmware number.
Severity level	5
Example	WFF/5/WFF_HARDWARE_INIT_FAILED: Firmware 0 was set to pass-through mode because initialization failed.
Explanation	The pass-through mode was set for the firmware because of firmware initialization failure.
Recommended action	No action is required.

WFF_HARDWARE_IPC_FAILED

Message text	Firmware [UINT32] was set to pass-through mode because IPC check failed.
Variable fields	$1: Firmware number.
Severity level	5
Example	WFF/5/WFF_HARDWARE_IPC_FAILED: Firmware 0 was set to pass-through mode because IPC check failed.
Explanation	The pass-through mode was set for the firmware because of IPC check failure.
Recommended action	No action is required.

WFF_HARDWARE_LOOPBACK_FAILED

Message text	Firmware [UINT32] was set to pass-through mode because loopback check failed.
Variable fields	$1: Firmware number.
Severity level	5
Example	WFF/5/WFF_HARDWARE_LOOPBACK_FAILED: Firmware 0 was set to pass-through mode because loopback check failed.
Explanation	The pass-through mode was set for the firmware because of loopback check failure.
Recommended action	No action is required.

WFF_HARDWARE_PCIE_FAILED

Message text	Firmware [UINT32] was set to pass-through mode because PCIE check failed.
Variable fields	$1: Firmware number.
Severity level	5
Example	WFF/5/WFF_HARDWARE_LOOPBACK_FAILED: Firmware 0 was set to pass-through mode because PCIE check failed.
Explanation	The pass-through mode was set for the firmware because of a PCIE check failure.
Recommended action	No action is required.

WIPS messages

This section contains WIPS messages.

APFLOOD

Message text	-VSD=[STRING]; AP flood detected.
Variable fields	$1: VSD name.
Severity level	5
Example	WIPS/5/APFLOOD: -VSD=home; AP flood detected.
Explanation	The number of APs detected in the specified VSD reached the threshold.
Recommended action	Determine whether the device has suffered an attack.

AP_CHANNEL_CHANGE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Channel change detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/AP_CHANNEL_CHANGE: -VSD=home-SrcMAC=1122-3344-5566; Channel change detected.
Explanation	The channel of the specified AP changed.
Recommended action	Determine whether the channel change is valid.

ASSOCIATEOVERFLOW

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Association/Reassociation DoS attack detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/ASSOCIATEOVERFLOW: -VSD=home-SrcMAC=1122-3344-5566; Association/Reassociation DoS attack detected.
Explanation	The specified AP sent an association response with the status code 17.
Recommended action	Determine whether the AP has suffered an attack.

WIPS_DOS

Message text	-VSD=[STRING]; [STRING] rate attack detected.
Variable fields	$1: VSD name. $2: Device type: AP or client.
Severity level	5
Example	WIPS/5/WIPS_DOS: -VSD=home; AP rate attack detected.
Explanation	The number of device entries learned within the specified interval reached the threshold.
Recommended action	Determine whether the device suffers an attack.

WIPS_FLOOD

Message text	-VSD=[STRING]-SrcMAC=[MAC]; [STRING] flood detected.
Variable fields	$1: VSD name. $2: Attacker's MAC address. $3: Flood attack type. Options include the following: · Association request · Authentication · Disassociation · Reassociation request · Deauthentication · Null data · Beacon · Probe request · BlockAck · CTS · RTS · EAPOL start
Severity level	5
Example	WIPS/5/WIPS_FLOOD: -VSD=home-SrcMAC=1122-3344-5566; Association request flood detected.
Explanation	The number of a specific type of packets detected within the specified interval reached the threshold.
Recommended action	Determine whether the packet sender is an authorized device.

HONEYPOT

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Honeypot AP detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/HONEYPOT: -VSD=home-SrcMAC=1122-3344-5566; Honeypot AP detected.
Explanation	The specified AP was detected as a honeypot AP.
Recommended action	Determine whether the device has suffered an attack.

HTGREENMODE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; HT-Greenfield AP detected.
Variable fields	$1: VSD name. $2: MAC address of the AP.
Severity level	5
Example	WIPS/5/HTGREENMODE: -VSD=home-SrcMAC=1122-3344-5566; HT-Greenfield AP detected.
Explanation	The specified AP was detected as an HT-greenfield AP.
Recommended action	Determine whether the device has suffered an attack.

WIPS_MALF

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Error detected: [STRING].
Variable fields	$1: VSD name. $2: Sender's MAC address. $3: Malformed packet type. Options include the following: · invalid ie length—Invalid IE length. · duplicated ie—Duplicate IE. · redundant ie—Redundant IE. · invalid pkt length—Invalid packet length. · illegal ibss ess—Abnormal IBSS and ESS setting. · invalid source addr—Invalid source MAC address. · overflow eapol key—Oversized EAPOL key. · malf auth—Malformed authentication request frame. · malf assoc req—Malformed association request frame. · malf ht ie—Malformed HT IE. · large duration—Oversized duration. · null probe resp—Malformed probe response frame. · invalid deauth code—Invalid deauthentication code. · invalid disassoc code—Invalid disassociation code. · over flow ssid—Oversized SSID. · fata jack—FATA-Jack.
Severity level	5
Example	WIPS/5/WIPS_MALF: -VSD=home-SrcMAC=1122-3344-5566; Error detected: fata jack.
Explanation	A malformed packet was detected.
Recommended action	Determine whether the packet sender is an authorized device.

MAN_IN_MIDDLE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Man-in-the-middle attack detected.
Variable fields	$1: VSD name. $2: MAC address of the client.
Severity level	5
Example	WIPS/5/MAN_IN_MIDDLE: -VSD=home-SrcMAC=1122-3344-5566; Man-in-the-middle attack detected.
Explanation	The specified client suffered a man-in-the-middle attack.
Recommended action	Determine whether the client has suffered a man-in-the-middle attack.

WIPS_ROGUE

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Rogue AP detected by radio 1 of sensor [STRING] on channel 149 (RSSI=84).
Variable fields	$1: VSD name. $2: MAC address of the rogue AP.
Severity level	5
Example	WIPS/5/WIPS_ROGUE: -VSD=home-SrcMAC=1122-3344-5566; Rogue AP detected by radio 1 of sensor ap1 on channel 149 (RSSI=84).
Explanation	A rogue AP was detected.
Recommended action	Enable WIPS to take countermeasures against rogue APs.

WIPS_SPOOF

Message text	-VSD=[STRING]-SrcMAC=[MAC]; [STRING] detected.
Variable fields	$1: VSD name. $2: MAC address of the device being spoofed. $3: Spoofing attack type. Options include the following: · AP spoofing AP—A fake AP spoofs an authorized AP. · AP spoofing client—A fake AP spoofs an authorized client. · AP spoofing ad-hoc—A fake AP spoofs an Ad hoc device. · Ad-hoc spoofing AP—An Ad hoc device spoofs an authorized AP. · Client spoofing AP—A client spoofs an authorized AP.
Severity level	5
Example	WIPS/5/WIPS_SPOOF: -VSD=home-SrcMAC=1122-3344-5566; AP spoofing AP detected.
Explanation	A spoofing attack was detected.
Recommended action	Determine whether the packet sender is an authorized device.

WIPS_UNAUTH

Message text	-VSD=[STRING]-SrcMAC=[MAC];Unauthorized client detected by radio 1 of sensor [STRING] on channel 149 (RSSI=84).
Variable fields	$1: VSD name. $2: MAC address of the unauthorized client.
Severity level	5
Example	WIPS/5/WIPS_UNAUTH: -VSD=home-SrcMAC=1122-3344-5566; Unauthorized client detected by radio 1 of sensor ap1 on channel 149 (RSSI=84).
Explanation	An unauthorized client was detected.
Recommended action	Determine whether unauthorized clients exist.

WIPS_WEAKIV

Message text	-VSD=[STRING]-SrcMAC=[MAC]; Weak IV detected.
Variable fields	$1: VSD name. $2: Sender's MAC address.
Severity level	5
Example	WIPS/5/WIPS_WEAKIV: -VSD=home-SrcMAC=1122-3344-5566; Weak IV detected.
Explanation	A weak IV was detected.
Recommended action	Use a more secure encryption method to encrypt packets.

WIRELESSBRIDGE

Message text	-VSD=[STRING]-AP1=[MAC]-AP2=[MAC]]; Wireless bridge detected.
Variable fields	$1: VSD name. $2: MAC address of AP 1. $3: MAC address of AP 2.
Severity level	5
Example	WIPS/5/WIRELESSBRIDGE: -VSD=home-AP1=1122-3344-5566-AP2=7788-9966-5544; Wireless bridge detected.
Explanation	The specified APs set up a wireless bridge.
Recommended action	Determine whether the wireless bridge is valid.

WLAN mesh messages

This section contains WLAN mesh messages.

MESH_ACTIVELINK_SWITCH

Message text	Switch an active link from [MAC] ([CHAR]) to [MAC] ([CHAR]): peer quantity = [UINT64], link quantity = [UINT16], switch reason = [UINT32].
Variable fields	$1: Mesh peer MAC address before active/standby link switchover. $2: RSSI on the link before active/standby link switchover. $3: Mesh peer MAC address after active/standby link switchover. $4: RSSI on the link after active/standby link switchover. $5: Mesh peer quantity after active/standby link switchover. $6: Mesh link quantity after active/standby link switchover. $7: Reason for link switchover: · 1—First mesh link establishment. · 2—Both of the following conditions are met: ¡ The link hold timer expires. ¡ A standby link has an RSSI higher than the active link for a value that reaches or exceeds the link switchover threshold. · 3—The RSSI on the active link is lower than the link hold RSSI and a standby link is available.
Severity level	5
Example	MESH/5/MESH_ACTIVELINK_SWITCH: Switch an active link from 50da-00d2-4b50 (55) to 50da-00d2-49e0 (74): peer quantity = 3, link quantity = 2, switch reason = 2.
Explanation	An active/standby mesh link switchover occurred.
Recommended action	No action is required.

MESH_LINKDOWN

Message text	Mesh link on interface [CHAR] is down: peer MAC = [MAC], RSSI = [CHAR], reason: [STRING] ([STRING]).
Variable fields	$1: Link interface number. $2: Mesh peer MAC address. $3: RSSI on the link. $4: Reason: · AP status change. · Radio status change. · Mesh configuration change—Mesh configuration, such as mesh profile or mesh policy, changed. · Mesh BSS deleted. · Excessive RSSI—The link RSSI has exceeded the link saturation RSSI. · Weak RSSI. · Packet check failure. · Link keepalive failure. · Active link keepalive failure. · Worst link replaced when MLSP link limit is reached. · Neighbor zerocfg status change—The state of a neighbor of the temporary link is changed from zero configuration to non-zero configuration. · Neighbor refresh. · Mesh link established during scan initialization or auto channel scan. · Unknown reason. $5: Link terminated by: · local. · peer.
Severity level	5
Example	MESH/5/MESH_LINKDOWN: Mesh link on interface 50 is down: peer MAC = 50da-00d2-4b50, RSSI = 45, reason: AP status change (peer).
Explanation	A mesh link was terminated.
Recommended action	No action is required.

MESH_LINKUP

Message text	Mesh link on interface [CHAR] is up: peer MAC = [MAC], peer radio mode = [UINT32], RSSI = [CHAR].
Variable fields	$1: Link interface number. $2: Mesh peer MAC address. $3: Mesh peer radio mode: · 0—Any mode except for 802.11n and 802.11ac. · 1—802.11n. · 2—802.11ac. $4: RSSI on the link.
Severity level	5
Example	MESH/5/MESH_LINKUP: Mesh link on interface 51 is up: peer MAC = 50da-00d2-4b50, peer radio mode = 0, RSSI = 74.
Explanation	A mesh link was established.
Recommended action	No action is required.

MESH_REVOPEN_MAC

Message text	Received a link open request from AP [MAC] in confirm received state.
Variable fields	$1: AP MAC address.
Severity level	5
Example	WLAN Mesh/5/MESH_REVOPEN_MAC: Received a link open request from AP 50da-00d2-4b50 in confirm received state.
Explanation	The MP received a Link Open request in confirm received state.
Recommended action	No action is required.

MESH_REVCONFIRM_MAC

Message text	Received a link confirm response from AP [MAC] in open received state.
Variable fields	$1: AP MAC address.
Severity level	5
Example	WLAN Mesh/5/MESH_REVCONFIRM_MAC: Received a link confirm response from AP 50da-00d2-4b50 in open received state.
Explanation	The MP received a Link Confirm response in open received state.
Recommended action	No action is required.

WLANAUD messages

This section contains WLANAUD messages.

WLANAUD_CLIENT_ONLINE

Message text	· UserIP=[STRING], UserMAC=[STRING], APMAC=[STRING]. · UserMAC=[STRING], UserIP=[STRING], APName=[ STRING], APMAC=[STRING], SSID=[ STRING], BSSID=[ STRING].
Variable fields	$1: IP address of the client. $2: MAC address of the client. $3: MAC address of the AP with which the client is associated. $4: Name of the AP with which the client is associated. $5: SSID with which the client is associated. $6: BSSID with which the client is associated.
Severity level	5
Example	· WLANAUD/5/WLAN_CLIENT_ONLINE: UserIP=192.168.0.1, UserMAC=0023-8933-2147, APMAC=31AC-11EA-17FF. · WLANAUD/5/WLAN_CLIENT_ONLINE: UserMAC=31ac-11ea-17ff, UserIP=192.168.0.1, APName=ap1, APMAC=000f-ea00-3350, SSID=zhongyan, BSSID=000f-ea00-3352.
Explanation	A client was associated with an AP.
Recommended action	No action is required.